CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:L/Au:S/C:C/I:C/A:C
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
83.0%
This kernel update is based on upstream 4.4.88 and fixes at least the following security issues: net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (CVE-2017-11600). The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation (CVE-2017-12134 / XSA-229). The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory (CVE-2017-14340). The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 3.3-rc1 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (CVE-2017-1000251). For other upstream fixes in this update, read the referenced changelogs.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 5 | noarch | kernel | < 4.4.88-1 | kernel-4.4.88-1.mga5 |
Mageia | 5 | noarch | kernel-userspace-headers | < 4.4.88-1 | kernel-userspace-headers-4.4.88-1.mga5 |
Mageia | 5 | noarch | kmod-vboxadditions | < 5.1.26-3 | kmod-vboxadditions-5.1.26-3.mga5 |
Mageia | 5 | noarch | kmod-virtualbox | < 5.1.26-3 | kmod-virtualbox-5.1.26-3.mga5 |
Mageia | 5 | noarch | kmod-xtables-addons | < 2.10-46 | kmod-xtables-addons-2.10-46.mga5 |
bugs.mageia.org/show_bug.cgi?id=21711
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.83
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.84
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.85
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.86
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.87
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.88
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:L/Au:S/C:C/I:C/A:C
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
83.0%