Lucene search

K
mageia
Gentoo FoundationMGASA-2016-0415
HistoryDec 08, 2016 - 10:33 a.m.

Updated kernel packages fixes security vulnerabilities

2016-12-0810:33:24
Gentoo Foundation
advisories.mageia.org
24

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

12.5%

This update is based on upstream 4.4.36 and fixes at least the following security issues: The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (CVE-2016-8645). The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent (CVE-2016-8650). A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system (CVE-2016-8655). Linux kernel built with the Kernel-based Virtual Machine(CONFIG_KVM) support is vulnerable to an information leakage issue. It could occur on x86 platform, while emulating instructions in 32bit mode. A user/process could use this flaw to leak host kernel memory bytes (CVE-2016-9756). A bug in SO_{SND|RCV}BUFFORCE setsockopt() implementation allows CAP_NET_ADMIN users to set negative sk_sndbuf or sk_rcvbuf values. A user could use this flaw to cause various memory corruptions, crashes and OOM (CVE-2016-9793). For other fixes in this update, see the referenced changelogs.

How to protect your server from attacks?

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

12.5%

Related for MGASA-2016-0415