VDB

GCVE-VVD-MAGEIA-2017-279

GCVE-VVD-MAGEIA-2017-279
Advisory Published
Vulnetix · Advisory published August 18, 2017
This kernel update is based on upstream 4.4.82 and fixes at least the following security issues: The curseg->segno call in f2fs driver can be malformed so that it will have a value that triggers an out of boundary write that could cause memory corruption on the affected devices, leading to code execution in the kernel context. This would allow for more data to be accessed and controlled by the malware (CVE-2017-10663). The UDP Fragmentation Offload (UFO) feature is vulnerable to out-of-bounds writes causing exploitable memory corruption. If unprivileged user namespaces are available, this bug can be exploited to gain root privileges (CVE-2017-1000112). For other upstream fixes in this update, read the referenced changelogs.
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiakmod-virtualbox0 (affected), 5.1.26-2.mga5 (unaffected)
Mageiakmod-vboxadditions0 (affected), 5.1.26-2.mga5 (unaffected)
Mageiakernel-userspace-headers0 (affected), 4.4.82-1.mga5 (unaffected)
Mageiakmod-xtables-addons0 (affected), 2.10-45.mga5 (unaffected)
Mageiakernel0 (affected), 4.4.82-1.mga5 (unaffected)

Aliases

CVE-2017-10663

Transitive aliases

VVD-MAGEIA-2017-287EUVD-2017-2310VVD-MAGEIA-2017-278GHSA-596f-c2w8-w394VVD-MAGEIA-2017-288VVD-MAGEIA-2017-296VVD-MAGEIA-2017-309BDU:2017-02025

References

Updated kernel packages fixes security and other bugs
advisory
Updated kernel packages fixes security and other bugs
issue
Updated kernel packages fixes security and other bugs
issue
Updated kernel packages fixes security and other bugs
issue
Updated kernel packages fixes security and other bugs
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›