kernel: two vulnerabilities
| Package(s): | linux, linux-snapdragon, kernel | CVE #(s): | CVE-2016-9191 CVE-2017-5549 | ||||||||
| Created: | February 22, 2017 | Updated: | February 22, 2017 | ||||||||
| Description: | From the CVE entries:
The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity. (CVE-2016-9191) The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log. (CVE-2017-5549) | ||||||||||
| Alerts: |
| ||||||||||