Log

CVE-2017-17852 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Denial of service
Description
+ It has been discovered that kernel/bpf/verifier.c in the Linux kernel before 4.14.9 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of 32-bit ALU ops.
References
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=1454
+ http://www.openwall.com/lists/oss-security/2017/12/21/2
+ https://git.kernel.org/linus/468f6eafa6c44cb2c5d8aad35e12f06c240a812a
Notes
+ Workaround by disabling unprivileged bpf:
+ sysctl -w kernel.unprivileged_bpf_disabled=1
CVE-2017-17853 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Denial of service
Description
+ It has been discovered kernel/bpf/verifier.c in the Linux kernel before 4.14.9 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect BPF_RSH signed bounds calculations.
References
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=1454
+ http://www.openwall.com/lists/oss-security/2017/12/21/2
+ https://git.kernel.org/linus/4374f256ce8182019353c0c639bb8d0695b4c941
Notes
+ Workaround by disabling unprivileged bpf:
+ sysctl -w kernel.unprivileged_bpf_disabled=1
CVE-2017-17854 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Denial of service
Description
+ It has been discovered that kernel/bpf/verifier.c in the Linux kernel before 4.14.9 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic.
References
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=1454
+ http://www.openwall.com/lists/oss-security/2017/12/21/2
+ https://git.kernel.org/linus/bb7f0f989ca7de1153bd128a40a71709e339fa03
Notes
+ Workaround by disabling unprivileged bpf:
+ sysctl -w kernel.unprivileged_bpf_disabled=1
CVE-2017-17855 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Denial of service
Description
+ It has been discovered that kernel/bpf/verifier.c in the Linux kernel before 4.14.9 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars.
References
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=1454
+ http://www.openwall.com/lists/oss-security/2017/12/21/2
+ https://git.kernel.org/linus/179d1c5602997fef5a940c6ddcf31212cbfebd14
Notes
+ Workaround by disabling unprivileged bpf:
+ sysctl -w kernel.unprivileged_bpf_disabled=1
CVE-2017-17856 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Denial of service
Description
+ It has been discovered that kernel/bpf/verifier.c in the Linux kernel before 4.14.9 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the lack of stack-pointer alignment enforcement.
References
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=1454
+ http://www.openwall.com/lists/oss-security/2017/12/21/2
+ https://git.kernel.org/linus/a5ec6ae161d72f01411169a938fa5f8baea16e8f
Notes
+ Workaround by disabling unprivileged bpf:
+ sysctl -w kernel.unprivileged_bpf_disabled=1
CVE-2017-17857 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Denial of service
Description
+ The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel before 4.14.9 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations.
References
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=1454
+ http://www.openwall.com/lists/oss-security/2017/12/21/2
+ https://git.kernel.org/linus/ea25f914dc164c8d56b36147ecc86bc65f83c469
Notes
+ Workaround by disabling unprivileged bpf:
+ sysctl -w kernel.unprivileged_bpf_disabled=1
CVE-2017-17858 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Arbitrary code execution
Description
+ Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows an attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted.
References
+ https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=55c3f68d638ac1263a386e0aaa004bb6e8bde731
+ https://bugs.ghostscript.com/show_bug.cgi?id=698819
+ https://github.com/mzet-/Security-Advisories/blob/master/mzet-adv-2017-01.md
Notes
CVE-2017-17862 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Denial of service
Description
+ It has been discovered that kernel/bpf/verifier.c in the Linux kernel before 4.14.9 and 4.9.72 ignore unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service.
References
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=1454
+ http://www.openwall.com/lists/oss-security/2017/12/21/2
+ https://git.kernel.org/linus/c131187db2d3fa2f8bf32fdf4e9a4ef805168467
Notes
+ Workaround by disabling unprivileged bpf:
+ sysctl -w kernel.unprivileged_bpf_disabled=1
CVE-2017-17863 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Denial of service
Description
+ It has been discovered that kernel/bpf/verifier.c in the Linux kernel before 4.14.9 and 4.9.72 does not check the relationship between pointer values and the BPF stack, which allows local users to cause a denial of service (integer overflow or invalid memory access) or possibly have unspecified other impact.
References
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=1454
+ http://www.openwall.com/lists/oss-security/2017/12/21/2
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=d75d3ee237cee9068022117e059b64bbab617f3d
+ https://git.kernel.org/linus/de31796c052e47c99b1bb342bc70aa826733e862
Notes
+ Workaround by disabling unprivileged bpf:
+ sysctl -w kernel.unprivileged_bpf_disabled=1
CVE-2017-17864 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Information disclosure
Description
+ It has been discovered that kernel/bpf/verifier.c in the Linux kernel before 4.14.9 and 4.9.73 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a "pointer leak."
References
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=1454
+ http://www.openwall.com/lists/oss-security/2017/12/21/2
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=37435f7e80ef9adc32a69013c18f135e3f434244
Notes
+ Workaround by disabling unprivileged bpf:
+ sysctl -w kernel.unprivileged_bpf_disabled=1