{"id":"MGASA-2017-0136","summary":"Updated kernel packages fixes security vulnerabilities","details":"This kernel update is based on upstream 4.4.65 and fixes at least\nthe following security issues:\n\nfs/namespace.c in the Linux kernel before 4.9 does not restrict how many\nmounts may exist in a mount namespace, which allows local users to cause\na denial of service (memory consumption and deadlock) via MS_BIND mount\nsystem calls, as demonstrated by a loop that triggers exponential growth\nin the number of mounts (CVE-2016-6213).\n\nThe xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in\nthe Linux kernel before 4.6 allows local users to gain privileges or cause\na denial of service (use-after-free) via vectors involving omission of the\nfirmware name from a certain data structure (CVE-2016-7913).\n\nThe nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux\nkernel before 4.5 does not check whether a batch message's length field is\nlarge enough, which allows local users to obtain sensitive information from\nkernel memory or cause a denial of service (infinite loop or out-of-bounds\nread) by leveraging the CAP_NET_ADMIN capability (CVE-2016-7917).\n\nThe tipc_msg_build function in net/tipc/msg.c in the Linux kernel through\n4.8.11 does not validate the relationship between the minimum fragment\nlength and the maximum packet size, which allows local users to gain\nprivileges or cause a denial of service (heap-based buffer overflow) by\nleveraging the CAP_NET_ADMIN capability (CVE-2016-8632).\n\ndrivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local\nusers to bypass integer overflow checks, and cause a denial of service\n(memory corruption) or have unspecified other impact, by leveraging access\nto a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a\n\"state machine confusion bug\" (CVE-2016-9083).\n\ndrivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11\nmisuses the kzalloc function, which allows local users to cause a denial\nof service (integer overflow) or have unspecified other impact by\nleveraging access to a vfio PCI device file (CVE-2016-9084).\n\nIt was discovered that root can gain direct access to an internal keyring,\nsuch as '.builtin_trusted_keys' upstream, by joining it as its session\nkeyring. This allows root to bypass module signature verification by adding\na new public key of its own devising to the keyring (CVE-2016-9604).\n\nThe ping_unhash function in net/ipv4/ping.c in the Linux kernel through\n4.10.8 is too late in obtaining a certain lock and consequently cannot\nensure that disconnect function calls are safe, which allows local users\nto cause a denial of service (panic) by leveraging access to the protocol\nvalue of IPPROTO_ICMP in a socket system call (CVE-2017-2671).\n\nRace condition in kernel/events/core.c in the Linux kernel before 4.9.7\nallows local users to gain privileges via a crafted application that makes\nconcurrent perf_event_open system calls for moving a software group into a\nhardware context. NOTE: this vulnerability exists because of an incomplete\nfix for CVE-2016-6786 (CVE-2017-6001).\n\nThe keyring_search_aux function in security/keys/keyring.c in the Linux\nkernel through 3.14.79 allows local users to cause a denial of service\n(NULL pointer dereference and OOPS) via a request_key system call for the\n\"dead\" type (CVE-2017-6951).\n\nThe packet_set_ring function in net/packet/af_packet.c in the Linux kernel\nthrough 4.10.6 does not properly validate certain block-size data, which\nallows local users to cause a denial of service (overflow) or possibly have\nunspecified other impact via crafted system calls (CVE-2017-7308).\n\nA vulnerability was found in the Linux kernel. It was found that\nkeyctl_set_reqkey_keyring() function leaks thread keyring which allows\nunprivileged local user to exhaust kernel memory (CVE-2017-7472).\n\nFor other upstream fixes in this update, see the referenced changelogs.\n","modified":"2026-01-30T08:57:49.372570Z","published":"2017-05-10T20:47:44Z","related":["CVE-2016-6213","CVE-2016-7913","CVE-2016-7917","CVE-2016-8632","CVE-2016-9083","CVE-2016-9084","CVE-2016-9120","CVE-2016-9604","CVE-2017-2671","CVE-2017-6001","CVE-2017-6951","CVE-2017-7308","CVE-2017-7472"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0136.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=20747"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.60"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.61"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.62"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.63"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.64"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.65"}],"affected":[{"package":{"name":"kernel","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/kernel?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.4.65-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0136.json"}},{"package":{"name":"kernel-userspace-headers","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/kernel-userspace-headers?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.4.65-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0136.json"}},{"package":{"name":"kmod-vboxadditions","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/kmod-vboxadditions?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.1.22-2.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0136.json"}},{"package":{"name":"kmod-virtualbox","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.1.22-2.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0136.json"}},{"package":{"name":"kmod-xtables-addons","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/kmod-xtables-addons?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.10-37.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0136.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}