|
|
Subscribe / Log in / New account

kernel: two vulnerabilities

Package(s):kernel CVE #(s):CVE-2017-5897 CVE-2017-5986
Created:February 14, 2017 Updated:February 15, 2017
Description: From the Red Hat bugzilla:

CVE-2017-5986: It was reported that with Linux kernel, earlier than version v4.10-rc8, an application may trigger a BUG_ON in sctp_wait_for_sndbuf if the socket tx buffer is full, a thread is waiting on it to queue more data, and meanwhile another thread peels off the association being used by the first thread.

CVE-2017-5897: An issue was found in the Linux kernel ipv6 implementation of GRE tunnels which allows a remote attacker to trigger an out-of-bounds access. At this time we understand no trust barrier has been crossed and there is no security implications in this flaw.

Alerts:
Fedora FEDORA-2017-92d84f68cf kernel 2017-02-13
Fedora FEDORA-2017-fb89ca752a kernel 2017-02-14
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds