Basic search

K
oraclelinuxOracleLinuxELSA-2017-3533
HistoryMar 31, 2017 - 12:00 a.m.

Unbreakable Enterprise kernel security update

2017-03-3100:00:00
linux.oracle.com
83

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.052 Low

EPSS

Percentile

92.2%

kernel-uek
[4.1.12-61.1.33]

  • Revert ‘x86/mm: Expand the exception table logic to allow new handling options’ (Brian Maly) [Orabug: 25790387] {CVE-2016-9644}
  • Revert ‘fix minor infoleak in get_user_ex()’ (Brian Maly) [Orabug: 25790387] {CVE-2016-9644}
    [4.1.12-61.1.32]
  • x86/mm: Expand the exception table logic to allow new handling options (Tony Luck) [Orabug: 25790387] {CVE-2016-9644}
    [4.1.12-61.1.31]
  • rebuild bumping release
    [4.1.12-61.1.30]
  • net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766898] {CVE-2016-8399} {CVE-2016-8399}
  • sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765436] {CVE-2016-10088}
  • scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25751984] {CVE-2017-7187}
    [4.1.12-61.1.29]
  • tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25696677] {CVE-2017-2636}
  • TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25696677] {CVE-2017-2636}
  • If Slot Status indicates changes in both Data Link Layer Status and Presence Detect, prioritize the Link status change. (Jack Vogel) [Orabug: 25353783]
  • PCI: pciehp: Leave power indicator on when enabling already-enabled slot (Ashok Raj) [Orabug: 25353783]
  • firewire: net: guard against rx buffer overflows (Stefan Richter) [Orabug: 25451520] {CVE-2016-8633}
  • usbnet: cleanup after bind() in probe() (Oliver Neukum) [Orabug: 25463898] {CVE-2016-3951}
  • cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind (Bjorn Mork) [Orabug: 25463898] {CVE-2016-3951}
  • cdc_ncm: Add support for moving NDP to end of NCM frame (Enrico Mioso) [Orabug: 25463898] {CVE-2016-3951}
  • x86/mm/32: Enable full randomization on i386 and X86_32 (Hector Marco-Gisbert) [Orabug: 25463918] {CVE-2016-3672}
  • kvm: fix page struct leak in handle_vmon (Paolo Bonzini) [Orabug: 25507133] {CVE-2017-2596}
  • crypto: mcryptd - Check mcryptd algorithm compatibility (tim) [Orabug: 25507153] {CVE-2016-10147}
  • kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF) (Jim Mattson) [Orabug: 25507188] {CVE-2016-9588}
  • KVM: x86: drop error recovery in em_jmp_far and em_ret_far (Radim Krcmar) [Orabug: 25507213] {CVE-2016-9756}
  • tcp: take care of truncations done by sk_filter() (Eric Dumazet) [Orabug: 25507226] {CVE-2016-8645}
  • rose: limit sk_filter trim to payload (Willem de Bruijn) [Orabug: 25507226] {CVE-2016-8645}
  • tipc: check minimum bearer MTU (Michal Kubecek) [Orabug: 25507239] {CVE-2016-8632} {CVE-2016-8632}
  • fix minor infoleak in get_user_ex() (Al Viro) [Orabug: 25507269] {CVE-2016-9178}
  • scsi: arcmsr: Simplify user_len checking (Borislav Petkov) [Orabug: 25507319] {CVE-2016-7425}
  • scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer() (Dan Carpenter) [Orabug: 25507319] {CVE-2016-7425}
  • tmpfs: clear S_ISGID when setting posix ACLs (Gu Zheng) [Orabug: 25507341] {CVE-2016-7097} {CVE-2016-7097}
  • posix_acl: Clear SGID bit when setting file permissions (Jan Kara) [Orabug: 25507341] {CVE-2016-7097} {CVE-2016-7097}
  • ext2: convert to mbcache2 (Jan Kara) [Orabug: 25512366] {CVE-2015-8952}
  • ext4: convert to mbcache2 (Jan Kara) [Orabug: 25512366] {CVE-2015-8952}
  • mbcache2: reimplement mbcache (Jan Kara) [Orabug: 25512366] {CVE-2015-8952}
  • USB: digi_acceleport: do sanity checking for the number of ports (Oliver Neukum) [Orabug: 25512466] {CVE-2016-3140}
  • net/llc: avoid BUG_ON() in skb_orphan() (Eric Dumazet) [Orabug: 25682419] {CVE-2017-6345}
  • net/mlx4_core: Disallow creation of RAW QPs on a VF (Eli Cohen) [Orabug: 25697847]
  • ipv4: keep skb->dst around in presence of IP options (Eric Dumazet) [Orabug: 25698300] {CVE-2017-5970}
  • perf/core: Fix concurrent sys_perf_event_open() vs. ‘move_group’ race (Peter Zijlstra) [Orabug: 25698751] {CVE-2017-6001}
  • ip6_gre: fix ip6gre_err() invalid reads (Eric Dumazet) [Orabug: 25699015] {CVE-2017-5897}
  • mpt3sas: Dont spam logs if logging level is 0 (Johannes Thumshirn) [Orabug: 25699035]
  • xen-netfront: cast grant table reference first to type int (Dongli Zhang)
  • xen-netfront: do not cast grant table reference to signed short (Dongli Zhang)

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.052 Low

EPSS

Percentile

92.2%

Related for ELSA-2017-3533