ALAS-2017-782 ---- kernel perfID: oval:org.secpod.oval:def:1600490 | Date: (C)2017-01-05 (M)2024-04-03 |
Class: PATCH | Family: unix |
A flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory by supplying a specially crafted RSA key. This flaw panics the machine during the verification of the RSA key. The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service by leveraging access to a /dev/sg device. The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the SO_SNDBUFFORCE or SO_RCVBUFFORCE option
Platform: |
Amazon Linux AMI |