Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM

Summary PowerKVM is affected by vulnerabilities in the Linux Kernel. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2018-1066 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the...

CVE-2018-1066

CVE-2018-1066 affects the Linux kernel prior to 4.11, where a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() can cause a kernel panic on clients mounting a CIFS server, due to mishandling of an empty TargetInfo field in NTLMSSP during session recovery. Connected documents co...

CVE-2018-1066

The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setupntlmv2rsp that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation...

Linux kernel 'setup_ntlmv2_rsp()' function null pointer dereference vulnerability

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability in the 'setupntlmv2rsp' function in the fs/cifs/cifsencrypt.c file in versions of Linux kernel prior to 4.11 stems from the program not proper...