| Description: | Summary:
The remote host is missing an update for the Debian 'linux' package(s) announced via the DLA-772-1 advisory.
Vulnerability Insight:
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
CVE-2012-6704 / CVE-2016-9793 Eric Dumazet found that a local user with CAP_NET_ADMIN capability could set a socket's buffer size to be negative, leading to a denial of service or other security impact. Additionally, in kernel versions prior to 3.5, any user could do this if sysctl net.core.rmem_max was changed to a very large value.
CVE-2015-1350 / #770492 Ben Harris reported that local users could remove set-capability attributes from any file visible to them, allowing a denial of service.
CVE-2015-8962
Calvin Owens fouund that removing a SCSI device while it was being accessed through the SCSI generic (sg) driver led to a double free, possibly causing a denial of service (crash or memory corruption) or privilege escalation. This could be exploited by local users with permision to access a SCSI device node.
CVE-2015-8963
Sasha Levin reported that hot-unplugging a CPU resulted in a use-after-free by the performance events (perf) subsystem, possibly causing a denial of service (crash or memory corruption) or privilege escalation. This could by exploited by any local user.
CVE-2015-8964
It was found that the terminal/serial (tty) subsystem did not reliably reset the terminal buffer state when the terminal line discipline was changed. This could allow a local user with access to a terminal device to read sensitive information from kernel memory.
CVE-2016-7097
Jan Kara found that changing the POSIX ACL of a file never cleared its set-group-ID flag, which should be done if the user changing it is not a member of the group-owner. In some cases, this would allow the user-owner of an executable to gain the privileges of the group-owner.
CVE-2016-7910
Vegard Nossum discovered that a memory allocation failure while handling a read of /proc/diskstats or /proc/partitions could lead to a use-after-free, possibly causing a denial of service (crash or memory corruption) or privilege escalation.
CVE-2016-7911
Dmitry Vyukov reported that a race between ioprio_get() and ioprio_set() system calls could result in a use-after-free, possibly causing a denial of service (crash) or leaking sensitive information.
CVE-2016-7915
Benjamin Tissoires found that HID devices could trigger an out-of bounds memory access in the HID core. A physically present user could possibly use this for denial of service (crash) or to leak sensitive information.
CVE-2016-8399
Qidan He reported that the IPv4 ping socket implementation did not validate the length of packets to be sent. A user with permisson to use ping sockets could cause an out-of-bounds read, possibly resulting in a denial of service or information leak. However, on Debian systems no users have permission to create ping sockets by default.
CVE-2016-8633
Eyal Itkin reported that the ... [Please see the references for more information on the vulnerabilities]
Affected Software/OS:
'linux' package(s) on Debian 7.
Solution:
Please install the updated package(s).
CVSS Score:
10.0
CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
