7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.879 High
EPSS
Percentile
98.6%
Issue Overview:
A flaw was found in the patches used to fix the ‘dirtycow’ vulnerability (CVE-2016-5195). An attacker, able to run local code, can exploit a race condition in transparent huge pages to modify usually read-only huge pages. (CVE-2017-1000405)
Linux kernel Virtualization Module (CONFIG_KVM) for the Intel processor family (CONFIG_KVM_INTEL) is vulnerable to a DoS issue. It could occur if a guest was to flood the I/O port 0x80 with write requests. A guest user could use this flaw to crash the host kernel resulting in DoS. (CVE-2017-1000407)
A BUG in drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. (CVE-2017-16647)
A BUG in drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device. (CVE-2017-16646)
The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. (CVE-2017-16645)
The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. (CVE-2017-16643)
The walk_hugetlb_range() function in ‘mm/pagewalk.c’ file in the Linux kernel from v4.0-rc1 through v4.15-rc1 mishandles holes in hugetlb ranges. This allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call. (CVE-2017-16994)
The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device. (CVE-2017-16650)
The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device. (CVE-2017-16649)
A vulnerability was found in the Linux kernel when peeling off an association to the socket in another network namespace. All transports in this association are not to be rehashed and keep using the old key in hashtable, thus removing transports from hashtable when closing the socket, all transports are being freed. Later on a use-after-free issue could be caused when looking up an association and dereferencing the transports. (CVE-2017-15115)
Affected Packages:
kernel
Issue Correction:
Run yum update kernel to update your system.
New Packages:
i686:
perf-4.9.70-22.55.amzn1.i686
kernel-4.9.70-22.55.amzn1.i686
kernel-debuginfo-common-i686-4.9.70-22.55.amzn1.i686
kernel-debuginfo-4.9.70-22.55.amzn1.i686
perf-debuginfo-4.9.70-22.55.amzn1.i686
kernel-tools-devel-4.9.70-22.55.amzn1.i686
kernel-headers-4.9.70-22.55.amzn1.i686
kernel-tools-4.9.70-22.55.amzn1.i686
kernel-devel-4.9.70-22.55.amzn1.i686
kernel-tools-debuginfo-4.9.70-22.55.amzn1.i686
noarch:
kernel-doc-4.9.70-22.55.amzn1.noarch
src:
kernel-4.9.70-22.55.amzn1.src
x86_64:
kernel-tools-4.9.70-22.55.amzn1.x86_64
kernel-devel-4.9.70-22.55.amzn1.x86_64
kernel-headers-4.9.70-22.55.amzn1.x86_64
kernel-4.9.70-22.55.amzn1.x86_64
perf-4.9.70-22.55.amzn1.x86_64
kernel-tools-devel-4.9.70-22.55.amzn1.x86_64
kernel-tools-debuginfo-4.9.70-22.55.amzn1.x86_64
kernel-debuginfo-common-x86_64-4.9.70-22.55.amzn1.x86_64
perf-debuginfo-4.9.70-22.55.amzn1.x86_64
kernel-debuginfo-4.9.70-22.55.amzn1.x86_64
Red Hat: CVE-2017-0861, CVE-2017-1000405, CVE-2017-1000407, CVE-2017-15115, CVE-2017-16643, CVE-2017-16645, CVE-2017-16646, CVE-2017-16647, CVE-2017-16649, CVE-2017-16650, CVE-2017-16994
Mitre: CVE-2017-0861, CVE-2017-1000405, CVE-2017-1000407, CVE-2017-15115, CVE-2017-16643, CVE-2017-16645, CVE-2017-16646, CVE-2017-16647, CVE-2017-16649, CVE-2017-16650, CVE-2017-16994
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | perf | < 4.9.70-22.55.amzn1 | perf-4.9.70-22.55.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | kernel | < 4.9.70-22.55.amzn1 | kernel-4.9.70-22.55.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | kernel-debuginfo-common-i686 | < 4.9.70-22.55.amzn1 | kernel-debuginfo-common-i686-4.9.70-22.55.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | kernel-debuginfo | < 4.9.70-22.55.amzn1 | kernel-debuginfo-4.9.70-22.55.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | perf-debuginfo | < 4.9.70-22.55.amzn1 | perf-debuginfo-4.9.70-22.55.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | kernel-tools-devel | < 4.9.70-22.55.amzn1 | kernel-tools-devel-4.9.70-22.55.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | kernel-headers | < 4.9.70-22.55.amzn1 | kernel-headers-4.9.70-22.55.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | kernel-tools | < 4.9.70-22.55.amzn1 | kernel-tools-4.9.70-22.55.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | kernel-devel | < 4.9.70-22.55.amzn1 | kernel-devel-4.9.70-22.55.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | kernel-tools-debuginfo | < 4.9.70-22.55.amzn1 | kernel-tools-debuginfo-4.9.70-22.55.amzn1.i686.rpm |
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.879 High
EPSS
Percentile
98.6%