213 matches found
DEBIAN-CVE-2017-18549
An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aacsendrawsrb does not initialize the reply structure...
UBUNTU-CVE-2017-18549
An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aacsendrawsrb does not initialize the reply structure...
UBUNTU-CVE-2017-18550
An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aacgethbainfo does not initialize the hbainfo structure...
CVE-2017-18549
CVE-2017-18549 affects the Linux kernel component drivers/scsi/aacraid/commctrl.c in versions prior to 4.13. The root cause is that aac_send_raw_srb does not initialize the reply structure, which can lead to exposure of kernel stack memory. The connected Nessus entries (Unity Linux advisories) re...
CVE-2017-18549
An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aacsendrawsrb does not initialize the reply structure...
CVE-2017-18550
An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aacgethbainfo does not initialize the hbainfo structure...
CVE-2017-18550
CVE-2017-18550 affects Linux kernels up to 4.12: in drivers/scsi/aacraid/commctrl.c, aac_get_hba_info does not initialize hbainfo, exposing kernel stack memory. Severity is low (CVSS v3: 5.5) but local access required. The Unity Nessus advisories reproduce this issue and reference a kernel fix pr...
CVE-2017-18550
An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aacgethbainfo does not initialize the hbainfo structure...
Denial Of Service (DoS)
Linux kernel is vulnerable to denial of serviceDoS attacks. A race condition flaw occurs in the ioctlsendfib function in the Linux kernel's aacraid implementation. This allows a local user to cause out-of-bound access and crash the system by changing a certain size value...
kernel: scsi: aacraid: double fetch in ioctl_send_fib()
A race condition flaw was found in the ioctlsendfib function in the Linux kernel's aacraid implementation. A local attacker could use this flaw to cause a denial of service out-of-bounds access or system crash by changing a certain size value...
OracleVM 3.2 : Unbreakable / etc (OVMSA-2016-0181)
The remote OracleVM system is missing necessary patches to address critical security updates : - x86/iopl/64: properly context-switch IOPL on Xen PV Andy Lutomirski Orabug: 25269184 CVE-2016-3157 - net: Fix use after free in the recvmmsg exit path Arnaldo Carvalho de Melo Orabug: 25298618...
CVE-2016-6480
A race condition flaw was found in the ioctlsendfib function in the Linux kernel's aacraid implementation. A local attacker could use this flaw to cause a denial of service out-of-bounds access or system crash by changing a certain size value...
OracleVM 3.2 : Unbreakable / etc (OVMSA-2016-0167)
The remote OracleVM system is missing necessary patches to address critical security updates : - aacraid: Check size values after double-fetch from user Dave Carroll Orabug: 25060055 CVE-2016-6480 CVE-2016-6480 - audit: fix a double fetch in auditlogsingleexecvearg Paul Moore Orabug: 25059962...
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3644)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-3644 advisory. - acpi: Disable ACPI table override if securelevel is set Linn Crosetto Orabug: 25058966 CVE-2016-3699 - aacraid: Check size values after...
Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3646)
The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-3646 advisory. - aacraid: Check size values after double-fetch from user Dave Carroll Orabug: 25060055 CVE-2016-6480 CVE-2016-6480 - audit: fix a double fetch in...
OracleVM 3.4 : Unbreakable / etc (OVMSA-2016-0162)
The remote OracleVM system is missing necessary patches to address critical security updates : - acpi: Disable ACPI table override if securelevel is set Linn Crosetto Orabug: 25058966 CVE-2016-3699 - aacraid: Check size values after double-fetch from user Dave Carroll Orabug: 25060060 CVE-2016-64...
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3645)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-3645 advisory. - aacraid: Check size values after double-fetch from user Dave Carroll Orabug: 25060050 CVE-2016-6480 CVE-2016-6480 - IB/srpt: Simplify...
OracleVM 3.3 : Unbreakable / etc (OVMSA-2016-0163)
The remote OracleVM system is missing necessary patches to address critical security updates : - aacraid: Check size values after double-fetch from user Dave Carroll Orabug: 25060050 CVE-2016-6480 CVE-2016-6480 - IB/srpt: Simplify srpthandletskmgmt Bart Van Assche Orabug: 25060011 CVE-2016-6327 -...
Unbreakable Enterprise kernel security update
kernel-uek 3.8.13-118.14.2 - aacraid: Check size values after double-fetch from user Dave Carroll Orabug: 25060050 CVE-2016-6480 CVE-2016-6480 - IB/srpt: Simplify srpthandletskmgmt Bart Van Assche Orabug: 25060011 CVE-2016-6327 - audit: fix a double fetch in auditlogsingleexecvearg Paul Moore...
Unbreakable Enterprise kernel security update
2.6.39-400.290.2 - aacraid: Check size values after double-fetch from user Dave Carroll Orabug: 25060055 CVE-2016-6480 CVE-2016-6480 - audit: fix a double fetch in auditlogsingleexecvearg Paul Moore Orabug: 25059962 CVE-2016-6136 - ecryptfs: don't allow mmap when the lower fs doesn't support it...