Package        : linux
CVE ID         : CVE-2014-9940 CVE-2017-7346 CVE-2017-7482 CVE-2017-7541
                 CVE-2017-7542 CVE-2017-7889 CVE-2017-9605 CVE-2017-10911
                 CVE-2017-11176 CVE-2017-1000363 CVE-2017-1000365 CVE-2017-7533


Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2014-9940

    A use-after-free flaw in the voltage and current regulator driver
    could allow a local user to cause a denial of service or potentially
    escalate privileges.

CVE-2017-7346

    Li Qiang discovered that the DRM driver for VMware virtual GPUs does
    not properly check user-controlled values in the
    vmw_surface_define_ioctl() functions for upper limits. A local user
    can take advantage of this flaw to cause a denial of service.

CVE-2017-7482

    Shi Lei discovered that RxRPC Kerberos 5 ticket handling code does
    not properly verify metadata, leading to information disclosure,
    denial of service or potentially execution of arbitrary code.

CVE-2017-7533

    Fan Wu and Shixiong Zhao discovered a race condition between inotify
    events and VFS rename operations allowing an unprivileged local
    attacker to cause a denial of service or escalate privileges.

CVE-2017-7541

    A buffer overflow flaw in the Broadcom IEEE802.11n PCIe SoftMAC WLAN
    driver could allow a local user to cause kernel memory corruption,
    leading to a denial of service or potentially privilege escalation.

CVE-2017-7542

    An integer overflow vulnerability in the ip6_find_1stfragopt()
    function was found allowing a local attacker with privileges to open
    raw sockets to cause a denial of service.

CVE-2017-7889

    Tommi Rantala and Brad Spengler reported that the mm subsystem does
    not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism,
    allowing a local attacker with access to /dev/mem to obtain
    sensitive information or potentially execute arbitrary code.

CVE-2017-9605

    Murray McAllister discovered that the DRM driver for VMware virtual
    GPUs does not properly initialize memory, potentially allowing a
    local attacker to obtain sensitive information from uninitialized
    kernel memory via a crafted ioctl call.

CVE-2017-10911 / XSA-216

    Anthony Perard of Citrix discovered an information leak flaw in Xen
    blkif response handling, allowing a malicious unprivileged guest to
    obtain sensitive information from the host or other guests.

CVE-2017-11176

    It was discovered that the mq_notify() function does not set the
    sock pointer to NULL upon entry into the retry logic. An attacker
    can take advantage of this flaw during a userspace close of a
    Netlink socket to cause a denial of service or potentially cause
    other impact.

CVE-2017-1000363

    Roee Hay reported that the lp driver does not properly bounds-check
    passed arguments, allowing a local attacker with write access to the
    kernel command line arguments to execute arbitrary code.

CVE-2017-1000365

    It was discovered that argument and environment pointers are not
    taken properly into account to the imposed size restrictions on
    arguments and environmental strings passed through
    RLIMIT_STACK/RLIMIT_INFINITY. A local attacker can take advantage of
    this flaw in conjunction with other flaws to execute arbitrary code.

For the oldstable distribution (jessie), these problems have been fixed
in 3.16.43-2+deb8u3.