The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Linux kernel: memory leak via SCSI IO Vectors

Synthesis of the vulnerability 

An attacker can create a memory leak via SCSI IO Vectors of the Linux kernel, in order to trigger a denial of service.
Impacted software: Debian, BIG-IP Hardware, TMOS, Fedora, Linux, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity of this computer vulnerability: 1/4.
Creation date: 11/10/2017.
Références of this announce: CERTFR-2017-AVI-424, CERTFR-2017-AVI-426, CERTFR-2018-AVI-094, CERTFR-2018-AVI-161, CERTFR-2018-AVI-175, CERTFR-2018-AVI-197, CERTFR-2018-AVI-206, CERTFR-2018-AVI-224, CERTFR-2018-AVI-241, CVE-2017-12190, DLA-1200-1, FEDORA-2017-c110ac0eb1, FEDORA-2017-cafcdbdde5, FEDORA-2018-884a105c04, K93472064, LSN-0035-1, RHSA-2018:0654-01, RHSA-2018:0676-01, RHSA-2018:1062-01, RHSA-2018:1854-01, RHSA-2019:1170-01, RHSA-2019:1190-01, SUSE-SU-2018:0834-1, SUSE-SU-2018:0848-1, SUSE-SU-2018:1080-1, SUSE-SU-2018:1172-1, SUSE-SU-2018:1309-1, USN-3487-1, USN-3582-1, USN-3582-2, USN-3583-1, USN-3583-2, VIGILANCE-VUL-24094.

Description of the vulnerability 

An attacker can create a memory leak via SCSI IO Vectors of the Linux kernel, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security announce impacts software or systems such as Debian, BIG-IP Hardware, TMOS, Fedora, Linux, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.

Our Vigil@nce team determined that the severity of this threat is low.

The trust level is of type confirmed by the editor, with an origin of privileged shell.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this computer vulnerability announce.

Solutions for this threat 

Linux kernel: version 4.13.8.
The version 4.13.8 is fixed:
  https://cdn.kernel.org/pub/linux/kernel/v4.x/

Linux kernel: version 4.9.57.
The version 4.9.57 is fixed:
  https://cdn.kernel.org/pub/linux/kernel/v4.x/

Linux kernel: version 4.4.93.
The version 4.4.93 is fixed:
  https://cdn.kernel.org/pub/linux/kernel/v4.x/

Linux kernel: version 4.1.46.
The version 4.1.46 is fixed:
  https://cdn.kernel.org/pub/linux/kernel/v4.x/

Linux kernel: version 3.18.76.
The version 3.18.76 is fixed:
  https://cdn.kernel.org/pub/linux/kernel/v3.x/

Linux kernel: version 3.16.50.
The version 3.16.50 is fixed:
  https://cdn.kernel.org/pub/linux/kernel/v3.x/

Linux kernel: version 3.2.95.
The version 3.2.95 is fixed:
  https://cdn.kernel.org/pub/linux/kernel/v3.x/

Linux kernel: patch for SCSI IO Vectors.
A patch is indicated in information sources.

Debian 7: new linux packages.
New packages are available:
  Debian 7: linux 3.2.96-2

F5 BIG-IP: solution for Linux CVE-2017-12190.
The solution is indicated in information sources.

Fedora 26: new kernel packages (14/05/2018).
New packages are available:
  Fedora 26: kernel 4.16.7-100.fc26

Fedora: new kernel packages.
New packages are available:
  Fedora 25: kernel 4.13.8-100.fc25
  Fedora 26: kernel 4.13.8-200.fc26

RHEL 6.2: new kernel-rt packages.
New packages are available:
  RHEL 6: kernel-rt 3.10.0-693.47.2.rt56.641.el6rt

RHEL 6: new kernel packages.
New packages are available:
  RHEL 6: kernel 2.6.32-754.el6

RHEL 7.4: new kernel packages.
New packages are available:
  RHEL 7: kernel 3.10.0-693.47.2.el7

RHEL 7: new kernel-alt packages.
New packages are available:
  RHEL 7: kernel-alt 4.14.0-49.el7a

RHEL 7: new kernel packages.
New packages are available:
  RHEL 7: kernel 3.10.0-862.el7

RHEL 7: new kernel-rt packages.
New packages are available:
  RHEL 7: kernel-rt 3.10.0-862.rt56.804.el7

SUSE LE 11 SP3: new kernel packages (09/05/2018).
New packages are available:
  SUSE LE 11 SP3: kernel 3.0.101-0.47.106.22.1

SUSE LE 11 SP4: new kernel packages (26/04/2018).
New packages are available:
  SUSE LE 11 SP4: kernel 3.0.101-108.38.1

SUSE LE 11 SP4: new kernel-rt packages.
New packages are available:
  SUSE LE 11 SP4: kernel-rt 3.0.101.rt130-69.24.1

SUSE LE 12 RTM: new kernel packages.
New packages are available:
  SUSE LE 12 RTM: kernel 3.12.61-52.125.1

SUSE LE 12 SP1: new kernel packages (30/03/2018).
New packages are available:
  SUSE LE 12 SP1: kernel 3.12.74-60.64.85.1

Ubuntu 17.10: new linux-image-4.13.0 packages.
New packages are available:
  Ubuntu 17.10: linux-image-4.13.0-17-generic 4.13.0-17.20

Ubuntu: new linux-image-3.13 packages.
New packages are available:
  Ubuntu 14.04 LTS: linux-image-3.13.0-142-generic-lpae 3.13.0-142.191
  Ubuntu 12.04 ESM: linux-image-3.13.0-142-generic-lpae 3.13.0-142.191~precise1

Ubuntu: new linux-image-4.4 packages (22/02/2018).
New packages are available:
  Ubuntu 16.04 LTS: linux-image-4.4.0-116-generic-lpae 4.4.0-116.140
  Ubuntu 14.04 LTS: linux-image-4.4.0-116-generic-lpae 4.4.0-116.140~14.04.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computers vulnerabilities database. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.