Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose sensitive information, and potentially gain escalated privileges.
1) An error exists within the "keyctl_session_to_parent()" function in security/keys/keyctl.c, which can be exploited to cause a NULL pointer dereference by e.g. calling "keyctl()" with KEYCTL_SESSION_TO_PARENT.
Note: Successful exploitation may require that the distribution does not use pam_keyinit.
2) A use-after-free error exists within the "snd_seq_oss_open()" function in sound/core/seq/oss/seq_oss_init.c, which can be exploited to e.g. cause a kernel crash.
Note: Successful exploitation may require access to the sequencer device.
3) The "mos7720_ioctl()" function in drivers/usb/serial/mos7720.c, the "mos7840_ioctl()" function in drivers/usb/serial/mos7840.c, and the "viafb_ioctl_get_viafb_info()" function in drivers/video/via/ioctl.c are not properly initializing all members of certain structures before copying them to userspace, which can be exploited to disclose kernel stack memory by sending certain IOCTLs.
Solution: Update to version 22.214.171.124 or 126.96.36.199.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to email@example.com
Subject: Linux Kernel Multiple Vulnerabilities
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.