ALAS-2017-828

Description

Infinite recursion in ahash.c by triggering EBUSY on a full queue:A vulnerability was found in crypto/ahash.c in the Linux kernel which allows attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue.(CVE-2017-7618 )Time subsystem allows local users to discover real PID values:The time subsystem in the Linux kernel, when CONFIG_TIMER_STATS is enabled, allows local users to discover real PID values (as distinguished from PID values inside a PID namespace) by reading the /proc/timer_list file, related to the print_timer function in kernel/time/timer_list.c and the __timer_stats_timer_set_start_info function in kernel/time/timer.c.(CVE-2017-5967 )Stack-based buffer overflow in sg_ioctl function:The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impacts via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function. (CVE-2017-7187 )Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c:Incorrect error handling in the set_mempolicy() and mbind() compat syscalls in mm/mempolicy.c; in the Linux kernel allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation. (CVE-2017-7616 )Race condition in Link Layer Control:A race condition leading to a NULL pointer dereference was found in the Linux kernel's Link Layer Control implementation. A local attacker with access to ping sockets could use this flaw to crash the system. (CVE-2017-2671 )Overflow in check for priv area size:It was found that the packet_set_ring() function of the Linux kernel's networking implementation did not properly validate certain block-size data. A local attacker with CAP_NET_RAW capability could use this flaw to trigger a buffer overflow, resulting in the crash of the system. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2017-7308 )

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Package Patched in
kernel kernel-4.9.27-14.31.amzn1.x86_64
kernel kernel-4.9.27-14.31.amzn1.i686
kernel kernel-4.9.27-14.31.amzn1.src
kernel-debuginfo kernel-debuginfo-4.9.27-14.31.amzn1.i686
kernel-debuginfo kernel-debuginfo-4.9.27-14.31.amzn1.x86_64
kernel-debuginfo-common-i686 kernel-debuginfo-common-i686-4.9.27-14.31.amzn1.i686
kernel-debuginfo-common-x86_64 kernel-debuginfo-common-x86_64-4.9.27-14.31.amzn1.x86_64
kernel-devel kernel-devel-4.9.27-14.31.amzn1.i686
kernel-devel kernel-devel-4.9.27-14.31.amzn1.x86_64
kernel-doc kernel-doc-4.9.27-14.31.amzn1.noarch
kernel-headers kernel-headers-4.9.27-14.31.amzn1.i686
kernel-headers kernel-headers-4.9.27-14.31.amzn1.x86_64
kernel-tools kernel-tools-4.9.27-14.31.amzn1.x86_64
kernel-tools kernel-tools-4.9.27-14.31.amzn1.i686
kernel-tools-debuginfo kernel-tools-debuginfo-4.9.27-14.31.amzn1.x86_64
kernel-tools-debuginfo kernel-tools-debuginfo-4.9.27-14.31.amzn1.i686
kernel-tools-devel kernel-tools-devel-4.9.27-14.31.amzn1.x86_64
kernel-tools-devel kernel-tools-devel-4.9.27-14.31.amzn1.i686
perf perf-4.9.27-14.31.amzn1.i686
perf perf-4.9.27-14.31.amzn1.x86_64
perf-debuginfo perf-debuginfo-4.9.27-14.31.amzn1.x86_64
perf-debuginfo perf-debuginfo-4.9.27-14.31.amzn1.i686