SB2017072418 - Fedora 24 update for kernel

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Buffer overflow (CVE-ID: CVE-2017-7541)

The vulnerability allows a local attacker to execute arbitrary code on the target system with elevated privileges.

The vulnerability exists due to boundary error in brcmf_cfg80211_mgmt_tx() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.12.3. A local user can create a specially crafted NL80211_CMD_FRAME Netlink packet and trigger DoS conditions or execute arbitrary code on the target system with elevated privileges.

Successful exploitation of this vulnerability may allow an attacker to obtain elevated privileges.

2) Buffer overflow (CVE-ID: CVE-2017-11473)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c due to buffer overflow. A local attacker can submit a specially crafted ACPI table, trigger memory corruption and gain root privileges.

3) Denial of service (CVE-ID: CVE-2017-7542)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the ip6_find_1stfragopt function in net/ipv6/output_core.c due to leveraging the ability to open a raw socket. A local attacker can trigger integer overflow and infinite loop and cause a denial of service.

4) NULL pointer dereference (CVE-ID: CVE-2017-11176)

The vulnerability allows a remote attacker to cause DoS condition.

The vulnerability exists due to the mq_notify function does not set the sock pointer to NULL upon entry into the retry logic. A remote attacker can trigger use-after-free error during a user-space close of a Netlink socket and cause the service to crash.

Remediation

Install update from vendor's website.

References

• https://bodhi.fedoraproject.org/updates/FEDORA-2017-544eef948f