Описание
An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31349935.
A flaw was found in the Linux networking subsystem where a local attacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds memory access by creating a smaller-than-expected ICMP header and sending to its destination via sendto().
Отчет
This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6 and is planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. This issue doesn't affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 7 and MRG-2.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kernel | Not affected | ||
| Red Hat Enterprise MRG 2 | realtime-kernel | Not affected | ||
| Red Hat Enterprise Linux 6 | kernel | Fixed | RHSA-2017:0817 | 21.03.2017 |
| Red Hat Enterprise Linux 6.7 Extended Update Support | kernel | Fixed | RHSA-2017:0869 | 04.04.2017 |
| Red Hat Enterprise Linux 7 | kernel-rt | Fixed | RHSA-2017:2931 | 19.10.2017 |
| Red Hat Enterprise Linux 7 | kernel | Fixed | RHSA-2017:2930 | 19.10.2017 |
Показывать по
Дополнительная информация
Статус:
7.8 High
CVSS3
6.8 Medium
CVSS2
Связанные уязвимости
An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31349935.
An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31349935.
An elevation of privilege vulnerability in the kernel networking subsy ...
An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31349935.
Уязвимость операционной системы Android, позволяющая нарушителю выполнить произвольный код
7.8 High
CVSS3
6.8 Medium
CVSS2