SB2018030603 - Multiple vulnerabilities in Linux Kernel
Published: March 6, 2018 Updated: March 12, 2018
Security Bulletin ID
SB2018030603
Severity
Low
Patch available
NO
Number of vulnerabilities
2
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Security restrictions bypass (CVE-ID: CVE-2018-7755)
The vulnerability allows a local unauthenticated attacker to bypass security restrictions on the target system.The weakness exists in the drivers/block/floppy.c source code in the fd_locked_ioctl function due to insufficient security restrictions. A local attacker can bypass security restrictions through the system floppy drive and obtain kernel code and data from the system.
2) Memory corruption (CVE-ID: CVE-2018-7740)
The vulnerability allows a local attacker to cause DoS condition no the target system.The weakness exists in the resv_map_release function due to boundary error when handling user-supplied input. A local attacker can execute an application that submits malicious input, trigger memory corruption and cause the system to crash.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://lkml.org/lkml/2018/3/7/1116
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.74
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.160
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.131
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.12
- https://bugzilla.kernel.org/show_bug.cgi?id=199037