[kernel-sec-discuss] r5829 - dsa-texts
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Dec 23 17:00:11 UTC 2017
Author: carnil
Date: 2017-12-23 17:00:11 +0000 (Sat, 23 Dec 2017)
New Revision: 5829
Modified:
dsa-texts/4.9.65-3+deb9u1
Log:
CVE-CVE-2017-1786{2,3,4} assigned
Modified: dsa-texts/4.9.65-3+deb9u1
===================================================================
--- dsa-texts/4.9.65-3+deb9u1 2017-12-23 16:48:38 UTC (rev 5828)
+++ dsa-texts/4.9.65-3+deb9u1 2017-12-23 17:00:11 UTC (rev 5829)
@@ -2,7 +2,8 @@
CVE ID : CVE-2017-8824 CVE-2017-16538 CVE-2017-16644 CVE-2017-16995
CVE-2017-17448 CVE-2017-17449 CVE-2017-17450 CVE-2017-17558
CVE-2017-17712 CVE-2017-17741 CVE-2017-17805 CVE-2017-17806
- CVE-2017-17807 CVE-2017-1000407 CVE-2017-1000410
+ CVE-2017-17807 CVE-2017-17862 CVE-2017-17863 CVE-2017-17864
+ CVE-2017-1000407 CVE-2017-1000410
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
@@ -40,7 +41,7 @@
correctly model the behaviour of 32-bit load instructions. A
local user can use this for privilege escalation.
-CVE-2017-XXXXX
+CVE-2017-17862
Alexei Starovoitov discovered that the Extended BPF verifier
ignored unreachable code, even though it would still be processed
@@ -48,13 +49,13 @@
denial of service. It also increases the severity of bugs in
determining unreachable code.
-CVE-2017-XXXXX
+CVE-2017-17863
Jann Horn discovered that the Extended BPF verifier did not
correctly model pointer arithmetic on the stack frame pointer.
A local user can use this for privilege escalation.
-CVE-2017-XXXXX
+CVE-2017-17864
Jann Horn discovered that the Extended BPF verifier could fail to
detect pointer leaks from conditional code. A local user could
More information about the kernel-sec-discuss
mailing list