Debian LTS: DLA-993-1 Moderate: Kernel Privilege Escalation and DoS
debian lts
June 20, 2017
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks
Topics Covered
Summary
A buffer overflow flaw was discovered in the trace subsystem.
CVE-2017-7487
Li Qiang reported a reference counter leak in the ipxitf_ioctl
function which may result into a use-after-free vulnerability,
triggerable when a IPX interface is configured.
CVE-2017-7645
Tuomas Haanpaa and Matti Kamunen from Synopsys Ltd discovered that
the NFSv2 and NFSv3 server implementations are vulnerable to an
out-of-bounds memory access issue while processing arbitrarily long
arguments sent by NFSv2/NFSv3 PRC clients, leading to a denial of
service.
CVE-2017-7895
Ari Kauppi from Synopsys Ltd discovered that the NFSv2 and NFSv3
server implementations do not properly handle payload bounds
checking of WRITE requests. A remote attacker with write access to a
NFS mount can take advantage of this flaw to read chunks of
arbitrary memory from both kernel-space and user-space.
CVE-2017-8890
It was discovered that the net_csk_clone_lock() function allows a
PREVIOUS
NEXT
<pre><font face="Courier">Package: linux
Version: 3.2.89-1
CVE ID: CVE-2017-0605 CVE-2017-7487 CVE-2017-7645 CVE-2017-7895
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!