The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Kernel Linux

computer vulnerability bulletin CVE-2017-12193

Linux kernel: NULL pointer dereference via assoc_array_apply_edit

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via assoc_array_apply_edit() of the Linux kernel, in order to trigger a denial of service.
Impacted products: Fedora, Linux, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 02/11/2017.
Identifiers: CERTFR-2017-AVI-448, CERTFR-2017-AVI-454, CERTFR-2017-AVI-458, CVE-2017-12193, FEDORA-2017-38b37120a2, FEDORA-2017-9fbb35aeda, SUSE-SU-2017:3210-1, SUSE-SU-2017:3249-1, USN-3507-1, USN-3507-2, USN-3509-1, USN-3509-2, VIGILANCE-VUL-24308.

Description of the vulnerability

The Noyau Linux product offers a web service.

However, it does not check if a pointer is NULL, before using it.

An attacker can therefore force a NULL pointer to be dereferenced via assoc_array_apply_edit() of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2017-0781 CVE-2017-0782 CVE-2017-0783

Bluetooth Drivers: multiple vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities were announced in several implementations of Bluetooth drivers.
Impacted products: iOS by Apple, iPhone, Android OS, Linux, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive, WindRiver Linux.
Severity: 2/4.
Creation date: 12/09/2017.
Revisions dates: 13/09/2017, 13/09/2017.
Identifiers: BlueBorne, CERTFR-2017-AVI-400, CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, CVE-2017-0785, CVE-2017-1000250, CVE-2017-1000251, CVE-2017-8628, SUSE-SU-2017:2956-1, VIGILANCE-VUL-23818, VU#240311.

Description of the vulnerability

Several vulnerabilities were announced in several implementations of Bluetooth drivers:
 - Android : Information Leak Vulnerability (CVE-2017-0785) - VIGILANCE-VUL-23741
 - Android : Remote Code Execution Vulnerability #1 (CVE-2017-0781) - VIGILANCE-VUL-23741
 - Android : Remote Code Execution vulnerability #2 (CVE-2017-0782) - VIGILANCE-VUL-23741
 - Android : Man in The Middle attack (CVE-2017-0783) - VIGILANCE-VUL-23741
 - Windows : Man in The Middle attack (CVE-2017-8628) - VIGILANCE-VUL-23826
 - Linux : BlueZ Information leak vulnerability (CVE-2017-1000250) - VIGILANCE-VUL-23829
 - Linux : Kernel > 3.3 Stack overflow (CVE-2017-1000251) - VIGILANCE-VUL-23830
 - iOS : Remote code execution via Low Energy Audio Protocol (CVE-2017-14315) - mitigated by iOS 10

This bulletin serves as a cap because all these vulnerabilities have been grouped under the name "BlueBorne". Individual bulletins are referenced at the end of each line.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2017-7541

Linux kernel: buffer overflow via brcmf_cfg80211_mgmt_tx

Synthesis of the vulnerability

An attacker can generate a buffer overflow via brcmf_cfg80211_mgmt_tx() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Android OS, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 24/07/2017.
Identifiers: CERTFR-2017-AVI-275, CERTFR-2017-AVI-277, CERTFR-2017-AVI-293, CERTFR-2017-AVI-307, CERTFR-2017-AVI-375, CERTFR-2017-AVI-383, CERTFR-2017-AVI-390, CERTFR-2017-AVI-400, CVE-2017-7541, DSA-3927-1, FEDORA-2017-39b5facda0, FEDORA-2017-544eef948f, openSUSE-SU-2017:2110-1, openSUSE-SU-2017:2112-1, RHSA-2017:2863-01, RHSA-2017:2918-01, RHSA-2017:2930-01, RHSA-2017:2931-01, SUSE-SU-2017:2286-1, SUSE-SU-2017:2869-1, SUSE-SU-2017:2908-1, SUSE-SU-2017:2920-1, SUSE-SU-2017:2956-1, USN-3405-1, USN-3405-2, USN-3419-1, USN-3419-2, USN-3422-1, USN-3422-2, VIGILANCE-VUL-23338.

Description of the vulnerability

An attacker can generate a buffer overflow via brcmf_cfg80211_mgmt_tx() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.

A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2017-9985 CVE-2017-9986

Linux kernel: memory corruption via double fetches

Synthesis of the vulnerability

An attacker can generate a memory corruption via a change in pointers between 2 reads by the audio drivers of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Linux, Ubuntu.
Severity: 1/4.
Creation date: 29/06/2017.
Identifiers: 196133, 196135, CERTFR-2017-AVI-384, CVE-2017-9985, CVE-2017-9986, USN-3469-1, USN-3469-2, VIGILANCE-VUL-23102.

Description of the vulnerability

An attacker can generate a memory corruption via a change in pointers between 2 reads by the audio drivers of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2017-1000380

Linux kernel: information disclosure via snd_timer_user_read

Synthesis of the vulnerability

A local attacker can read a memory fragment via snd_timer_user_read() of the Linux kernel, in order to get sensitive information.
Impacted products: Debian, Android OS, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, WindRiver Linux.
Severity: 1/4.
Creation date: 13/06/2017.
Identifiers: CERTFR-2017-AVI-217, CERTFR-2017-AVI-233, CERTFR-2017-AVI-282, CERTFR-2017-AVI-288, CERTFR-2017-AVI-311, CERTFR-2017-AVI-383, CERTFR-2017-AVI-390, CERTFR-2017-AVI-440, CVE-2017-1000380, DLA-1099-1, DSA-3981-1, openSUSE-SU-2017:1633-1, openSUSE-SU-2017:1685-1, RHSA-2017:3295-01, RHSA-2017:3315-01, RHSA-2017:3322-01, SUSE-SU-2017:1853-1, SUSE-SU-2017:1990-1, SUSE-SU-2017:2342-1, SUSE-SU-2017:2389-1, SUSE-SU-2017:2525-1, SUSE-SU-2017:2908-1, SUSE-SU-2017:2920-1, USN-3358-1, USN-3359-1, USN-3360-1, USN-3360-2, USN-3364-1, USN-3364-2, USN-3364-3, USN-3371-1, VIGILANCE-VUL-22954.

Description of the vulnerability

In the Linux kernel, the ALSA subsystem manages sound devices.

However, the function snd_timer_user_read does not initialize a memory area before returning it to the user in an ioctl call.

A local attacker can therefore read a memory fragment via snd_timer_user_read() of the Linux kernel, in order to get sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2016-2384

Linux kernel: use after free in the usb-audio driver

Synthesis of the vulnerability

An attacker can force a double free in the usb-audio driver of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Linux, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 15/02/2016.
Revision date: 15/05/2017.
Identifiers: CERTFR-2016-AVI-082, CERTFR-2016-AVI-099, CERTFR-2016-AVI-103, CERTFR-2016-AVI-110, CVE-2016-2384, DSA-3503-1, FEDORA-2016-7e12ae5359, FEDORA-2016-9fbe2c258b, FEDORA-2016-e7162262b0, openSUSE-SU-2016:1008-1, openSUSE-SU-2016:2144-1, openSUSE-SU-2016:2649-1, RHSA-2016:2574-02, RHSA-2016:2584-02, RHSA-2017:0817-01, SUSE-SU-2016:0785-1, SUSE-SU-2016:0911-1, SUSE-SU-2016:1019-1, SUSE-SU-2016:1102-1, SUSE-SU-2016:1203-1, SUSE-SU-2016:1764-1, SUSE-SU-2016:2074-1, USN-2928-1, USN-2928-2, USN-2929-1, USN-2929-2, USN-2930-1, USN-2930-2, USN-2930-3, USN-2931-1, USN-2932-1, VIGILANCE-VUL-18941.

Description of the vulnerability

The Linux kernel includes a generic device driver for devices that comply with the MIDI interface.

However, in case of error, the function snd_usbmidi_create() frees an objet describing the MIDI interface, although this freeing is already handled by a caller function. The net result is a double free.

An attacker can therefore force a double free in the usb-audio driver of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2017-8106

Linux kernel: NULL pointer dereference via the machine instruction INVEPT

Synthesis of the vulnerability

A privileged attacker, inside a guest system, can force a NULL pointer to be dereferenced by the Linux host kernel via the machine instruction INVEPT, in order to trigger a denial of service against the host system.
Impacted products: Linux, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Creation date: 25/04/2017.
Identifiers: CERTFR-2017-AVI-162, CERTFR-2017-AVI-390, CVE-2017-8106, SUSE-SU-2017:1360-1, SUSE-SU-2017:2920-1, VIGILANCE-VUL-22552.

Description of the vulnerability

The KVM subsystem manages emulation of privileged machine instructions for guest systems.

It uses a data structure to manage VMX contexts. However, the function handle_invept() does not check whether a pointer field is NULL in this structure before using it.

A privileged attacker, inside a guest system, can therefore force a NULL pointer to be dereferenced by the Linux host kernel via the machine instruction INVEPT, in order to trigger a denial of service against the host system.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2017-7346

Linux kernel: denial of service via the module drm/vmwgfx

Synthesis of the vulnerability

A local attacker can use an ioctl system call to the video device driver vmwgfx of the Linux kernel, in order to make the kernel loop.
Impacted products: Debian, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 31/03/2017.
Identifiers: 1437431, CERTFR-2017-AVI-217, CERTFR-2017-AVI-233, CVE-2017-7346, DSA-3927-1, openSUSE-SU-2017:1633-1, openSUSE-SU-2017:1685-1, SUSE-SU-2017:1853-1, SUSE-SU-2017:1990-1, USN-3358-1, USN-3359-1, USN-3360-1, USN-3360-2, USN-3364-1, USN-3364-2, USN-3364-3, USN-3371-1, VIGILANCE-VUL-22298.

Description of the vulnerability

The Linux kernel includes a video driver vmwgfx for guests systems running under VMware ESX.

The vulnerabilities described in VIGILANCE-VUL-22260 and VIGILANCE-VUL-22282 have not been fully fixed. After these 2 patches, an attacker can still trigger a very long loop.

A local attacker can therefore use an ioctl system call to the video device driver vmwgfx of the Linux kernel, in order to make the kernel loop.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2017-7294

Linux kernel: buffer overflow via vmw_surface_define_ioctl

Synthesis of the vulnerability

An attacker can generate a buffer overflow via vmw_surface_define_ioctl() on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 29/03/2017.
Identifiers: CERTFR-2017-AVI-141, CERTFR-2017-AVI-158, CERTFR-2017-AVI-162, CERTFR-2017-AVI-185, CERTFR-2017-AVI-196, CERTFR-2017-AVI-282, CERTFR-2017-AVI-311, CVE-2017-7294, DLA-922-1, openSUSE-SU-2017:1140-1, openSUSE-SU-2017:1215-1, SUSE-SU-2017:1183-1, SUSE-SU-2017:1247-1, SUSE-SU-2017:1301-1, SUSE-SU-2017:1360-1, SUSE-SU-2017:1990-1, SUSE-SU-2017:2342-1, SUSE-SU-2017:2525-1, USN-3291-1, USN-3291-2, USN-3291-3, USN-3293-1, USN-3335-1, USN-3342-1, USN-3342-2, USN-3343-1, USN-3343-2, VIGILANCE-VUL-22282.

Description of the vulnerability

The Linux kernel product includes a video driver vmwgfx for guests systems running under VMware ESX.

However, if the size of data is greater than the size of the storage array, an overflow occurs in vmw_surface_define_ioctl(). This vulnerability relates to the same C routine and functionality than the vulnerability described in VIGILANCE-VUL-22260. See also VIGILANCE-VUL-22298.

An attacker can therefore generate a buffer overflow via vmw_surface_define_ioctl() on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2017-7261

Linux kernel: denial of service via the module drm/vmwgfx

Synthesis of the vulnerability

A local attacker can use an ioctl system call to the video device driver vmwgfx of the Linux kernel, in order to make the kernel panic.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 27/03/2017.
Identifiers: 1435719, CERTFR-2017-AVI-141, CERTFR-2017-AVI-158, CERTFR-2017-AVI-162, CERTFR-2017-AVI-275, CERTFR-2017-AVI-282, CERTFR-2017-AVI-311, CVE-2017-7261, DLA-922-1, FEDORA-2017-02174df32f, FEDORA-2017-93dec9eba5, K63771715, openSUSE-SU-2017:1140-1, openSUSE-SU-2017:1215-1, SUSE-SU-2017:1183-1, SUSE-SU-2017:1247-1, SUSE-SU-2017:1301-1, SUSE-SU-2017:1360-1, SUSE-SU-2017:1990-1, SUSE-SU-2017:2342-1, SUSE-SU-2017:2525-1, USN-3291-1, USN-3291-2, USN-3291-3, USN-3293-1, USN-3361-1, USN-3406-1, USN-3406-2, VIGILANCE-VUL-22260.

Description of the vulnerability

The Linux kernel includes a video driver vmwgfx for guests systems running under VMware ESX.

This driver defines a device "/dev/dri/renderD128" which accepts ioctl system calls. However, the routine vmw_surface_define_ioctl() that implements ioctl calls does not rightly check its argument "num_sizes". A null value leads to a bad memory allocation, then to an invalid pointer dereference and a fatal exception. See also VIGILANCE-VUL-22282 et VIGILANCE-VUL-22298.

A local attacker can therefore use an ioctl system call to the video device driver vmwgfx of the Linux kernel, in order to make the kernel panic.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Kernel Linux: