SB2017012633 - Fedora 25 update for kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017012633

SB2017012633 - Fedora 25 update for kernel

Published: January 26, 2017 Updated: April 24, 2025

Security Bulletin ID SB2017012633
Severity
Low
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.


1) Integer overflow (CVE-ID: CVE-2017-5576)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the vc4_get_bcl() function in drivers/gpu/drm/vc4/vc4_gem.c. A local user can execute arbitrary code.


2) Null pointer dereference (CVE-ID: CVE-2017-5577)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to the failure to set an errno value upon certain overflow detections by the vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c. A local attacker can use a VC4_SUBMIT_CL ioctl system call with inconsistent size values to trigger NULL pointer dereference and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

3) Resource management error (CVE-ID: CVE-2016-10153)

The vulnerability allows a local authenticated user to execute arbitrary code.

The crypto scatterlist API in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging reliance on earlier net/ceph/crypto.c code.


4) Buffer overflow (CVE-ID: CVE-2016-10154)

The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.

The smbhash function in fs/cifs/smbencrypt.c in the Linux kernel 4.9.x before 4.9.1 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a scatterlist.


5) Buffer overflow (CVE-ID: CVE-2017-5547)

The vulnerability allows a local authenticated user to execute arbitrary code.

drivers/hid/hid-corsair.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.


6) Buffer overflow (CVE-ID: CVE-2017-5548)

The vulnerability allows a local authenticated user to execute arbitrary code.

drivers/net/ieee802154/atusb.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.


7) Information exposure through log files (CVE-ID: CVE-2017-5549)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information exposure through log files error within the klsi_105_get_line_state() function in drivers/usb/serial/kl5kusb105.c. A local user can gain access to sensitive information.


8) Off-by-one (CVE-ID: CVE-2017-5550)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to an off-by-one error within the iov_iter_copy_from_user_atomic() and iov_iter_pipe() functions in lib/iov_iter.c. A local user can gain access to sensitive information.


9) Improper privilege management (CVE-ID: CVE-2017-5551)

The vulnerability allows a local user to read and manipulate data.

The vulnerability exists due to improperly imposed permissions within the simple_set_acl() function in fs/posix_acl.c. A local user can read and manipulate data.


10) Privilege escalation (CVE-ID: CVE-2016-7097)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to the setgid bit being preserved during a setxattr call by the filesystem implementation. A local attacker can leverage the existence of a setgid program to gain group privileges.

Successful exploitation of the vulnerability results in privileges escalation.

Remediation

Install update from vendor's website.

References