diff options
author | Ben Hutchings <benh@debian.org> | 2017-09-20 20:18:40 +0000 |
---|---|---|
committer | Ben Hutchings <benh@debian.org> | 2017-09-20 20:18:40 +0000 |
commit | ffca6bf385ee9e89d823ef3e397aefe5f78dd180 (patch) | |
tree | 354b0a3d5713f658de9cd77af592999b158cf700 /dsa-texts/4.9.30-2+deb9u5 | |
parent | f9358797f36bafac2b58a98c7edfc41d6ac12b3d (diff) |
Corrections and additions to descriptions for 3.16.43-2+deb8u5/4.9.30-2+deb9u5
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5584 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'dsa-texts/4.9.30-2+deb9u5')
-rw-r--r-- | dsa-texts/4.9.30-2+deb9u5 | 63 |
1 files changed, 34 insertions, 29 deletions
diff --git a/dsa-texts/4.9.30-2+deb9u5 b/dsa-texts/4.9.30-2+deb9u5 index 8e93b2a86..2bbd69200 100644 --- a/dsa-texts/4.9.30-2+deb9u5 +++ b/dsa-texts/4.9.30-2+deb9u5 @@ -35,9 +35,8 @@ CVE-2017-11600 Bo Zhang reported that the xfrm subsystem does not properly validate one of the parameters to a netlink message. Local users - with the CAP_NET_ADMIN capability (in any user namespace) can use - this to cause a denial of service or potentially to execute - arbitrary code. + with the CAP_NET_ADMIN capability can use this to cause a denial + of service or potentially to execute arbitrary code. CVE-2017-12134 / #866511 / XSA-229 @@ -53,9 +52,10 @@ CVE-2017-12134 / #866511 / XSA-229 CVE-2017-12146 (stretch only) - A race condition flaw was found in the driver_override - implementation within the platform 'pseudo' bus for legacy devices, - allowing a local user to gain privileges. + Adrian Salido of Google reported a race condition in access to the + "driver_override" attribute for platform devices in sysfs. If + unprivileged users are permitted to access this attribute, this + might allow them to gain privileges. CVE-2017-12153 @@ -79,9 +79,11 @@ CVE-2017-14106 CVE-2017-14140 - Otto Ebeling discovered that the move_pages() syscall performed - insufficient validation of the effective UID of the target process - which result in a partial ASLR bypass. + Otto Ebeling reported that the move_pages() system call performed + insufficient validation of the UIDs of the calling and target + processes, resulting in a partial ASLR bypass. This made it easier + for local users to exploit vulnerabilities in programs installed + with the set-UID permission bit set. CVE-2017-14156 @@ -107,28 +109,26 @@ CVE-2017-14489 CVE-2017-14497 (stretch only) - Benjamin Poirier reported that vnet headers are not properly handled - within the tpacket_rcv() function in the raw packet (af_packet) - feature. A local user can take advantage of this flaw to cause a - denial of service (buffer overflow, and disk and memory corruption) - or have other impact. + Benjamin Poirier of SUSE reported that vnet headers are not + properly handled within the tpacket_rcv() function in the raw + packet (af_packet) feature. A local user with the CAP_NET_RAW + capability can take advantage of this flaw to cause a denial of + service (buffer overflow, and disk and memory corruption) or have + other impact. CVE-2017-1000111 - Andrey Konovalov of Google reported that a race condition in the - raw packet (af_packet) feature. Local users with the CAP_NET_RAW - capability (in any user namespace) can use this for denial of - service or possibly to execute arbitrary code. + Andrey Konovalov of Google reported a race condition in the raw + packet (af_packet) feature. Local users with the CAP_NET_RAW + capability can use this for denial of service or possibly to + execute arbitrary code. CVE-2017-1000112 - Andrey Konovalov of Google reported a race condition flaw in the UDP - Fragmentation Offload (UFO) code. A local user with the - CAP_NET_ADMIN capability can use this flaw for denial of service or - possibly to execute arbitrary code. Debian disables unprivileged - user namespaces by default, if locally enabled with the - kernel.unprivileged_userns_clone sysctl, this allows privilege - escalation. + Andrey Konovalov of Google reported a race condition flaw in the + UDP Fragmentation Offload (UFO) code. A local user with the + CAP_NET_ADMIN capability can use this flaw for denial of service + or possibly to execute arbitrary code. CVE-2017-1000251 / #875881 @@ -141,10 +141,10 @@ CVE-2017-1000251 / #875881 CVE-2017-1000252 (stretch only) - Jan H. Schoenherr of Amazon reported that there exists a reachable - assertion failure in the KVM implementation with enabled Virtual - Function I/O feature (ONFIG_VFIO), allowing a malicious guest - process to crash the KVM hypervisor and causing a denial of service. + Jan H. Schönherr of Amazon reported that the KVM implementation + for Intel x86 processors did not correctly validate interrupt + injection requests. A local user with permission to use KVM + could use this for denial of service. CVE-2017-1000370 @@ -164,6 +164,11 @@ CVE-2017-1000380 with permission to access sound devices could use this to obtain sensitive information. +Debian disables unprivileged user namespaces by default, but if they +are enabled (via the kernel.unprivileged_userns_clone sysctl) then +CVE-2017-11600, CVE-2017-14497, CVE-2017-1000111, and CVE-2017-1000112 +can be exploited by any local user. + jessie: 3.16.43-2+deb8u5 stretch: 4.9.30-2+deb9u5 |