[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ALAS-2017-901 ---- kernel perf

ID: oval:org.secpod.oval:def:1600783Date: (C)2017-10-09   (M)2024-01-29
Class: PATCHFamily: unix




A buffer overflow was discovered in tpacket_rcv function in the Linux kernel since v4.6-rc1 through v4.13. A number of socket-related syscalls can be made to set up a configuration when each packet received by a network interface can cause writing up to 10 bytes to a kernel memory outside of a kernel buffer. This can cause unspecified kernel data corruption effects, including damage of in-memory and on-disk XFS data. A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill and sctp_get_sctp_info functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace

Platform:
Amazon Linux AMI
Product:
kernel
perf
Reference:
ALAS-2017-901
CVE-2017-14497
CVE-2017-7558
CVE    2
CVE-2017-14497
CVE-2017-7558
CPE    4
cpe:/o:amazon:linux
cpe:/o:linux:linux_kernel
cpe:/a:perf:perf
cpe:/o:linux:linux_kernel:4.12.14
...

© SecPod Technologies