[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ALAS-2017-937 ---- kernel perf

ID: oval:org.secpod.oval:def:1600821Date: (C)2017-12-26   (M)2024-02-19
Class: PATCHFamily: unix




A flaw was found in the patches used to fix the #039;dirtycow#039; vulnerability . An attacker, able to run local code, can exploit a race condition in transparent huge pages to modify usually read-only huge pages. Linux kernel Virtualization Module for the Intel processor family is vulnerable to a DoS issue. It could occur if a guest was to flood the I/O port 0x80 with write requests. A guest user could use this flaw to crash the host kernel resulting in DoS. A BUG in drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service or possibly have unspecified other impact via a crafted USB device. A BUG in drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service or possibly have unspecified other impact via a crafted USB device. The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service or possibly have unspecified other impact via a crafted USB device. The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service or possibly have unspecified other impact via a crafted USB device. The walk_hugetlb_range function in #039;mm/pagewalk.c#039; file in the Linux kernel from v4.0-rc1 through v4.15-rc1 mishandles holes in hugetlb ranges. This allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore system call. The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service or possibly have unspecified other impact via a crafted USB device. The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service or possibly have unspecified other impact via a crafted USB device. A vulnerability was found in the Linux kernel when peeling off an association to the socket in another network namespace. All transports in this association are not to be rehashed and keep using the old key in hashtable, thus removing transports from hashtable when closing the socket, all transports are being freed. Later on a use-after-free issue could be caused when looking up an association and dereferencing the transports

Platform:
Amazon Linux AMI
Product:
kernel
perf
Reference:
ALAS-2017-937
CVE-2017-16994
CVE-2017-16650
CVE-2017-16649
CVE-2017-16647
CVE-2017-16646
CVE-2017-16645
CVE-2017-16643
CVE-2017-15115
CVE-2017-1000407
CVE-2017-1000405
CVE-2017-0861
CVE    11
CVE-2017-1000407
CVE-2017-16646
CVE-2017-16994
CVE-2017-1000405
...
CPE    2125
cpe:/o:linux:linux_kernel:2.4.27:pre5
cpe:/o:linux:linux_kernel:2.4.27:pre4
cpe:/o:linux:linux_kernel:2.4.27:pre1
cpe:/o:linux:linux_kernel:2.4.27:pre3
...

© SecPod Technologies