Risk | Low |
Patch available | YES |
Number of vulnerabilities | 5 |
CVE-ID | CVE-2017-1000251 CVE-2017-11472 CVE-2017-12134 CVE-2017-14051 CVE-2017-14106 |
CWE-ID | CWE-121 CWE-284 CWE-264 CWE-190 CWE-369 |
Exploitation vector | Local network |
Public exploit | Public exploit code for vulnerability #1 is available. |
Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system linux_kernel (Debian package) Operating systems & Components / Operating system package or component Xen Server applications / Virtualization software |
Vendor |
Linux Foundation Debian Xen Project |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
EUVDB-ID: #VU8329
Risk: Low
CVSSv3.1: 8.6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-1000251
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: Yes
DescriptionThe vulnerability allows an adjacent attacker to execute arbitrary code on the host system.
The weakness exists due to a stack-based buffer overflow in the processing of L2CAP configuration. An adjacent attacker can submit a specially crafted Bluetooth protocol, trigger memory corruption in the Bluetooth stack and execute arbitrary code in kernel space.
Successful exploitation of the vulnerability may result in host system compromise.
Update the affected packages.
Linux kernel: 3.3 - 4.13.1
linux_kernel (Debian package): 4.6.4-1 - 4.7.2-1
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-09/msg00057.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU11763
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-11472
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information and bypass security restrictions on the target system.
The weakness exists in the acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c due to it does not flush the operand cache and causes a kernel stack dump. A local attacker can submit a specially crafted ACPI table, gain access to potentially sensitive information from kernel memory and bypass the KASLR protection mechanism.
MitigationUpdate the affected packages.
Linux kernel: 4.10.0 - 4.11.12
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-09/msg00057.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7952
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12134
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker on a Linux-based guest system to gain elevated privileges on the host system.
The weakness exists due to aa flaw in merging adjacent block IO requests. A local attacker on the guest system can incorrectly access memory during block stream processing to obtain potentially sensitive information or gain elevated privileges on the host system.
Update the affected packages.
Xen: 4.6.0 - 4.9.0
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-09/msg00057.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU10715
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-14051
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.ct due to an integer overflow. A local attacker can gain root access and cause the service to crash.
Update the affected packages.
Linux kernel: 4.12.1 - 4.12.10
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-09/msg00057.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU8922
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-14106
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to divide-by-zero error in the tcp_disconnect() function in net/ipv4/tcp.c. A local attacker can trigger a disconnect within a certain tcp_recvmsg code path and cause kernel panic.
Successful exploitation of the vulnerability results in denial of service.
Update the affected packages.
Linux kernel: 4.0.1 - 4.11.12
linux_kernel (Debian package): 4.6.4-1 - 4.7.2-1
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-09/msg00057.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.