11 matches found
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4040)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4040 advisory. - gre: fix a possible skb leak Eric Dumazet Orabug: 26403972 CVE-2017-9074 - ipv6: Fix leak in ipv6gsosegment. David S. Miller Orabug: 26403972...
Updated kernel-tmb packages fix security vulnerabilities
This kernel-tmb update is based on the upstream 4.14.18 and adds some support for mitigating Spectre, variant 1 CVE-2017-5753 and as it is built with the retpoline-aware gcc-5.5.0-1.mga6, it now provides full retpoline mitigation for Spectre, variant 2 CVE-2017-5715. The BPF interpreter has been...
Virtuozzo 7 : readykernel-patch (VZA-2017-111)
According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - dccpdisconnect set the socket state to DCCPCLOSED but did not properly free some of the resources associated with th...
Virtuozzo 7 : readykernel-patch (VZA-2017-110)
According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - dccpdisconnect set the socket state to DCCPCLOSED but did not properly free some of the resources associated with th...
Linux Kernel 4.10.5 / < 4.14.3 (Ubuntu) - DCCP Socket Use-After-Free
/ This is an announcement for CVE-2017-8824 which is a use-after-free vulnerability I found in Linux DCCP socket. It can be used to gain kernel code execution from unprivileged processes. You’ll find in attachment the proof of concept code and the kernel panic log. BUG DETAILS When a socket sock...
CVE-2017-8824
The dccpdisconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service use-after-free via an AFUNSPEC connect system call during the DCCPLISTEN state...
Design/Logic Flaw
The dccpdisconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service use-after-free via an AFUNSPEC connect system call during the DCCPLISTEN state...
CVE-2017-8824
The dccpdisconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service use-after-free via an AFUNSPEC connect system call during the DCCPLISTEN state...
CVE-2017-8824
The dccpdisconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service use-after-free via an AFUNSPEC connect system call during the DCCPLISTEN state...
CVE-2017-8824
CVE-2017-8824 affects the Linux kernel DCCP implementation. The bug is a use-after-free in dccp_disconnect (net/dccp/proto.c) that can be triggered by an AF_UNSPEC connect while in the DCCP_LISTEN state, allowing a local user to escalate privileges or cause a denial of service. Public advisories ...
CVE-2017-8824
The dccpdisconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service use-after-free via an AFUNSPEC connect system call during the DCCPLISTEN state...