The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Google Android Gingerbread

vulnerability announce CVE-2017-17807

Linux kernel: privilege escalation via construct_get_dest_keyring

Synthesis of the vulnerability

An attacker can bypass restrictions via construct_get_dest_keyring() of the Linux kernel, in order to escalate his privileges.
Impacted products: Debian, Android OS, Linux, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 21/12/2017.
Identifiers: CERTFR-2018-AVI-018, CERTFR-2018-AVI-165, CERTFR-2018-AVI-170, CERTFR-2018-AVI-198, CVE-2017-17807, DLA-1232-1, DSA-4073-1, DSA-4082-1, USN-3617-1, USN-3617-2, USN-3617-3, USN-3619-1, USN-3619-2, USN-3620-1, USN-3620-2, USN-3632-1, VIGILANCE-VUL-24872.

Description of the vulnerability

An attacker can bypass restrictions via construct_get_dest_keyring() of the Linux kernel, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-17806

Linux kernel: buffer overflow via HMAC

Synthesis of the vulnerability

An attacker can generate a buffer overflow via HMAC of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Android OS, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 21/12/2017.
Identifiers: CERTFR-2018-AVI-005, CERTFR-2018-AVI-014, CERTFR-2018-AVI-018, CERTFR-2018-AVI-029, CERTFR-2018-AVI-048, CERTFR-2018-AVI-083, CERTFR-2018-AVI-165, CERTFR-2018-AVI-170, CERTFR-2018-AVI-198, CVE-2017-17806, DLA-1232-1, DSA-4073-1, DSA-4082-1, openSUSE-SU-2018:0022-1, openSUSE-SU-2018:0023-1, RHSA-2018:2948-01, SUSE-SU-2018:0010-1, SUSE-SU-2018:0011-1, SUSE-SU-2018:0012-1, SUSE-SU-2018:0040-1, SUSE-SU-2018:0069-1, SUSE-SU-2018:0131-1, SUSE-SU-2018:0171-1, SUSE-SU-2018:0437-1, SUSE-SU-2018:0525-1, USN-3583-1, USN-3583-2, USN-3617-1, USN-3617-2, USN-3617-3, USN-3619-1, USN-3619-2, USN-3632-1, VIGILANCE-VUL-24871.

Description of the vulnerability

An attacker can generate a buffer overflow via HMAC of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-17712

Linux kernel: memory corruption via raw_sendmsg

Synthesis of the vulnerability

An attacker can generate a memory corruption via raw_sendmsg() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Android OS, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 18/12/2017.
Identifiers: CERTFR-2018-AVI-075, CERTFR-2018-AVI-080, CERTFR-2018-AVI-094, CERTFR-2018-AVI-124, CERTFR-2018-AVI-196, CVE-2017-17712, DSA-4073-1, FEDORA-2017-7810b7c59f, FEDORA-2017-f7cb245861, FEDORA-2018-884a105c04, LSN-0035-1, openSUSE-SU-2018:0408-1, RHSA-2018:0502-01, SUSE-SU-2018:0383-1, SUSE-SU-2018:0416-1, SUSE-SU-2018:0986-1, Synology-SA-18:14, USN-3581-1, USN-3581-2, USN-3581-3, USN-3582-1, USN-3582-2, VIGILANCE-VUL-24787.

Description of the vulnerability

An attacker can generate a memory corruption via raw_sendmsg() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-17558

Linux kernel: memory corruption via usb_destroy_configuration

Synthesis of the vulnerability

An attacker can generate a memory corruption via usb_destroy_configuration() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Android OS, Linux, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 13/12/2017.
Identifiers: CERTFR-2018-AVI-005, CERTFR-2018-AVI-009, CERTFR-2018-AVI-014, CERTFR-2018-AVI-018, CERTFR-2018-AVI-048, CERTFR-2018-AVI-170, CERTFR-2018-AVI-408, CVE-2017-17558, DLA-1232-1, DSA-4073-1, DSA-4082-1, FEDORA-2017-129969aa8a, FEDORA-2017-ba6b6e71f7, FEDORA-2018-884a105c04, RHSA-2018:0676-01, RHSA-2018:1062-01, RHSA-2019:1170-01, RHSA-2019:1190-01, SUSE-SU-2018:0011-1, SUSE-SU-2018:0031-1, SUSE-SU-2018:0040-1, SUSE-SU-2018:0115-1, SUSE-SU-2018:0131-1, SUSE-SU-2018:0171-1, USN-3619-1, USN-3619-2, USN-3754-1, VIGILANCE-VUL-24759.

Description of the vulnerability

An attacker can generate a memory corruption via usb_destroy_configuration() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-17449

Linux kernel: information disclosure via __netlink_deliver_tap_skb

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via __netlink_deliver_tap_skb() of the Linux kernel, in order to obtain sensitive information.
Impacted products: Debian, Fedora, Android OS, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: data reading.
Provenance: privileged shell.
Creation date: 07/12/2017.
Identifiers: CERTFR-2018-AVI-009, CERTFR-2018-AVI-018, CERTFR-2018-AVI-170, CERTFR-2018-AVI-175, CERTFR-2018-AVI-250, CERTFR-2018-AVI-257, CVE-2017-17449, DSA-4073-1, DSA-4082-1, FEDORA-2017-129969aa8a, FEDORA-2017-ba6b6e71f7, FEDORA-2018-884a105c04, openSUSE-SU-2017:3358-1, openSUSE-SU-2017:3359-1, RHSA-2018:0654-01, RHSA-2018:0676-01, RHSA-2018:1062-01, RHSA-2018:1130-01, RHSA-2018:1170-01, SUSE-SU-2017:3398-1, SUSE-SU-2017:3410-1, SUSE-SU-2018:0031-1, SUSE-SU-2018:0115-1, USN-3619-1, USN-3619-2, USN-3653-1, USN-3653-2, USN-3655-1, USN-3655-2, USN-3657-1, VIGILANCE-VUL-24685.

Description of the vulnerability

An attacker can bypass access restrictions to data via __netlink_deliver_tap_skb() of the Linux kernel, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-0879 CVE-2017-11016 CVE-2017-11019

Android Pixel/Nexus: multiple vulnerabilities of December 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Android Pixel/Nexus.
Impacted products: Android OS.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 43.
Creation date: 06/12/2017.
Identifiers: CERTFR-2017-AVI-449, CVE-2017-0879, CVE-2017-11016, CVE-2017-11019, CVE-2017-11030, CVE-2017-11031, CVE-2017-11033, CVE-2017-11042, CVE-2017-11044, CVE-2017-11045, CVE-2017-11047, CVE-2017-11049, CVE-2017-13149, CVE-2017-13150, CVE-2017-13152, CVE-2017-13154, CVE-2017-13161, CVE-2017-13163, CVE-2017-13164, CVE-2017-13165, CVE-2017-13167, CVE-2017-13169, CVE-2017-13172, CVE-2017-13175, CVE-2017-14896, CVE-2017-14898, CVE-2017-14899, CVE-2017-14900, CVE-2017-14901, CVE-2017-14903, CVE-2017-14905, CVE-2017-14907, CVE-2017-15813, CVE-2017-15868, CVE-2017-6280, CVE-2017-8244, CVE-2017-9698, CVE-2017-9700, CVE-2017-9703, CVE-2017-9708, CVE-2017-9709, CVE-2017-9710, CVE-2017-9718, CVE-2017-9722, VIGILANCE-VUL-24663.

Description of the vulnerability

An attacker can use several vulnerabilities of Android Pixel/Nexus.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-15115

Linux kernel: use after free via sctp_cmp_addr_exact

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via sctp_cmp_addr_exact() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Android OS, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 15/11/2017.
Identifiers: CERTFR-2018-AVI-005, CERTFR-2018-AVI-009, CERTFR-2018-AVI-014, CERTFR-2018-AVI-048, CERTFR-2018-AVI-094, CVE-2017-15115, DLA-1200-1, FEDORA-2017-1b4d140781, FEDORA-2017-62e3a94f2a, FEDORA-2017-f73d3f1fc4, FEDORA-2018-884a105c04, LSN-0035-1, openSUSE-SU-2017:3358-1, openSUSE-SU-2017:3359-1, SUSE-SU-2017:3398-1, SUSE-SU-2017:3410-1, SUSE-SU-2018:0011-1, SUSE-SU-2018:0031-1, SUSE-SU-2018:0040-1, SUSE-SU-2018:0115-1, SUSE-SU-2018:0131-1, SUSE-SU-2018:0171-1, USN-3581-1, USN-3581-2, USN-3581-3, USN-3582-1, USN-3582-2, USN-3583-1, USN-3583-2, VIGILANCE-VUL-24445.

Description of the vulnerability

An attacker can force the usage of a freed memory area via sctp_cmp_addr_exact() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-16643

Linux kernel: out-of-bounds memory reading via parse_hid_report_descriptor

Synthesis of the vulnerability

An attacker can force a read at an invalid address via parse_hid_report_descriptor() of the Linux kernel, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, Android OS, Linux, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 08/11/2017.
Identifiers: CERTFR-2017-AVI-454, CERTFR-2018-AVI-408, CVE-2017-16643, DLA-1200-1, USN-3507-1, USN-3507-2, USN-3509-1, USN-3509-2, USN-3509-3, USN-3509-4, USN-3754-1, VIGILANCE-VUL-24379.

Description of the vulnerability

An attacker can force a read at an invalid address via parse_hid_report_descriptor() of the Linux kernel, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-0830 CVE-2017-0831 CVE-2017-0832

Android OS: multiple vulnerabilities of November 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Android OS.
Impacted products: Android OS.
Severity: 4/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on server, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 20.
Creation date: 07/11/2017.
Identifiers: CERTFR-2017-AVI-394, CVE-2017-0830, CVE-2017-0831, CVE-2017-0832, CVE-2017-0833, CVE-2017-0834, CVE-2017-0835, CVE-2017-0836, CVE-2017-0839, CVE-2017-0840, CVE-2017-0841, CVE-2017-0842, CVE-2017-0843, CVE-2017-11013, CVE-2017-11014, CVE-2017-11015, CVE-2017-11017, CVE-2017-11028, CVE-2017-11092, CVE-2017-6264, CVE-2017-9690, VIGILANCE-VUL-24360.

Description of the vulnerability

An attacker can use several vulnerabilities of Android OS.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-16535

Linux kernel: out-of-bounds memory reading via usb_get_bos_descriptor

Synthesis of the vulnerability

An attacker can force a read at an invalid address via usb_get_bos_descriptor() of the Linux kernel, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, Android OS, Linux, McAfee Web Gateway, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on server.
Provenance: user shell.
Creation date: 06/11/2017.
Identifiers: CERTFR-2017-AVI-424, CERTFR-2017-AVI-448, CERTFR-2017-AVI-454, CERTFR-2017-AVI-458, CERTFR-2018-AVI-014, CERTFR-2018-AVI-048, CERTFR-2018-AVI-408, CVE-2017-16535, DLA-1200-1, SB10211, SUSE-SU-2017:3210-1, SUSE-SU-2017:3249-1, SUSE-SU-2017:3265-1, SUSE-SU-2018:0040-1, SUSE-SU-2018:0171-1, USN-3485-1, USN-3485-2, USN-3485-3, USN-3507-1, USN-3507-2, USN-3754-1, VIGILANCE-VUL-24339.

Description of the vulnerability

An attacker can force a read at an invalid address via usb_get_bos_descriptor() of the Linux kernel, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Google Android Gingerbread: