CentOS 7 update for kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2016-10208 CVE-2016-7910 CVE-2016-8646 CVE-2017-5986 CVE-2017-7308 |
| CWE-ID | CWE-125 CWE-416 CWE-476 CWE-617 CWE-787 |
| Exploitation vector | Local |
| Public exploit | Public exploit code for vulnerability #5 is available. |
| Vulnerable software |
CentOS Operating systems & Components / Operating system |
| Vendor | CentOS Project |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU6644
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-10208
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target systsem.
The weakness exists due to memory corruption when validating meta block groups by the ext4_fill_super function. A local attacker can use a specially crafted EXT4 image to trigger an out-of-bounds read and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
Update to kernel 3.10.0-514.21.1.el7.
Vulnerable software versionsCentOS: 7
CPE2.3 External linkshttps://lists.centos.org/pipermail/centos-announce/2017-May/022441.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free error
EUVDB-ID: #VU6726
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-7910
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to use-after-free error in the disk_seqf_stop function in block/genhd.c. a local attacker can leverage the execution of a certain stop operation and execute arbitrary code on the system with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to kernel 3.10.0-514.21.1.el7.
Vulnerable software versionsCentOS: 7
CPE2.3 External linkshttps://lists.centos.org/pipermail/centos-announce/2017-May/022441.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Null pointer dereference
EUVDB-ID: #VU6727
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-8646
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to NULL pointer dereference in the hash_accept function in crypto/algif_hash.c. A local attacker can trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data and cause a kernel oops.
Successful exploitation of the vulnerability results in denial of service.
Update to kernel 3.10.0-514.21.1.el7.
Vulnerable software versionsCentOS: 7
CPE2.3 External linkshttps://lists.centos.org/pipermail/centos-announce/2017-May/022441.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Assertion failure
EUVDB-ID: #VU5868
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-5986
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to cause kernel panic.
The vulnerability exists due to a race condition in the sctp_wait_for_sndbuf() function in net/sctp/socket.c in the Linux kernel before 4.9.11. A local user can use userspace application to trigger a BUG_ON() system call if the socket tx buffer is full and cause kernel panic.
Successful exploitation of this vulnerability may result in denial of service condition.
Update to kernel 3.10.0-514.21.1.el7.
Vulnerable software versionsCentOS: 7
CPE2.3 External linkshttps://lists.centos.org/pipermail/centos-announce/2017-May/022441.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Heap-out-of-bounds write
EUVDB-ID: #VU6526
Risk: Low
CVSSv4.0: 6.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2017-7308
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to cause DoS conditions.
The weakness exists due to improper validation of certain block-size data by the packet_set_ring function in net/packet/af_packet.c. A local attacker can provide specific parameters to the PACKET_RX_RING option on an AF_PACKET socket with a TPACKET_V3 ring buffer version enabled, trigger heap-out-of-bounds write and cause denial of service.
Successful exploitation of the vulnerability results in denial of service.
Update to kernel 3.10.0-514.21.1.el7.
Vulnerable software versionsCentOS: 7
CPE2.3 External linkshttps://lists.centos.org/pipermail/centos-announce/2017-May/022441.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
