SB2015091701 - Multiple vulnerabilities in Linux Kernel
Published: September 17, 2015 Updated: April 27, 2018
Security Bulletin ID
SB2015091701
Severity
Low
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2017-15116)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists in the rngapi_reset function in crypto/rng.c due to NULL pointer dereference. A local attacker can cause the service to crash.
2) Uncontrolled memory allocation (CVE-ID: CVE-2017-9725)
The vulnerability allows a local attacker to case DoS condition or gain elevated privileges on the target system.The weakness exists in all Qualcomm products with Android releases from CAF during DMA allocation due to wrong data type of size allocation size gets truncated which makes allocation succeed when it should fail. A local attacker can cause the service to crash or gain root privileges.
Remediation
Install update from vendor's website.