CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
35.4%
Severity: High
Date : 2017-02-22
CVE-ID : CVE-2016-10088 CVE-2016-9588 CVE-2017-5986 CVE-2017-6074
Package : linux
Type : multiple issues
Remote : No
Link : https://security.archlinux.org/AVG-178
The package linux before version 4.9.11-1 is vulnerable to multiple
issues including privilege escalation and denial of service.
Upgrade to 4.9.11-1.
The problems have been fixed upstream in version 4.9.11.
None.
The sg implementation in the Linux kernel through 4.9 does not properly
restrict write operations in situations where the KERNEL_DS option is
set, which allows local users to read or write to arbitrary kernel
memory locations or cause a denial of service (use-after-free) by
leveraging access to a /dev/sg device, related to block/bsg.c and
drivers/scsi/sg.c. NOTE: this vulnerability exists because of an
incomplete fix for CVE-2016-9576.
Linux kernel built with the KVM visualization support (CONFIG_KVM),
with nested visualization(nVMX) feature enabled(nested=1), is
vulnerable to an uncaught exception issue. It could occur if an L2
guest was to throw an exception which is not handled by an L1 guest.
It was reported that with Linux kernel, earlier than version v4.10-rc8,
an application may trigger a BUG_ON in sctp_wait_for_sndbuf if the
socket tx buffer is full, a thread is waiting on it to queue more data,
and meanwhile another thread peels off the association being used by
the first thread. This issue may then lead to a segmentation fault
resulting in denial of service.
A use-after-free vulnerability has been discovered in the DCCP
implementation in the Linux kernel. The dccp_rcv_state_process function
in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles
DCCP_PKT_REQUEST packet data structures in the LISTEN state. A local
unprivileged user could use this flaw to alter the kernel memory,
allowing them to escalate their privileges on the system via an
application that makes an IPV6_RECVPKTINFO setsockopt system call.
A local unprivileged attacker is able to perform a denial of service
attack or escalate their privileges on the system.
https://github.com/torvalds/linux/commit/2dcab598484185dea7ec22219c76dcdd59e3cb90
http://seclists.org/oss-sec/2017/q1/432
https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4
https://patchwork.ozlabs.org/patch/728808/
https://security.archlinux.org/CVE-2016-10088
https://security.archlinux.org/CVE-2016-9588
https://security.archlinux.org/CVE-2017-5986
https://security.archlinux.org/CVE-2017-6074
seclists.org/oss-sec/2017/q1/432
github.com/torvalds/linux/commit/2dcab598484185dea7ec22219c76dcdd59e3cb90
github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4
patchwork.ozlabs.org/patch/728808/
security.archlinux.org/AVG-178
security.archlinux.org/CVE-2016-10088
security.archlinux.org/CVE-2016-9588
security.archlinux.org/CVE-2017-5986
security.archlinux.org/CVE-2017-6074
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
35.4%