Twenty Year Anniversary
Showing 1 - 8 of 8 RSS Feed

CVE-2017-14340

Status Candidate

Overview

The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory.

Related Files

Ubuntu Security Notice USN-3470-2
Posted Nov 1, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3470-2 - USN-3470-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build function in the Linux kernel. A local attacker could use to cause a denial of service or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-8632, CVE-2017-10661, CVE-2017-10662, CVE-2017-10663, CVE-2017-10911, CVE-2017-11176, CVE-2017-14340
MD5 | 7949d63988c2185b2fec1d6ff3ab737d
Ubuntu Security Notice USN-3468-2
Posted Oct 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3468-2 - USN-3468-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. It was discovered that the KVM subsystem in the Linux kernel did not properly bound guest IRQs. A local attacker in a guest VM could use this to cause a denial of service. It was discovered that the Flash-Friendly File System implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-1000252, CVE-2017-10663, CVE-2017-10911, CVE-2017-11176, CVE-2017-14340
MD5 | df06e662e7b98fe4fe2458a985e574df
Ubuntu Security Notice USN-3468-1
Posted Oct 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3468-1 - It was discovered that the KVM subsystem in the Linux kernel did not properly bound guest IRQs. A local attacker in a guest VM could use this to cause a denial of service. It was discovered that the Flash-Friendly File System implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-1000252, CVE-2017-10663, CVE-2017-10911, CVE-2017-11176, CVE-2017-14340
MD5 | 4569db2c85a86bd1be37d268c85b8268
Ubuntu Security Notice USN-3469-1
Posted Oct 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3469-1 - Anthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. Bo Zhang discovered that the netlink wireless configuration interface in the Linux kernel did not properly validate attributes when handling certain requests. A local attacker with the CAP_NET_ADMIN could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-10911, CVE-2017-12153, CVE-2017-12154, CVE-2017-12192, CVE-2017-14051, CVE-2017-14156, CVE-2017-14340, CVE-2017-14489, CVE-2017-14991, CVE-2017-15537, CVE-2017-9984, CVE-2017-9985
MD5 | 7be1da2f9c2f1afabff5768836358115
Ubuntu Security Notice USN-3470-1
Posted Oct 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3470-1 - Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build function in the Linux kernel. A local attacker could use to cause a denial of service or possibly execute arbitrary code with administrative privileges. Dmitry Vyukov discovered that a race condition existed in the timerfd subsystem of the Linux kernel when handling might_cancel queuing. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-8632, CVE-2017-10661, CVE-2017-10662, CVE-2017-10663, CVE-2017-10911, CVE-2017-11176, CVE-2017-14340
MD5 | 57feca81771640a80be09a58a7bd56a8
Ubuntu Security Notice USN-3469-2
Posted Oct 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3469-2 - USN-3469-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Anthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-10911, CVE-2017-12153, CVE-2017-12154, CVE-2017-12192, CVE-2017-14051, CVE-2017-14156, CVE-2017-14340, CVE-2017-14489, CVE-2017-14991, CVE-2017-15537, CVE-2017-9984, CVE-2017-9985
MD5 | ee069ba6ad2d7d27d564a4fb060eba00
Ubuntu Security Notice USN-3468-3
Posted Oct 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3468-3 - It was discovered that the KVM subsystem in the Linux kernel did not properly bound guest IRQs. A local attacker in a guest VM could use this to cause a denial of service. It was discovered that the Flash-Friendly File System implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-1000252, CVE-2017-10663, CVE-2017-10911, CVE-2017-11176, CVE-2017-14340
MD5 | d2a254694b05f4588318c858a2ebd55e
Red Hat Security Advisory 2017-2918-01
Posted Oct 19, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2918-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: Out-of-bounds kernel heap access vulnerability was found in xfrm, kernel's IP framework for transforming packets. An error dealing with netlink messages from an unprivileged user leads to arbitrary read/write and privilege escalation. A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket could use this flaw to elevate their privileges on the system.

tags | advisory, arbitrary, kernel, local
systems | linux, redhat
advisories | CVE-2017-1000111, CVE-2017-1000112, CVE-2017-11176, CVE-2017-14106, CVE-2017-14340, CVE-2017-7184, CVE-2017-7541, CVE-2017-7542, CVE-2017-7558
MD5 | 8518b2d326398c1a3d949f4ea8241046
Page 1 of 1
Back1Next

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    21 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close