Rewterz Threat Advisory – CVE-2018-0470 – Cisco IOS XE HTTP Packet Processing Denial of Service Vulnerability
September 27, 2018Rewterz Threat Advisory – CVE-2017-13695, CVE-2018-5873, CVE-2018-16658 – Oracle VM Server for x86 update for kernel-uek
October 1, 2018Malicious local users may gain escalated privileges by exploiting a vulnerability in the Linux Kernel.
IMPACT: HIGH
PUBLISH DATE: 28-09-2018
OVERVIEW
A security flaw in the Linux Kernel may be exploited to induce Denial of Service, Use-After-Free condition or to gain privileges. Updates are available for all the affected versions of the product.
ANALYSIS
A flaw was detected in the Linux Kernel by some researchers. When this vulnerability is exploited by an attacker, it may induce a Denial of Service condition. However, exploiting this vulnerability requires time because the vulnerability can only be triggered by processes that run for a long enough time to cause the overflow for a reference counter.
The vmacache_flush_all() function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.
Exploitation of this vulnerability may have high impacts on the confidentiality, integrity and availability of the compromised device.
AFFECTED PRODUCTS
Linux Kernel 3.16.x
Linux Kernel 4.4.x
Linux Kernel 4.9.x
Linux Kernel 4.14.x
Linux Kernel 4.18.x
UPDATE
Update the following affected versions according to the suggested updates available.
Versions 4.18.x:
Update to version 4.18.9
Versions 4.14.x:
Update to version 4.14.71
Versions 4.9.x:
Update to version 4.9.128
Versions 4.4.x:
Update to version 4.4.157
Versions 3.16.x:
Update to version 3.16.58.
If you think you are a victim of a cyber-attack, immediately send an e-mail to info@rewterz.com.