Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM

Vulnerability Details

CVEID: CVE-2018-1066
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() function. An attacker controlling a CIFS server could exploit this vulnerability to cause a kernel panic.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/139836 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-7273
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw in the cp_report_fixup function in drivers/hid/hid-cypress.c. By using a specially-crafted HID report, a physically proximate attacker could exploit this vulnerability to cause a denial of service or possibly have unspecified other impact.
CVSS Base Score: 4.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/123829 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-6346
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an use-after-free error in net/packet/af_packet.c. By using a multithreaded application that makes PACKET_FANOUT setsockopt system calls, a local attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 7.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/122669 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-5967
DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by an error in the when CONFIG_TIMER_STATS is enabled. By reading the /proc/timer_list file, an attacker could exploit this vulnerability to obtain real PID value.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/122005 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2017-5669
DESCRIPTION: Linux Kernel could allow a local attacker to bypass security restrictions, caused by an error in the do_shmat() function. An atatcker could exploit this vulnerability to bypass a protection mechanism for the mmap system call.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/122677 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2017-15299
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the KEYS subsystem. By using a specially-crafted system call, a remote attacker could exploit this vulnerability to cause the system to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/133509 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-15274
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in security/keys/keyctl.c. By using a specially-crafted add_key or keyctl system call, a local attacker could exploit this vulnerability to cause the system to crash.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/133486 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-14489
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw in the iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c. By leveraging incorrect length validation, a local authenticated attacker could exploit this vulnerability to cause the system to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/132070 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-10661
DESCRIPTION: Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a race condition in fs/timerfd.c. An attacker could exploit this vulnerability to gain privileges or cause a denial of service.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/130802 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-4913
DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by the improper handling of NM entries containing NUL characters by the get_rock_ridge_filename function in fs/isofs/rock.c. An attacker could exploit this vulnerability using a specially crafted isofs filesystem to read from kernel memory locations.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113397 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2016-2548
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a race condition in the ALSA sound driver when unlinking specific linked lists. A local attacker could exploit this vulnerability to cause the system to crash.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111571 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-10044
DESCRIPTION: Linux Kernel and Google Nexux could allow a local attacker to gain elevated privileges on the system, caused by improperly restricting execute access in aio_mount function in fs/aio.c. By using an io_setup system call, an attacker could exploit this vulnerability to bypass intended SELinux W^X policy restrictions and gain elevated privileges on the system.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/127955 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2015-8830
DESCRIPTION: Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the AIO interface. By applying to certain filesystems, socket or device types, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111186 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2015-5697
DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by a leak in the md driver. An attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105221 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2018-5391
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by the improper handling of the reassembly of fragmented IPv4 and IPv6 packets by the IP implementation. By sending specially crafted IP fragments with random offsets, a remote attacker could exploit this vulnerability to exhaust all available CPU resources and cause a denial of service.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/148388 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)