SB2017052602 - CentOS 7 update for kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017052602

SB2017052602 - CentOS 7 update for kernel

Published: May 26, 2017

Security Bulletin ID SB2017052602
Severity
Low
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Out-of-bounds read (CVE-ID: CVE-2016-10208)

The vulnerability allows a local attacker to cause DoS condition on the target systsem.

The weakness exists due to memory corruption when validating meta block groups by the ext4_fill_super function. A local attacker can use a specially crafted EXT4 image to trigger an out-of-bounds read and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

2) Use-after-free error (CVE-ID: CVE-2016-7910)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to use-after-free error in the disk_seqf_stop function in block/genhd.c. a local attacker can leverage the execution of a certain stop operation and execute arbitrary code on the system with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

3) Null pointer dereference (CVE-ID: CVE-2016-8646)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to NULL pointer dereference in the hash_accept function in crypto/algif_hash.c. A local attacker can trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data and cause a kernel oops.

Successful exploitation of the vulnerability results in denial of service.

4) Assertion failure (CVE-ID: CVE-2017-5986)

The vulnerability allows a local user to cause kernel panic.

The vulnerability exists due to a race condition in the sctp_wait_for_sndbuf() function in net/sctp/socket.c in the Linux kernel before 4.9.11. A local user can use userspace application to trigger a BUG_ON() system call if the socket tx buffer is full and cause kernel panic.

Successful exploitation of this vulnerability may result in denial of service condition.



5) Heap-out-of-bounds write (CVE-ID: CVE-2017-7308)

The vulnerability allows a local attacker to cause DoS conditions.

The weakness exists due to improper validation of certain block-size data by the packet_set_ring function in net/packet/af_packet.c. A local attacker can provide specific parameters to the PACKET_RX_RING option on an AF_PACKET socket with a TPACKET_V3 ring buffer version enabled, trigger heap-out-of-bounds write and cause denial of service.

Successful exploitation of the vulnerability results in denial of service.


Remediation

Install update from vendor's website.

References