The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Kernel Linux

computer vulnerability bulletin CVE-2017-7541

Linux kernel: buffer overflow via brcmf_cfg80211_mgmt_tx

Synthesis of the vulnerability

An attacker can generate a buffer overflow via brcmf_cfg80211_mgmt_tx() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 24/07/2017.
Identifiers: CERTFR-2017-AVI-275, CERTFR-2017-AVI-277, CERTFR-2017-AVI-293, CERTFR-2017-AVI-307, CVE-2017-7541, DSA-3927-1, FEDORA-2017-39b5facda0, FEDORA-2017-544eef948f, openSUSE-SU-2017:2110-1, openSUSE-SU-2017:2112-1, RHSA-2017:2863-01, SUSE-SU-2017:2286-1, USN-3405-1, USN-3405-2, USN-3419-1, USN-3419-2, USN-3422-1, USN-3422-2, VIGILANCE-VUL-23338.

Description of the vulnerability

An attacker can generate a buffer overflow via brcmf_cfg80211_mgmt_tx() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.

A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2017-9985 CVE-2017-9986

Linux kernel: memory corruption via double fetches

Synthesis of the vulnerability

An attacker can generate a memory corruption via a change in pointers between 2 reads by the audio drivers of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Linux.
Severity: 1/4.
Creation date: 29/06/2017.
Identifiers: 196133, 196135, CVE-2017-9985, CVE-2017-9986, VIGILANCE-VUL-23102.

Description of the vulnerability

An attacker can generate a memory corruption via a change in pointers between 2 reads by the audio drivers of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2017-1000380

Linux kernel: information disclosure via snd_timer_user_read

Synthesis of the vulnerability

A local attacker can read a memory fragment via snd_timer_user_read() of the Linux kernel, in order to get sensitive information.
Impacted products: Debian, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu, WindRiver Linux.
Severity: 1/4.
Creation date: 13/06/2017.
Identifiers: CERTFR-2017-AVI-217, CERTFR-2017-AVI-233, CERTFR-2017-AVI-282, CERTFR-2017-AVI-288, CERTFR-2017-AVI-311, CVE-2017-1000380, DLA-1099-1, DSA-3981-1, openSUSE-SU-2017:1633-1, openSUSE-SU-2017:1685-1, SUSE-SU-2017:1853-1, SUSE-SU-2017:1990-1, SUSE-SU-2017:2342-1, SUSE-SU-2017:2389-1, SUSE-SU-2017:2525-1, USN-3358-1, USN-3359-1, USN-3360-1, USN-3360-2, USN-3364-1, USN-3364-2, USN-3364-3, USN-3371-1, VIGILANCE-VUL-22954.

Description of the vulnerability

In the Linux kernel, the ALSA subsystem manages sound devices.

However, the function snd_timer_user_read does not initialize a memory area before returning it to the user in an ioctl call.

A local attacker can therefore read a memory fragment via snd_timer_user_read() of the Linux kernel, in order to get sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2016-2384

Linux kernel: use after free in the usb-audio driver

Synthesis of the vulnerability

An attacker can force a double free in the usb-audio driver of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Linux, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 15/02/2016.
Revision date: 15/05/2017.
Identifiers: CERTFR-2016-AVI-082, CERTFR-2016-AVI-099, CERTFR-2016-AVI-103, CERTFR-2016-AVI-110, CVE-2016-2384, DSA-3503-1, FEDORA-2016-7e12ae5359, FEDORA-2016-9fbe2c258b, FEDORA-2016-e7162262b0, openSUSE-SU-2016:1008-1, openSUSE-SU-2016:2144-1, openSUSE-SU-2016:2649-1, RHSA-2016:2574-02, RHSA-2016:2584-02, RHSA-2017:0817-01, SUSE-SU-2016:0785-1, SUSE-SU-2016:0911-1, SUSE-SU-2016:1019-1, SUSE-SU-2016:1102-1, SUSE-SU-2016:1203-1, SUSE-SU-2016:1764-1, SUSE-SU-2016:2074-1, USN-2928-1, USN-2928-2, USN-2929-1, USN-2929-2, USN-2930-1, USN-2930-2, USN-2930-3, USN-2931-1, USN-2932-1, VIGILANCE-VUL-18941.

Description of the vulnerability

The Linux kernel includes a generic device driver for devices that comply with the MIDI interface.

However, in case of error, the function snd_usbmidi_create() frees an objet describing the MIDI interface, although this freeing is already handled by a caller function. The net result is a double free.

An attacker can therefore force a double free in the usb-audio driver of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2017-8106

Linux kernel: NULL pointer dereference via the machine instruction INVEPT

Synthesis of the vulnerability

A privileged attacker, inside a guest system, can force a NULL pointer to be dereferenced by the Linux host kernel via the machine instruction INVEPT, in order to trigger a denial of service against the host system.
Impacted products: Linux, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Creation date: 25/04/2017.
Identifiers: CERTFR-2017-AVI-162, CVE-2017-8106, SUSE-SU-2017:1360-1, VIGILANCE-VUL-22552.

Description of the vulnerability

The KVM subsystem manages emulation of privileged machine instructions for guest systems.

It uses a data structure to manage VMX contexts. However, the function handle_invept() does not check whether a pointer field is NULL in this structure before using it.

A privileged attacker, inside a guest system, can therefore force a NULL pointer to be dereferenced by the Linux host kernel via the machine instruction INVEPT, in order to trigger a denial of service against the host system.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2017-7346

Linux kernel: denial of service via the module drm/vmwgfx

Synthesis of the vulnerability

A local attacker can use an ioctl system call to the video device driver vmwgfx of the Linux kernel, in order to make the kernel loop.
Impacted products: Debian, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 31/03/2017.
Identifiers: 1437431, CERTFR-2017-AVI-217, CERTFR-2017-AVI-233, CVE-2017-7346, DSA-3927-1, openSUSE-SU-2017:1633-1, openSUSE-SU-2017:1685-1, SUSE-SU-2017:1853-1, SUSE-SU-2017:1990-1, USN-3358-1, USN-3359-1, USN-3360-1, USN-3360-2, USN-3364-1, USN-3364-2, USN-3364-3, USN-3371-1, VIGILANCE-VUL-22298.

Description of the vulnerability

The Linux kernel includes a video driver vmwgfx for guests systems running under VMware ESX.

The vulnerabilities described in VIGILANCE-VUL-22260 and VIGILANCE-VUL-22282 have not been fully fixed. After these 2 patches, an attacker can still trigger a very long loop.

A local attacker can therefore use an ioctl system call to the video device driver vmwgfx of the Linux kernel, in order to make the kernel loop.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2017-7294

Linux kernel: buffer overflow via vmw_surface_define_ioctl

Synthesis of the vulnerability

An attacker can generate a buffer overflow via vmw_surface_define_ioctl() on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 29/03/2017.
Identifiers: CERTFR-2017-AVI-141, CERTFR-2017-AVI-158, CERTFR-2017-AVI-162, CERTFR-2017-AVI-185, CERTFR-2017-AVI-196, CERTFR-2017-AVI-282, CERTFR-2017-AVI-311, CVE-2017-7294, DLA-922-1, openSUSE-SU-2017:1140-1, openSUSE-SU-2017:1215-1, SUSE-SU-2017:1183-1, SUSE-SU-2017:1247-1, SUSE-SU-2017:1301-1, SUSE-SU-2017:1360-1, SUSE-SU-2017:1990-1, SUSE-SU-2017:2342-1, SUSE-SU-2017:2525-1, USN-3291-1, USN-3291-2, USN-3291-3, USN-3293-1, USN-3335-1, USN-3342-1, USN-3342-2, USN-3343-1, USN-3343-2, VIGILANCE-VUL-22282.

Description of the vulnerability

The Linux kernel product includes a video driver vmwgfx for guests systems running under VMware ESX.

However, if the size of data is greater than the size of the storage array, an overflow occurs in vmw_surface_define_ioctl(). This vulnerability relates to the same C routine and functionality than the vulnerability described in VIGILANCE-VUL-22260. See also VIGILANCE-VUL-22298.

An attacker can therefore generate a buffer overflow via vmw_surface_define_ioctl() on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2017-7261

Linux kernel: denial of service via the module drm/vmwgfx

Synthesis of the vulnerability

A local attacker can use an ioctl system call to the video device driver vmwgfx of the Linux kernel, in order to make the kernel panic.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 27/03/2017.
Identifiers: 1435719, CERTFR-2017-AVI-141, CERTFR-2017-AVI-158, CERTFR-2017-AVI-162, CERTFR-2017-AVI-275, CERTFR-2017-AVI-282, CERTFR-2017-AVI-311, CVE-2017-7261, DLA-922-1, FEDORA-2017-02174df32f, FEDORA-2017-93dec9eba5, K63771715, openSUSE-SU-2017:1140-1, openSUSE-SU-2017:1215-1, SUSE-SU-2017:1183-1, SUSE-SU-2017:1247-1, SUSE-SU-2017:1301-1, SUSE-SU-2017:1360-1, SUSE-SU-2017:1990-1, SUSE-SU-2017:2342-1, SUSE-SU-2017:2525-1, USN-3291-1, USN-3291-2, USN-3291-3, USN-3293-1, USN-3361-1, USN-3406-1, USN-3406-2, VIGILANCE-VUL-22260.

Description of the vulnerability

The Linux kernel includes a video driver vmwgfx for guests systems running under VMware ESX.

This driver defines a device "/dev/dri/renderD128" which accepts ioctl system calls. However, the routine vmw_surface_define_ioctl() that implements ioctl calls does not rightly check its argument "num_sizes". A null value leads to a bad memory allocation, then to an invalid pointer dereference and a fatal exception. See also VIGILANCE-VUL-22282 et VIGILANCE-VUL-22298.

A local attacker can therefore use an ioctl system call to the video device driver vmwgfx of the Linux kernel, in order to make the kernel panic.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2017-6951

Linux kernel: NULL pointer dereference via keyring_search_aux

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via keyring_search_aux() in the Linux kernel, in order to trigger a denial of service.
Impacted products: Debian, Linux, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 17/03/2017.
Identifiers: CERTFR-2017-AVI-162, CERTFR-2017-AVI-282, CERTFR-2017-AVI-287, CERTFR-2017-AVI-288, CERTFR-2017-AVI-307, CERTFR-2017-AVI-311, CVE-2017-6951, DLA-922-1, RHSA-2017:1842-01, RHSA-2017:2077-01, RHSA-2017:2669-01, SUSE-SU-2017:1360-1, SUSE-SU-2017:2342-1, SUSE-SU-2017:2389-1, SUSE-SU-2017:2525-1, USN-3422-1, USN-3422-2, VIGILANCE-VUL-22169.

Description of the vulnerability

The Linux kernel manages cryptographic keys, notably for use in IPsec.

However, in the "request_key" system call, the function keyring_search_aux() does not check whether a pointer is NULL, before using it.

An attacker can therefore force a NULL pointer to be dereferenced via keyring_search_aux() in the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin 22038

Linux kernel: file modification via DAX gup_pte_range

Synthesis of the vulnerability

An attacker can bypass access restrictions via DAX gup_pte_range() on the Linux kernel, in order to write in a read only file.
Impacted products: Linux.
Severity: 2/4.
Creation date: 08/03/2017.
Identifiers: VIGILANCE-VUL-22038.

Description of the vulnerability

An attacker can bypass access restrictions via DAX gup_pte_range() on the Linux kernel, in order to write in a read only file.

A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Kernel Linux: