| Description: | Summary:
The remote host is missing an update for the Debian 'linux' package(s) announced via the DSA-4188-1 advisory.
Vulnerability Insight:
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
CVE-2017-5715
Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system.
This specific attack has been named Spectre variant 2 (branch target injection) and is mitigated for the x86 architecture (amd64 and i386) by using the retpoline compiler feature which allows indirect branches to be isolated from speculative execution.
CVE-2017-5753
Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system.
This specific attack has been named Spectre variant 1 (bounds-check bypass) and is mitigated by identifying vulnerable code sections (array bounds checking followed by array access) and replacing the array access with the speculation-safe array_index_nospec() function.
More use sites will be added over time.
CVE-2017-17975
Tuba Yavuz reported a use-after-free flaw in the USBTV007 audio-video grabber driver. A local user could use this for denial of service by triggering failure of audio registration.
CVE-2017-18193
Yunlei He reported that the f2fs implementation does not properly handle extent trees, allowing a local user to cause a denial of service via an application with multiple threads.
CVE-2017-18216
Alex Chen reported that the OCFS2 filesystem failed to hold a necessary lock during nodemanager sysfs file operations, potentially leading to a null pointer dereference. A local user could use this for denial of service.
CVE-2017-18218
Jun He reported a use-after-free flaw in the Hisilicon HNS ethernet driver. A local user could use this for denial of service.
CVE-2017-18222
It was reported that the Hisilicon Network Subsystem (HNS) driver implementation does not properly handle ethtool private flags. A local user could use this for denial of service or possibly have other impact.
CVE-2017-18224
Alex Chen reported that the OCFS2 filesystem omits the use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode. A local user could use this for denial of service.
CVE-2017-18241
Yunlei He reported that the f2fs implementation does not properly initialise its state if the noflush_merge mount option is used. A local user with access to a filesystem mounted with this option could use this to cause a denial of service.
CVE-2017-18257
It was reported that the f2fs implementation is prone to an infinite loop caused by an ... [Please see the references for more information on the vulnerabilities]
Affected Software/OS:
'linux' package(s) on Debian 9.
Solution:
Please install the updated package(s).
CVSS Score:
7.2
CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
