The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Linux kernel

vulnerability bulletin CVE-2016-5195

Linux kernel: privilege escalation via Copy On Write, Dirty COW

Synthesis of the vulnerability

A local attacker can generate a memory corruption via a Copy On Write on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: SNS, Cisco ATA, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Cisco Prime DCNM, Cisco CUCM, Debian, NetWorker, BIG-IP Hardware, TMOS, Fedora, Android OS, HP Operations, HP Switch, Junos Space, NSM Central Manager, NSMXpress, Linux, McAfee Email Gateway, openSUSE, openSUSE Leap, Oracle Communications, Palo Alto Firewall PA***, PAN-OS, HDX, RealPresence Resource Manager, Polycom VBP, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, data creation/edition.
Provenance: user shell.
Creation date: 20/10/2016.
Identifiers: 1384344, 494072, c05341463, CERTFR-2016-AVI-353, CERTFR-2016-AVI-356, CERTFR-2016-AVI-357, CERTFR-2016-AVI-370, CERTFR-2017-AVI-001, CERTFR-2017-AVI-012, CERTFR-2017-AVI-022, cisco-sa-20161026-linux, cpujul2018, CVE-2016-5195, Dirty COW, DLA-670-1, DSA-3696-1, ESA-2016-170, FEDORA-2016-c3558808cd, FEDORA-2016-db4b75b352, HPESBGN03742, HPSBHF03682, JSA10770, JSA10774, K10558632, openSUSE-SU-2016:2583-1, openSUSE-SU-2016:2584-1, openSUSE-SU-2016:2625-1, openSUSE-SU-2016:2649-1, PAN-SA-2017-0003, PAN-SA-2017-0013, PAN-SA-2017-0014, PAN-SA-2017-0016, RHSA-2016:2098-01, RHSA-2016:2105-01, RHSA-2016:2106-01, RHSA-2016:2110-01, RHSA-2016:2118-01, RHSA-2016:2120-01, RHSA-2016:2124-01, RHSA-2016:2126-01, RHSA-2016:2127-01, RHSA-2016:2128-01, RHSA-2016:2132-01, RHSA-2016:2133-01, RHSA-2018:0180-01, SB10177, SB10178, SSA:2016-305-01, STORM-2016-006, SUSE-SU-2016:2585-1, SUSE-SU-2016:2592-1, SUSE-SU-2016:2593-1, SUSE-SU-2016:2596-1, SUSE-SU-2016:2614-1, SUSE-SU-2016:3069-1, SUSE-SU-2016:3304-1, USN-3104-1, USN-3104-2, USN-3105-1, USN-3105-2, USN-3106-1, USN-3106-2, USN-3106-3, USN-3106-4, USN-3107-1, USN-3107-2, VIGILANCE-VUL-20923, VU#243144.

Description of the vulnerability

The Linux kernel supports the Copy On Write operation, which is used to copy memory only when it is modified.

However, a local attacker can manipulate the memory, so the COW operation writes in Read Only memory.

A local attacker can therefore generate a memory corruption via a Copy On Write on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2015-8956

Linux kernel: information disclosure via RFCOMM Bluetooth

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via RFCOMM Bluetooth of the Linux kernel, in order to obtain sensitive information.
Impacted products: Debian, Linux, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 20/10/2016.
Identifiers: CERTFR-2017-AVI-001, CERTFR-2017-AVI-034, CERTFR-2017-AVI-053, CERTFR-2017-AVI-054, CERTFR-2017-AVI-131, CVE-2015-8956, DLA-670-1, DSA-3696-1, openSUSE-SU-2016:2625-1, openSUSE-SU-2016:3021-1, openSUSE-SU-2016:3058-1, RHSA-2016:2574-02, RHSA-2016:2584-02, SUSE-SU-2016:2912-1, SUSE-SU-2016:2976-1, SUSE-SU-2016:3304-1, SUSE-SU-2017:0333-1, SUSE-SU-2017:0471-1, SUSE-SU-2017:0494-1, SUSE-SU-2017:1102-1, VIGILANCE-VUL-20922.

Description of the vulnerability

An attacker can bypass access restrictions to data via RFCOMM Bluetooth of the Linux kernel, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-8666

Linux kernel: denial of service via GRO

Synthesis of the vulnerability

An attacker can send malicious GRO packets to the Linux kernel, in order to trigger a denial of service.
Impacted products: Blue Coat CAS, Linux, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 17/10/2016.
Identifiers: CERTFR-2016-AVI-402, CERTFR-2017-AVI-016, CVE-2016-8666, openSUSE-SU-2016:2584-1, openSUSE-SU-2016:3050-1, RHSA-2017:0004-01, SA134, SUSE-SU-2016:2912-1, SUSE-SU-2017:0181-1, VIGILANCE-VUL-20882.

Description of the vulnerability

The Linux kernel can be configured with CONFIG_VLAN_8021Q or CONFIG_VXLAN, with the support of Transparent Ethernet Bridging (TEB) GRO.

However, when a malicious GRO packet is received, a large recursion error occurs.

An attacker can therefore send malicious GRO packets to the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-8658

Linux kernel: buffer overflow via brcmf_cfg80211_start_ap

Synthesis of the vulnerability

An attacker can generate a buffer overflow via brcmf_cfg80211_start_ap() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Linux, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server, denial of service on service.
Provenance: radio connection.
Creation date: 17/10/2016.
Identifiers: CERTFR-2016-AVI-393, CERTFR-2016-AVI-426, CERTFR-2017-AVI-001, CERTFR-2017-AVI-053, CVE-2016-8658, openSUSE-SU-2016:2583-1, openSUSE-SU-2016:2625-1, openSUSE-SU-2016:3021-1, SUSE-SU-2016:2912-1, SUSE-SU-2016:3304-1, SUSE-SU-2017:0471-1, USN-3145-1, USN-3145-2, USN-3146-1, USN-3146-2, USN-3161-1, USN-3161-2, USN-3161-3, USN-3161-4, VIGILANCE-VUL-20881.

Description of the vulnerability

The Linux kernel supports Broadcom devices.

However, if the size of NL80211_CMD_START_AP data is greater than the size of the storage array, an overflow occurs in the brcmf_cfg80211_start_ap() function of the drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c file.

An attacker can therefore generate a buffer overflow via brcmf_cfg80211_start_ap() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-8660

Linux kernel: denial of service via fdatasync

Synthesis of the vulnerability

An attacker can generate a fatal error via fdatasync() on the Linux kernel, in order to trigger a denial of service.
Impacted products: Linux.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 14/10/2016.
Identifiers: CVE-2016-8660, VIGILANCE-VUL-20869.

Description of the vulnerability

An attacker can generate a fatal error via fdatasync() on the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-7042

Linux kernel: buffer overflow via proc_keys_show

Synthesis of the vulnerability

An attacker can generate a buffer overflow via proc_keys_show() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Android OS, QRadar SIEM, Linux, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server.
Provenance: user shell.
Creation date: 14/10/2016.
Identifiers: 1373499, 2011746, CERTFR-2016-AVI-378, CERTFR-2016-AVI-426, CERTFR-2017-AVI-001, CERTFR-2017-AVI-016, CERTFR-2017-AVI-034, CERTFR-2017-AVI-053, CERTFR-2017-AVI-054, CERTFR-2017-AVI-131, CERTFR-2017-AVI-287, CVE-2016-7042, DLA-670-1, DSA-3696-1, openSUSE-SU-2016:3021-1, openSUSE-SU-2016:3050-1, openSUSE-SU-2016:3058-1, openSUSE-SU-2016:3061-1, RHSA-2017:0817-01, RHSA-2017:1842-01, RHSA-2017:2077-01, RHSA-2017:2669-01, SUSE-SU-2016:2912-1, SUSE-SU-2016:2976-1, SUSE-SU-2016:3304-1, SUSE-SU-2017:0181-1, SUSE-SU-2017:0333-1, SUSE-SU-2017:0471-1, SUSE-SU-2017:0494-1, SUSE-SU-2017:1102-1, USN-3126-1, USN-3126-2, USN-3127-1, USN-3127-2, USN-3128-1, USN-3128-2, USN-3128-3, USN-3129-1, USN-3129-2, USN-3161-1, USN-3161-2, USN-3161-3, USN-3161-4, VIGILANCE-VUL-20868.

Description of the vulnerability

The Linux kernel provides the /proc/keys interface to access to cryptographic keys.

However, if the size of data is greater than the size of the storage array, an overflow occurs in proc_keys_show().

An attacker can therefore generate a buffer overflow via proc_keys_show() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-7039

Linux kernel: denial of service via GRO

Synthesis of the vulnerability

An attacker can send malicious GRO packets to the Linux kernel, in order to trigger a denial of service.
Impacted products: Blue Coat CAS, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 11/10/2016.
Identifiers: CERTFR-2016-AVI-334, CERTFR-2016-AVI-402, CERTFR-2017-AVI-016, CVE-2016-7039, openSUSE-SU-2016:2583-1, RHSA-2016:2047-01, RHSA-2016:2110-01, SA134, SUSE-SU-2017:0181-1, USN-3098-1, USN-3098-2, USN-3099-1, USN-3099-2, USN-3099-3, USN-3099-4, VIGILANCE-VUL-20813.

Description of the vulnerability

The Linux kernel can be configured with CONFIG_VLAN_8021Q or CONFIG_VXLAN, with the support of Transparent Ethernet Bridging (TEB) GRO.

However, when malicious GRO packets are received, an infinite recursion error occurs.

An attacker can therefore send malicious GRO packets to the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-7117

Linux kernel: use after free via recvmmsg

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via an application using recvmmsg() on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Android OS, Linux, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server.
Provenance: internet client.
Creation date: 05/10/2016.
Identifiers: CERTFR-2016-AVI-378, CERTFR-2017-AVI-034, CERTFR-2017-AVI-054, CERTFR-2017-AVI-060, CERTFR-2017-AVI-131, CERTFR-2017-AVI-162, CERTFR-2017-AVI-282, CVE-2016-7117, DSA-3659-1, openSUSE-SU-2016:2625-1, openSUSE-SU-2017:0456-1, openSUSE-SU-2017:0458-1, RHSA-2016:2962-01, RHSA-2017:0031-01, RHSA-2017:0036-01, RHSA-2017:0065-01, RHSA-2017:0086-01, RHSA-2017:0091-01, RHSA-2017:0113-01, RHSA-2017:0196-01, RHSA-2017:0215-01, RHSA-2017:0216-01, RHSA-2017:0217-01, RHSA-2017:0270-01, SUSE-SU-2016:2976-1, SUSE-SU-2017:0333-1, SUSE-SU-2017:0494-1, SUSE-SU-2017:0575-1, SUSE-SU-2017:1102-1, SUSE-SU-2017:1247-1, SUSE-SU-2017:1360-1, SUSE-SU-2017:1990-1, SUSE-SU-2017:2342-1, USN-3126-1, USN-3126-2, VIGILANCE-VUL-20771.

Description of the vulnerability

The recvmmsg() system call is used to receive several messages on a socket:
  recvmmsg(sockfd, msgvec, vlen, flags, timeout);

However, when an error occurs, while there are less received messages than requested in the vlen parameter, the __sys_recvmmsg() function writes in a freed memory area.

An attacker can therefore force the usage of a freed memory area via an application using recvmmsg() on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-4997

Linux kernel: memory corruption via IP6T_SO_SET_REPLACE

Synthesis of the vulnerability

An attacker can generate a memory corruption via IP6T_SO_SET_REPLACE on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Android OS, Linux, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 29/09/2016.
Revision date: 29/09/2016.
Identifiers: CERTFR-2016-AVI-220, CERTFR-2016-AVI-267, CERTFR-2017-AVI-034, CERTFR-2017-AVI-282, CVE-2016-4997, DSA-3607-1, FEDORA-2016-1c409313f4, FEDORA-2016-63ee0999e4, FEDORA-2016-73a733f4d9, openSUSE-SU-2016:1798-1, openSUSE-SU-2016:2144-1, openSUSE-SU-2016:2184-1, openSUSE-SU-2016:2290-1, openSUSE-SU-2017:1140-1, RHSA-2016:1847-01, RHSA-2016:1875-01, RHSA-2016:1883-01, SUSE-SU-2016:1709-1, SUSE-SU-2016:1710-1, SUSE-SU-2016:1937-1, SUSE-SU-2016:1985-1, SUSE-SU-2016:2018-1, SUSE-SU-2016:2105-1, SUSE-SU-2016:2245-1, SUSE-SU-2016:3069-1, SUSE-SU-2017:0333-1, SUSE-SU-2017:1990-1, SUSE-SU-2017:2342-1, USN-3016-1, USN-3016-2, USN-3016-3, USN-3016-4, USN-3017-1, USN-3017-2, USN-3017-3, USN-3018-1, USN-3018-2, USN-3019-1, USN-3020-1, USN-3338-1, USN-3338-2, VIGILANCE-VUL-20735.

Description of the vulnerability

The Linux kernel offers the ip6_tables or ip_tables module.

However, the IP6T_SO_SET_REPLACE or IPT_SO_SET_REPLACE option of setsockopt() does not correctly check offsets, which leads to a memory corruption.

An attacker can therefore generate a memory corruption via IP6T_SO_SET_REPLACE on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-4998

Linux kernel: out-of-bounds memory reading via setsockopt

Synthesis of the vulnerability

An attacker can force a read at an invalid address via setsockopt() on the Linux kernel, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, Fedora, Android OS, Linux, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 27/06/2016.
Revision date: 29/09/2016.
Identifiers: CERTFR-2016-AVI-220, CERTFR-2016-AVI-267, CERTFR-2017-AVI-001, CERTFR-2017-AVI-034, CERTFR-2017-AVI-053, CERTFR-2017-AVI-282, CVE-2016-4998, DSA-3607-1, FEDORA-2016-1c409313f4, FEDORA-2016-63ee0999e4, FEDORA-2016-73a733f4d9, openSUSE-SU-2016:1798-1, openSUSE-SU-2016:2144-1, openSUSE-SU-2016:2184-1, openSUSE-SU-2016:2290-1, openSUSE-SU-2017:1140-1, RHSA-2016:1847-01, RHSA-2016:1875-01, RHSA-2016:1883-01, RHSA-2017:0036-01, SUSE-SU-2016:1709-1, SUSE-SU-2016:1710-1, SUSE-SU-2016:1937-1, SUSE-SU-2016:1985-1, SUSE-SU-2016:2018-1, SUSE-SU-2016:2105-1, SUSE-SU-2016:2245-1, SUSE-SU-2016:2976-1, SUSE-SU-2016:3069-1, SUSE-SU-2016:3304-1, SUSE-SU-2017:0333-1, SUSE-SU-2017:0471-1, SUSE-SU-2017:1990-1, SUSE-SU-2017:2342-1, USN-3016-1, USN-3016-2, USN-3016-3, USN-3016-4, USN-3017-1, USN-3017-2, USN-3017-3, USN-3018-1, USN-3018-2, USN-3019-1, USN-3020-1, VIGILANCE-VUL-19975.

Description of the vulnerability

An attacker can force a read at an invalid address via setsockopt() on the Linux kernel, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Linux kernel: