VDB

GCVE-VVD-MAGEIA-2017-386

GCVE-VVD-MAGEIA-2017-386
Advisory Published
Vulnetix · Advisory published October 24, 2017
This kernel update is based on upstream 4.4.92 and fixes at least the following security issues: A security flaw was discovered in nl80211_set_rekey_data() function in the Linux kernel since v3.1-rc1 through v4.13. This function does not check whether the required attributes are present in a netlink request. This request can be issued by a user with CAP_NET_ADMIN privilege and may result in NULL dereference and a system crash (CVE-2017-12153). Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization (nVMX) feature enabled (nested=1), is vulnerable to a crash due to disabled external interrupts. As L2 guest could acce s (r/w) hardware CR8 register of the host(L0). In a nested visualization setup, L2 guest user could use this flaw to potentially crash the host(L0) resulting in DoS (CVE-2017-12154). The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (CVE-2017-14106). The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations associated with padding bytes (CVE-2017-14156). It was found that the iscsi_if_rx() function in scsi_transport_iscsi.c in the Linux kernel since v2.6.24-rc1 through 4.13.2 allows local users to cause a denial of service (a system panic) by making a number of certain syscalls by leveraging incorrect length validation in the kernel code (CVE-2017-14489). The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0 (CVE-2017-14991). A reachable assertion failure flaw was found in the Linux kernel built with KVM virtualisation(CONFIG_KVM) support with Virtual Function I/O feature (CONFIG_VFIO) enabled. This failure could occur if a malicious guest device sent a virtual interrupt (guest IRQ) with a larger (>1024) index value (CVE-2017-1000252). For other upstream fixes in this update, read the referenced changelogs.

Affected Products

VendorProductVersionsPlatforms
Mageiakmod-virtualbox0 (affected), 5.1.26-4.mga5 (unaffected)
Mageiakmod-vboxadditions0 (affected), 5.1.26-4.mga5 (unaffected)
Mageiakernel-userspace-headers0 (affected), 4.4.92-1.mga5 (unaffected)
Mageiakmod-xtables-addons0 (affected), 2.10-48.mga5 (unaffected)
Mageiakernel0 (affected), 4.4.92-1.mga5 (unaffected)

Aliases

Transitive aliases

EUVD-2018-18307CVE-2018-1091GHSA-mq9x-53x3-39h5EUVD-2018-7349VVD-MAGEIA-2017-383CVE-2018-10880GHSA-4hq8-f3mj-m9wcGHSA-rm5p-g62j-4fc3BDU:2019-01058BDU:2019-02783VVD-MAGEIA-2018-417SUSE-SU-2018:2538-1GHSA-843x-7h9r-xpf8CVE-2017-13088CVE-2018-14734BDU:2017-02263BDU:2019-01344GHSA-qj7r-58vw-6wwwEUVD-2018-6537GHSA-45mv-5p9c-6w7cCVE-2018-14617CVE-2018-10853CNVD-2017-30399GHSA-752f-2m5c-7473BDU:2019-00978SUSE-SU-2018:2787-1CVE-2017-0786EUVD-2017-4597GHSA-mxrv-cp62-8842VVD-MAGEIA-2018-337EUVD-2017-8108SUSE-SU-2018:2776-1SUSE-SU-2018:2962-1EUVD-2018-2992CVE-2018-10840CVE-2017-17864CVE-2018-10901GHSA-4jqv-ffjp-jw6vGHSA-fwvw-9m43-mj3mGHSA-grv8-gqh3-fmc9CVE-2018-9363EUVD-2017-4732CVE-2018-10883GHSA-88jq-244c-4xj3EUVD-2017-4604ALAS-2018-1023BDU:2019-01055EUVD-2018-2941RHSA-2019:0415EUVD-2017-4606BDU:2017-00893BDU:2019-01056EUVD-2018-11762GHSA-2jfx-4v33-68mfGHSA-rgw3-fq9h-vvg7EUVD-2018-15469GHSA-mxm3-6wfv-q9qgEUVD-2017-9004EUVD-2018-6572GHSA-fr9c-f69x-fpvfCVE-2017-13079BDU:2019-01057CVE-2018-1118CVE-2017-9417BDU:2017-02272CNVD-2017-30400EUVD-2018-18306CVE-2017-0561CVE-2018-10675ALAS-2018-1086EUVD-2018-2947GHSA-88p5-45fx-5x87CVE-2018-20856VVD-MAGEIA-2017-467CVE-2017-13081CVE-2018-14634EUVD-2018-5042CVE-2018-18281CVE-2017-18216EUVD-2017-16535GHSA-4994-8w6g-9jvwBDU:2019-02512VVD-MAGEIA-2018-374EUVD-2018-7446CVE-2018-1068EUVD-2018-4857BDU:2020-00735CVE-2017-17856CVE-2017-16995EUVD-2017-9002CVE-2018-10879CVE-2017-16996GHSA-cc5r-x8fh-jwv3EUVD-2017-9000GHSA-f8g5-rmc4-j74gALAS2-2018-1086EUVD-2018-13396VVD-MAGEIA-2018-418GHSA-87xr-wmm8-4mx3EUVD-2017-1513BDU:2017-02270CNVD-2017-30406EUVD-2018-2942GHSA-qwp3-c8jm-p6v6GHSA-vhcx-55j8-pv9cEUVD-2018-11737VVD-MAGEIA-2018-63GHSA-gh8r-7rf7-w4rgCVE-2018-3615EUVD-2017-9348EUVD-2017-1140VVD-MAGEIA-2017-472CVE-2018-14633BDU:2019-02397EUVD-2018-19707GHSA-c3vm-qh5c-27gqGHSA-j658-wqr4-q3w7GHSA-jq36-53qv-7v3mCVE-2017-13084BDU:2017-02269ALAS2-2019-1280SUSE-SU-2018:2960-1SUSE-SU-2018:2961-1GHSA-j9fr-8f9m-c9qcCVE-2017-13078BDU:2019-01054EUVD-2018-7468GHSA-9jqj-q3v6-cv9hEUVD-2018-5348EUVD-2018-18169SUSE-SU-2018:2864-1GHSA-v67j-hmh5-9qhgEUVD-2018-6536EUVD-2018-2944CVE-2018-1108RHSA-2019:0641EUVD-2018-15500CVE-2017-17852EUVD-2017-6725VVD-MAGEIA-2018-340GHSA-vx6h-cqmq-qj84GHSA-mmph-rg95-j757EUVD-2017-5992EUVD-2017-8164GHSA-cr4j-59jc-xqhgGHSA-wxv4-3q58-w3mxGHSA-fr39-wf38-f5w3BDU:2019-00977GSD-2018-1091CVE-2018-10876GHSA-hwv5-xg68-86fhGHSA-pvv9-p2gj-w426GHSA-gffw-ppmc-p7r6BDU:2019-03124EUVD-2018-15474VVD-MAGEIA-2017-387CVE-2017-12188CVE-2018-10881ALAS2-2018-1050EUVD-2018-2945CVE-2018-12904CVE-2018-1087CVE-2018-18445ALAS-2018-1087SUSE-SU-2018:1048-1CNVD-2018-17431CVE-2016-0801BDU:2019-02508ALAS-2018-971SUSE-SU-2021:0452-1SUSE-SU-2018:3084-1VVD-MAGEIA-2017-463CVE-2017-13077CVE-2018-10902BDU:2017-02265EUVD-2017-4600EUVD-2017-4599GHSA-f9jm-8gc5-4v7gALAS2-2018-994BDU:2021-01418VVD-MAGEIA-2017-379VVD-CERTCC-2017-228519CNVD-2017-30397GHSA-9pwc-v5p9-3c37EUVD-2016-0812EUVD-2018-2922EUVD-2018-6620GHSA-fw8c-q6fq-37rgCVE-2018-14678GHSA-p6x5-xg7h-fj5hEUVD-2017-5618GHSA-ggjw-r373-gj64ALAS-2018-1048ALAS-2019-1280EUVD-2018-20505CVE-2017-17855EUVD-2017-4598EUVD-2017-9001EUVD-2017-8999VVD-MAGEIA-2018-324EUVD-2018-2943cisco-sa-20171016-wpaBDU:2017-01325VVD-MAGEIA-2018-419SUSE-SU-2018:1217-1EUVD-2017-8163CVE-2018-15572GHSA-gcfj-hpmm-x9xfALAS-2018-1058SUSE-SU-2018:2940-1GHSA-2wr3-w5rh-2qx4CVE-2017-7518BDU:2017-02266GHSA-5fh3-v3jw-rc9hCNVD-2017-14425VVD-MAGEIA-2018-64CNVD-2017-38518CVE-2018-6554EUVD-2017-4602BDU:2017-02268GHSA-68p5-hvhw-rpc8GHSA-mw8q-cf75-7f35CVE-2018-7995CVE-2017-15265CVE-2017-17863EUVD-2017-4596EUVD-2018-8956EUVD-2018-17160CVE-2018-3620GSD-2018-6412GHSA-xpjw-vcgc-qx6pVVD-MAGEIA-2017-466EUVD-2017-9009CVE-2018-6555BDU:2017-02271GHSA-3xm5-vf98-cwqxGHSA-6q2v-x4cv-ghqxCVE-2018-13094GHSA-8x9x-6w2w-w9h8CVE-2018-10882CVE-2018-10877CNVD-2017-30405VVD-MAGEIA-2018-341CVE-2017-13215GHSA-c688-2x49-65h9GHSA-9x5q-ww2j-jw9xEUVD-2018-2746EUVD-2018-4849GHSA-wjj9-4g79-4c2cALAS2-2018-1058EUVD-2018-2958SUSE-SU-2018:2862-1CVE-2017-13086CNVD-2017-30404GHSA-3rm8-9cxg-8m49ALAS2-2018-1023EUVD-2018-11741VVD-MAGEIA-2018-391GHSA-j2cv-h77g-5p95GHSA-8j5h-gvcc-pfhwVVD-MAGEIA-2017-381EUVD-2017-3737GHSA-8r3h-6rgp-rrqmCVE-2018-16658CVE-2018-10878CVE-2018-16276CVE-2018-5391GHSA-qv83-77rj-635jVVD-MAGEIA-2017-388GHSA-899p-w494-v855ALAS2-2018-1051EUVD-2018-2946ALAS2-2019-1281CVE-2018-15471CVE-2018-10940BDU:2019-01060BDU:2021-01415CVE-2018-13405GHSA-9w6j-7396-jgw4CVE-2017-13087GHSA-fx3c-8pqx-5v4cBDU:2019-01059EUVD-2018-1874EUVD-2018-6541VVD-MAGEIA-2017-384CVE-2017-17857GHSA-p984-v28j-p56qGHSA-r277-gjg9-h48hEUVD-2018-8460GHSA-v788-jmxr-wgj9CNVD-2017-30403GHSA-q7q6-h2q3-86p9EUVD-2017-9011BDU:2017-02264CNVD-2018-03941GHSA-5qx2-85hg-v5crSUSE-SU-2018:2963-1VVD-MAGEIA-2018-62CVE-2017-17854EUVD-2017-9010EUVD-2017-3763CVE-2018-6412GHSA-496w-f8vc-3275GHSA-2gc2-cm86-3pjxCVE-2018-17182BDU:2019-00979EUVD-2018-17161SUSE-SU-2018:2858-1GHSA-84fm-f9m3-wc94CVE-2018-5390EUVD-2017-5667GHSA-55f7-p7jv-3448CNVD-2017-30398GHSA-p95m-33p3-2qfrCVE-2018-8897CVE-2018-3646EUVD-2018-11720CVE-2017-18344GHSA-fhr3-fj6p-xhpfEUVD-2017-0915ALAS2-2018-971EUVD-2018-20957EUVD-2018-10173SUSE-SU-2018:2860-1GHSA-9c72-6vp8-jx77EUVD-2017-9469GHSA-jw6w-m4jf-m6xpGHSA-289m-2pf5-x59pGHSA-229x-53vm-m4f4H1-286740GSD-2017-17863BDU:2021-01436SUSE-SU-2018:2775-1SUSE-SU-2018:3029-1CVE-2018-15594CNVD-2017-30402GHSA-rhjq-jcf3-f32gEUVD-2018-2909SUSE-SU-2018:2539-1GHSA-xfrv-5h7j-4qvxCVE-2017-17862CVE-2017-13082CVE-2018-12896VVD-MAGEIA-2018-373EUVD-2018-2959VVD-MAGEIA-2018-296EUVD-2018-5043BDU:2021-01420CVE-2017-13080VVD-MAGEIA-2018-323GHSA-h6c2-frm7-53hmEUVD-2018-11754GHSA-873h-38h4-56jxGHSA-hwr9-p63p-wq87EUVD-2017-9003BDU:2017-02267ALAS-2018-1049EUVD-2018-6524GSD-2018-10902GHSA-h9mf-j5vf-pc99GHSA-qvr8-f9g3-wv5xEUVD-2017-4595EUVD-2018-2940EUVD-2018-8128CVE-2017-16939CNVD-2018-07889EUVD-2018-10016CVE-2018-13093CNVD-2017-30401EUVD-2017-18352CVE-2018-1000199CVE-2018-14641GHSA-5p56-pcgw-42mfCVE-2017-17853EUVD-2017-4605GHSA-gwvj-5r5w-vc2gGHSA-jrh4-2f65-vc34

Browse GCVE Records

72,337 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›