{"id":"MGASA-2017-0090","summary":"Updated kernel-linus packages fixes security vulnerabilities","details":"This kernel-linus update is based on upstream 4.4.55 and fixes at least\nthe following security issues:\n\nRace condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1\nallows local users to gain privileges or cause a denial of service (double\nfree) by setting the HDLC line discipline (CVE-2017-2636).\n\nRace condition in net/packet/af_packet.c in the Linux kernel before 4.9.13\nallows local users to cause a denial of service (use-after-free) or possibly\nhave unspecified other impact via a multithreaded application that makes\nPACKET_FANOUT setsockopt system calls (CVE-2017-6346).\n\nThe ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux\nkernel before 4.10.1 has incorrect expectations about skb data layout,\nwhich allows local users to cause a denial of service (buffer over-read)\nor possibly have unspecified other impact via crafted system calls, as\ndemonstrated by use of the MSG_MORE flag in conjunction with loopback UDP\ntransmission (CVE-2017-6347).\n\nThe hashbin_delete function in net/irda/irqueue.c in the Linux kernel before\n4.9.13 improperly manages lock dropping, which allows local users to cause a\ndenial of service (deadlock) via crafted operations on IrDA devices\n(CVE-2017-6348).\n\nFor other upstream fixes in this update, see the referenced changelogs.\n","modified":"2026-04-16T06:23:51.153178279Z","published":"2017-03-25T20:15:34Z","upstream":["CVE-2017-2636","CVE-2017-6346","CVE-2017-6347","CVE-2017-6348"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0090.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=20529"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.51"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.52"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.53"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.54"},{"type":"WEB","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.55"}],"affected":[{"package":{"name":"kernel-linus","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/kernel-linus?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.4.55-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0090.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}