SB2018100906 - Debian update for linux

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018100906

SB2018100906 - Debian update for linux

Published: October 9, 2018

Security Bulletin ID SB2018100906
Severity
Low
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Adjecent network
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Integer overflow (CVE-ID: CVE-2018-15471)

The vulnerability allows an adjacent attacker to gain elevated privileges on the target system.

The vulnerability exists in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c due to integer overflow when handling malicious input. An adjacent attacker can supply a malicious or buggy frontend request to set or change mapping of requests to request queues, cause the (usually privileged) backend to make out of bounds memory accesses and gain access to arbitrary data, cause the service to crash or gain elevated privileges.


2) Improper input validation (CVE-ID: CVE-2018-18021)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists in the arch/arm64/kvm/guest.c source code file due to the mishandling of the sanity check for the KVM_SET_ON_REG IOCTL function. A local attacker can create a malicious Kernel-based Virtual Machine (KVM), cause an illegal exception return and cause the system to crash.


Remediation

Install update from vendor's website.

References