| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of Kernel Linux
Linux kernel: denial of service via the bnx2x driver
Synthesis of the vulnerability
An attacker can block the netword card drived by the bnx2x module of the Linux kernel, in order to trigger a denial of service.
Impacted products: Fedora, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 12/02/2018.
Identifiers: CERTFR-2018-AVI-147, CERTFR-2018-AVI-165, CERTFR-2018-AVI-170, CERTFR-2018-AVI-196, CERTFR-2018-AVI-198, CVE-2018-1000026, FEDORA-2018-03a6606cb5, FEDORA-2018-7a62047e30, FEDORA-2018-884a105c04, openSUSE-SU-2018:0781-1, SUSE-SU-2018:0785-1, SUSE-SU-2018:0786-1, SUSE-SU-2018:0986-1, USN-3617-1, USN-3617-2, USN-3617-3, USN-3619-1, USN-3619-2, USN-3620-1, USN-3620-2, USN-3632-1, VIGILANCE-VUL-25279.
Description of the vulnerability
An attacker can block the netword card drived by the bnx2x module of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial) |
Linux kernel: information disclosure via vhci_hcd
Synthesis of the vulnerability
An attacker can get kernel addresses via the vhci_hcd driver of the Linux kernel, in order to obtain sensitive information.
Impacted products: Debian, Linux, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 01/02/2018.
Identifiers: CERTFR-2018-AVI-161, CERTFR-2018-AVI-170, CERTFR-2018-AVI-197, CERTFR-2018-AVI-206, CERTFR-2018-AVI-224, CERTFR-2018-AVI-241, CVE-2017-16911, DLA-1369-1, DSA-4187-1, SUSE-SU-2018:0834-1, SUSE-SU-2018:0848-1, SUSE-SU-2018:1080-1, SUSE-SU-2018:1172-1, SUSE-SU-2018:1309-1, USN-3619-1, USN-3619-2, VIGILANCE-VUL-25197.
Description of the vulnerability
An attacker can get kernel addresses via the vhci_hcd driver of the Linux kernel, in order to obtain sensitive information.
A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial) |
Linux kernel: adress disclosure via the boot log
Synthesis of the vulnerability
A local attacker can read the log file for kernel boot messages, in order to get kernel addresses.
Impacted products: Debian, Fedora, Linux, RHEL, Ubuntu.
Severity: 1/4.
Creation date: 29/01/2018.
Identifiers: CERTFR-2018-AVI-198, CVE-2018-5750, DLA-1349-1, DLA-1369-1, DSA-4120-1, DSA-4120-2, DSA-4179-1, DSA-4187-1, FEDORA-2018-884a105c04, FEDORA-2018-d09a73ce72, FEDORA-2018-d82b617d6c, RHSA-2018:0676-01, RHSA-2018:1062-01, USN-3631-1, USN-3631-2, VIGILANCE-VUL-25170.
Description of the vulnerability
A local attacker can read the log file for kernel boot messages, in order to get kernel addresses.
Complete Vigil@nce bulletin.... (Free trial) |
Linux kernel: NULL pointer dereference via assoc_array_apply_edit
Synthesis of the vulnerability
An attacker can force a NULL pointer to be dereferenced via assoc_array_apply_edit() of the Linux kernel, in order to trigger a denial of service.
Impacted products: Fedora, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 02/11/2017.
Identifiers: CERTFR-2017-AVI-448, CERTFR-2017-AVI-454, CERTFR-2017-AVI-458, CVE-2017-12193, FEDORA-2017-38b37120a2, FEDORA-2017-9fbb35aeda, FEDORA-2018-884a105c04, openSUSE-SU-2017:3358-1, openSUSE-SU-2017:3359-1, RHSA-2018:0151-01, SUSE-SU-2017:3210-1, SUSE-SU-2017:3249-1, SUSE-SU-2017:3398-1, SUSE-SU-2017:3410-1, USN-3507-1, USN-3507-2, USN-3509-1, USN-3509-2, USN-3509-3, USN-3509-4, VIGILANCE-VUL-24308.
Description of the vulnerability
The Noyau Linux product offers a web service.
However, it does not check if a pointer is NULL, before using it.
An attacker can therefore force a NULL pointer to be dereferenced via assoc_array_apply_edit() of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial) |
Bluetooth Drivers: multiple vulnerabilities
Synthesis of the vulnerability
Several vulnerabilities were announced in several implementations of Bluetooth drivers.
Impacted products: iOS by Apple, iPhone, Android OS, Linux, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Creation date: 12/09/2017.
Revisions dates: 13/09/2017, 13/09/2017.
Identifiers: BlueBorne, CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, CVE-2017-0785, CVE-2017-1000250, CVE-2017-1000251, CVE-2017-8628, VIGILANCE-VUL-23818, VU#240311.
Description of the vulnerability
Several vulnerabilities were announced in several implementations of Bluetooth drivers:
- Android : Information Leak Vulnerability (CVE-2017-0785) - VIGILANCE-VUL-23741
- Android : Remote Code Execution Vulnerability #1 (CVE-2017-0781) - VIGILANCE-VUL-23741
- Android : Remote Code Execution vulnerability #2 (CVE-2017-0782) - VIGILANCE-VUL-23741
- Android : Man in The Middle attack (CVE-2017-0783) - VIGILANCE-VUL-23741
- Windows : Man in The Middle attack (CVE-2017-8628) - VIGILANCE-VUL-23826
- Linux : BlueZ Information leak vulnerability (CVE-2017-1000250) - VIGILANCE-VUL-23829
- Linux : Kernel > 3.3 Stack overflow (CVE-2017-1000251) - VIGILANCE-VUL-23830
- iOS : Remote code execution via Low Energy Audio Protocol (CVE-2017-14315) - mitigated by iOS 10
This bulletin serves as a cap because all these vulnerabilities have been grouped under the name "BlueBorne". Individual bulletins are referenced at the end of each line.
Complete Vigil@nce bulletin.... (Free trial) |
Linux kernel: buffer overflow via brcmf_cfg80211_mgmt_tx
Synthesis of the vulnerability
An attacker can generate a buffer overflow via brcmf_cfg80211_mgmt_tx() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Android OS, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 24/07/2017.
Identifiers: CERTFR-2017-AVI-275, CERTFR-2017-AVI-277, CERTFR-2017-AVI-293, CERTFR-2017-AVI-307, CERTFR-2017-AVI-375, CERTFR-2017-AVI-383, CERTFR-2017-AVI-390, CERTFR-2017-AVI-400, CVE-2017-7541, DSA-3927-1, FEDORA-2017-39b5facda0, FEDORA-2017-544eef948f, openSUSE-SU-2017:2110-1, openSUSE-SU-2017:2112-1, RHSA-2017:2863-01, RHSA-2017:2918-01, RHSA-2017:2930-01, RHSA-2017:2931-01, SUSE-SU-2017:2286-1, SUSE-SU-2017:2869-1, SUSE-SU-2017:2908-1, SUSE-SU-2017:2920-1, SUSE-SU-2017:2956-1, USN-3405-1, USN-3405-2, USN-3419-1, USN-3419-2, USN-3422-1, USN-3422-2, VIGILANCE-VUL-23338.
Description of the vulnerability
An attacker can generate a buffer overflow via brcmf_cfg80211_mgmt_tx() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial) |
Linux kernel: memory corruption via double fetches
Synthesis of the vulnerability
An attacker can generate a memory corruption via a change in pointers between 2 reads by the audio drivers of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Linux, Ubuntu.
Severity: 1/4.
Creation date: 29/06/2017.
Identifiers: 196133, 196135, CERTFR-2017-AVI-384, CVE-2017-9985, CVE-2017-9986, USN-3469-1, USN-3469-2, VIGILANCE-VUL-23102.
Description of the vulnerability
An attacker can generate a memory corruption via a change in pointers between 2 reads by the audio drivers of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial) |
Linux kernel: information disclosure via snd_timer_user_read
Synthesis of the vulnerability
A local attacker can read a memory fragment via snd_timer_user_read() of the Linux kernel, in order to get sensitive information.
Impacted products: Debian, Android OS, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, WindRiver Linux.
Severity: 1/4.
Creation date: 13/06/2017.
Identifiers: CERTFR-2017-AVI-217, CERTFR-2017-AVI-233, CERTFR-2017-AVI-282, CERTFR-2017-AVI-288, CERTFR-2017-AVI-311, CERTFR-2017-AVI-383, CERTFR-2017-AVI-390, CERTFR-2017-AVI-440, CVE-2017-1000380, DLA-1099-1, DSA-3981-1, openSUSE-SU-2017:1633-1, openSUSE-SU-2017:1685-1, RHSA-2017:3295-01, RHSA-2017:3315-01, RHSA-2017:3322-01, SUSE-SU-2017:1853-1, SUSE-SU-2017:1990-1, SUSE-SU-2017:2342-1, SUSE-SU-2017:2389-1, SUSE-SU-2017:2525-1, SUSE-SU-2017:2908-1, SUSE-SU-2017:2920-1, USN-3358-1, USN-3359-1, USN-3360-1, USN-3360-2, USN-3364-1, USN-3364-2, USN-3364-3, USN-3371-1, VIGILANCE-VUL-22954.
Description of the vulnerability
In the Linux kernel, the ALSA subsystem manages sound devices.
However, the function snd_timer_user_read does not initialize a memory area before returning it to the user in an ioctl call.
A local attacker can therefore read a memory fragment via snd_timer_user_read() of the Linux kernel, in order to get sensitive information.
Complete Vigil@nce bulletin.... (Free trial) |
Linux kernel: use after free in the usb-audio driver
Synthesis of the vulnerability
An attacker can force a double free in the usb-audio driver of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Linux, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 15/02/2016.
Revision date: 15/05/2017.
Identifiers: CERTFR-2016-AVI-082, CERTFR-2016-AVI-099, CERTFR-2016-AVI-103, CERTFR-2016-AVI-110, CVE-2016-2384, DSA-3503-1, FEDORA-2016-7e12ae5359, FEDORA-2016-9fbe2c258b, FEDORA-2016-e7162262b0, openSUSE-SU-2016:1008-1, openSUSE-SU-2016:2144-1, openSUSE-SU-2016:2649-1, RHSA-2016:2574-02, RHSA-2016:2584-02, RHSA-2017:0817-01, SUSE-SU-2016:0785-1, SUSE-SU-2016:0911-1, SUSE-SU-2016:1019-1, SUSE-SU-2016:1102-1, SUSE-SU-2016:1203-1, SUSE-SU-2016:1764-1, SUSE-SU-2016:2074-1, USN-2928-1, USN-2928-2, USN-2929-1, USN-2929-2, USN-2930-1, USN-2930-2, USN-2930-3, USN-2931-1, USN-2932-1, VIGILANCE-VUL-18941.
Description of the vulnerability
The Linux kernel includes a generic device driver for devices that comply with the MIDI interface.
However, in case of error, the function snd_usbmidi_create() frees an objet describing the MIDI interface, although this freeing is already handled by a caller function. The net result is a double free.
An attacker can therefore force a double free in the usb-audio driver of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial) |
Linux kernel: NULL pointer dereference via the machine instruction INVEPT
Synthesis of the vulnerability
A privileged attacker, inside a guest system, can force a NULL pointer to be dereferenced by the Linux host kernel via the machine instruction INVEPT, in order to trigger a denial of service against the host system.
Impacted products: Linux, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Creation date: 25/04/2017.
Identifiers: CERTFR-2017-AVI-162, CERTFR-2017-AVI-390, CVE-2017-8106, SUSE-SU-2017:1360-1, SUSE-SU-2017:2920-1, VIGILANCE-VUL-22552.
Description of the vulnerability
The KVM subsystem manages emulation of privileged machine instructions for guest systems.
It uses a data structure to manage VMX contexts. However, the function handle_invept() does not check whether a pointer field is NULL in this structure before using it.
A privileged attacker, inside a guest system, can therefore force a NULL pointer to be dereferenced by the Linux host kernel via the machine instruction INVEPT, in order to trigger a denial of service against the host system.
Complete Vigil@nce bulletin.... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about Kernel Linux:
|