Fedora 27 update for kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2017-12190 CVE-2017-15265 CVE-2017-15299 CVE-2017-1000255 CVE-2017-5123 |
| CWE-ID | CWE-401 CWE-416 CWE-476 CWE-119 CWE-391 |
| Exploitation vector | Local |
| Public exploit | Public exploit code for vulnerability #5 is available. |
| Vulnerable software |
Fedora Operating systems & Components / Operating system kernel Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Memory leak
EUVDB-ID: #VU10709
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-12190
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to an out-of-memory condition. A local attacker can cause a memory leak and possible system lock up.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 27
kernel: before 4.13.8-300.fc27
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2017-aa9927961f
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU8816
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-15265
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to use-after-free error in the ALSA sequencer interface (/dev/snd/seq). A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 27
kernel: before 4.13.8-300.fc27
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2017-aa9927961f
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Null pointer dereference
EUVDB-ID: #VU9602
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-15299
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to the KEYS subsystem mishandles use of add_key for a key that already exists but is uninstantiated. A local attacker can supply specially crafted keys, trigger null pointer dereference and cause the service to crash.
Successful exploitation of the vulnerability results in denial of service.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 27
kernel: before 4.13.8-300.fc27
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2017-aa9927961f
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Memory corruption
EUVDB-ID: #VU8812
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-1000255
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code with escalated privileges.
The vulnerability exists due to a boundary error in the Linux kernel's when handling signal frame on PowerPC systems. A malicious local user process could craft a signal frame allowing an attacker to corrupt memory and execute arbitrary code on the target system with escalated privileges.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 27
kernel: before 4.13.8-300.fc27
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2017-aa9927961f
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Privilege escalation
EUVDB-ID: #VU8828
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2017-5123
CWE-ID:
CWE-391 - Unchecked Error Condition
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The waitid implementation in kernel/exit.c in the Linux kernel through
4.13.4 does not check that the incoming argument points to the
userspace. This can allow local users to write directly to kernel
memory, which could lead to privilege escalation.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 27
kernel: before 4.13.8-300.fc27
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2017-aa9927961f
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
