-
CVE-2017-7308
Integer overflows in packet_set_ring().
The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7308
-
CVE-2017-7184
Local privilege escalation in XFRM framework.
It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges.
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7184.html
-
CVE-2017-2647
Null pointer dereference in search_keyring().
A flaw was discovered in the Linux kernel's key subsystem. Calling request_key() system call with the specially crafted set of arguments may result in a NULL-pointer dereference inside search_keyring() function. A local unprivileged user can use this vulnerability to crash the system.
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2647
-
CVE-2017-6214
ipv4/tcp: Infinite loop in tcp_splice_read().
The tcp_splice_read function in net/ipv4/tcp.c allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag.
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-6214
-
PSBM-57512
A privileged user inside a container can cause a host kernel crash in udp_lib_get_port().
A privileged user inside a container can cause a host kernel crash in udp_lib_get_port().
-
PSBM-59964
Broken isolation for some of 'ip ntable' settings.
Broken isolation for some of "ip ntable" settings.
-
CVE-2017-6074
Use after free in the implementation of DCCP protocol.
A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-6074
-
PSBM-57511
General protection fault in sendmsg() -> netlink_sendmsg() -> netlink_unicast().
General protection fault in sendmsg() -> netlink_sendmsg() -> netlink_unicast().
-
PSBM-57499
NULL pointer dereference in write() -> netlink_sendmsg() -> netlink_unicast().
NULL pointer dereference in write() -> netlink_sendmsg() -> netlink_unicast().
-
PSBM-59983
iptables: forwarding does not work with '--netfilter full'.
iptables: forwarding does not work with '--netfilter full'.
-
CVE-2017-2584
kvm: use after free in complete_emulated_mmio.
Linux kernel built with the Kernel-based Virtual Machine(CONFIG_KVM) support is vulnerable to a use after free flaw. It could occur on x86 platform, when emulating instructions fxsave, fxrstor, sgdt, etc. A user/process could use this flaw to crash the host kernel resulting in DoS.
https://bugzilla.redhat.com/show_bug.cgi?id=1413001
-
CVE-2017-2583
kvm: vmx/svm potential privilege escalation inside guest.
Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to an incorrect segment selector (SS) value error. The error could occur while loading values into the SS register in long mode. A user/process inside guest could use this flaw to crash the guest resulting in DoS or potentially escalate their privileges inside guest.
https://bugzilla.redhat.com/show_bug.cgi?id=1414735
-
PSBM-57915
fs/fadvise: a way was needed to deactivate pages after cached reads.
Support for FADV_DEACTIVATE flag (fs/fadvise) was added to the kernel to address this.
-
CVE-2015-8539
Keys: general protection fault in trusted_update().
A flaw was found in the handling of negatively instantiated keys in the Linux kernel. A local unprivileged user can use this vulnerability to crash the system.
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8539
-
CVE-2016-9806
Potential double free in netlink_dump().
A double free vulnerability was found in netlink_dump(), which could cause a denial of service or possibly other unspecified impact.
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9806
-
CVE-2016-8645
A BUG() statement can be hit in net/ipv4/tcp_input.c.
It was discovered that the Linux kernel since 3.6-rc1 with net.ipv4.tcp_fastopen set to 1 can hit BUG() statement in tcp_collapse() function after making a number of certain syscalls leading to a possible system crash.
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8645
-
CVE-2016-2053
Kernel panic and system lockup by triggering BUG_ON() in public_key_verify_signature()
A syntax vulnerability was discovered in the kernel's ASN1.1 DER decoder, which could lead to memory corruption or a complete local denial of service through x509 certificate DER files. A local system user could use a specially created key file to trigger BUG_ON() in the public_key_verify_signature() function (crypto/asymmetric_keys/public_key.c), to cause a kernel panic and crash the system.
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2053
-
CVE-2016-3070
Null pointer dereference in trace_writeback_dirty_page().
An attempt to move page mapped by AIO ring buffer to the other node triggers NULL pointer dereference at trace_writeback_dirty_page(), because aio_fs_backing_dev_info.dev is 0.
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-3070