readykernel-patch-33.22-27.0-1.vl7

Kernel crash (BUG()) in rpc_abort_task().

Kernel memory corruption due to a buffer overflow was found in brcmf_cfg80211_mgmt_tx() function in Linux kernels from v3.9-rc1 to v4.13-rc1. The vulnerability can be triggered by sending a crafted NL80211_CMD_FRAME packet via netlink. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash.

Integer overflow vulnerability in ip6_find_1stfragopt() function was found. Local attacker that has privileges to open raw sockets can cause infinite loop inside ip6_find_1stfragopt() function.