-
PSBM-64752
ipv4: deadlock in ip_ra_control().
A vulnerability was found in the implementation of setsockopt() operations in the Linux kernel. A privileged user inside a container could cause a DoS on the host (kernel deadlock in ip_ra_control() function) using a specially crafted sequence of system calls.
-
CVE-2017-7477
net: Heap overflow in skb_to_sgvec in macsec.c.
Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel through 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by leveraging the use of a MAX_SKB_FRAGS+1 size in conjunction with the NETIF_F_FRAGLIST feature, leading to an error in the skb_to_sgvec function.
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7477
-
CVE-2017-8797
NFSv4 server does not properly validate layout type when processing NFSv4 pNFS LAYOUTGET operand.
The NFSv4 server in the Linux kernel compiled with CONFIG_NFSD_PNFS enabled does not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. The attack payload fits to single one-way UDP packet. The provided input value is used for array dereferencing. This may lead to a remote DoS of [knfsd] and so to a soft-lockup of a whole system.
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-8797
-
PSBM-67263
Use after free in vxlan_dellink().
A vulnerability was found in the implementation of vxlan interfaces in the Linux kernel. A privileged user inside a container was able to trigger a use-after-free in vxlan_dellink() function with a special sequence of operations with vxlan interfaces, which could result in a system crash or could possibly have other unspecified impact.
-
PSBM-67221
Kernel crash (general protection fault) in cleanup_timers().
A vulnerability was found in the signal handling in the Linux kernel. A local unprivileged user may cause a kernel crash (general protection fault) in cleanup_timers() function by using rt_tgsigqueueinfo() system call with a specially crafted set of arguments.
-
PSBM-67300
Kernel crash (NULL pointer dereference) in list_lru_destroy().
Kernel crash (NULL pointer dereference) in list_lru_destroy().
-
PSBM-67076
Kernel deadlocks in try_charge().
When memcgroup reached memory limits, kernel may have entered an endless loop in try_charge(), and deadlocked.