| Vector: | Remote |
| Severity: | Low |
| Patch: | Patched |
| Impact: |
Denial of Service (DoS) Escalation of Privileges Security Restrictions Bypass |
| Software: | Linux Kernel 3.18.x , vulnerable versions: <3.18.5 |
- The vulnerability exists due to lack of SYSENTER MSR initialization within the guest OS in em_sysenter() function in arch/x86/kvm/emulate.c. A local guest OS user can trigger usage of 16-bit code segment for emulation of a SYSENTER instruction and cause guest OS crash.
- A privilege escalation vulnerability exists in the Crypto API in Linux kernel. A local user can load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field and elevate privileges.
- Another privilege escalation vulnerability exists in the Crypto API in Linux kernel. A local user can load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field and elevate privileges.
- Security bypass vulnerability exists in net/netfilter/nf_conntrack_proto_generic.c within Linux kernel. The system incorrectly handles certain rule sets for SCTP, DCCP, GRE, and UDP-Lite protocols. A remote attacker can bypass intended security restrictions via packets with disallowed port numbers. The vulnerability was fixed in kernel version 3.18.
- An off-by-one error exists in the ecryptfs_decode_from_filename() function in fs/ecryptfs/crypto.c. A local user can trigger buffer overflow in the eCryptfs subsystem and execute arbitrary code on the system with elevated privileges. The vulnerability was fixed in kernel version 3.18.2.
Solution:
For : 3.18.5
CVE ID:
CVSS v2:
- AV:L/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C
- AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C
- AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C
- AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C
- AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C
Links: •http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.5
Solution: Update to version 3.18.5.
