var-201801-1708
Vulnerability from variot
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. Linux Kernel Contains a vulnerability in the use of freed memory.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Linux Kernel is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Linux kernel versions prior to 4.11, and 4.9.x prior to 4.9.36 are vulnerable. Summary:
An update for kernel is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
Security Fix(es):
-
hw: cpu: speculative execution permission faults handling (CVE-2017-5754)
-
Kernel: error in exception handling leads to DoS (CVE-2018-8897)
-
kernel: nfsd: Incorrect handling of long RPC replies (CVE-2017-7645)
-
kernel: Use-after-free vulnerability in DCCP socket (CVE-2017-8824)
-
kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation (CVE-2017-13166)
-
kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c (CVE-2017-18017)
-
kernel: Stack information leak in the EFS element (CVE-2017-1000410)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Google Project Zero for reporting CVE-2017-5754; Nick Peterson (Everdox Tech LLC) and Andy Lutomirski for reporting CVE-2018-8897; Mohamed Ghannam for reporting CVE-2017-8824; and Armis Labs for reporting CVE-2017-1000410.
Bug Fix(es):
These updated kernel packages include also numerous bug fixes. Space precludes documenting all of these bug fixes in this advisory. See the bug fix descriptions in the related Knowledge Article: https://access.redhat.com/articles/3431591
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1443615 - CVE-2017-7645 kernel: nfsd: Incorrect handling of long RPC replies 1519160 - CVE-2017-1000410 kernel: Stack information leak in the EFS element 1519591 - CVE-2017-8824 kernel: Use-after-free vulnerability in DCCP socket 1519781 - CVE-2017-5754 hw: cpu: speculative execution permission faults handling 1531135 - CVE-2017-18017 kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c 1548412 - CVE-2017-13166 kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation 1567074 - CVE-2018-8897 Kernel: error in exception handling leads to DoS
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: kernel-2.6.32-696.28.1.el6.src.rpm
i386: kernel-2.6.32-696.28.1.el6.i686.rpm kernel-debug-2.6.32-696.28.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debug-devel-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.28.1.el6.i686.rpm kernel-devel-2.6.32-696.28.1.el6.i686.rpm kernel-headers-2.6.32-696.28.1.el6.i686.rpm perf-2.6.32-696.28.1.el6.i686.rpm perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm
noarch: kernel-abi-whitelists-2.6.32-696.28.1.el6.noarch.rpm kernel-doc-2.6.32-696.28.1.el6.noarch.rpm kernel-firmware-2.6.32-696.28.1.el6.noarch.rpm
x86_64: kernel-2.6.32-696.28.1.el6.x86_64.rpm kernel-debug-2.6.32-696.28.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-696.28.1.el6.i686.rpm kernel-debug-devel-2.6.32-696.28.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-696.28.1.el6.x86_64.rpm kernel-devel-2.6.32-696.28.1.el6.x86_64.rpm kernel-headers-2.6.32-696.28.1.el6.x86_64.rpm perf-2.6.32-696.28.1.el6.x86_64.rpm perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: kernel-debug-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.28.1.el6.i686.rpm perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm python-perf-2.6.32-696.28.1.el6.i686.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm
x86_64: kernel-debug-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-696.28.1.el6.x86_64.rpm perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm python-perf-2.6.32-696.28.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: kernel-2.6.32-696.28.1.el6.src.rpm
noarch: kernel-abi-whitelists-2.6.32-696.28.1.el6.noarch.rpm kernel-doc-2.6.32-696.28.1.el6.noarch.rpm kernel-firmware-2.6.32-696.28.1.el6.noarch.rpm
x86_64: kernel-2.6.32-696.28.1.el6.x86_64.rpm kernel-debug-2.6.32-696.28.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-696.28.1.el6.i686.rpm kernel-debug-devel-2.6.32-696.28.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-696.28.1.el6.x86_64.rpm kernel-devel-2.6.32-696.28.1.el6.x86_64.rpm kernel-headers-2.6.32-696.28.1.el6.x86_64.rpm perf-2.6.32-696.28.1.el6.x86_64.rpm perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: kernel-debug-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-696.28.1.el6.x86_64.rpm perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm python-perf-2.6.32-696.28.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: kernel-2.6.32-696.28.1.el6.src.rpm
i386: kernel-2.6.32-696.28.1.el6.i686.rpm kernel-debug-2.6.32-696.28.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debug-devel-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.28.1.el6.i686.rpm kernel-devel-2.6.32-696.28.1.el6.i686.rpm kernel-headers-2.6.32-696.28.1.el6.i686.rpm perf-2.6.32-696.28.1.el6.i686.rpm perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm
noarch: kernel-abi-whitelists-2.6.32-696.28.1.el6.noarch.rpm kernel-doc-2.6.32-696.28.1.el6.noarch.rpm kernel-firmware-2.6.32-696.28.1.el6.noarch.rpm
ppc64: kernel-2.6.32-696.28.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-696.28.1.el6.ppc64.rpm kernel-debug-2.6.32-696.28.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-696.28.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-696.28.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-696.28.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-696.28.1.el6.ppc64.rpm kernel-devel-2.6.32-696.28.1.el6.ppc64.rpm kernel-headers-2.6.32-696.28.1.el6.ppc64.rpm perf-2.6.32-696.28.1.el6.ppc64.rpm perf-debuginfo-2.6.32-696.28.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.ppc64.rpm
s390x: kernel-2.6.32-696.28.1.el6.s390x.rpm kernel-debug-2.6.32-696.28.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-696.28.1.el6.s390x.rpm kernel-debug-devel-2.6.32-696.28.1.el6.s390x.rpm kernel-debuginfo-2.6.32-696.28.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-696.28.1.el6.s390x.rpm kernel-devel-2.6.32-696.28.1.el6.s390x.rpm kernel-headers-2.6.32-696.28.1.el6.s390x.rpm kernel-kdump-2.6.32-696.28.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-696.28.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-696.28.1.el6.s390x.rpm perf-2.6.32-696.28.1.el6.s390x.rpm perf-debuginfo-2.6.32-696.28.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.s390x.rpm
x86_64: kernel-2.6.32-696.28.1.el6.x86_64.rpm kernel-debug-2.6.32-696.28.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-696.28.1.el6.i686.rpm kernel-debug-devel-2.6.32-696.28.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-696.28.1.el6.x86_64.rpm kernel-devel-2.6.32-696.28.1.el6.x86_64.rpm kernel-headers-2.6.32-696.28.1.el6.x86_64.rpm perf-2.6.32-696.28.1.el6.x86_64.rpm perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: kernel-debug-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.28.1.el6.i686.rpm perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm python-perf-2.6.32-696.28.1.el6.i686.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm
ppc64: kernel-debug-debuginfo-2.6.32-696.28.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-696.28.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-696.28.1.el6.ppc64.rpm perf-debuginfo-2.6.32-696.28.1.el6.ppc64.rpm python-perf-2.6.32-696.28.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.ppc64.rpm
s390x: kernel-debug-debuginfo-2.6.32-696.28.1.el6.s390x.rpm kernel-debuginfo-2.6.32-696.28.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-696.28.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-696.28.1.el6.s390x.rpm perf-debuginfo-2.6.32-696.28.1.el6.s390x.rpm python-perf-2.6.32-696.28.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.s390x.rpm
x86_64: kernel-debug-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-696.28.1.el6.x86_64.rpm perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm python-perf-2.6.32-696.28.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: kernel-2.6.32-696.28.1.el6.src.rpm
i386: kernel-2.6.32-696.28.1.el6.i686.rpm kernel-debug-2.6.32-696.28.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debug-devel-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.28.1.el6.i686.rpm kernel-devel-2.6.32-696.28.1.el6.i686.rpm kernel-headers-2.6.32-696.28.1.el6.i686.rpm perf-2.6.32-696.28.1.el6.i686.rpm perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm
noarch: kernel-abi-whitelists-2.6.32-696.28.1.el6.noarch.rpm kernel-doc-2.6.32-696.28.1.el6.noarch.rpm kernel-firmware-2.6.32-696.28.1.el6.noarch.rpm
x86_64: kernel-2.6.32-696.28.1.el6.x86_64.rpm kernel-debug-2.6.32-696.28.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-696.28.1.el6.i686.rpm kernel-debug-devel-2.6.32-696.28.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-696.28.1.el6.x86_64.rpm kernel-devel-2.6.32-696.28.1.el6.x86_64.rpm kernel-headers-2.6.32-696.28.1.el6.x86_64.rpm perf-2.6.32-696.28.1.el6.x86_64.rpm perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: kernel-debug-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.28.1.el6.i686.rpm perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm python-perf-2.6.32-696.28.1.el6.i686.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm
x86_64: kernel-debug-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-696.28.1.el6.x86_64.rpm perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm python-perf-2.6.32-696.28.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-7645 https://access.redhat.com/security/cve/CVE-2017-8824 https://access.redhat.com/security/cve/CVE-2017-13166 https://access.redhat.com/security/cve/CVE-2017-18017 https://access.redhat.com/security/cve/CVE-2017-1000410 https://access.redhat.com/security/cve/CVE-2018-8897 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/3431591
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFa8fO8XlSAg2UNWIIRAnN0AKCBdjdw1bC12xju0GwoOedA1L8osACaA1Ze 4IKrbiFeHd+C9bqCjUFX4pw= =3psi -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
Security Fix(es):
- An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639)
Note: This issue is present in hardware and cannot be fully fixed via software update. To be fully functional, up-to-date CPU microcode applied on the system might be required. Please refer to References section for further information about this issue, CPU microcode requirements and the potential performance impact.
In this update, mitigation for PowerPC architecture is provided. Bugs fixed (https://bugzilla.redhat.com/):
1531135 - CVE-2017-18017 kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c 1566890 - CVE-2018-3639 hw: cpu: speculative store bypass
-
(BZ#1549731)
-
Intel Core X-Series (Skylake) processors use a hardcoded Time Stamp Counter (TSC) frequency of 25 MHz. In some cases this can be imprecise and lead to timing-related problems such as time drift, timers being triggered early, or TSC clock instability. This update mitigates these problems by no longer using the "native_calibrate_tsc()" function to define the TSC frequency. Refined calibration is now used to update the clock rate accordingly in these cases. (BZ#1547854)
-
7) - noarch, x86_64
-
Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-4187-1 security@debian.org https://www.debian.org/security/ Ben Hutchings May 01, 2018 https://www.debian.org/security/faq
Package : linux CVE ID : CVE-2015-9016 CVE-2017-0861 CVE-2017-5715 CVE-2017-5753 CVE-2017-13166 CVE-2017-13220 CVE-2017-16526 CVE-2017-16911 CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-18017 CVE-2017-18203 CVE-2017-18216 CVE-2017-18232 CVE-2017-18241 CVE-2018-1066 CVE-2018-1068 CVE-2018-1092 CVE-2018-5332 CVE-2018-5333 CVE-2018-5750 CVE-2018-5803 CVE-2018-6927 CVE-2018-7492 CVE-2018-7566 CVE-2018-7740 CVE-2018-7757 CVE-2018-7995 CVE-2018-8781 CVE-2018-8822 CVE-2018-1000004 CVE-2018-1000199
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
CVE-2015-9016
Ming Lei reported a race condition in the multiqueue block layer
(blk-mq). On a system with a driver using blk-mq (mtip32xx,
null_blk, or virtio_blk), a local user might be able to use this
for denial of service or possibly for privilege escalation.
CVE-2017-0861
Robb Glasser reported a potential use-after-free in the ALSA (sound)
PCM core. We believe this was not possible in practice.
CVE-2017-5715
Multiple researchers have discovered a vulnerability in various
processors supporting speculative execution, enabling an attacker
controlling an unprivileged process to read memory from arbitrary
addresses, including from the kernel and all other processes
running on the system.
This specific attack has been named Spectre variant 2 (branch
target injection) and is mitigated for the x86 architecture (amd64
and i386) by using the "retpoline" compiler feature which allows
indirect branches to be isolated from speculative execution.
CVE-2017-5753
Multiple researchers have discovered a vulnerability in various
processors supporting speculative execution, enabling an attacker
controlling an unprivileged process to read memory from arbitrary
addresses, including from the kernel and all other processes
running on the system.
This specific attack has been named Spectre variant 1
(bounds-check bypass) and is mitigated by identifying vulnerable
code sections (array bounds checking followed by array access) and
replacing the array access with the speculation-safe
array_index_nospec() function.
More use sites will be added over time.
CVE-2017-13166
A bug in the 32-bit compatibility layer of the v4l2 ioctl handling
code has been found. Memory protections ensuring user-provided
buffers always point to userland memory were disabled, allowing
destination addresses to be in kernel space. On a 64-bit kernel a
local user with access to a suitable video device can exploit this
to overwrite kernel memory, leading to privilege escalation.
CVE-2017-13220
Al Viro reported that the Bluetooth HIDP implementation could
dereference a pointer before performing the necessary type check.
A local user could use this to cause a denial of service.
CVE-2017-16526
Andrey Konovalov reported that the UWB subsystem may dereference
an invalid pointer in an error case. A local user might be able
to use this for denial of service.
CVE-2017-16911
Secunia Research reported that the USB/IP vhci_hcd driver exposed
kernel heap addresses to local users. This information could aid the
exploitation of other vulnerabilities.
CVE-2017-16912
Secunia Research reported that the USB/IP stub driver failed to
perform a range check on a received packet header field, leading
to an out-of-bounds read. A remote user able to connect to the
USB/IP server could use this for denial of service.
CVE-2017-16913
Secunia Research reported that the USB/IP stub driver failed to
perform a range check on a received packet header field, leading
to excessive memory allocation. A remote user able to connect to
the USB/IP server could use this for denial of service.
CVE-2017-16914
Secunia Research reported that the USB/IP stub driver failed to
check for an invalid combination of fields in a received packet,
leading to a null pointer dereference. A remote user able to
connect to the USB/IP server could use this for denial of service.
CVE-2017-18017
Denys Fedoryshchenko reported that the netfilter xt_TCPMSS module
failed to validate TCP header lengths, potentially leading to a
use-after-free. If this module is loaded, it could be used by a
remote attacker for denial of service or possibly for code
execution.
CVE-2017-18203
Hou Tao reported that there was a race condition in creation and
deletion of device-mapper (DM) devices. A local user could
potentially use this for denial of service.
CVE-2017-18216
Alex Chen reported that the OCFS2 filesystem failed to hold a
necessary lock during nodemanager sysfs file operations,
potentially leading to a null pointer dereference. A local user
could use this for denial of service.
CVE-2017-18232
Jason Yan reported a race condition in the SAS (Serial-Attached
SCSI) subsystem, between probing and destroying a port. This
could lead to a deadlock.
CVE-2017-18241
Yunlei He reported that the f2fs implementation does not properly
initialise its state if the "noflush_merge" mount option is used.
A local user with access to a filesystem mounted with this option
could use this to cause a denial of service.
CVE-2018-1066
Dan Aloni reported to Red Hat that the CIFS client implementation
would dereference a null pointer if the server sent an invalid
response during NTLMSSP setup negotiation. This could be used
by a malicious server for denial of service.
CVE-2018-1068
The syzkaller tool found that the 32-bit compatibility layer of
ebtables did not sufficiently validate offset values. On a 64-bit
kernel, a local user with the CAP_NET_ADMIN capability (in any user
namespace) could use this to overwrite kernel memory, possibly
leading to privilege escalation. Debian disables unprivileged user
namespaces by default.
CVE-2018-1092
Wen Xu reported that a crafted ext4 filesystem image would
trigger a null dereference when mounted. A local user able
to mount arbitrary filesystems could use this for denial of
service.
CVE-2018-5332
Mohamed Ghannam reported that the RDS protocol did not
sufficiently validate RDMA requests, leading to an out-of-bounds
write. A local attacker on a system with the rds module loaded
could use this for denial of service or possibly for privilege
escalation.
CVE-2018-5333
Mohamed Ghannam reported that the RDS protocol did not properly
handle an error case, leading to a null pointer dereference. A
local attacker on a system with the rds module loaded could
possibly use this for denial of service.
CVE-2018-5750
Wang Qize reported that the ACPI sbshc driver logged a kernel heap
address. This information could aid the exploitation of other
vulnerabilities.
CVE-2018-5803
Alexey Kodanev reported that the SCTP protocol did not range-check
the length of chunks to be created. A local or remote user could
use this to cause a denial of service.
CVE-2018-6927
Li Jinyue reported that the FUTEX_REQUEUE operation on futexes did
not check for negative parameter values, which might lead to a
denial of service or other security impact.
CVE-2018-7492
The syzkaller tool found that the RDS protocol was lacking a null
pointer check. A local attacker on a system with the rds module
loaded could use this for denial of service.
CVE-2018-7566
Fan LongFei reported a race condition in the ALSA (sound)
sequencer core, between write and ioctl operations. This could
lead to an out-of-bounds access or use-after-free. A local user
with access to a sequencer device could use this for denial of
service or possibly for privilege escalation.
CVE-2018-7740
Nic Losby reported that the hugetlbfs filesystem's mmap operation
did not properly range-check the file offset. A local user with
access to files on a hugetlbfs filesystem could use this to cause
a denial of service.
CVE-2018-7757
Jason Yan reported a memory leak in the SAS (Serial-Attached
SCSI) subsystem. A local user on a system with SAS devices
could use this to cause a denial of service.
CVE-2018-7995
Seunghun Han reported a race condition in the x86 MCE
(Machine Check Exception) driver. This is unlikely to have
any security impact.
CVE-2018-8781
Eyal Itkin reported that the udl (DisplayLink) driver's mmap
operation did not properly range-check the file offset. A local
user with access to a udl framebuffer device could exploit this to
overwrite kernel memory, leading to privilege escalation.
CVE-2018-8822
Dr Silvio Cesare of InfoSect reported that the ncpfs client
implementation did not validate reply lengths from the server. An
ncpfs server could use this to cause a denial of service or
remote code execution in the client.
CVE-2018-1000004
Luo Quan reported a race condition in the ALSA (sound) sequencer
core, between multiple ioctl operations. This could lead to a
deadlock or use-after-free. A local user with access to a
sequencer device could use this for denial of service or possibly
for privilege escalation.
CVE-2018-1000199
Andy Lutomirski discovered that the ptrace subsystem did not
sufficiently validate hardware breakpoint settings. Local users
can use this to cause a denial of service, or possibly for
privilege escalation, on x86 (amd64 and i386) and possibly other
architectures.
For the oldstable distribution (jessie), these problems have been fixed in version 3.16.56-1.
We recommend that you upgrade your linux packages.
For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlron61fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Rtqw//Xf/L4bP65wU9M59Ef6xBt+Eph+yxeMsioGhu80ODdMemlmHzASMtfZjY AXxyt9l8lbHn8MmwDA4aLhhwHYXwvKATdpHSy1SILrRfb4s9P9uV1vsHaIeZ649E hDyNon9hP2tPso6BwqiYHZZy9Xxtd+T8vTBeBZwUKOLBkBRvV/gyNSUdJWp6L8WH aF4D1hHl9ZotDkyIvkubbx77aqbJ88I4R0n69x7L9udFbuXa+U7hV6dJdnpzyl/7 OukJfEtnkaUgWu0MdOfFss6iH5OQISn/y/ricRi29oKQiEp3YwnT5J9pFwSQeJJS H8ABVt251UoS0J+of3QWw0muOT/6UAF8SNpPKMJXC7Euq8pTmYVPSIeUYf4eqn65 UHZSCKXaszItq+uzVNYdkj504BJ4cG1lFxZtlrFWwKE8p7QOETN0GKvTRdu/SvDd Hl2nb4HouLpBYS518Th2/MGgzhXXAuO12MH3smenptZbqxKn9Z0XSTJYzFupgJk/ kKF2xkDFBE4toTLVE+6XdUKwYk4vkeDZyOGOwRYThSkKAzrUh5zThgal4HnknD2A 5ye4XLhjgSIT47/nmor6lhxd7WGXGkV33GF0azYlHr/sclfzxcU2Ev3NUBWQ8M3s CxfIO0FNCzO0WIUf40md7MlIAnDBIRGyYgNIIe7AnSRKKPykEx8= =wNQS -----END PGP SIGNATURE----- . SchAPnherr (Amazon) for reporting CVE-2017-1000252; and Armis Labs for reporting CVE-2017-1000410
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201801-1708", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "linux enterprise debuginfo", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "11" }, { "model": "linux enterprise module for public cloud", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "12" }, { "model": "kernel", "scope": "gte", "trust": 1.0, "vendor": "linux", "version": "4.2" }, { "model": "mrg realtime", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "2.0" }, { "model": "kernel", "scope": "gte", "trust": 1.0, "vendor": "linux", "version": "4.5" }, { "model": "arx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "6.2.0" }, { "model": "kernel", "scope": "gte", "trust": 1.0, "vendor": "linux", "version": "3.17" }, { "model": "linux enterprise point of sale", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "11" }, { "model": "enterprise linux eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.7" }, { "model": "kernel", "scope": "lt", "trust": 1.0, "vendor": "linux", "version": "3.10.108" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "12.04" }, { "model": "kernel", "scope": "lt", "trust": 1.0, "vendor": "linux", "version": "4.9.36" }, { "model": "kernel", "scope": "gte", "trust": 1.0, "vendor": "linux", "version": "4.10" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.6" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.4" }, { "model": "kernel", "scope": "gte", "trust": 1.0, "vendor": "linux", "version": "3.19" }, { "model": "linux enterprise desktop", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "12" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "7.0" }, { "model": "linux enterprise real time extension", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "11" }, { "model": "enterprise linux for real time", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7" }, { "model": "linux enterprise real time extension", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "12" }, { "model": "eos", "scope": "eq", "trust": 1.0, "vendor": "arista", "version": "4.20.1fx-virtual-router" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3" }, { "model": "kernel", "scope": "lt", "trust": 1.0, "vendor": "linux", "version": "3.18.60" }, { "model": "enterprise linux eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.6" }, { "model": "kernel", "scope": "lt", "trust": 1.0, "vendor": "linux", "version": "4.4.76" }, { "model": "kernel", "scope": "gte", "trust": 1.0, "vendor": "linux", "version": "3.11" }, { "model": "enterprise linux eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.4" }, { "model": "openstack cloud", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "6" }, { "model": "linux enterprise software development kit", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "11" }, { "model": "linux enterprise software development kit", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "12" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "cloud magnum orchestration", "scope": "eq", "trust": 1.0, "vendor": "openstack", "version": "7" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.6" }, { "model": "linux enterprise high availability extension", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "11" }, { "model": "kernel", "scope": "gte", "trust": 1.0, "vendor": "linux", "version": "3.2" }, { "model": "kernel", "scope": "lt", "trust": 1.0, "vendor": "linux", "version": "4.11" }, { "model": "arx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "6.4.0" }, { "model": "linux enterprise workstation extension", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "12" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "linux enterprise live patching", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "12" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.7" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.4" }, { "model": "kernel", "scope": "gte", "trust": 1.0, "vendor": "linux", "version": "3.3" }, { "model": "kernel", "scope": "lt", "trust": 1.0, "vendor": "linux", "version": "3.2.99" }, { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "42.3" }, { "model": "enterprise linux for real time for nfv", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "caas platform", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "*" }, { "model": "kernel", "scope": "lt", "trust": 1.0, "vendor": "linux", "version": "3.16.54" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "linux enterprise high availability", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "12" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "enterprise linux eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.7" }, { "model": "kernel", "scope": "lt", "trust": 1.0, "vendor": "linux", "version": "4.1.43" }, { "model": "linux enterprise server", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "11" }, { "model": "linux enterprise server", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "12" }, { "model": "kernel", "scope": "eq", "trust": 0.9, "vendor": "linux", "version": "4.10.13" }, { "model": "kernel", "scope": "eq", "trust": 0.9, "vendor": "linux", "version": "4.11" }, { "model": "kernel", "scope": "eq", "trust": 0.9, "vendor": "linux", "version": "4.10.15" }, { "model": "kernel", "scope": "lt", "trust": 0.8, "vendor": "linux", "version": "4.9.x" }, { "model": "kernel", "scope": "eq", "trust": 0.8, "vendor": "linux", "version": "4.9.36" }, { "model": "kernel", "scope": "eq", "trust": 0.6, "vendor": "linux", "version": "4.10.14" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.2.62" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.24.6" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.31.1" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.2.1" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.28.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.2.12" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.36" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.12.16" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.80" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.10.5" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.32.15" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.38.3" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.11.6" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.7.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.26.1" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.36" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.12.12" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.18.2" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.7" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.6.5" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.13" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.31.6" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.38.2" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.2.65" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.25.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.24.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.24.3" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.2.42" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.45" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.28.10" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.5" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.88" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.12.48" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.8" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.31" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.4.0-57" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.7.9" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.22" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.7.3" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.1.15" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.13.11" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.12.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.38.6" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.18.3" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.8.5" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.6.8" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.1.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.12.17" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.0.5" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.32" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.0.34" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.18.22" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.25.3" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.2.54" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.6.11" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.10.9" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.12.18" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.27.54" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.18.1" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.87" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.16.6" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.32.12" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.90" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.11.9" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.12.2" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.2.53" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.3" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.71" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.10.8" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.67" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.12.40" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.9" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.12.11" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.26" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.70" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.17" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.14.2" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.6" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.12.15" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.7.6" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.12.22" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.13.3" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.14-4" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7.0" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.27.26" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.32.28" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.3.5" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.17.2" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.11.5" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.38" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.9" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.29" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.10.10" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.6.7" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.17" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.0.62" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.6.2" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.5.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.76" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.25.1" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.28" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.2.24" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.1.47" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.7.7" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.2.44" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.27" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.2.82" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.1.1" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.32.13" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.2.55" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.5.2" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.18.8" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.12.21" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.81" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.2.50" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.0.37" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.3.2" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.25.2" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.15.2" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.32.10" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.16.36" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.0.59" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.5.3" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.11.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.8.2" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.11" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.32.60" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.11.3" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.0.72" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.0.75" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.0.66" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.2.23" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.32" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.2" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.5" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.13.6" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.32.62" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.64" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.2.63" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.12.7" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.93" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.5.1" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.32.6" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.27.51" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.11.3" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.2.57" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.27.49" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.15.5" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.21" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.5" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.14.7" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.31" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.7.8" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.0.6" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.23.14" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.11" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.37" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.73" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.19" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.18" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.14-1" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.12.1" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.2.2" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.30.3" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.2.64" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.7.10" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.23" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.2.56" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.12.14" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.25" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.32.5" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.13" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.2.9" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.43" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.18" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.32.61" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.0.1" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.26" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.13.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.12.44" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.18.17" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.32.1" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.35" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.73" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.27" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.0.65" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.10" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.5.7" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.32.11" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.42" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.30" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.38.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.10.12" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.10.6" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.3.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.12.3" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.18.9" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.41" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.26" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.6.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.10.11" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.31" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.0.18" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.0.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.39" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.17.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.14.5" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.0.58" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.12" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.10" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.10.2" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.11.2" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.12" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.32.7" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.16.1" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.6" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.4.1" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.2.13" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.0.5" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.2.81" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.72" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.14" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.7.1" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.16" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.18.7" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.16.2" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.6.3" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.38" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.10.1" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.37.2" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.2.52" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.1.8" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.18.11" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.14" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.23.1" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.6.10" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.25" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.7" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.13.5" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.14.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.6.9" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.2.38" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.8" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.0" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.2" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.2.51" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.86" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.29" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.21" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.34" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.13.0" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.16.7" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.14.37" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.14.54" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.14.73" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.7.2" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.2.60" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.16" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.27" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.10.3" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.15" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.6.1" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.2.78" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.12.49" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.8.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.13.9" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.19.3" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.20" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.5.6" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.58" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.15" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.0.2" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.7.5" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.1" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.2.72" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.8.1" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.81" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.37" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.0.60" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.0" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.15.10" }, { "model": "kernel", "scope": "ne", "trust": 0.3, "vendor": "linux", "version": "4.11" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.10.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.24" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.1" }, { "model": "kernel", "scope": "ne", "trust": 0.3, "vendor": "linux", "version": "4.9.36" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.23.10" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.32.3" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.17" }, { "model": "mrg realtime for rhel server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "62" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.20" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.14.3" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.19" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.32.14" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.14" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.10.7" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.1" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.32.9" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.31.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.4.14" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.0.69" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.14.45" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.7" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.8.9" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.8.6" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.32.8" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.33" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.23" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.36" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.0.98" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.30.5" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.17.6" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.13.1" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.30.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.5.5" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.10" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.6.6" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.3" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.11.1" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.13.7" } ], "sources": [ { "db": "BID", "id": "102367" }, { "db": "JVNDB", "id": "JVNDB-2017-011875" }, { "db": "CNNVD", "id": "CNNVD-201801-145" }, { "db": "NVD", "id": "CVE-2017-18017" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.11", "versionStartIncluding": "4.10", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.2.99", "versionStartIncluding": "3.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.10.108", "versionStartIncluding": "3.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.16.54", "versionStartIncluding": "3.11", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.18.60", "versionStartIncluding": "3.17", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.1.43", "versionStartIncluding": "3.19", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.4.76", "versionStartIncluding": "4.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.9.36", "versionStartIncluding": "4.5", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:arx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "6.4.0", "versionStartIncluding": "6.2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:*:*:raspberry_pi:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:ltss:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_high_availability:12:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:sap:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:ltss:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:suse:linux_enterprise_module_for_public_cloud:12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:suse:openstack_cloud:6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:suse:linux_enterprise_point_of_sale:11:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:-:-:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_real_time_extension:12:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_live_patching:12:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:suse:caas_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_live_patching:12:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_high_availability:12:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_real_time_extension:12:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openstack:cloud_magnum_orchestration:7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_real_time:7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:mrg_realtime:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2017-18017" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "147535" }, { "db": "PACKETSTORM", "id": "147936" }, { "db": "PACKETSTORM", "id": "147229" }, { "db": "PACKETSTORM", "id": "147113" }, { "db": "PACKETSTORM", "id": "147232" } ], "trust": 0.5 }, "cve": "CVE-2017-18017", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 10.0, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2017-18017", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "VHN-109097", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2017-18017", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2017-18017", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNNVD", "id": "CNNVD-201801-145", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-109097", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2017-18017", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-109097" }, { "db": "VULMON", "id": "CVE-2017-18017" }, { "db": "JVNDB", "id": "JVNDB-2017-011875" }, { "db": "CNNVD", "id": "CNNVD-201801-145" }, { "db": "NVD", "id": "CVE-2017-18017" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. Linux Kernel Contains a vulnerability in the use of freed memory.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Linux Kernel is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial-of-service condition. \nLinux kernel versions prior to 4.11, and 4.9.x prior to 4.9.36 are vulnerable. Summary:\n\nAn update for kernel is now available for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. \n\nSecurity Fix(es):\n\n* hw: cpu: speculative execution permission faults handling (CVE-2017-5754)\n\n* Kernel: error in exception handling leads to DoS (CVE-2018-8897)\n\n* kernel: nfsd: Incorrect handling of long RPC replies (CVE-2017-7645)\n\n* kernel: Use-after-free vulnerability in DCCP socket (CVE-2017-8824)\n\n* kernel: v4l2: disabled memory access protection mechanism allowing\nprivilege escalation (CVE-2017-13166)\n\n* kernel: netfilter: use-after-free in tcpmss_mangle_packet function in\nnet/netfilter/xt_TCPMSS.c (CVE-2017-18017)\n\n* kernel: Stack information leak in the EFS element (CVE-2017-1000410)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nRed Hat would like to thank Google Project Zero for reporting\nCVE-2017-5754; Nick Peterson (Everdox Tech LLC) and Andy Lutomirski for\nreporting CVE-2018-8897; Mohamed Ghannam for reporting CVE-2017-8824; and\nArmis Labs for reporting CVE-2017-1000410. \n\nBug Fix(es):\n\nThese updated kernel packages include also numerous bug fixes. Space\nprecludes documenting all of these bug fixes in this advisory. See the bug\nfix descriptions in the related Knowledge Article:\nhttps://access.redhat.com/articles/3431591\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1443615 - CVE-2017-7645 kernel: nfsd: Incorrect handling of long RPC replies\n1519160 - CVE-2017-1000410 kernel: Stack information leak in the EFS element\n1519591 - CVE-2017-8824 kernel: Use-after-free vulnerability in DCCP socket\n1519781 - CVE-2017-5754 hw: cpu: speculative execution permission faults handling\n1531135 - CVE-2017-18017 kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c\n1548412 - CVE-2017-13166 kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation\n1567074 - CVE-2018-8897 Kernel: error in exception handling leads to DoS\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nkernel-2.6.32-696.28.1.el6.src.rpm\n\ni386:\nkernel-2.6.32-696.28.1.el6.i686.rpm\nkernel-debug-2.6.32-696.28.1.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.28.1.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.28.1.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.28.1.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-696.28.1.el6.i686.rpm\nkernel-devel-2.6.32-696.28.1.el6.i686.rpm\nkernel-headers-2.6.32-696.28.1.el6.i686.rpm\nperf-2.6.32-696.28.1.el6.i686.rpm\nperf-debuginfo-2.6.32-696.28.1.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm\n\nnoarch:\nkernel-abi-whitelists-2.6.32-696.28.1.el6.noarch.rpm\nkernel-doc-2.6.32-696.28.1.el6.noarch.rpm\nkernel-firmware-2.6.32-696.28.1.el6.noarch.rpm\n\nx86_64:\nkernel-2.6.32-696.28.1.el6.x86_64.rpm\nkernel-debug-2.6.32-696.28.1.el6.x86_64.rpm\nkernel-debug-debuginfo-2.6.32-696.28.1.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm\nkernel-debug-devel-2.6.32-696.28.1.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.28.1.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.28.1.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm\nkernel-debuginfo-common-i686-2.6.32-696.28.1.el6.i686.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.28.1.el6.x86_64.rpm\nkernel-devel-2.6.32-696.28.1.el6.x86_64.rpm\nkernel-headers-2.6.32-696.28.1.el6.x86_64.rpm\nperf-2.6.32-696.28.1.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.28.1.el6.i686.rpm\nperf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nkernel-debug-debuginfo-2.6.32-696.28.1.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.28.1.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-696.28.1.el6.i686.rpm\nperf-debuginfo-2.6.32-696.28.1.el6.i686.rpm\npython-perf-2.6.32-696.28.1.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm\n\nx86_64:\nkernel-debug-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.28.1.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm\npython-perf-2.6.32-696.28.1.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nkernel-2.6.32-696.28.1.el6.src.rpm\n\nnoarch:\nkernel-abi-whitelists-2.6.32-696.28.1.el6.noarch.rpm\nkernel-doc-2.6.32-696.28.1.el6.noarch.rpm\nkernel-firmware-2.6.32-696.28.1.el6.noarch.rpm\n\nx86_64:\nkernel-2.6.32-696.28.1.el6.x86_64.rpm\nkernel-debug-2.6.32-696.28.1.el6.x86_64.rpm\nkernel-debug-debuginfo-2.6.32-696.28.1.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm\nkernel-debug-devel-2.6.32-696.28.1.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.28.1.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.28.1.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm\nkernel-debuginfo-common-i686-2.6.32-696.28.1.el6.i686.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.28.1.el6.x86_64.rpm\nkernel-devel-2.6.32-696.28.1.el6.x86_64.rpm\nkernel-headers-2.6.32-696.28.1.el6.x86_64.rpm\nperf-2.6.32-696.28.1.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.28.1.el6.i686.rpm\nperf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nkernel-debug-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.28.1.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm\npython-perf-2.6.32-696.28.1.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nkernel-2.6.32-696.28.1.el6.src.rpm\n\ni386:\nkernel-2.6.32-696.28.1.el6.i686.rpm\nkernel-debug-2.6.32-696.28.1.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.28.1.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.28.1.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.28.1.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-696.28.1.el6.i686.rpm\nkernel-devel-2.6.32-696.28.1.el6.i686.rpm\nkernel-headers-2.6.32-696.28.1.el6.i686.rpm\nperf-2.6.32-696.28.1.el6.i686.rpm\nperf-debuginfo-2.6.32-696.28.1.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm\n\nnoarch:\nkernel-abi-whitelists-2.6.32-696.28.1.el6.noarch.rpm\nkernel-doc-2.6.32-696.28.1.el6.noarch.rpm\nkernel-firmware-2.6.32-696.28.1.el6.noarch.rpm\n\nppc64:\nkernel-2.6.32-696.28.1.el6.ppc64.rpm\nkernel-bootwrapper-2.6.32-696.28.1.el6.ppc64.rpm\nkernel-debug-2.6.32-696.28.1.el6.ppc64.rpm\nkernel-debug-debuginfo-2.6.32-696.28.1.el6.ppc64.rpm\nkernel-debug-devel-2.6.32-696.28.1.el6.ppc64.rpm\nkernel-debuginfo-2.6.32-696.28.1.el6.ppc64.rpm\nkernel-debuginfo-common-ppc64-2.6.32-696.28.1.el6.ppc64.rpm\nkernel-devel-2.6.32-696.28.1.el6.ppc64.rpm\nkernel-headers-2.6.32-696.28.1.el6.ppc64.rpm\nperf-2.6.32-696.28.1.el6.ppc64.rpm\nperf-debuginfo-2.6.32-696.28.1.el6.ppc64.rpm\npython-perf-debuginfo-2.6.32-696.28.1.el6.ppc64.rpm\n\ns390x:\nkernel-2.6.32-696.28.1.el6.s390x.rpm\nkernel-debug-2.6.32-696.28.1.el6.s390x.rpm\nkernel-debug-debuginfo-2.6.32-696.28.1.el6.s390x.rpm\nkernel-debug-devel-2.6.32-696.28.1.el6.s390x.rpm\nkernel-debuginfo-2.6.32-696.28.1.el6.s390x.rpm\nkernel-debuginfo-common-s390x-2.6.32-696.28.1.el6.s390x.rpm\nkernel-devel-2.6.32-696.28.1.el6.s390x.rpm\nkernel-headers-2.6.32-696.28.1.el6.s390x.rpm\nkernel-kdump-2.6.32-696.28.1.el6.s390x.rpm\nkernel-kdump-debuginfo-2.6.32-696.28.1.el6.s390x.rpm\nkernel-kdump-devel-2.6.32-696.28.1.el6.s390x.rpm\nperf-2.6.32-696.28.1.el6.s390x.rpm\nperf-debuginfo-2.6.32-696.28.1.el6.s390x.rpm\npython-perf-debuginfo-2.6.32-696.28.1.el6.s390x.rpm\n\nx86_64:\nkernel-2.6.32-696.28.1.el6.x86_64.rpm\nkernel-debug-2.6.32-696.28.1.el6.x86_64.rpm\nkernel-debug-debuginfo-2.6.32-696.28.1.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm\nkernel-debug-devel-2.6.32-696.28.1.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.28.1.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.28.1.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm\nkernel-debuginfo-common-i686-2.6.32-696.28.1.el6.i686.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.28.1.el6.x86_64.rpm\nkernel-devel-2.6.32-696.28.1.el6.x86_64.rpm\nkernel-headers-2.6.32-696.28.1.el6.x86_64.rpm\nperf-2.6.32-696.28.1.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.28.1.el6.i686.rpm\nperf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nkernel-debug-debuginfo-2.6.32-696.28.1.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.28.1.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-696.28.1.el6.i686.rpm\nperf-debuginfo-2.6.32-696.28.1.el6.i686.rpm\npython-perf-2.6.32-696.28.1.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm\n\nppc64:\nkernel-debug-debuginfo-2.6.32-696.28.1.el6.ppc64.rpm\nkernel-debuginfo-2.6.32-696.28.1.el6.ppc64.rpm\nkernel-debuginfo-common-ppc64-2.6.32-696.28.1.el6.ppc64.rpm\nperf-debuginfo-2.6.32-696.28.1.el6.ppc64.rpm\npython-perf-2.6.32-696.28.1.el6.ppc64.rpm\npython-perf-debuginfo-2.6.32-696.28.1.el6.ppc64.rpm\n\ns390x:\nkernel-debug-debuginfo-2.6.32-696.28.1.el6.s390x.rpm\nkernel-debuginfo-2.6.32-696.28.1.el6.s390x.rpm\nkernel-debuginfo-common-s390x-2.6.32-696.28.1.el6.s390x.rpm\nkernel-kdump-debuginfo-2.6.32-696.28.1.el6.s390x.rpm\nperf-debuginfo-2.6.32-696.28.1.el6.s390x.rpm\npython-perf-2.6.32-696.28.1.el6.s390x.rpm\npython-perf-debuginfo-2.6.32-696.28.1.el6.s390x.rpm\n\nx86_64:\nkernel-debug-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.28.1.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm\npython-perf-2.6.32-696.28.1.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nkernel-2.6.32-696.28.1.el6.src.rpm\n\ni386:\nkernel-2.6.32-696.28.1.el6.i686.rpm\nkernel-debug-2.6.32-696.28.1.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.28.1.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.28.1.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.28.1.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-696.28.1.el6.i686.rpm\nkernel-devel-2.6.32-696.28.1.el6.i686.rpm\nkernel-headers-2.6.32-696.28.1.el6.i686.rpm\nperf-2.6.32-696.28.1.el6.i686.rpm\nperf-debuginfo-2.6.32-696.28.1.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm\n\nnoarch:\nkernel-abi-whitelists-2.6.32-696.28.1.el6.noarch.rpm\nkernel-doc-2.6.32-696.28.1.el6.noarch.rpm\nkernel-firmware-2.6.32-696.28.1.el6.noarch.rpm\n\nx86_64:\nkernel-2.6.32-696.28.1.el6.x86_64.rpm\nkernel-debug-2.6.32-696.28.1.el6.x86_64.rpm\nkernel-debug-debuginfo-2.6.32-696.28.1.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm\nkernel-debug-devel-2.6.32-696.28.1.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.28.1.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.28.1.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm\nkernel-debuginfo-common-i686-2.6.32-696.28.1.el6.i686.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.28.1.el6.x86_64.rpm\nkernel-devel-2.6.32-696.28.1.el6.x86_64.rpm\nkernel-headers-2.6.32-696.28.1.el6.x86_64.rpm\nperf-2.6.32-696.28.1.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.28.1.el6.i686.rpm\nperf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nkernel-debug-debuginfo-2.6.32-696.28.1.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.28.1.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-696.28.1.el6.i686.rpm\nperf-debuginfo-2.6.32-696.28.1.el6.i686.rpm\npython-perf-2.6.32-696.28.1.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm\n\nx86_64:\nkernel-debug-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.28.1.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm\npython-perf-2.6.32-696.28.1.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-7645\nhttps://access.redhat.com/security/cve/CVE-2017-8824\nhttps://access.redhat.com/security/cve/CVE-2017-13166\nhttps://access.redhat.com/security/cve/CVE-2017-18017\nhttps://access.redhat.com/security/cve/CVE-2017-1000410\nhttps://access.redhat.com/security/cve/CVE-2018-8897\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/articles/3431591\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFa8fO8XlSAg2UNWIIRAnN0AKCBdjdw1bC12xju0GwoOedA1L8osACaA1Ze\n4IKrbiFeHd+C9bqCjUFX4pw=\n=3psi\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nSecurity Fix(es):\n\n* An industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of Load \u0026 Store instructions\n(a commonly used performance optimization). It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well as\nthe fact that memory read from address to which a recent memory write has\noccurred may see an older value and subsequently cause an update into the\nmicroprocessor\u0027s data cache even for speculatively executed instructions\nthat never actually commit (retire). As a result, an unprivileged attacker\ncould use this flaw to read privileged memory by conducting targeted cache\nside-channel attacks. (CVE-2018-3639)\n\nNote: This issue is present in hardware and cannot be fully fixed via\nsoftware update. To be fully functional, up-to-date CPU\nmicrocode applied on the system might be required. Please refer to\nReferences section for further information about this issue, CPU microcode\nrequirements and the potential performance impact. \n\nIn this update, mitigation for PowerPC architecture is provided. Bugs fixed (https://bugzilla.redhat.com/):\n\n1531135 - CVE-2017-18017 kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c\n1566890 - CVE-2018-3639 hw: cpu: speculative store bypass\n\n6. (BZ#1549731)\n\n* Intel Core X-Series (Skylake) processors use a hardcoded Time Stamp\nCounter (TSC) frequency of 25 MHz. In some cases this can be imprecise and\nlead to timing-related problems such as time drift, timers being triggered\nearly, or TSC clock instability. This update mitigates these problems by no\nlonger using the \"native_calibrate_tsc()\" function to define the TSC\nfrequency. Refined calibration is now used to update the clock rate\naccordingly in these cases. (BZ#1547854)\n\n4. 7) - noarch, x86_64\n\n3. Description:\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables\nfine-tuning for systems with extremely high determinism requirements. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4187-1 security@debian.org\nhttps://www.debian.org/security/ Ben Hutchings\nMay 01, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2015-9016 CVE-2017-0861 CVE-2017-5715 CVE-2017-5753\n CVE-2017-13166 CVE-2017-13220 CVE-2017-16526 CVE-2017-16911\n CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-18017\n CVE-2017-18203 CVE-2017-18216 CVE-2017-18232 CVE-2017-18241\n CVE-2018-1066 CVE-2018-1068 CVE-2018-1092 CVE-2018-5332\n CVE-2018-5333 CVE-2018-5750 CVE-2018-5803 CVE-2018-6927\n CVE-2018-7492 CVE-2018-7566 CVE-2018-7740 CVE-2018-7757\n CVE-2018-7995 CVE-2018-8781 CVE-2018-8822 CVE-2018-1000004\n CVE-2018-1000199\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks. \n\nCVE-2015-9016\n\n Ming Lei reported a race condition in the multiqueue block layer\n (blk-mq). On a system with a driver using blk-mq (mtip32xx,\n null_blk, or virtio_blk), a local user might be able to use this\n for denial of service or possibly for privilege escalation. \n\nCVE-2017-0861\n\n Robb Glasser reported a potential use-after-free in the ALSA (sound)\n PCM core. We believe this was not possible in practice. \n\nCVE-2017-5715\n\n Multiple researchers have discovered a vulnerability in various\n processors supporting speculative execution, enabling an attacker\n controlling an unprivileged process to read memory from arbitrary\n addresses, including from the kernel and all other processes\n running on the system. \n\n This specific attack has been named Spectre variant 2 (branch\n target injection) and is mitigated for the x86 architecture (amd64\n and i386) by using the \"retpoline\" compiler feature which allows\n indirect branches to be isolated from speculative execution. \n\nCVE-2017-5753\n\n Multiple researchers have discovered a vulnerability in various\n processors supporting speculative execution, enabling an attacker\n controlling an unprivileged process to read memory from arbitrary\n addresses, including from the kernel and all other processes\n running on the system. \n\n This specific attack has been named Spectre variant 1\n (bounds-check bypass) and is mitigated by identifying vulnerable\n code sections (array bounds checking followed by array access) and\n replacing the array access with the speculation-safe\n array_index_nospec() function. \n\n More use sites will be added over time. \n\nCVE-2017-13166\n\n A bug in the 32-bit compatibility layer of the v4l2 ioctl handling\n code has been found. Memory protections ensuring user-provided\n buffers always point to userland memory were disabled, allowing\n destination addresses to be in kernel space. On a 64-bit kernel a\n local user with access to a suitable video device can exploit this\n to overwrite kernel memory, leading to privilege escalation. \n\nCVE-2017-13220\n\n Al Viro reported that the Bluetooth HIDP implementation could\n dereference a pointer before performing the necessary type check. \n A local user could use this to cause a denial of service. \n\nCVE-2017-16526\n\n Andrey Konovalov reported that the UWB subsystem may dereference\n an invalid pointer in an error case. A local user might be able\n to use this for denial of service. \n\nCVE-2017-16911\n\n Secunia Research reported that the USB/IP vhci_hcd driver exposed\n kernel heap addresses to local users. This information could aid the\n exploitation of other vulnerabilities. \n\nCVE-2017-16912\n\n Secunia Research reported that the USB/IP stub driver failed to\n perform a range check on a received packet header field, leading\n to an out-of-bounds read. A remote user able to connect to the\n USB/IP server could use this for denial of service. \n\nCVE-2017-16913\n\n Secunia Research reported that the USB/IP stub driver failed to\n perform a range check on a received packet header field, leading\n to excessive memory allocation. A remote user able to connect to\n the USB/IP server could use this for denial of service. \n\nCVE-2017-16914\n\n Secunia Research reported that the USB/IP stub driver failed to\n check for an invalid combination of fields in a received packet,\n leading to a null pointer dereference. A remote user able to\n connect to the USB/IP server could use this for denial of service. \n\nCVE-2017-18017\n\n Denys Fedoryshchenko reported that the netfilter xt_TCPMSS module\n failed to validate TCP header lengths, potentially leading to a\n use-after-free. If this module is loaded, it could be used by a\n remote attacker for denial of service or possibly for code\n execution. \n\nCVE-2017-18203\n\n Hou Tao reported that there was a race condition in creation and\n deletion of device-mapper (DM) devices. A local user could\n potentially use this for denial of service. \n\nCVE-2017-18216\n\n Alex Chen reported that the OCFS2 filesystem failed to hold a\n necessary lock during nodemanager sysfs file operations,\n potentially leading to a null pointer dereference. A local user\n could use this for denial of service. \n\nCVE-2017-18232\n\n Jason Yan reported a race condition in the SAS (Serial-Attached\n SCSI) subsystem, between probing and destroying a port. This\n could lead to a deadlock. \n\nCVE-2017-18241\n\n Yunlei He reported that the f2fs implementation does not properly\n initialise its state if the \"noflush_merge\" mount option is used. \n A local user with access to a filesystem mounted with this option\n could use this to cause a denial of service. \n\nCVE-2018-1066\n\n Dan Aloni reported to Red Hat that the CIFS client implementation\n would dereference a null pointer if the server sent an invalid\n response during NTLMSSP setup negotiation. This could be used\n by a malicious server for denial of service. \n\nCVE-2018-1068\n\n The syzkaller tool found that the 32-bit compatibility layer of\n ebtables did not sufficiently validate offset values. On a 64-bit\n kernel, a local user with the CAP_NET_ADMIN capability (in any user\n namespace) could use this to overwrite kernel memory, possibly\n leading to privilege escalation. Debian disables unprivileged user\n namespaces by default. \n\nCVE-2018-1092\n\n Wen Xu reported that a crafted ext4 filesystem image would\n trigger a null dereference when mounted. A local user able\n to mount arbitrary filesystems could use this for denial of\n service. \n\nCVE-2018-5332\n\n Mohamed Ghannam reported that the RDS protocol did not\n sufficiently validate RDMA requests, leading to an out-of-bounds\n write. A local attacker on a system with the rds module loaded\n could use this for denial of service or possibly for privilege\n escalation. \n\nCVE-2018-5333\n\n Mohamed Ghannam reported that the RDS protocol did not properly\n handle an error case, leading to a null pointer dereference. A\n local attacker on a system with the rds module loaded could\n possibly use this for denial of service. \n\nCVE-2018-5750\n\n Wang Qize reported that the ACPI sbshc driver logged a kernel heap\n address. This information could aid the exploitation of other\n vulnerabilities. \n\nCVE-2018-5803\n\n Alexey Kodanev reported that the SCTP protocol did not range-check\n the length of chunks to be created. A local or remote user could\n use this to cause a denial of service. \n\nCVE-2018-6927\n\n Li Jinyue reported that the FUTEX_REQUEUE operation on futexes did\n not check for negative parameter values, which might lead to a\n denial of service or other security impact. \n\nCVE-2018-7492\n\n The syzkaller tool found that the RDS protocol was lacking a null\n pointer check. A local attacker on a system with the rds module\n loaded could use this for denial of service. \n\nCVE-2018-7566\n\n Fan LongFei reported a race condition in the ALSA (sound)\n sequencer core, between write and ioctl operations. This could\n lead to an out-of-bounds access or use-after-free. A local user\n with access to a sequencer device could use this for denial of\n service or possibly for privilege escalation. \n\nCVE-2018-7740\n\n Nic Losby reported that the hugetlbfs filesystem\u0027s mmap operation\n did not properly range-check the file offset. A local user with\n access to files on a hugetlbfs filesystem could use this to cause\n a denial of service. \n\nCVE-2018-7757\n\n Jason Yan reported a memory leak in the SAS (Serial-Attached\n SCSI) subsystem. A local user on a system with SAS devices\n could use this to cause a denial of service. \n\nCVE-2018-7995\n\n Seunghun Han reported a race condition in the x86 MCE\n (Machine Check Exception) driver. This is unlikely to have\n any security impact. \n\nCVE-2018-8781\n\n Eyal Itkin reported that the udl (DisplayLink) driver\u0027s mmap\n operation did not properly range-check the file offset. A local\n user with access to a udl framebuffer device could exploit this to\n overwrite kernel memory, leading to privilege escalation. \n\nCVE-2018-8822\n\n Dr Silvio Cesare of InfoSect reported that the ncpfs client\n implementation did not validate reply lengths from the server. An\n ncpfs server could use this to cause a denial of service or\n remote code execution in the client. \n\nCVE-2018-1000004\n\n Luo Quan reported a race condition in the ALSA (sound) sequencer\n core, between multiple ioctl operations. This could lead to a\n deadlock or use-after-free. A local user with access to a\n sequencer device could use this for denial of service or possibly\n for privilege escalation. \n\nCVE-2018-1000199\n\n Andy Lutomirski discovered that the ptrace subsystem did not\n sufficiently validate hardware breakpoint settings. Local users\n can use this to cause a denial of service, or possibly for\n privilege escalation, on x86 (amd64 and i386) and possibly other\n architectures. \n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 3.16.56-1. \n\nWe recommend that you upgrade your linux packages. \n\nFor the detailed security status of linux please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlron61fFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0Rtqw//Xf/L4bP65wU9M59Ef6xBt+Eph+yxeMsioGhu80ODdMemlmHzASMtfZjY\nAXxyt9l8lbHn8MmwDA4aLhhwHYXwvKATdpHSy1SILrRfb4s9P9uV1vsHaIeZ649E\nhDyNon9hP2tPso6BwqiYHZZy9Xxtd+T8vTBeBZwUKOLBkBRvV/gyNSUdJWp6L8WH\naF4D1hHl9ZotDkyIvkubbx77aqbJ88I4R0n69x7L9udFbuXa+U7hV6dJdnpzyl/7\nOukJfEtnkaUgWu0MdOfFss6iH5OQISn/y/ricRi29oKQiEp3YwnT5J9pFwSQeJJS\nH8ABVt251UoS0J+of3QWw0muOT/6UAF8SNpPKMJXC7Euq8pTmYVPSIeUYf4eqn65\nUHZSCKXaszItq+uzVNYdkj504BJ4cG1lFxZtlrFWwKE8p7QOETN0GKvTRdu/SvDd\nHl2nb4HouLpBYS518Th2/MGgzhXXAuO12MH3smenptZbqxKn9Z0XSTJYzFupgJk/\nkKF2xkDFBE4toTLVE+6XdUKwYk4vkeDZyOGOwRYThSkKAzrUh5zThgal4HnknD2A\n5ye4XLhjgSIT47/nmor6lhxd7WGXGkV33GF0azYlHr/sclfzxcU2Ev3NUBWQ8M3s\nCxfIO0FNCzO0WIUf40md7MlIAnDBIRGyYgNIIe7AnSRKKPykEx8=\n=wNQS\n-----END PGP SIGNATURE-----\n. SchAPnherr (Amazon) for reporting CVE-2017-1000252; and Armis Labs\nfor reporting CVE-2017-1000410", "sources": [ { "db": "NVD", "id": "CVE-2017-18017" }, { "db": "JVNDB", "id": "JVNDB-2017-011875" }, { "db": "BID", "id": "102367" }, { "db": "VULHUB", "id": "VHN-109097" }, { "db": "VULMON", "id": "CVE-2017-18017" }, { "db": "PACKETSTORM", "id": "147535" }, { "db": "PACKETSTORM", "id": "147936" }, { "db": "PACKETSTORM", "id": "147229" }, { "db": "PACKETSTORM", "id": "147113" }, { "db": "PACKETSTORM", "id": "147451" }, { "db": "PACKETSTORM", "id": "147232" } ], "trust": 2.61 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-18017", "trust": 3.5 }, { "db": "BID", "id": "102367", "trust": 2.0 }, { "db": "JVNDB", "id": "JVNDB-2017-011875", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201801-145", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.2918", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.1089", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.0570", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "147936", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-109097", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2017-18017", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "147535", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "147229", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "147113", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "147451", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "147232", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-109097" }, { "db": "VULMON", "id": "CVE-2017-18017" }, { "db": "BID", "id": "102367" }, { "db": "JVNDB", "id": "JVNDB-2017-011875" }, { "db": "PACKETSTORM", "id": "147535" }, { "db": "PACKETSTORM", "id": "147936" }, { "db": "PACKETSTORM", "id": "147229" }, { "db": "PACKETSTORM", "id": "147113" }, { "db": "PACKETSTORM", "id": "147451" }, { "db": "PACKETSTORM", "id": "147232" }, { "db": "CNNVD", "id": "CNNVD-201801-145" }, { "db": "NVD", "id": "CVE-2017-18017" } ] }, "id": "VAR-201801-1708", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-109097" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T21:58:56.016000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "ChangeLog-4.9.36", "trust": 0.8, "url": "https://www.kernel.org/pub/linux/kernel/v4.x/changelog-4.9.36" }, { "title": "netfilter: xt_TCPMSS: add more sanity tests on tcph-\u003edoff", "trust": 0.8, "url": "https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901" }, { "title": "Linux Kernel Archives", "trust": 0.8, "url": "http://www.kernel.org" }, { "title": "netfilter: xt_TCPMSS: add more sanity tests on tcph-\u003edoff", "trust": 0.8, "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901" }, { "title": "Linux kernel Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77460" }, { "title": "Red Hat: Important: kernel security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20181737 - security advisory" }, { "title": "Red Hat: Important: kernel security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20181319 - security advisory" }, { "title": "Red Hat: Important: kernel-rt security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20181170 - security advisory" }, { "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=4762a13ce766481780ca81e6d0ac6aca" }, { "title": "Red Hat: Important: kernel security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20181130 - security advisory" }, { "title": "IBM: IBM Security Bulletin: Multiple Vulnerabilities in the Linux kernel affect the IBM FlashSystem models V840 and V9000", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=7e9caa3ad3bc08db914510b615544169" }, { "title": "Red Hat: CVE-2017-18017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2017-18017" }, { "title": "Red Hat: Important: kernel-rt security, bug fix, and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20180676 - security advisory" }, { "title": "Red Hat: Important: kernel security, bug fix, and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20181062 - security advisory" }, { "title": "Ubuntu Security Notice: linux vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3583-1" }, { "title": "Ubuntu Security Notice: linux-lts-trusty vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3583-2" }, { "title": "Symantec Security Advisories: Linux Kernel Aug 2017 - Sep 2018 Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=b3193a96468975c04eb9f136ca9abec4" }, { "title": "Debian Security Advisories: DSA-4187-1 linux -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=c1e7a2b9a6a788d0d58529e52dc12cc3" }, { "title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities have been fixed in IBM Security Privileged Identity Manager Appliance.", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f5bb2b180c7c77e5a02747a1f31830d9" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - April 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=ae57a14ec914f60b7203332a77613077" }, { "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=05b5bbd6fb289370b459faf1f4e3919d" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2017-18017 " }, { "title": "", "trust": 0.1, "url": "https://github.com/darngcode/about-linux-azure " }, { "title": "network-magic", "trust": 0.1, "url": "https://github.com/intrajp/network-magic " }, { "title": "hiboma", "trust": 0.1, "url": "https://github.com/hiboma/hiboma " } ], "sources": [ { "db": "VULMON", "id": "CVE-2017-18017" }, { "db": "JVNDB", "id": "JVNDB-2017-011875" }, { "db": "CNNVD", "id": "CNNVD-201801-145" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-416", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-109097" }, { "db": "JVNDB", "id": "JVNDB-2017-011875" }, { "db": "NVD", "id": "CVE-2017-18017" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://patchwork.ozlabs.org/patch/746618/" }, { "trust": 2.0, "url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765" }, { "trust": 2.0, "url": "https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901" }, { "trust": 2.0, "url": "https://lkml.org/lkml/2017/4/2/13" }, { "trust": 2.0, "url": "https://www.kernel.org/pub/linux/kernel/v4.x/changelog-4.9.36" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:0676" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:1130" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:1170" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:1319" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:1737" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/102367" }, { "trust": 1.7, "url": "https://help.ecostruxureit.com/display/public/uadce725/security+fixes+in+struxureware+data+center+expert+v7.6.0" }, { "trust": 1.7, "url": "https://support.f5.com/csp/article/k18352029" }, { "trust": 1.7, "url": "https://www.debian.org/security/2018/dsa-4187" }, { "trust": 1.7, "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901" }, { "trust": 1.7, "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/4577-security-advisory-34" }, { "trust": 1.7, "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "trust": 1.7, "url": "https://access.redhat.com/errata/rhsa-2018:1062" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00008.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00015.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00038.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00047.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00030.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00070.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00072.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00014.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html" }, { "trust": 1.7, "url": "http://www.ubuntu.com/usn/usn-3583-1" }, { "trust": 1.7, "url": "https://usn.ubuntu.com/3583-1/" }, { "trust": 1.7, "url": "http://www.ubuntu.com/usn/usn-3583-2" }, { "trust": 1.7, "url": "https://usn.ubuntu.com/3583-2/" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18017" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18017" }, { "trust": 0.6, "url": "https://www.ibm.com/support/docview.wss?uid=ibm10957179" }, { "trust": 0.6, "url": "http://www.ibm.com/support/docview.wss" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.2918/" }, { "trust": 0.6, "url": "http://www.ibm.com/support/docview.wss?uid=ibm10879093" }, { "trust": 0.6, "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10957179" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/78218" }, { "trust": 0.6, "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10957177" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/76030" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2017-18017" }, { "trust": 0.5, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13166" }, { "trust": 0.5, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.5, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.5, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.5, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.5, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2017-8824" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2017-13166" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2017-1000410" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-8824" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-1000410" }, { "trust": 0.3, "url": "http://www.kernel.org/" }, { "trust": 0.3, "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901" }, { "trust": 0.3, "url": "https://www.oracle.com/technetwork/topics/security/linuxbulletinapr2018-4431087.html" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-15265" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2017-15265" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2017-17449" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17449" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9725" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2017-9725" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2017-1000252" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-1000252" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18203" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000004" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-8897" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-7645" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7645" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/3431591" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8897" }, { "trust": 0.1, "url": "https://access.redhat.com/security/vulnerabilities/ssbd" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-3639" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/3461451" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3639" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-12154" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12154" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-17053" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-14140" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-15129" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7913" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-6927" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-1000407" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1000004" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-7913" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-15121" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-15126" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17053" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-15116" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-17558" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-12190" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-3672" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-8633" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-18203" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-17448" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3672" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17448" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-15126" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-14140" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17558" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-1000407" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-15121" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8633" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-15129" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-15127" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-15116" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-5750" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-7294" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7294" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-15127" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12190" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.5_release_notes/index.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5803" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18241" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1066" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16911" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/linux" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-6927" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1068" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-9016" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5750" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18232" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5332" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-0861" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5333" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16914" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5753" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000199" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16526" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7492" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16913" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1092" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18216" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5715" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13220" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16912" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/3411331" } ], "sources": [ { "db": "VULHUB", "id": "VHN-109097" }, { "db": "BID", "id": "102367" }, { "db": "JVNDB", "id": "JVNDB-2017-011875" }, { "db": "PACKETSTORM", "id": "147535" }, { "db": "PACKETSTORM", "id": "147936" }, { "db": "PACKETSTORM", "id": "147229" }, { "db": "PACKETSTORM", "id": "147113" }, { "db": "PACKETSTORM", "id": "147451" }, { "db": "PACKETSTORM", "id": "147232" }, { "db": "CNNVD", "id": "CNNVD-201801-145" }, { "db": "NVD", "id": "CVE-2017-18017" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-109097" }, { "db": "VULMON", "id": "CVE-2017-18017" }, { "db": "BID", "id": "102367" }, { "db": "JVNDB", "id": "JVNDB-2017-011875" }, { "db": "PACKETSTORM", "id": "147535" }, { "db": "PACKETSTORM", "id": "147936" }, { "db": "PACKETSTORM", "id": "147229" }, { "db": "PACKETSTORM", "id": "147113" }, { "db": "PACKETSTORM", "id": "147451" }, { "db": "PACKETSTORM", "id": "147232" }, { "db": "CNNVD", "id": "CNNVD-201801-145" }, { "db": "NVD", "id": "CVE-2017-18017" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-01-03T00:00:00", "db": "VULHUB", "id": "VHN-109097" }, { "date": "2018-01-03T00:00:00", "db": "VULMON", "id": "CVE-2017-18017" }, { "date": "2018-01-03T00:00:00", "db": "BID", "id": "102367" }, { "date": "2018-02-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-011875" }, { "date": "2018-05-08T20:33:37", "db": "PACKETSTORM", "id": "147535" }, { "date": "2018-05-30T19:49:32", "db": "PACKETSTORM", "id": "147936" }, { "date": "2018-04-18T20:02:50", "db": "PACKETSTORM", "id": "147229" }, { "date": "2018-04-11T01:22:55", "db": "PACKETSTORM", "id": "147113" }, { "date": "2018-05-03T01:31:56", "db": "PACKETSTORM", "id": "147451" }, { "date": "2018-04-18T20:05:04", "db": "PACKETSTORM", "id": "147232" }, { "date": "2018-01-04T00:00:00", "db": "CNNVD", "id": "CNNVD-201801-145" }, { "date": "2018-01-03T06:29:00.517000", "db": "NVD", "id": "CVE-2017-18017" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-01-19T00:00:00", "db": "VULHUB", "id": "VHN-109097" }, { "date": "2023-01-19T00:00:00", "db": "VULMON", "id": "CVE-2017-18017" }, { "date": "2018-05-02T12:00:00", "db": "BID", "id": "102367" }, { "date": "2018-02-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-011875" }, { "date": "2021-11-09T00:00:00", "db": "CNNVD", "id": "CNNVD-201801-145" }, { "date": "2024-04-24T13:40:09.260000", "db": "NVD", "id": "CVE-2017-18017" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201801-145" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Linux Kernel Uses freed memory vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-011875" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201801-145" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.