RHSA-2017:1842HighCVSS 8.6

Red Hat Security Advisory: kernel security, bug fix, and enhancement update

Published
August 1, 2017
Last Modified
June 30, 2026

🔗 CVE IDs covered (38)

📋 Description

CVE-2014-7970 — Kernel: fs: VFS denial of service CVE-2014-7975 — Kernel: fs: umount denial of service CVE-2015-8839 — kernel: ext4 filesystem page fault race condition with fallocate call. CVE-2015-8970 — kernel: crypto: GPF in lrw_crypt caused by null-deref CVE-2016-6213 — kernel: Overflowing kernel mount table using shared bind mount CVE-2016-7042 — kernel: Stack corruption while reading /proc/keys when gcc stack protector is enabled CVE-2016-7097 — kernel: Setting a POSIX ACL via setxattr doesn't clear the setgid bit CVE-2016-8645 — kernel: a BUG() statement can be hit in net/ipv4/tcp_input.c CVE-2016-9576 — kernel: Use after free in SCSI generic device interface CVE-2016-9588 — Kernel: kvm: nVMX: uncaught software exceptions in L1 guest leads to DoS CVE-2016-9604 — kernel: security: The built-in keyrings for security tokens can be joined as a session and then modified by the root user CVE-2016-9685 — kernel: Memory leaks in xfs_attr_list.c error paths CVE-2016-9806 — kernel: netlink: double-free in netlink_dump CVE-2016-10088 — kernel: Use after free in SCSI generic device interface (CVE-2016-9576 regression) CVE-2016-10147 — kernel: Kernel crash by spawning mcrypt(alg) with incompatible algorithm CVE-2016-10200 — kernel: l2tp: Race condition in the L2TPv3 IP encapsulation feature CVE-2016-10741 — kernel: race condition between direct and memory-mapped I/O in fs/xfs/xfs_aops.c CVE-2017-2584 — Kernel: kvm: use after free in complete_emulated_mmio CVE-2017-2596 — Kernel: kvm: page reference leakage in handle_vmon CVE-2017-2647 — kernel: Null pointer dereference in search_keyring CVE-2017-2671 — kernel: ping socket / AF_LLC connect() sin_family race CVE-2017-5551 — kernel: S_ISGD is not cleared when setting posix ACLs in tmpfs (CVE-2016-7097 incomplete fix) CVE-2017-5970 — kernel: ipv4: Invalid IP options could cause skb->dst drop CVE-2017-6001 — kernel: Race condition between multiple sys_perf_event_open() calls CVE-2017-6951 — kernel: NULL pointer dereference in keyring_search_aux function CVE-2017-7187 — kernel: scsi: Stack-based buffer overflow in sg_ioctl function CVE-2017-7495 — kernel: ext4: power failure during write(2) causes on-disk information leak CVE-2017-7616 — kernel: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c CVE-2017-7889 — kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism CVE-2017-8797 — kernel: NFSv4 server does not properly validate layout type when processing NFSv4 pNFS LAYOUTGET operand CVE-2017-8890 — kernel: Double free in the inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c CVE-2017-9074 — kernel: net: IPv6 fragmentation implementation of nexthdr field may be associated with an invalid option CVE-2017-9075 — kernel: net: sctp_v6_create_accept_sk function mishandles inheritance CVE-2017-9076 — kernel: net: IPv6 DCCP implementation mishandles inheritance CVE-2017-9077 — kernel: net: tcp_v6_syn_recv_sock function mishandles inheritance CVE-2017-9242 — kernel: Incorrect overwrite check in _ip6_append_data() CVE-2017-1000253 — kernel: load_elf binary() does not take account of the need to allocate sufficient space for the entire binary CVE-2017-1000379 — kernel: Incorrectly mapped contents of PIE executable

🔗 References (71)