what you don't know can hurt you
Showing 1 - 5 of 5 RSS Feed

CVE-2017-12134

Status Candidate

Overview

The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation.

Related Files

Ubuntu Security Notice USN-3655-2
Posted May 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3655-2 - USN-3655-1 fixed vulnerabilities and added mitigations in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-12134, CVE-2017-13220, CVE-2017-13305, CVE-2017-17449, CVE-2017-18079, CVE-2017-18203, CVE-2017-18204, CVE-2017-18208, CVE-2017-18221, CVE-2018-3639, CVE-2018-8822
MD5 | 2b2541f15f41c2092f625c5522937bef
Ubuntu Security Notice USN-3655-1
Posted May 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3655-1 - Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. Jan H. Schonherr discovered that the Xen subsystem did not properly handle block IO merges correctly in some situations. An attacker in a guest vm could use this to cause a denial of service or possibly gain administrative privileges in the host. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-12134, CVE-2017-13220, CVE-2017-13305, CVE-2017-17449, CVE-2017-18079, CVE-2017-18203, CVE-2017-18204, CVE-2017-18208, CVE-2017-18221, CVE-2018-3639, CVE-2018-8822
MD5 | 4e964cd9e83c2ee37d786d7f1d3125cb
Gentoo Linux Security Advisory 201801-14
Posted Jan 15, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201801-14 - Multiple vulnerabilities have been found in Xen, the worst of which could allow for privilege escalation. Versions less than 4.9.1-r1 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2017-12134, CVE-2017-12135, CVE-2017-12136, CVE-2017-12137, CVE-2017-15588, CVE-2017-15589, CVE-2017-15590, CVE-2017-15591, CVE-2017-15592, CVE-2017-15593, CVE-2017-15594, CVE-2017-15595, CVE-2017-17044, CVE-2017-17045, CVE-2017-17046, CVE-2017-17563, CVE-2017-17564, CVE-2017-17565, CVE-2017-17566
MD5 | df9624c2bbb2d39d855b5227de978223
Ubuntu Security Notice USN-3444-2
Posted Oct 11, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3444-2 - USN-3444-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jan H. Schonherr discovered that the Xen subsystem did not properly handle block IO merges correctly in some situations. An attacker in a guest vm could use this to cause a denial of service or possibly gain administrative privileges in the host. Various other issues were also addressed.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-12134, CVE-2017-14106, CVE-2017-14140
MD5 | 35877454252148901b89f4dd6950a1f2
Ubuntu Security Notice USN-3444-1
Posted Oct 11, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3444-1 - Jan H. Schonherr discovered that the Xen subsystem did not properly handle block IO merges correctly in some situations. An attacker in a guest vm could use this to cause a denial of service or possibly gain administrative privileges in the host. Andrey Konovalov discovered that a divide-by-zero error existed in the TCP stack implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, tcp
systems | linux, ubuntu
advisories | CVE-2017-12134, CVE-2017-14106, CVE-2017-14140
MD5 | 69e05e53e6c024f8c444c2dfccbfb315
Page 1 of 1
Back1Next

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    16 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    7 Files
  • 18
    Jul 18th
    5 Files
  • 19
    Jul 19th
    12 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close