[Ksplice][Debian 8.0 Updates] New Ksplice updates for Debian 8.0 Jessie (3.16.51-2)
Oracle Ksplice
ksplice-support_ww at oracle.com
Tue Dec 19 06:08:50 PST 2017
Synopsis: 3.16.51-2 can now be patched using Ksplice
CVEs: CVE-2016-7097 CVE-2017-0786 CVE-2017-1000112 CVE-2017-1000405 CVE-2017-12190 CVE-2017-12192 CVE-2017-12193 CVE-2017-13080 CVE-2017-15115 CVE-2017-15265 CVE-2017-15274 CVE-2017-15299 CVE-2017-15649 CVE-2017-16525 CVE-2017-16527 CVE-2017-16529 CVE-2017-16530 CVE-2017-16531 CVE-2017-16532 CVE-2017-16533 CVE-2017-16535 CVE-2017-16536 CVE-2017-16537 CVE-2017-16643 CVE-2017-16649 CVE-2017-16650 CVE-2017-6951 CVE-2017-8067 CVE-2017-8831
Systems running Debian 8.0 Jessie can now use Ksplice to patch against
the latest Debian kernel update, 3.16.51-2.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Debian 8.0
Jessie install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Denial-of-service in ext4 xattr manipulation.
A logic error when expanding an inode to accomodate additional extended
attributes could cause a kernel deadlock and denial-of-service.
* Deadlock when expanding EXT4 inline data.
Incorrect locking between expanding EXT4 inline data and writing to inline data
can trigger a deadlock and kernel panic.
* Double-free of IP-over-IB on concurrent transaction.
Failing to reinitialize the work item list for an IP-over-IB transaction
could lead to a use-after-free or list corruptions. A local user could use
this flaw to cause a denial-of-service or potentially escalate privileges.
* Information leak in USB ARK Micro 3116 serial driver.
A logic error when handling short register-accessor responses can allow the
contents of kernel memory to be leaked to userspace.
* Information leak in USB FTDI serial response parsing.
A logic error when handling short modem-status responses can allow the contents
of kernel memory to be leaked to userspace.
* Information leak in USB SPCP8x5 serial driver.
A logic error when handling short modem-status responses can allow the contents
of kernel memory to be leaked to userspace.
* Kernel panic in Realtek wireless header parsing.
The Realtek wireless driver does not correctly handle truncated wireless frames
which can trigger a NULL pointer dereference and kernel panic.
* Memory leak when disabling USB HID gadget devices.
Incorrect memory management when disabling a USB gadget device with HID
functions can trigger a kernel memory leak and subsequent kernel panic.
* Memory leak when attaching one-wire slave devices.
A logic error when an error is encountered attaching one-wire devices can
trigger a kernel memory leak and subsequent kernel panic.
* Denial of service in Radeon buffer-object caching.
The Radeon graphics driver does not correctly handle swapping out
buffer-objects which can trigger an assertion failure and kernel panic.
* Memory corruption when handling EXT4 small group sizes.
A logic error when handling EXT4 filesystems with small group sizes can trigger
an out-of-bounds read and potentially corrupt kernel memory.
* Data corruption or deadlock when writing to ext4 with journaling enabled.
Encountering an error when writing to a file on an ext4 filesystem with
journaling enabled would incorrectly mark the underlying data buffers as
dirty, in rare cases causing data corruption on disk or a deadlock.
* Memory leak in EXT4 inline data writeback.
The EXT4 filesystem driver does not handle errors when writing inline to disk
which can trigger reference counting errors and a kernel memory leak.
* Memory leak when opening files via NFSv4 client.
The kernel NFSv4 client does not track memory correctly when opening files on a
remote NFS server which can lead to a memory leak and subsequent kernel panic.
* Denial of service in Moschip USB serial driver.
A logic error when attaching to a Moschip USB serial device with no
interrupt-in endpoint can trigger a NULL pointer dereference and kernel panic.
* NULL pointer dereference when requesting master key for encrypted keys.
The error return value when failing to request the master key to decrypt
encrypted keys in the kernel keyring was incorrectly set to NULL and not
handled correctly by consumers, potentially causing a denial-of-service
or other exploitable behavior when the pointer was dereferenced.
* Memory corruption in Mellanox Connect-IB SRQ management.
The Mellanox Connect-IB PCI Express driver does not correctly allocate memory
when creating SRQs which can later trigger an out-of-bounds write and kernel
memory corruption.
* Remote denial-of-service when setting file size+uid/gid over NFS.
The NFS protocol allows simultaneous change of both a file's size and
ownership information. However, filesystems such as XFS and GFS2 do not
allow this, and will cause a kernel assert and denial-of-service if it
is encountered.
* Double-free when merging fragments in BATMAN wireless driver.
A logic error in the BATMAN wireless driver could corrupt memory when
merging fragments, potentially causing a denial-of-service.
* Use-after-free in DRM/TTM fault handling.
A race condition in the DRM/TTM driver can result in a use-after-free
during vm fault handling. A local attacker could use this flaw to cause
a kernel crash.
* Memory leak when synchronously closing FUSE files.
Incorrect reference counting when synchronously closing files on FUSE
filesystems can trigger a kernel memory leak and subsequent kernel panic.
* Denial of service when parsing RDMA iWARP parameters.
The kernel RDMA connection manager does not fully validate iWARP parameters
from userspace which can allow a local user to trigger a NULL pointer
dereference and kernel panic.
* Use-after-free of timer on DCCP network shutdown.
When shutting down a Datagram Congestion Control Protocol connection,
the shutdown code does not correctlly cancel outstanding timers,
potentially allowing them to be used-after-free, causing a
denial-of-service or other exploitable behavior.
* Memory corruption when performing IO on anonymous memory mappings.
A logic error when performing IO on anonymous memory mappings can trigger
memory corruption and a kernel panic.
* Deadlock when setting ALSA timer with small tickrate.
The ALSA subsystem does not define a lower-bound for tickrates which can allow
a local user to cause deadlocks by setting a small tickrate for timers.
* CVE-2017-8067: Denial-of-service via console driver memory mapping.
An incorrect usage of mapped memory from the stack in the virtio-console
driver could allow an attacker to alter kernel stack memory, causing a
privilege escalation or denial-of-service.
* Denial of service in Digi Edgeport TI interrupt processing.
A logic error when handling interrupts from Digi Edgeport USB devices can allow
a malicious device to trigger a NULL pointer dereference and kernel panic.
* Information leak in safe-serial USB driver.
The safe-serial USB driver does not correctly validate USB frames which can
allow short USB frames to leak the contents of kernel memory to userspace.
* Denial-of-service when flashing firmware of dvb usb devices.
Wrong usage of an on-stack buffer for DMA transfers could lead to memory
corruption. A local attacker could use this flaw to cause a
denial-of-service.
* NULL pointer dereference when probing an IO Warrior USB device.
A missing check that an endpoint exists before communicating through it
could lead to a NULL pointer dereference. This flaw can be leveraged with
a malicious USB device to cause a denial-of-service.
* Denial-of-service in raid10 block I/O operation.
A race condition in raid10 driver results in a deadlock in the kernel. An
unprivileged local user can exploit this to cause denial-of-service.
* NULL pointer derefence when probing an Intel Wireless WiMAX USB device.
A missing check that an endpoint exists before communicating through it
could lead to a NULL pointer dereference. This flaw can be leveraged with
a malicious USB device to cause a denial-of-service.
* Memory corruption in IP packet redirection.
Incorrect reference counting when redirecting IPv4, IPv6 and DCCP packets can
trigger a use-after-free condition and kernel panic.
* NULL pointer dereference when probing a Siemens USB mouse with fingerprint support.
A missing check that an endpoint exists before communicating through it
could lead to a NULL pointer dereference. This flaw can be leveraged with
a malicious USB device to cause a denial-of-service.
* NULL pointer dereference when probing a USS-720 parallel port USB adapter.
A missing check that an endpoint exists before communicating through it
could lead to a NULL pointer dereference. This flaw can be leveraged with
a malicious USB device to cause a denial-of-service.
* NULL pointer dereference when probing a Wireless USB device.
A missing check that an endpoint exists before communicating through it
could lead to a NULL pointer dereference. This flaw can be leveraged with
a malicious USB device to cause a denial-of-service.
* NULL pointer dereference when probing a Host Wire Adapter Wireless USB adapter.
A missing check that an endpoint exists before communicating through it
could lead to a NULL pointer dereference. This flaw can be leveraged with
a malicious USB device to cause a denial-of-service.
* NULL pointer dereference when probing an Intel Wireless Link 1480 USB device.
A missing check that an endpoint exists before communicating through it
could lead to a NULL pointer dereference. This flaw can be leveraged with
a malicious USB device to cause a denial-of-service.
* Memory corruption in futex requeuing.
A logic error when requeuing a PI futex can trigger a use-after-free condition
and kernel memory corruption when changing the owner of the futex.
* Denial-of-service when destroying TCP socket using GFP_ATOMIC.
A logic error when destroying socket could lead to a memory leak if a
TCP socket is using GFP_ATOMIC flag for allocations. A local attacker
could use this flaw to cause a denial-of-service.
* Denial-of-service when performing wireless scan or dump.
A locking error when performing scan or dump on a wireless interface
could lead to a deadlock. A local attacker could use this flaw to cause
a denial-of-service.
* NULL pointer dereference when probing a USB SD Host Controller device.
A missing check that an endpoint exists before communicating through it
could lead to a NULL pointer dereference. This flaw can be leveraged with
a malicious USB device to cause a denial-of-service.
* NULL pointer dereference when probing a USB Joystick I-Force.
A missing check that an endpoint exists before communicating through it
could lead to a NULL pointer dereference. This flaw can be leveraged with
a malicious USB device to cause a denial-of-service.
* NULL pointer dereference when probing a C-Media CM109 phone through USB.
A missing check that an endpoint exists before communicating through it
could lead to a NULL pointer dereference. This flaw can be leveraged with
a malicious USB device to cause a denial-of-service.
* NULL pointer dereference when probing a Yealink phone through USB.
A missing check that an endpoint exists before communicating through it
could lead to a NULL pointer dereference. This flaw can be leveraged with
a malicious USB device to cause a denial-of-service.
* NULL pointer dereference when probing a Hanwanr Art Master III tablet through USB.
A missing check that an endpoint exists before communicating through it
could lead to a NULL pointer dereference. This flaw can be leveraged with
a malicious USB device to cause a denial-of-service.
* NULL pointer dereference when probing a KB Gear JamStudio tablet through USB.
A missing check that an endpoint exists before communicating through it
could lead to a NULL pointer dereference. This flaw can be leveraged with
a malicious USB device to cause a denial-of-service.
* Denial-of-service when using ALSA set_client_pool ioctl.
A flag handling error in set_client_pool ioctl path could lead to a
deadlock. A local attacker could use this flaw to cause a
denial-of-service.
* Denial-of-service in AF_UNIX sockets garbage collector.
A logic error in implementation of garbage collector of UNIX sockets
could lead to a kernel BUG(). A local attacker could use this flaw to
cause a denial-of-service.
* Use-after-free in KVM bus registration handling.
A failure to correctly handle unregistering devices from the KVM bus can
result in a use-after-free. A local attacker with access to virtual
machine management could use this flaw to crash the kernel or escalate
privileges.
* Information leak when reading sensons from ASUS motherboards.
A missing error check when reading sensors exposed through the ACPI
Hardware monitiring interface could lead to uninitialized memory being
leaked to userspace. This could help an attacker bypass protections like
ASLR or infer memory layouts that would otherwise be hidden.
* Denial of service in ext4 extended attribute checksums.
A race condition in the ext4 filesystem driver can cause incorrect checksums to
be calculated for extended attributes which can allow a local user to cause a
denial of service.
* Denial-of-service in USB URB submission.
A flaw in the error handling of sending URB packets can result in
memory corruption. A local attacker with access to USB devices could use
this flaw to crash the kernel.
* Information leak when reading virtio ballooning statistics.
Some virtio ballooning statistics were being copied to userspace when the
CONFIG_VM_EVENT_COUNTERS was not enabled, disclosing uninitialized on-stack
memory. This could help an attacker bypass protections like ASLR or infer
memory layouts that would otherwise be hidden.
* Reference leak in iSCSI session shutdown causes denial-of-service.
Incorrect reference logic in iSCSI session shutdown could cause a leak
of a memory record, potentially causing a kernel panic and
denial-of-service.
* Malicious code injection in VMWare virtual GPU fence object.
Fence objects in the VMWare virtual GPU system were not properly
type-checked from userspace, potentially allowing a user to inject
malicious code.
* Information leak in VMWare virtual GPU capability sysctl.
A missing size check in the VMWare virtual GPU vmw_get_cap_3d_ioctl()
call could potentially expose kernel memory to userspace.
* Information leak via SCSI driver capability check.
Incorrectly parsing the length of a SCSI capability buffer returned from
an older device could read off the end of the buffer, potentially
leaking kernel information.
* Denial-of-service due to race condition in ptrace state.
A race condition in the ptrace signal handling can cause memory
corruption in the kernel, causing a kernel panic and denial-of-service.
* Denial-of-service in zram unaligned page compression.
Incorrectly copying memory from a non page-aligned boundary in the zram
driver could corrupt kernel memory, causing a kernel panic and
denial-of-service.
* Memory corruption when reading Plan9 directories.
A logic error when the Plan9 filesystems reads a directory from a remote server
can trigger memory corruption and a kernel panic.
* CVE-2017-6951: Denial-of-service from userspace via dead security keys.
Dead security keys were improperly assigned a type with name "dead",
which allowed them to be accessed by users with the
key_get_type_from_user() syscall, causing a kernel panic and
denial-of-service.
* Use-after-free in the Toshiba TC35815 Ethernet driver when releasing queues.
A logic error when releasing transfer queues in the Toshiba TC35815
Ethernet driver leads to a use-after-free. A local user with the ability
to force the queues to be released could use this flaw to cause a
denial-of-service.
* Memory leak when destroying MAC-VLAN devices.
Incorrect reference counting when destroying a MAC-VLAN device can cause a
kernel memory leak and subsequent kernel panic.
* NULL pointer dereference when probing a Wireless ZyDAS ZD1201 USB device.
A missing check that an endpoint exists before communicating through it
could lead to a NULL pointer dereference. This flaw can be leveraged with
a malicious USB device to cause a denial-of-service.
* Information leak in TI LP8788 charger driver.
Incorrect array initialization could result in reading beyond the end of
an array and leaking the contents of kernel memory to user-space.
* Out of bounds memory write in the Nebula Electronics uDigiTV USB receiver.
Lack of bounds checking before copying into a kernel buffer could lead to
memory corruptions. A local attacker could use this flaw to cause a
denial-of-service or potentially escalate privileges.
* Information leak via multiple disk (RAID/LVM) device ioctl.
Failing to initialize an unused data field in multiple device ioctls
could allow kernel stack information to be exposed to userspace.
* Buffer underflow when setting beacon data of Realtek RTL8188EU Wireless LAN NIC driver.
A missing check when setting beacon data of R8188EU driver in Host mode
could lead to a buffer underflow. A local attacker could use this flaw
to cause a denial-of-service.
* Bypass in memory protections when using passthrough WRITE SAME ATA commands.
A missing check to verify the origin of WRITE SAME ATA commands in the ATA
layer could allow a local user to bypass memory protections and potentially
write to otherwise read-only files. This could be used to elevate
privileges.
* Denial-of-service when writing to small memory-mapped file on ext4.
In rare cases, writing to a very small memory-mapped file on the ext4
filesystem can execute invalid code, causing a denial-of-service.
* Out of bounds read when converting DOS to Unix times in the CIFS filesystem.
A logic error when converting DOS to Unix times and dates in the CIFS
filesystem could lead to an out of bounds read and potentially disclose
kernel memory. An attacker could use this flaw to cause a
denial-of-service or potentially facilitate an attack.
* Denial-of-service in Ceph file system extended attributes.
Failure to free memory when the filesystem failed to set an extended
attribute could result in memory exhaustion. A local, unprivileged user
could use this flaw to cause a denial of service.
* Information leak via unsanitized buffer in getxattr.
Failing to zero out a buffer returned by getxattr in low-memory
situations could cause kernel memory to be exposed to userspace.
* Out-of-bounds memory write when compiling an IPSec policy.
Incorrect bounds checking when checking the size of a security context
before compiling an IPSec policy could lead to an out-of-bounds memory
write. A local user could use this flaw to cause a denial-of-service or
potentially escalate privileges.
* Information leak in multiple debug prints of USB core driver.
Multiple debug prints in USB core driver when transferring USB packets
could leak memory addresses from the running kernel. A local attacker
could use this flaw to get information about running kernel and
facilitate an attack.
* Denial-of-service when mapping end of physical address space.
A missing check when mapping end of physical address space that wrap
around the end could lead to a kernel BUG. An attacker could use this flaw
to cause a denial-of-service.
* Kernel crash when page allocation fails during OOM in ext4.
In low memory conditions, freeing blocks in an ext4 filesystem can cause
the kernel to crash.
* NULL pointer dereference on failure to add partitions from a block device.
Failure to properly return an error code when failing to add partitions
from a block device could lead callers to dereference a NULL pointer. An
attacker could use this flaw to cause a denial-of-service.
* NULL pointer dereference when decoding an integer in the Ceph library.
Failure to properly return an error code when failing to decode an integer
in the Ceph library could lead callers to dereference a NULL pointer. An
attacker could use this flaw to cause a denial-of-service.
* Denial-of-service when using TCP fastopen on a socket with unknown address family.
A missing check on socket's address family type when using TCP fastopen
could lead to a kernel BUG(). A local attacker could create such socket
and send TCP fastopen packet over to cause a denial-of-service.
* Memory corruption in the ASIX AX88796 ethernet driver on failure to register.
An IRQ was being released without having been requested on failure to
initialize an ASIX AX88796 ethernet driver. A local user with the ability
to bring up associated network devices could use this flaw to cause a
denial-of-service.
* Data corruption on ext4 filesystem when writing through mmap.
A time-of-check-time-of-use race condition in the ext4 filesystem when
submitting pages to be written to persistent storage could cause data
corruptions on concurrent mmap writes.
* Denial-of-service in hugepage soft offline handling.
A failure to correctly handle reference counting when soft offlining
huge pages can result in a soft lockup. A local attacker could use this
flaw to cause a denial-of-service.
* Denial-of-service when setting alarm timer.
An overflow when setting alarm timer leads to alarm expiring immediately
in a loop, causing a high cpu load. A local attacker could use this flaw
to cause a denial-of-service.
* Denial-of-service when using videobuf2 core framework.
A check error when using videobuf2 core framework could lead to an out
of bounds access. A local attacker could use this flaw to cause a
denial-of-service.
* CVE-2017-15274: Denial-of-service when adding a key using the key control subsystem.
A missing check on user input when using add_key syscall of keyctl could
lead to a NULL pointer dereference if the key type is asymmetric,
cifs.idmap, cifs.spnego, or pkcs7_test. A local attacker could use this
flaw to cause a denial-of-service.
* Use-after-free in Linux SCSI Target fabric driver.
A reference counting error when aborting transport command in Linux SCSI
Target fabric driver leads to a use-after-free in kernel. This could
allow a local user to escalate privilege.
* Denial-of-service when using Geschwister Schneider UG interfaces.
A missing free when closing USB Geschwister Schneider net device could
lead to a memory leak. A local attacker could use this flaw to exhaust
kernel memory and cause a denial-of-service.
* Denial-of-service when using context mount options.
A missing check in error path when mounting filesystem with specific
context mount options while SELinux is enabled could lead to a double
free. A local attacker could use this flaw to cause a denial-of-service.
* Denial-of-services when using XFRM to transform network packets.
Multiple errors in XFRM framework could lead to multiple NULL pointer
dereferences or out-of-bound accesses. A local attacker could use this
flaw to cause a denial-of-service.
* Denial-of-service when using IPV6 routing policy.
A logic error when using IPV6 routing policy could lead to a memory
leak. A local attacker could use this flaw to exhaust kernel memory and
cause a denial-of-service.
* Denial-of-service when using DP83640 PHYTER driver.
A logic error when using DP83640 PHYTER driver could lead to a NULL
pointer dereference. A remote attacker could use this flaw to cause a
denial-of-service.
* Denial-of-service when routing autofs ioctl control command.
A logic error in handling ioctl control command failure leads to a null
pointer dereference. An attacker can exploit this to cause
denial-of-service.
* Denial-of-service when disconnecting a TCP connection over IPV4.
A missing release of resources when disconnecting a TCP connection over
iPV4 could lead to a reference count leak. A local attacker could use
this flaw to cause a denial-of-service.
* Memory leak when using Generic Receive Offload technology.
A missing free when using Generic Receive Offload network technology
could lead to invalid reference count and thus memory leak. A local
attacker could use this flaw to cause a denial-of-service.
* Improve fix for Permission bypass when checking credentials for fs accesses.
An incorrect backport of the fix can result in a kernel error when
attempting to access another processes pagemep in proc.
* CVE-2016-7097: Permissions bypass using setxattr syscall on multiple filesystems.
A logic error when inheriting access control list from a parent
directory after setting extended attribute on BTRFS, EXT2, XFS, F2FS,
HFSPLUS, Reiserfs and JFS filesystems could lead to a permission bypass.
A local attacker could use this flaw to access sensitive information.
* CVE-2017-1000112: Privilege escalation using the UDP Fragmentation Offload (UFO) code.
Multiple missing checks on headers length when using UDP Fragmentation
Offload (UFO) protocol while sending packets could lead to out-of-bounds
accesses. A local attacker with CAP_NET_RAW capability, or on a system
with unprivileged namespace enabled, could use this flaw to cause a
denial-of-service or execute arbitrary code.
* Denial of service in Digi AccelePort OOB events.
A logic error when parsing truncated OOB events from Digi AccelePort USB
devices can trigger an out-of-bounds read and kernel panic.
* Multiple denial-of-service when plugging malicious USB devices.
Missing checks in multiples USB devices drivers could lead to a NULL
pointer dereference when plugging malicious USB devices. An attacker
with physical access to the machine could cause a denial-of-service.
* Deadlock in netfilter connection tracker when creating connection.
A race condition between different parts of the netfliter connection
tracker could cause it to deadlock the system when deleting a connection
helper.
* CVE-2017-12190: Denial-of-service in block I/O page merging.
A failure to decrement a reference count when merging block I/O pages
can result in a memory leak. A local user could use this flaw to cause a
denial-of-service.
* CVE-2017-12192: Denial-of-service when reading negative key.
Invalid memory access when reading key negative from kernel key management
facility results in a crash. An unprivileged local user can exploit this
to cause denial-of-service.
* CVE-2017-12193: Denial-of-service in generic associative array implementation.
A logic error when inserting a new entry into an associative array can
result in a NULL pointer dereference, leading to a Kernel crash. A local
user could use this flaw to cause a denial-of-service.
* CVE-2017-13080: Key Reinstallation Attacks (KRACK) on WPA2 protocol.
A weakness in the four-way handshake of the WPA2 protocol allows an
attacker within radio range to force reuse a nonce. This could allow he
attacker to eavesdrop on encrypted communications as well as inject and
manipulate data into a WiFi stream.
* CVE-2017-15265: Use-after-free in ALSA seq port creation.
Failure to increment a reference count error during creation of an ALSA
seq port can result in a use-after-free. A local user could use this
flaw to escalate privileges.
* CVE-2017-15299: Denial-of-service in uninstantiated key configuration.
A failure to check whether or not a key is instantiated before
performing operations on it can result in a NULL pointer dereference,
leading to a kernel crash. A local user could use this flaw to cause a
denial-of-service.
* CVE-2017-15649: Use-after-free in socket fanout.
A logic error when enabling fanout on a socket can result in the socket
being added to a list twice, which can lead to a use-after-free. A local
user could use this flaw to cause a denial-of-service or possibly
escalate privileges.
* CVE-2017-16529: Out-of-bounds due to corrupted buffer parsing in USB audio.
A failure to validate buffer descriptors from a USB audio device can
result in an out-of-bounds memory access.
* CVE-2017-16530: Out-of-bounds access in USB alternate setting enumeration.
A failure to correctly validate USB alternate information from a USB
device can result in an out-of-bounds memory access.
* CVE-2017-16531: Out-of-bounds access in USB configuration parsing.
A failure to correctly validate a USB interface association description
can result in an out-of-bounds memory access.
* CVE-2017-16532: NULL pointer dereference when running USB tests with a crafted USB device.
A missing check when running USB tests with a USB device exposing
invalid endpoints configuration could lead to a NULL pointer dereference.
A local attacker could use this flaw to cause a denial-of-service.
* CVE-2017-16533: Out-of-bounds access during parsing of Human Interface Device information.
A failure to validate information supplied by a USB device can result in
a out-of-bounds memory write, leading to undefined behaviour.
* CVE-2017-16535: Out-of-bounds memory access when reading USB descriptors.
A missing check when reading USB descriptors could lead to an
out-of-bounds access. A local attacker could use this flaw to cause a
denial-of-service.
* CVE-2017-15115: Use-after-free in SCTP peel off operation inside network namespace.
A logic error when performing an SCTP peel off operation from a network
namespace can result in an incorrect free, leading to a subsequent
use-after-free. A local user could use this flaw to cause a
denial-of-service, or potentially escalate privileges.
* CVE-2017-0786: Privilege escalation in Broadcom WIFI driver.
A failure to validate the results of a scan could result in kernel
memory corruption. A remote attacker could use this flaw to escalate
privileges.
* CVE-2017-1000405: Privilege escalation when writing into a Transparent Huge Page.
A logic error in internal Transparent Huge Page handling of the kernel
could let an attacker overwrite read-only data and escalate privileges.
* CVE-2017-8831: Denial-of-service when using NXP SAA7164 video driver.
A missing check on user input when using NXP SAA7164 video driver could
lead to an out-of-bounds access. A local attacker could use this flaw to
cause a denial-of-service.
* CVE-2017-16527: Use-after-free when creating mixer for USB Audio device.
A missing free in error path when creating mixer for USB Audio device
could lead to a use-after-free. A local attacker could use a crafted USB
Audio device to cause a denial-of-service.
* CVE-2017-16525: Use-after-free in USB serial console setup failure.
A failure to handle an error case during USB serial console setup can lead to
a use-after-free.
* CVE-2017-16536: NULL pointer dereference when registering a Conexant cx231xx USB video device.
A missing check when probing a Conexant cx231xx USB video device could
lead to a NULL pointer dereference. A local attacker could use a crafted
USB device to cause a denial-of-service.
* CVE-2017-16537: NULL pointer dereference when registering SoundGraph iMON Receiver and Display driver.
A missing check when registering SoundGraph iMON Receiver and Display
driver could lead to a NULL pointer dereference. A local attacker could
use this flaw to cause a denial-of-service.
* CVE-2017-16643: Out-of-bounds access in GTCO CalComp/InterWrite USB tablet HID parsing.
A validation failure when parsing a HID report from a GTCO
CalComp/InterWrite USB tablet can result in an out-of-bounds memory
access. A user with physical access to a system could use this flaw to
cause undefined behaviour or potentially escalate privileges.
* CVE-2017-16650: Divide-by-zero when probing Qualcomm MSM USB network devices.
USB network devices using the Qualcomm MSM Interface protocols could
potentially maliciously cause a denial-of-service by presenting invalid
functional descriptors and causing a divide-by-zero.
* CVE-2017-16649: Divide-by-zero when probing USB CDC network devices.
USB network devices using the Communications Device Class protocols
could potentially maliciously cause a denial-of-service by presenting
invalid functional descriptors and causing a divide-by-zero.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Debian-8.0-Updates
mailing list