VDB
GCVE-VVD-MAGEIA-2017-387
GCVE-VVD-MAGEIA-2017-387
Advisory Published
This kernel-linus update is based on upstream 4.4.92 and fixes at least the
following security issues:
A security flaw was discovered in nl80211_set_rekey_data() function in the
Linux kernel since v3.1-rc1 through v4.13. This function does not check
whether the required attributes are present in a netlink request. This
request can be issued by a user with CAP_NET_ADMIN privilege and may result
in NULL dereference and a system crash (CVE-2017-12153).
Linux kernel built with the KVM visualization support (CONFIG_KVM), with
nested visualization (nVMX) feature enabled (nested=1), is vulnerable to a
crash due to disabled external interrupts. As L2 guest could acce s (r/w)
hardware CR8 register of the host(L0). In a nested visualization setup,
L2 guest user could use this flaw to potentially crash the host(L0)
resulting in DoS (CVE-2017-12154).
The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before
4.12 allows local users to cause a denial of service (__tcp_select_window
divide-by-zero error and system crash) by triggering a disconnect within a
certain tcp_recvmsg code path (CVE-2017-14106).
The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the
Linux kernel through 4.12.10 does not initialize a certain data structure,
which allows local users to obtain sensitive information from kernel stack
memory by reading locations associated with padding bytes (CVE-2017-14156).
It was found that the iscsi_if_rx() function in scsi_transport_iscsi.c in
the Linux kernel since v2.6.24-rc1 through 4.13.2 allows local users to
cause a denial of service (a system panic) by making a number of certain
syscalls by leveraging incorrect length validation in the kernel code
(CVE-2017-14489).
The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4
allows local users to obtain sensitive information from uninitialized kernel
heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0
(CVE-2017-14991).
A reachable assertion failure flaw was found in the Linux kernel built with
KVM virtualisation(CONFIG_KVM) support with Virtual Function I/O feature
(CONFIG_VFIO) enabled. This failure could occur if a malicious guest device
sent a virtual interrupt (guest IRQ) with a larger (>1024) index value
(CVE-2017-1000252).
For other upstream fixes in this update, read the referenced changelogs.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | kernel-linus | 0 (affected), 4.4.92-1.mga5 (unaffected) | — |
Aliases
Transitive aliases
H1-286740GHSA-gh8r-7rf7-w4rgEUVD-2017-4600VVD-MAGEIA-2018-324GHSA-mmph-rg95-j757BDU:2019-02783GHSA-8j5h-gvcc-pfhwGHSA-grv8-gqh3-fmc9CVE-2018-3620EUVD-2018-11741GHSA-9w6j-7396-jgw4GHSA-55f7-p7jv-3448EUVD-2017-9011GHSA-ggjw-r373-gj64GHSA-5fh3-v3jw-rc9hEUVD-2018-18306BDU:2019-02508VVD-MAGEIA-2018-296CVE-2018-1091EUVD-2018-2943BDU:2017-01325BDU:2019-00977EUVD-2018-20957SUSE-SU-2018:2787-1GHSA-84fm-f9m3-wc94BDU:2017-02266CVE-2018-14617VVD-MAGEIA-2018-341GHSA-mw8q-cf75-7f35CVE-2018-15471VVD-MAGEIA-2017-466BDU:2017-02270EUVD-2017-4599EUVD-2017-18352EUVD-2018-20505EUVD-2017-9348GHSA-fw8c-q6fq-37rgALAS2-2018-971ALAS-2018-971GHSA-9c72-6vp8-jx77GHSA-wxv4-3q58-w3mxEUVD-2018-18307CVE-2018-18445BDU:2019-02397CNVD-2018-17431CNVD-2017-30399BDU:2019-01060EUVD-2018-17160GHSA-rhjq-jcf3-f32gSUSE-SU-2018:2961-1CVE-2017-15265CVE-2017-0561GHSA-88jq-244c-4xj3ALAS-2018-1023EUVD-2018-2941BDU:2021-01415CVE-2018-20856GHSA-v788-jmxr-wgj9GHSA-mxm3-6wfv-q9qgVVD-MAGEIA-2018-62CVE-2016-0801BDU:2017-02264EUVD-2018-8460EUVD-2018-6524CVE-2018-6412GHSA-9x5q-ww2j-jw9xGHSA-qvr8-f9g3-wv5xGHSA-3rm8-9cxg-8m49CVE-2018-7995BDU:2019-03124VVD-MAGEIA-2018-63CVE-2018-14734EUVD-2017-4595EUVD-2018-4849BDU:2019-01059CVE-2017-18216GHSA-p6x5-xg7h-fj5hSUSE-SU-2018:1048-1VVD-MAGEIA-2017-472CVE-2017-18344EUVD-2018-2944EUVD-2018-10173GSD-2018-10902GHSA-8x9x-6w2w-w9h8cisco-sa-20171016-wpaGHSA-45mv-5p9c-6w7cBDU:2017-02265EUVD-2018-2942EUVD-2018-10016SUSE-SU-2018:2539-1SUSE-SU-2018:2962-1GHSA-hwr9-p63p-wq87GHSA-cc5r-x8fh-jwv3EUVD-2017-8164CVE-2017-13215EUVD-2018-2958CVE-2017-16996ALAS-2019-1280CVE-2018-1108EUVD-2018-15474CVE-2017-7518CVE-2017-17853EUVD-2017-9010CNVD-2017-30401ALAS-2018-1086CVE-2017-13088CVE-2018-12896CVE-2017-17852CVE-2018-15572ALAS2-2018-1086EUVD-2018-6620CVE-2018-10901EUVD-2018-6572EUVD-2017-5618EUVD-2017-9001GSD-2017-17863CNVD-2017-30397CVE-2018-10840CNVD-2018-03941EUVD-2018-11762EUVD-2018-11720CVE-2018-10883GHSA-q7q6-h2q3-86p9CVE-2018-15594BDU:2017-02272GHSA-4hq8-f3mj-m9wcCNVD-2018-07889CVE-2017-13080CVE-2018-5390EUVD-2017-0915CVE-2018-8897ALAS2-2018-1023CVE-2017-17862CVE-2017-13087CVE-2018-5391GHSA-9pwc-v5p9-3c37BDU:2017-02268CVE-2018-9363CVE-2018-14641GHSA-873h-38h4-56jxVVD-MAGEIA-2018-374CVE-2018-1068GHSA-rgw3-fq9h-vvg7CNVD-2017-30405EUVD-2018-2746EUVD-2018-2922BDU:2019-00978EUVD-2017-5667ALAS2-2018-1050GHSA-2gc2-cm86-3pjxGHSA-h6c2-frm7-53hmEUVD-2018-19707CVE-2018-10940SUSE-SU-2018:2538-1VVD-MAGEIA-2017-463EUVD-2017-4605EUVD-2018-2946GHSA-qwp3-c8jm-p6v6EUVD-2018-2945BDU:2021-01418GHSA-289m-2pf5-x59pEUVD-2018-4857CVE-2017-17857EUVD-2017-4602CVE-2017-16939CVE-2018-1087EUVD-2018-11737VVD-MAGEIA-2018-391GHSA-c3vm-qh5c-27gqGHSA-gwvj-5r5w-vc2gALAS2-2018-1051GHSA-jw6w-m4jf-m6xpGHSA-6q2v-x4cv-ghqxBDU:2020-00735SUSE-SU-2018:2864-1SUSE-SU-2018:3084-1CNVD-2017-30403GHSA-v67j-hmh5-9qhgCVE-2018-10880CVE-2018-10881GHSA-pvv9-p2gj-w426BDU:2019-00979GHSA-fr39-wf38-f5w3SUSE-SU-2018:2940-1VVD-MAGEIA-2017-386CVE-2017-13077CVE-2017-9417CVE-2018-6554CNVD-2017-30406EUVD-2018-8128ALAS-2018-1058GSD-2018-6412VVD-MAGEIA-2017-383VVD-MAGEIA-2017-384CNVD-2017-38518CNVD-2017-30398ALAS-2018-1048BDU:2019-01055GHSA-mq9x-53x3-39h5GHSA-2jfx-4v33-68mfVVD-MAGEIA-2018-340ALAS-2018-1087EUVD-2018-7468CVE-2018-17182CVE-2018-14634EUVD-2017-1140CVE-2017-17854CVE-2017-17864GHSA-wjj9-4g79-4c2cCVE-2017-17856GHSA-843x-7h9r-xpf8EUVD-2017-6725EUVD-2017-9009GHSA-4994-8w6g-9jvwCVE-2018-10853CNVD-2017-30404BDU:2019-01058CVE-2017-13079CVE-2018-10675CVE-2017-17855GHSA-j9fr-8f9m-c9qcCVE-2017-13078CVE-2018-14678CVE-2018-3615ALAS2-2018-994GHSA-3xm5-vf98-cwqxGHSA-r277-gjg9-h48hEUVD-2017-4597CVE-2018-12904GHSA-vx6h-cqmq-qj84GHSA-229x-53vm-m4f4GHSA-xfrv-5h7j-4qvxCVE-2017-17863CVE-2017-13086CVE-2018-14633CVE-2018-10878VVD-MAGEIA-2018-419CVE-2018-18281EUVD-2018-11754VVD-MAGEIA-2018-417BDU:2017-02269BDU:2019-01057CVE-2018-13094EUVD-2018-13396EUVD-2018-1874EUVD-2017-4732SUSE-SU-2018:2960-1GHSA-j2cv-h77g-5p95CVE-2018-6555EUVD-2018-5042EUVD-2018-2959EUVD-2017-9469CVE-2018-16276GHSA-f8g5-rmc4-j74gEUVD-2018-2947EUVD-2018-7446GSD-2018-1091CVE-2017-16995VVD-MAGEIA-2017-381EUVD-2018-8956GHSA-hwv5-xg68-86fhGHSA-vhcx-55j8-pv9cSUSE-SU-2018:2860-1SUSE-SU-2018:2963-1SUSE-SU-2018:2775-1EUVD-2017-1513GHSA-fr9c-f69x-fpvfGHSA-fwvw-9m43-mj3mCVE-2017-12188EUVD-2017-8999CVE-2018-13093CVE-2018-16658CNVD-2017-30400EUVD-2018-2940GHSA-p95m-33p3-2qfrALAS2-2018-1058GHSA-c688-2x49-65h9VVD-MAGEIA-2017-467CNVD-2017-30402CNVD-2017-14425GHSA-jrh4-2f65-vc34BDU:2021-01436ALAS2-2019-1280BDU:2019-02512CVE-2018-10877BDU:2017-02267BDU:2019-01054GHSA-9jqj-q3v6-cv9hEUVD-2018-5043GHSA-qv83-77rj-635jEUVD-2018-7349GHSA-2wr3-w5rh-2qx4EUVD-2017-9004EUVD-2017-8163GHSA-5qx2-85hg-v5crSUSE-SU-2018:2776-1EUVD-2017-3737CVE-2017-13084BDU:2017-02271RHSA-2019:0415CVE-2018-1118EUVD-2018-6541GHSA-f9jm-8gc5-4v7gEUVD-2018-2992VVD-MAGEIA-2018-337GHSA-h9mf-j5vf-pc99EUVD-2018-17161GHSA-4jqv-ffjp-jw6vCVE-2017-13081GHSA-fhr3-fj6p-xhpfEUVD-2017-3763CVE-2018-10902GHSA-rm5p-g62j-4fc3GHSA-68p5-hvhw-rpc8CVE-2018-3646EUVD-2018-2909CVE-2017-13082EUVD-2017-5992GHSA-8r3h-6rgp-rrqmEUVD-2017-9000BDU:2017-02263GHSA-87xr-wmm8-4mx3CVE-2018-10882GHSA-jq36-53qv-7v3mVVD-MAGEIA-2017-388GHSA-gcfj-hpmm-x9xfALAS-2018-1049EUVD-2018-5348BDU:2021-01420VVD-CERTCC-2017-228519EUVD-2017-9003BDU:2017-00893RHSA-2019:0641EUVD-2017-4596GHSA-496w-f8vc-3275SUSE-SU-2018:2858-1GHSA-p984-v28j-p56qGHSA-899p-w494-v855GHSA-fx3c-8pqx-5v4cGHSA-88p5-45fx-5x87CVE-2018-1000199EUVD-2018-18169EUVD-2017-16535EUVD-2017-4598EUVD-2018-6537CVE-2018-10879CVE-2018-10876EUVD-2016-0812EUVD-2018-6536ALAS2-2019-1281VVD-MAGEIA-2017-379GHSA-mxrv-cp62-8842EUVD-2017-4604VVD-MAGEIA-2018-373CVE-2018-13405BDU:2019-01344GHSA-gffw-ppmc-p7r6EUVD-2018-15500GHSA-cr4j-59jc-xqhgVVD-MAGEIA-2018-418EUVD-2017-4606BDU:2019-01056EUVD-2017-8108SUSE-SU-2018:2862-1SUSE-SU-2021:0452-1GHSA-5p56-pcgw-42mfGHSA-752f-2m5c-7473SUSE-SU-2018:1217-1GHSA-qj7r-58vw-6wwwCVE-2017-0786EUVD-2017-9002SUSE-SU-2018:3029-1GHSA-j658-wqr4-q3w7VVD-MAGEIA-2018-323EUVD-2018-15469GHSA-xpjw-vcgc-qx6pVVD-MAGEIA-2018-64
References
Browse GCVE Records
100 records in the GCVE database · Updated April 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.