AVG-571 log

Package linux-zen
Status Fixed
Severity High
Type multiple issues
Affected 4.14.7-1
Fixed 4.14.11-1
Current 6.12.5.zen1-1 [extra-testing]
6.12.4.zen1-1 [extra]
Ticket FS#56832
Created Fri Jan 5 12:33:33 2018
Issue Severity Remote Type Description
CVE-2017-17864 Medium No Information disclosure
It has been discovered that kernel/bpf/verifier.c in the Linux kernel before 4.14.9 and 4.9.73 mishandles states_equal comparisons between the pointer data...
CVE-2017-17863 Medium No Denial of service
It has been discovered that kernel/bpf/verifier.c in the Linux kernel before 4.14.9 and 4.9.72 does not check the relationship between pointer values and...
CVE-2017-17862 Medium No Denial of service
It has been discovered that kernel/bpf/verifier.c in the Linux kernel before 4.14.9 and 4.9.72 ignore unreachable code, even though it would still be...
CVE-2017-17857 Medium No Denial of service
The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel before 4.14.9 allows local users to cause a denial of service (memory...
CVE-2017-17856 Medium No Denial of service
It has been discovered that kernel/bpf/verifier.c in the Linux kernel before 4.14.9 allows local users to cause a denial of service (memory corruption) or...
CVE-2017-17855 Medium No Denial of service
It has been discovered that kernel/bpf/verifier.c in the Linux kernel before 4.14.9 allows local users to cause a denial of service (memory corruption) or...
CVE-2017-17854 Medium No Denial of service
It has been discovered that kernel/bpf/verifier.c in the Linux kernel before 4.14.9 allows local users to cause a denial of service (integer overflow and...
CVE-2017-17853 Medium No Denial of service
It has been discovered kernel/bpf/verifier.c in the Linux kernel before 4.14.9 allows local users to cause a denial of service (memory corruption) or...
CVE-2017-17852 Medium No Denial of service
It has been discovered that kernel/bpf/verifier.c in the Linux kernel before 4.14.9 allows local users to cause a denial of service (memory corruption) or...
CVE-2017-17806 Medium No Denial of service
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8, 4.9.71, 4.4.107, 3.18.89, 3.16.52 and 3.2.97 does not validate that the...
CVE-2017-17805 Medium No Denial of service
The Salsa20 encryption algorithm in the Linux kernel before 4.14.8, 4.9.71, 4.4.107, 3.18.89, 3.16.52 and 3.2.97 does not correctly handle zero-length...
CVE-2017-17712 High No Privilege escalation
A flaw was found in the Linux kernel's implementation of raw_sendmsg before 4.14.11, 4.4.109 and 4.9.74 allowing a local attacker to panic the kernel or...
CVE-2017-17558 High No Denial of service
The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel before 4.14.8, 4.9.71, 4.4.107, 3.18.89,...
CVE-2017-17449 Medium No Information disclosure
The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel before 4.14.11, 4.9.74, 4.4.109, 3.18.91 and 3.16.52 when...
CVE-2017-16996 High No Privilege escalation
An arbitrary memory r/w access issue was found in the Linux kernel before 4.14.9 compiled with the eBPF bpf(2) system call (CONFIG_BPF_SYSCALL) support. The...
CVE-2017-16995 High No Privilege escalation
An arbitrary memory r/w access issue was found in the Linux kernel before 4.14.9, 4.9.72 compiled with the eBPF bpf(2) system call (CONFIG_BPF_SYSCALL)...
CVE-2017-8824 High No Privilege escalation
A use-after-free vulnerability was found in DCCP socket code affecting the Linux kernel since 2.6.16. The dccp_disconnect function in net/dccp/proto.c...
CVE-2017-5754 High No Access restriction bypass
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used...
Date Advisory Package Type
05 Jan 2018 ASA-201801-3 linux-zen multiple issues