pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p9/ALT-PU-2018-1046/definitions.json
pepelyaevip 546ec3bcc0 ALT Vulnerability
2025-03-03 12:05:02 +00:00

215 lines
11 KiB
JSON
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20181046",
"Version": "oval:org.altlinux.errata:def:20181046",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2018-1046: package `kernel-image-std-def` update to version 4.9.77-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2018-1046",
"RefURL": "https://errata.altlinux.org/ALT-PU-2018-1046",
"Source": "ALTPU"
},
{
"RefID": "BDU:2018-00002",
"RefURL": "https://bdu.fstec.ru/vul/2018-00002",
"Source": "BDU"
},
{
"RefID": "BDU:2018-00412",
"RefURL": "https://bdu.fstec.ru/vul/2018-00412",
"Source": "BDU"
},
{
"RefID": "CVE-2017-1000410",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000410",
"Source": "CVE"
},
{
"RefID": "CVE-2017-17741",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-17741",
"Source": "CVE"
},
{
"RefID": "CVE-2017-5753",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5753",
"Source": "CVE"
},
{
"RefID": "CVE-2018-5332",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-5332",
"Source": "CVE"
}
],
"Description": "This update upgrades kernel-image-std-def to version 4.9.77-alt1. \nSecurity Fix(es):\n\n * BDU:2018-00002: Уязвимость процессоров Intel, ARM и AMD, связанная с особенностями функционирования модуля прогнозирования ветвлений, позволяющая нарушителю раскрыть защищаемую информацию\n\n * BDU:2018-00412: Уязвимость функции rds_message_alloc_sgs() ядра операционной системы Linux, позволяющая нарушителю осуществить запись за границами буфера в памяти\n\n * CVE-2017-1000410: The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit the RCE against kernels which were built with the above mitigations. These are the specifics of this vulnerability: In the function l2cap_parse_conf_rsp and in the function l2cap_parse_conf_req the following variable is declared without initialization: struct l2cap_conf_efs efs; In addition, when parsing input configuration parameters in both of these functions, the switch case for handling EFS elements may skip the memcpy call that will write to the efs variable: ... case L2CAP_CONF_EFS: if (olen == sizeof(efs)) memcpy(\u0026efs, (void *)val, olen); ... The olen in the above if is attacker controlled, and regardless of that if, in both of these functions the efs variable would eventually be added to the outgoing configuration request that is being built: l2cap_add_conf_opt(\u0026ptr, L2CAP_CONF_EFS, sizeof(efs), (unsigned long) \u0026efs); So by sending a configuration request, or response, that contains an L2CAP_CONF_EFS element, but with an element length that is not sizeof(efs) - the memcpy to the uninitialized efs variable can be avoided, and the uninitialized variable would be returned to the attacker (16 bytes).\n\n * CVE-2017-17741: The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h.\n\n * CVE-2017-5753: Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.\n\n * CVE-2018-5332: In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c).",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2025 BaseALT Ltd.",
"Issued": {
"Date": "2018-01-17"
},
"Updated": {
"Date": "2018-01-17"
},
"BDUs": [
{
"ID": "BDU:2018-00002",
"CVSS": "AV:L/AC:M/Au:S/C:C/I:N/A:N",
"CVSS3": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"CWE": "CWE-200, CWE-203, CWE-264",
"Href": "https://bdu.fstec.ru/vul/2018-00002",
"Impact": "Low",
"Public": "20180107"
},
{
"ID": "BDU:2018-00412",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2018-00412",
"Impact": "High",
"Public": "20180103"
}
],
"CVEs": [
{
"ID": "CVE-2017-1000410",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000410",
"Impact": "High",
"Public": "20171207"
},
{
"ID": "CVE-2017-17741",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-17741",
"Impact": "Low",
"Public": "20171218"
},
{
"ID": "CVE-2017-5753",
"CVSS": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"CWE": "CWE-203",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5753",
"Impact": "Low",
"Public": "20180104"
},
{
"ID": "CVE-2018-5332",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-5332",
"Impact": "High",
"Public": "20180111"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
"cpe:/o:alt:starterkit:p9"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20181046001",
"Comment": "kernel-doc-std is earlier than 1:4.9.77-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181046002",
"Comment": "kernel-headers-modules-std-def is earlier than 1:4.9.77-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181046003",
"Comment": "kernel-headers-std-def is earlier than 1:4.9.77-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181046004",
"Comment": "kernel-image-domU-std-def is earlier than 1:4.9.77-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181046005",
"Comment": "kernel-image-std-def is earlier than 1:4.9.77-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181046006",
"Comment": "kernel-modules-drm-ancient-std-def is earlier than 1:4.9.77-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181046007",
"Comment": "kernel-modules-drm-nouveau-std-def is earlier than 1:4.9.77-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181046008",
"Comment": "kernel-modules-drm-radeon-std-def is earlier than 1:4.9.77-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181046009",
"Comment": "kernel-modules-drm-std-def is earlier than 1:4.9.77-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181046010",
"Comment": "kernel-modules-ide-std-def is earlier than 1:4.9.77-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181046011",
"Comment": "kernel-modules-kvm-std-def is earlier than 1:4.9.77-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181046012",
"Comment": "kernel-modules-staging-std-def is earlier than 1:4.9.77-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181046013",
"Comment": "kernel-modules-v4l-std-def is earlier than 1:4.9.77-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink