Lucene search

K
huaweiHuawei TechnologiesHUAWEI-SA-20170802-01-LINUX
HistoryAug 02, 2017 - 12:00 a.m.

Security Advisory - 'Phoenix Talon' Vulnerabilities in Linux Kernel

2017-08-0200:00:00
Huawei Technologies
www.huawei.com
40

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

32.6%

The Linux operating system has four security vulnerabilities called ‘Phoenix Talon’, which affect Linux kernel 2.5.69 to Linux kernel 4.11. Successful exploit of these vulnerabilities can allow an attacker to launch DoS attacks and can lead to arbitrary code execution when certain conditions are met. (Vulnerability ID: HWPSIRT-2017-06165,HWPSIRT-2017-07130,HWPSIRT-2017-07131 and HWPSIRT-2017-07132)

The four vulnerabilities have been assigned four Common Vulnerabilities and Exposures (CVE) IDs: CVE-2017-8890, CVE-2017-9075, CVE-2017-9076 and CVE-2017-9077.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-01-linux-en

Affected configurations

Vulners
Node
huaweiap5010dn-agn-fat_firmwareMatchv200r005c10
OR
huaweiap5010sn-gn_firmwareMatchv200r005c10
OR
huaweiap5010sn-gn_firmwareMatchv200r006c00
OR
huaweiap5010sn-gn_firmwareMatchv200r006c10
OR
huaweiap5010sn-gn-fat_firmwareMatchv200r005c10
OR
huaweiat815sn_firmwareMatchv200r005c10
OR
huaweiat815sn_firmwareMatchv200r006c00
OR
huaweiat815sn_firmwareMatchv200r006c10
OR
huaweihistbandroid_firmwareMatchv600r001c00
VendorProductVersionCPE
huaweiap5010dn-agn-fat_firmwarev200r005c10cpe:2.3:a:huawei:ap5010dn-agn-fat_firmware:v200r005c10:*:*:*:*:*:*:*
huaweiap5010sn-gn_firmwarev200r005c10cpe:2.3:a:huawei:ap5010sn-gn_firmware:v200r005c10:*:*:*:*:*:*:*
huaweiap5010sn-gn_firmwarev200r006c00cpe:2.3:a:huawei:ap5010sn-gn_firmware:v200r006c00:*:*:*:*:*:*:*
huaweiap5010sn-gn_firmwarev200r006c10cpe:2.3:a:huawei:ap5010sn-gn_firmware:v200r006c10:*:*:*:*:*:*:*
huaweiap5010sn-gn-fat_firmwarev200r005c10cpe:2.3:a:huawei:ap5010sn-gn-fat_firmware:v200r005c10:*:*:*:*:*:*:*
huaweiat815sn_firmwarev200r005c10cpe:2.3:a:huawei:at815sn_firmware:v200r005c10:*:*:*:*:*:*:*
huaweiat815sn_firmwarev200r006c00cpe:2.3:a:huawei:at815sn_firmware:v200r006c00:*:*:*:*:*:*:*
huaweiat815sn_firmwarev200r006c10cpe:2.3:a:huawei:at815sn_firmware:v200r006c10:*:*:*:*:*:*:*
huaweihistbandroid_firmwarev600r001c00cpe:2.3:a:huawei:histbandroid_firmware:v600r001c00:*:*:*:*:*:*:*

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

32.6%