SB2017042851 - Fedora 25 update for kernel
Published: April 28, 2017 Updated: April 24, 2025
Security Bulletin ID
SB2017042851
Severity
Medium
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Adjecent network
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Heap-based buffer overflow (CVE-ID: CVE-2017-7477)
The vulnerability allows a remote attacker on the local network execute arbitrary code on the target system.The weakness exists due to heap-based buffer overflow in the skb_to_sgvec() function in the MACsec driver. A remote attacker can use a MAX_SKB_FRAGS+1 size in conjunction with the NETIF_F_FRAGLIST feature, trigger memory corruption and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability results in arbitrary code execution.2) Security restrictions bypass (CVE-ID: CVE-2016-9604)
The vulnerability allows a local attacker to write arbitrary files on the target system.The weakness exists due to root can gain direct access to an internal keyring, such as '.dns_resolver' or '.builtin_trusted_keys' upstream, by joining it as its session keyring. A local attacker can bypass module signature verification by adding a new public key of its own devising to the keyring.
Remediation
Install update from vendor's website.