The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Linux kernel

vulnerability alert CVE-2014-9717

Linux kernel: read-write access via MNT_DETACH umount2

Synthesis of the vulnerability

An attacker can bypass access restrictions via MNT_DETACH umount2 on the Linux kernel, in order to read or alter data.
Impacted products: Linux, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: user shell.
Creation date: 19/08/2016.
Identifiers: CVE-2014-9717, SUSE-SU-2016:1690-1, SUSE-SU-2016:1696-1, SUSE-SU-2016:1937-1, VIGILANCE-VUL-20441.

Description of the vulnerability

An attacker can bypass access restrictions via MNT_DETACH umount2 on the Linux kernel, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2014-9904

Linux kernel: integer overflow via snd_compress_check_input

Synthesis of the vulnerability

An attacker can generate an integer overflow via snd_compress_check_input() on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Linux, openSUSE, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Creation date: 19/08/2016.
Identifiers: CERTFR-2016-AVI-378, CERTFR-2017-AVI-053, CVE-2014-9904, DSA-3616-1, openSUSE-SU-2016:2144-1, openSUSE-SU-2016:2184-1, SUSE-SU-2016:1937-1, SUSE-SU-2016:2105-1, SUSE-SU-2017:0471-1, USN-3127-1, USN-3127-2, VIGILANCE-VUL-20440.

Description of the vulnerability

An attacker can generate an integer overflow via snd_compress_check_input() on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-6327

Linux kernel: NULL pointer dereference via srpt_handle_tsk_mgmt

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via srpt_handle_tsk_mgmt of the Linux kernel, in order to trigger a denial of service.
Impacted products: Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 19/08/2016.
Identifiers: CERTFR-2017-AVI-001, CERTFR-2017-AVI-053, CVE-2016-6327, openSUSE-SU-2016:2625-1, openSUSE-SU-2016:3021-1, RHSA-2016:2574-02, RHSA-2016:2584-02, SUSE-SU-2016:2912-1, SUSE-SU-2016:3304-1, SUSE-SU-2017:0471-1, VIGILANCE-VUL-20433.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via srpt_handle_tsk_mgmt of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability 20430

Linux kernel: NULL pointer dereference via USB wMaxPacketSize

Synthesis of the vulnerability

An attacker can plug a malicious USB device, to force a NULL pointer to be dereferenced via wMaxPacketSize on the Linux kernel, in order to trigger a denial of service.
Impacted products: Linux.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: physical access.
Creation date: 19/08/2016.
Identifiers: VIGILANCE-VUL-20430.

Description of the vulnerability

The Linux kernel implements the support of USB devices in drivers/usb/core/config.c.

However, when an USB device is plugged with a wMaxPacketSize too large, an initialization error occurs, and a NULL pointer is used when the device is unplugged.

An attacker can therefore plug a malicious USB device, to force a NULL pointer to be dereferenced via wMaxPacketSize on the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-3857

Linux kernel: privilege escalation via ARM CONFIG_OABI_COMPAT

Synthesis of the vulnerability

A local attacker can use sys_oabi_epoll_wait() or sys_oabi_semtimedop() on a Linux kernel for ARM, in order to escalate his privileges.
Impacted products: Debian, Linux, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 17/08/2016.
Identifiers: CERTFR-2016-AVI-315, CVE-2016-3857, DLA-609-1, USN-3082-1, USN-3082-2, VIGILANCE-VUL-20403.

Description of the vulnerability

The Linux kernel can be installed on an ARM processor, with the CONFIG_OABI_COMPAT option compiled.

However, the sys_oabi_epoll_wait() and sys_oabi_semtimedop() functions do not check access privileges.

A local attacker can therefore use sys_oabi_epoll_wait() or sys_oabi_semtimedop() on a Linux kernel for ARM, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-6162

Linux kernel: assertion error via skbuff.c

Synthesis of the vulnerability

An attacker can force an assertion error via skbuff.c on the Linux kernel, in order to trigger a denial of service.
Impacted products: Linux.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 16/08/2016.
Identifiers: CVE-2016-6162, VIGILANCE-VUL-20385.

Description of the vulnerability

An attacker can force an assertion error via skbuff.c on the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-6828

Linux kernel: use after free via tcp_xmit_retransmit_queue

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via tcp_xmit_retransmit_queue() on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, Android OS, Linux, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Creation date: 16/08/2016.
Identifiers: CERTFR-2016-AVI-334, CERTFR-2017-AVI-001, CERTFR-2017-AVI-034, CERTFR-2017-AVI-053, CERTFR-2017-AVI-054, CVE-2016-6828, DLA-609-1, DSA-3659-1, FEDORA-2016-5e24d8c350, FEDORA-2016-723350dd75, FEDORA-2016-f1adaaadc6, K62442245, openSUSE-SU-2016:2290-1, openSUSE-SU-2016:2625-1, openSUSE-SU-2016:3021-1, RHSA-2017:0036-01, RHSA-2017:0086-01, RHSA-2017:0091-01, RHSA-2017:0113-01, SUSE-SU-2016:2912-1, SUSE-SU-2016:2976-1, SUSE-SU-2016:3069-1, SUSE-SU-2016:3304-1, SUSE-SU-2017:0333-1, SUSE-SU-2017:0471-1, SUSE-SU-2017:0494-1, USN-3097-1, USN-3097-2, USN-3098-1, USN-3098-2, USN-3099-1, USN-3099-2, USN-3099-3, USN-3099-4, VIGILANCE-VUL-20384.

Description of the vulnerability

The Linux kernel manages a TCP sending queue.

However, special system call sequence forces the tcp_xmit_retransmit_queue() function to free a memory area before reusing it.

An attacker can therefore force the usage of a freed memory area via tcp_xmit_retransmit_queue() on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-6136

Linux kernel: memory corruption via audit_log_single_execve_arg

Synthesis of the vulnerability

An attacker can generate a memory corruption via audit_log_single_execve_arg() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, Android OS, Linux, RHEL, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Creation date: 09/08/2016.
Identifiers: 120681, 1353533, CERTFR-2016-AVI-315, CERTFR-2016-AVI-334, CVE-2016-6136, DLA-609-1, DSA-3659-1, FEDORA-2016-30e3636e79, FEDORA-2016-754e4768d8, K90803619, RHSA-2016:2574-02, RHSA-2016:2584-02, RHSA-2017:0307-01, USN-3084-1, USN-3084-2, USN-3084-3, USN-3084-4, USN-3097-1, USN-3097-2, USN-3098-1, USN-3098-2, VIGILANCE-VUL-20336.

Description of the vulnerability

The Linux kernel implements audit features.

The audit_log_single_execve_arg() function of the auditsc.c file checks its parameters obtained via copy_from_user(). However, this function then reuses the value from the user space area, which may have been modified after the check.

An attacker can therefore generate a memory corruption via audit_log_single_execve_arg() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-6187

Linux kernel: privilege escalation via apparmor_setprocattr

Synthesis of the vulnerability

A local attacker can generate a memory corruption via apparmor_setprocattr() on the Linux kernel, in order to escalate his privileges.
Impacted products: Linux.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server.
Provenance: user shell.
Creation date: 08/08/2016.
Identifiers: 1354383, CVE-2016-6187, VIGILANCE-VUL-20332.

Description of the vulnerability

The AppAmor module can be installed on the Linux kernel.

The proc_pid_attr_write() function uses memdup_user for memory management, so the array containing parameters of the apparmor_setprocattr() function can exceed the current memory page. This function writes a '\0' character at the end of the array if it is not present. However, the position of this character is not sufficiently checked, which may allow to write in a bad memory area.

A local attacker can therefore generate a memory corruption via apparmor_setprocattr() on the Linux kernel, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-6480

Linux kernel: memory corruption via ioctl_send_fib

Synthesis of the vulnerability

A local attacker can generate a memory corruption via ioctl_send_fib() on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Linux, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Creation date: 02/08/2016.
Identifiers: 116751, CERTFR-2016-AVI-334, CERTFR-2017-AVI-001, CERTFR-2017-AVI-034, CERTFR-2017-AVI-053, CVE-2016-6480, DLA-609-1, DSA-3659-1, FEDORA-2016-f1adaaadc6, openSUSE-SU-2016:2290-1, openSUSE-SU-2016:2625-1, openSUSE-SU-2016:3021-1, RHSA-2016:2574-02, RHSA-2016:2584-02, RHSA-2017:0817-01, SUSE-SU-2016:2245-1, SUSE-SU-2016:2912-1, SUSE-SU-2016:2976-1, SUSE-SU-2016:3069-1, SUSE-SU-2016:3304-1, SUSE-SU-2017:0333-1, SUSE-SU-2017:0471-1, USN-3097-1, USN-3097-2, USN-3098-1, USN-3098-2, USN-3099-1, USN-3099-2, USN-3099-3, USN-3099-4, VIGILANCE-VUL-20283.

Description of the vulnerability

The Linux kernel implements the FSACTL_SENDFIB command of the ioctl to contril the Adaptec AAC driver.

The ioctl_send_fib() function of the drivers/scsi/aacraid/commctrl.c file checks the "arg" parameter. However, this function then reuses the value from the user space area, which may have been modified after the check.

A local attacker can therefore generate a memory corruption via ioctl_send_fib() on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Linux kernel: