[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ALAS-2018-1023 ---- kernel perf

ID: oval:org.secpod.oval:def:1600892Date: (C)2018-05-31   (M)2024-03-25
Class: PATCHFamily: unix




A weakness was found in the Linux kernel#039;s implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated. A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged system user could use this flaw to crash the system kernel resulting in the denial of service. A flaw was found in the Linux kernel#039;s implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory. The Linux kernel is vulerable to a use-after-free flaw when Transformation User configuration interface compile-time configuration were enabled. This vulnerability occurs while closing a xfrm netlink socket in xfrm_dump_policy_done. A user/process could abuse this flaw to potentially escalate their privileges on a system. A flaw was found in the Linux kernel where a crash can be triggered from unprivileged userspace during core dump on a POWER system with a certain configuration. This is due to a missing processor feature check and an erroneous use of transactional memory instructions in the core dump path leading to a denial of service.An address corruption flaw was discovered in the Linux kernel built with hardware breakpoint support. While modifying a h/w breakpoint via #039;modify_user_hw_breakpoint#039; routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system.A flaw was found in the way the Linux kernel#039;s KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest.

Platform:
Amazon Linux AMI
Product:
kernel
perf
Reference:
ALAS-2018-1023
CVE-2018-8897
CVE-2018-7995
CVE-2018-1108
CVE-2018-1091
CVE-2018-10901
CVE-2018-1087
CVE-2018-1068
CVE-2018-10675
CVE-2018-1000199
CVE-2017-16939
CVE-2017-13215
CVE    11
CVE-2017-13215
CVE-2017-16939
CVE-2018-1087
CVE-2018-1068
...
CPE    2125
cpe:/o:linux:linux_kernel:2.4.27:pre5
cpe:/o:linux:linux_kernel:2.4.27:pre4
cpe:/o:linux:linux_kernel:2.4.27:pre1
cpe:/o:linux:linux_kernel:2.4.27:pre3
...

© SecPod Technologies