VDB

GCVE-VVD-MAGEIA-2017-388

GCVE-VVD-MAGEIA-2017-388
Advisory Published
Vulnetix · Advisory published October 24, 2017
This kernel-tmb update is based on upstream 4.4.92 and fixes at least the following security issues: A security flaw was discovered in nl80211_set_rekey_data() function in the Linux kernel since v3.1-rc1 through v4.13. This function does not check whether the required attributes are present in a netlink request. This request can be issued by a user with CAP_NET_ADMIN privilege and may result in NULL dereference and a system crash (CVE-2017-12153). Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization (nVMX) feature enabled (nested=1), is vulnerable to a crash due to disabled external interrupts. As L2 guest could acce s (r/w) hardware CR8 register of the host(L0). In a nested visualization setup, L2 guest user could use this flaw to potentially crash the host(L0) resulting in DoS (CVE-2017-12154). The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (CVE-2017-14106). The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations associated with padding bytes (CVE-2017-14156). It was found that the iscsi_if_rx() function in scsi_transport_iscsi.c in the Linux kernel since v2.6.24-rc1 through 4.13.2 allows local users to cause a denial of service (a system panic) by making a number of certain syscalls by leveraging incorrect length validation in the kernel code (CVE-2017-14489). The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0 (CVE-2017-14991). A reachable assertion failure flaw was found in the Linux kernel built with KVM virtualisation(CONFIG_KVM) support with Virtual Function I/O feature (CONFIG_VFIO) enabled. This failure could occur if a malicious guest device sent a virtual interrupt (guest IRQ) with a larger (>1024) index value (CVE-2017-1000252). For other upstream fixes in this update, read the referenced changelogs.

Affected Products

VendorProductVersionsPlatforms
Mageiakernel-tmb0 (affected), 4.4.92-1.mga5 (unaffected)

Aliases

Transitive aliases

GHSA-cc5r-x8fh-jwv3EUVD-2017-8163CNVD-2017-30402GHSA-289m-2pf5-x59pGHSA-87xr-wmm8-4mx3GHSA-q7q6-h2q3-86p9CVE-2018-13405CVE-2018-3646EUVD-2018-11741EUVD-2018-6541GHSA-8j5h-gvcc-pfhwcisco-sa-20171016-wpaGHSA-mxrv-cp62-8842GHSA-gwvj-5r5w-vc2gGHSA-hwv5-xg68-86fhEUVD-2018-1874SUSE-SU-2018:2961-1CVE-2017-15265EUVD-2017-9010CVE-2017-13088VVD-MAGEIA-2018-324GHSA-2wr3-w5rh-2qx4CVE-2017-9417BDU:2019-01059EUVD-2018-6572GHSA-5qx2-85hg-v5crGHSA-c688-2x49-65h9VVD-MAGEIA-2017-387VVD-MAGEIA-2017-472CVE-2018-5390ALAS-2018-1048ALAS-2019-1280VVD-MAGEIA-2017-381CVE-2017-17856CVE-2018-12896CVE-2018-10881GHSA-rm5p-g62j-4fc3EUVD-2018-6620ALAS-2018-1087BDU:2019-01056CVE-2017-17864GHSA-gh8r-7rf7-w4rgEUVD-2018-2946EUVD-2018-11754VVD-MAGEIA-2017-383CNVD-2017-14425EUVD-2017-4598CVE-2018-10878EUVD-2018-18306CVE-2017-13215EUVD-2017-4732EUVD-2017-9469GHSA-ggjw-r373-gj64GHSA-r277-gjg9-h48hEUVD-2016-0812GHSA-qwp3-c8jm-p6v6BDU:2017-00893GHSA-3xm5-vf98-cwqxGHSA-3rm8-9cxg-8m49CVE-2018-1000199GHSA-mmph-rg95-j757GSD-2018-1091VVD-MAGEIA-2018-62CVE-2017-13081CVE-2018-17182ALAS-2018-1023ALAS2-2018-994EUVD-2018-13396SUSE-SU-2018:2775-1EUVD-2017-9348CVE-2017-12188CVE-2017-17855CVE-2018-14633CNVD-2017-30401EUVD-2017-18352ALAS2-2018-1086EUVD-2018-2942VVD-MAGEIA-2018-373CVE-2017-7518CVE-2017-17857GHSA-fhr3-fj6p-xhpfCNVD-2017-30397ALAS2-2019-1280CVE-2018-1068GHSA-grv8-gqh3-fmc9EUVD-2018-20505GSD-2017-17863EUVD-2018-6537CVE-2017-0561GHSA-88jq-244c-4xj3GHSA-5fh3-v3jw-rc9hGHSA-4hq8-f3mj-m9wcCVE-2018-10901GHSA-fwvw-9m43-mj3mBDU:2017-02271EUVD-2017-4604EUVD-2018-2943CVE-2017-17854BDU:2019-02512CVE-2018-3620GHSA-rgw3-fq9h-vvg7GHSA-j2cv-h77g-5p95CVE-2017-13086CNVD-2017-30405CNVD-2017-30406GHSA-jrh4-2f65-vc34EUVD-2018-2959GHSA-mq9x-53x3-39h5GHSA-9x5q-ww2j-jw9xCNVD-2017-30400GHSA-fw8c-q6fq-37rgGHSA-9jqj-q3v6-cv9hGHSA-vx6h-cqmq-qj84BDU:2020-00735CVE-2018-10853CNVD-2017-30404VVD-MAGEIA-2018-340EUVD-2018-2922EUVD-2018-7349EUVD-2018-10173RHSA-2019:0641EUVD-2017-8999EUVD-2018-8128VVD-MAGEIA-2018-417CVE-2017-13080EUVD-2017-9001CVE-2018-10879CVE-2018-14634BDU:2017-02269EUVD-2017-4602GHSA-88p5-45fx-5x87GHSA-h6c2-frm7-53hmCVE-2018-14734GHSA-f8g5-rmc4-j74gALAS2-2018-1051EUVD-2018-5042SUSE-SU-2018:1217-1GHSA-qv83-77rj-635jGHSA-5p56-pcgw-42mfGHSA-p984-v28j-p56qCVE-2017-13079CVE-2017-13082CVE-2018-15572GHSA-wxv4-3q58-w3mxSUSE-SU-2018:2539-1EUVD-2017-5667CVE-2017-13084EUVD-2017-4605VVD-MAGEIA-2017-384VVD-MAGEIA-2017-379GHSA-j9fr-8f9m-c9qcBDU:2021-01418GHSA-fr39-wf38-f5w3EUVD-2018-5043SUSE-SU-2018:2860-1GHSA-fr9c-f69x-fpvfVVD-CERTCC-2017-228519EUVD-2018-8956VVD-MAGEIA-2018-341ALAS2-2019-1281BDU:2019-00977VVD-MAGEIA-2018-296VVD-MAGEIA-2018-391EUVD-2017-3737CVE-2017-13078EUVD-2017-4595GHSA-p95m-33p3-2qfrCVE-2018-9363EUVD-2018-2958GHSA-2jfx-4v33-68mfSUSE-SU-2018:2963-1CVE-2018-10880GHSA-9pwc-v5p9-3c37EUVD-2018-6536ALAS-2018-1086BDU:2019-02397GSD-2018-10902EUVD-2018-15469VVD-MAGEIA-2017-466CVE-2017-18344GHSA-qvr8-f9g3-wv5xBDU:2017-02263GHSA-pvv9-p2gj-w426CVE-2018-1087GHSA-j658-wqr4-q3w7GHSA-4jqv-ffjp-jw6vCVE-2017-17853GHSA-899p-w494-v855CVE-2018-10882BDU:2017-02264BDU:2019-00979CVE-2018-1108GHSA-gffw-ppmc-p7r6GHSA-hwr9-p63p-wq87CVE-2017-16995GHSA-jq36-53qv-7v3mEUVD-2017-4599BDU:2019-01057VVD-MAGEIA-2018-419CVE-2018-10840CVE-2017-13087GHSA-gcfj-hpmm-x9xfALAS2-2018-1058CVE-2018-1118CVE-2018-8897GHSA-p6x5-xg7h-fj5hALAS-2018-971SUSE-SU-2018:2962-1BDU:2017-02266EUVD-2018-7468GHSA-wjj9-4g79-4c2cGHSA-v788-jmxr-wgj9CVE-2018-14641BDU:2017-01325RHSA-2019:0415CVE-2018-1091CVE-2017-18216EUVD-2018-15474GHSA-9c72-6vp8-jx77CVE-2017-17862GHSA-55f7-p7jv-3448CVE-2018-16658EUVD-2018-11720SUSE-SU-2018:2538-1GHSA-mxm3-6wfv-q9qgGHSA-v67j-hmh5-9qhgCVE-2018-5391EUVD-2017-4600BDU:2021-01436GHSA-68p5-hvhw-rpc8GHSA-vhcx-55j8-pv9cCVE-2018-13094CNVD-2017-30399EUVD-2018-8460GHSA-mw8q-cf75-7f35CVE-2018-18445EUVD-2018-18169GHSA-2gc2-cm86-3pjxALAS2-2018-971GHSA-9w6j-7396-jgw4GHSA-cr4j-59jc-xqhgGHSA-45mv-5p9c-6w7cCVE-2018-14617EUVD-2018-2947VVD-MAGEIA-2018-374EUVD-2018-18307GHSA-xpjw-vcgc-qx6pVVD-MAGEIA-2017-386EUVD-2017-6725EUVD-2018-7446GHSA-496w-f8vc-3275GHSA-qj7r-58vw-6wwwVVD-MAGEIA-2017-467VVD-MAGEIA-2018-323CVE-2016-0801GHSA-jw6w-m4jf-m6xpALAS2-2018-1023SUSE-SU-2018:2864-1EUVD-2017-9000GHSA-873h-38h4-56jxVVD-MAGEIA-2018-63CVE-2018-6555ALAS2-2018-1050BDU:2019-01055EUVD-2018-2945ALAS-2018-1058CVE-2018-3615EUVD-2018-5348CVE-2018-10940EUVD-2017-4597GHSA-f9jm-8gc5-4v7gCVE-2018-6412SUSE-SU-2018:2862-1SUSE-SU-2018:2960-1SUSE-SU-2018:3029-1EUVD-2018-2944EUVD-2018-2909EUVD-2018-19707EUVD-2017-9009ALAS-2018-1049GHSA-6q2v-x4cv-ghqxCVE-2018-14678EUVD-2018-11762GHSA-c3vm-qh5c-27gqGHSA-229x-53vm-m4f4VVD-MAGEIA-2017-463EUVD-2017-9002CVE-2018-10876CVE-2018-16276EUVD-2017-9003CVE-2017-13077GHSA-4994-8w6g-9jvwCNVD-2017-30398EUVD-2017-4596BDU:2017-02268BDU:2021-01415BDU:2019-03124VVD-MAGEIA-2018-64CVE-2017-0786GHSA-843x-7h9r-xpf8EUVD-2017-8164CVE-2018-10675EUVD-2017-0915GHSA-752f-2m5c-7473SUSE-SU-2018:2787-1EUVD-2017-3763CVE-2018-6554EUVD-2018-2940CNVD-2018-17431EUVD-2017-5992CNVD-2017-38518CVE-2018-10883CVE-2018-15594BDU:2017-02267SUSE-SU-2021:0452-1SUSE-SU-2018:2858-1GHSA-8x9x-6w2w-w9h8CVE-2018-13093EUVD-2018-2992BDU:2019-02508CVE-2018-20856CVE-2017-16939VVD-MAGEIA-2018-418SUSE-SU-2018:2940-1SUSE-SU-2018:3084-1H1-286740CNVD-2017-30403GHSA-8r3h-6rgp-rrqmEUVD-2017-9011CVE-2018-10877GHSA-h9mf-j5vf-pc99EUVD-2017-1513CVE-2017-17863CVE-2018-10902EUVD-2018-6524CVE-2018-18281EUVD-2018-15500GHSA-xfrv-5h7j-4qvxCVE-2017-16996CVE-2017-17852BDU:2019-01060CVE-2018-12904CVE-2018-15471BDU:2019-01344EUVD-2017-8108CNVD-2018-07889EUVD-2017-1140BDU:2017-02270EUVD-2018-2746EUVD-2018-11737BDU:2019-02783EUVD-2018-10016EUVD-2017-4606GHSA-fx3c-8pqx-5v4cEUVD-2018-4849GSD-2018-6412EUVD-2017-5618EUVD-2017-16535BDU:2017-02265EUVD-2018-2941EUVD-2018-17161GHSA-rhjq-jcf3-f32gEUVD-2018-4857CNVD-2018-03941BDU:2019-01058VVD-MAGEIA-2018-337SUSE-SU-2018:1048-1GHSA-84fm-f9m3-wc94BDU:2017-02272EUVD-2018-17160BDU:2019-00978CVE-2018-7995BDU:2021-01420EUVD-2018-20957EUVD-2017-9004BDU:2019-01054SUSE-SU-2018:2776-1

Browse GCVE Records

78,808 records in the GCVE database · Updated July 13, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›