[kernel-sec-discuss] r5573 - dsa-texts

Ben Hutchings benh at moszumanska.debian.org
Wed Sep 20 17:54:01 UTC 2017 

Author: benh
Date: 2017-09-20 17:54:01 +0000 (Wed, 20 Sep 2017)
New Revision: 5573

Modified:
   dsa-texts/4.9.30-2+deb9u5
Log:
Fill in most issue details for DSA for 3.16.43-2+deb8u5/4.9.30-2+deb9u5

Modified: dsa-texts/4.9.30-2+deb9u5
===================================================================
--- dsa-texts/4.9.30-2+deb9u5	2017-09-20 17:46:01 UTC (rev 5572)
+++ dsa-texts/4.9.30-2+deb9u5	2017-09-20 17:54:01 UTC (rev 5573)
@@ -1,5 +1,11 @@
 Package        : linux
-CVE ID         : CVE-2017-7518 CVE-2017-7558 CVE-2017-10661 CVE-2017-11600 CVE-2017-12134 CVE-2017-12146 CVE-2017-12153 CVE-2017-12154 CVE-2017-14051 CVE-2017-14106 CVE-2017-14140 CVE-2017-14156 CVE-2017-14340 CVE-2017-14489 CVE-2017-14497 CVE-2017-1000111 CVE-2017-1000112 CVE-2017-1000251 CVE-2017-1000252 CVE-2017-1000370 CVE-2017-1000371 CVE-2017-1000380
+CVE ID         : CVE-2017-7518 CVE-2017-7558 CVE-2017-10661 CVE-2017-11600
+                 CVE-2017-12134 CVE-2017-12146 CVE-2017-12153 CVE-2017-12154
+                 CVE-2017-14051 CVE-2017-14106 CVE-2017-14140 CVE-2017-14156
+                 CVE-2017-14340 CVE-2017-14489 CVE-2017-14497 CVE-2017-1000111
+                 CVE-2017-1000112 CVE-2017-1000251 CVE-2017-1000252
+                 CVE-2017-1000370 CVE-2017-1000371 CVE-2017-1000380
+Debian Bug     : #866511 #875881
 
 Several vulnerabilities have been discovered in the Linux kernel that
 may lead to privilege escalation, denial of service or information
@@ -20,13 +26,47 @@
 
 CVE-2017-10661 (jessie only)
 
+    Dmitry Vyukov of Google reported that the timerfd facility does
+    not properly handle certain concurrent operations on a single file
+    descriptor.  This allows a local attacker to cause a denial of
+    service or potentially execute arbitrary code.
     
 CVE-2017-11600
-CVE-2017-12134
+
+    Bo Zhang reported that the xfrm subsystem does not properly
+    validate one of the parameters to a netlink message. Local users
+    with the CAP_NET_ADMIN capability (in any user namespace) can use
+    this to cause a denial of service or potentially to execute
+    arbitrary code.
+
+CVE-2017-12134 / #866511 / XSA-229
+
+    Jan H. Schönherr of Amazon discovered that when Linux is running
+    in a Xen PV domain on an x86 system, it may incorrectly merge
+    block I/O requests.  A buggy or malicious guest may trigger this
+    bug in dom0 or a PV driver domain, causing a denial of service or
+    potentially execution of arbitrary code.
+
+    This issue can be mitigated by disabling merges on the underlying
+    back-end block devices, e.g.:
+        echo 2 > /sys/block/nvme0n1/queue/nomerges
+
 CVE-2017-12146 (stretch only)
+
 CVE-2017-12153
+
+    bo Zhang reported that the cfg80211 (wifi) subsystem does not
+    properly validate the parameters to a netlink message. Local users
+    with the CAP_NET_ADMIN capability (in any user namespace with a
+    wifi device) can use this to cause a denial of service.
+
 CVE-2017-12154
 
+    Jim Mattson of Google reported that the KVM implementation for
+    Intel x86 processors did not correctly handle certain nested
+    hypervisor configurations. A malicious guest (or nested guest in a
+    suitable L1 hypervisor) could use this for denial of service.
+
 CVE-2017-14106
 
     Andrey Konovalov discovered that a user-triggerable division by
@@ -34,18 +74,62 @@
     of service.
 
 CVE-2017-14140
+
 CVE-2017-14156
+
+    "sohu0106" reported an information leak in the atyfb video driver.
+    A local user with access to a framebuffer device handled by this
+    driver could use this to obtain sensitive information.
+
 CVE-2017-14340
+
+    Richard Wareing discovered that the XFS implementation allows the
+    creation of files with the "realtime" flag on a filesystem with no
+    realtime device, which can result in a crash (oops). A local user
+    with access to an XFS filesystem that does not have a realtime
+    device can use this for denial of service.
+
 CVE-2017-14489
+
+    ChunYu of Red Hat discovered that the iSCSI subsystem does not
+    properly validate the length of a netlink message, leading to
+    memory corruption. A local user with permission to manage iSCSI
+    devices can use this for denial of service or possibly to
+    execute arbitrary code.
+
 CVE-2017-14497 (stretch only)
+
 CVE-2017-1000111
+
+    Andrey Konovalov of Google reported that a race condition in the
+    raw packet (af_packet) feature. Local users with the CAP_NET_RAW
+    capability (in any user namespace) can use this for denial of
+    service or possibly to execute arbitrary code.
+
 CVE-2017-1000112
-CVE-2017-1000251
+
+CVE-2017-1000251 / #875881
+
+    Armis Labs discovered that the Bluetooth subsystem does not
+    properly validate L2CAP configuration responses, leading to a
+    stack buffer overflow. This is one of several vulnerabilities
+    dubbed "Blueborne". A nearby attacker can use this to cause a
+    denial of service or possibly to execute arbitrary code on a
+    system with Bluetooth enabled.
+
 CVE-2017-1000252 (stretch only)
+
 CVE-2017-1000370
+
 CVE-2017-1000371
+
 CVE-2017-1000380
 
+    Alexander Potapenko of Google reported a race condition in the ALSA
+    (sound) timer driver, leading to an information leak. A local user
+    with permission to access sound devices could use this to obtain
+    sensitive information.
+
 jessie: 3.16.43-2+deb8u5
 stretch: 4.9.30-2+deb9u5

More information about the kernel-sec-discuss mailing list