31 matches found
OracleVM 3.2 : Unbreakable / etc (OVMSA-2017-0106)
The remote OracleVM system is missing necessary patches to address critical security updates : - nfsd: stricter decoding of write-like NFSv2/v3 ops J. Bruce Fields Orabug: 25986995 CVE-2017-7895 - ocfs2/o2net: o2netlistendataready should do nothing if socket state is not TCPLISTEN Tariq Saeed...
kernel: Race condition access to n_hdlc.tbuf causes double free in n_hdlc_release()
A race condition flaw was found in the NHLDC Linux kernel driver when accessing nhdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system...
kernel: Race condition access to n_hdlc.tbuf causes double free in n_hdlc_release()
A race condition flaw was found in the NHLDC Linux kernel driver when accessing nhdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system...
Unbreakable Enterprise kernel security update
2.6.39-400.295.2 - nfsd: stricter decoding of write-like NFSv2/v3 ops J. Bruce Fields Orabug: 25986995 CVE-2017-7895 2.6.39-400.295.1 - ocfs2/o2net: o2netlistendataready should do nothing if socket state is not TCPLISTEN Tariq Saeed Orabug: 25510857 - IB/CORE: sync the resouce access in fmrpool...
kernel: Race condition access to n_hdlc.tbuf causes double free in n_hdlc_release()
A race condition flaw was found in the NHLDC Linux kernel driver when accessing nhdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system...
kernel: Race condition access to n_hdlc.tbuf causes double free in n_hdlc_release()
A race condition flaw was found in the NHLDC Linux kernel driver when accessing nhdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system...
kernel: Race condition access to n_hdlc.tbuf causes double free in n_hdlc_release()
A race condition flaw was found in the NHLDC Linux kernel driver when accessing nhdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system...
kernel: Race condition access to n_hdlc.tbuf causes double free in n_hdlc_release()
A race condition flaw was found in the NHLDC Linux kernel driver when accessing nhdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system...
kernel: Race condition access to n_hdlc.tbuf causes double free in n_hdlc_release()
A race condition flaw was found in the NHLDC Linux kernel driver when accessing nhdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system...
SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0912-1)
The SUSE Linux Enterprise 11 SP4 kernel was updated to fix the following security bug : - CVE-2017-2636: A race condition in the nhdlc tty Linux kernel driver drivers/tty/nhdlc.c could have been exploited to gain a local privilege escalation bnc1027565 Note that Tenable Network Security has...
Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2017-3535)
The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3535 advisory. - RHEL: complement upstream workaround for CVE-2016-10142. Quentin Casasnovas Orabug: 25765786 CVE-2016-10142 CVE-2016-10142 - net: ping: check...
USN-3220-3 linux-aws vulnerability
USN-3220-1 fixed a vulnerability in the Linux kernel. This update provides the corresponding updates for the Linux kernel for Amazon Web Services AWS. Alexander Popov discovered that the NHDLC line discipline implementation in the Linux kernel contained a double-free vulnerability. A local attack...
USN-3220-3: Linux kernel (AWS) vulnerability
USN-3220-1 fixed a vulnerability in the Linux kernel. This update provides the corresponding updates for the Linux kernel for Amazon Web Services AWS. Alexander Popov discovered that the NHDLC line discipline implementation in the Linux kernel contained a double-free vulnerability. A local attack...
Ubuntu 16.04 LTS : Linux kernel (AWS) vulnerability (USN-3220-3)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-3220-3 advisory. USN-3220-1 fixed a vulnerability in the Linux kernel. This update provides the corresponding updates for the Linux kernel for Amazon Web Services AWS. Alexander...
Linux kernel local privilege escalation flaw in n_hdlc(CVE-2017-2636)
This article discloses the exploitation of CVE-2017-2636, which is a race condition in the nhdlc Linux kernel driver drivers/tty/nhdlc.c. The described exploit gains root privileges bypassing Supervisor Mode Execution Protection SMEP. This driver provides HDLC serial line discipline and comes as ...
USN-3220-2: Linux kernel (Xenial HWE) vulnerability | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Ubuntu 14.04 LTS Description Alexander Popov discovered that the NHDLC line discipline implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service system crash or...
USN-3221-2: Linux kernel (HWE) vulnerability
USN-3221-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. Alexander Popov discovered that the NHDLC line discipline implementation in the Linux kernel...
USN-3221-1: Linux kernel vulnerability
Alexander Popov discovered that the NHDLC line discipline implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly gain administrative privileges...
USN-3220-1 linux, linux-gke, linux-raspi2, linux-snapdragon vulnerability
Alexander Popov discovered that the NHDLC line discipline implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly gain administrative privileges...
Linux kernel privilege acquisition vulnerability (CNVD-2017-02608)
The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A privilege-acquisition vulnerability exists in the drivers/tty/nhdlc.c file in Linux kernel versions 4.10.1 and earlier. A local attacker could exploit this vulnerability to...