Wade Mealing

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A flaw was found in the Linux kernel's implementation of audit rules, where a syscall can unexpectedly not be correctly logged by the audit subsystem. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A flaw was found in the Linux kernel’s implementation of reading the SVC RDMA counters. Reading the counter sysctl panics the system, allowing a local attacker with local access to cause a denial of service while the system reboots. The issue is specific to CentOS/RHEL. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A flaw was found in the Linux kernel's memory deduplication mechanism. This issue can be exploited via a local mechanism, and the same technique can be used if an attacker can upload page-sized files and detect the change in access time from a networked service to determine if the page has been merged. The attack allows an attacker to determine the presence of specific data in memory, organize byte-by-byte leakage of memory contents, or determine the memory layout to bypass address space layout randomization (ASLR) protection. The attack can be conducted from a remote host using HTTP/1 and HTTP/2 protocols by analyzing changes in response times to sent requests. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** gst-plugins-bad versions prior to 1.18.1 **Description** A flaw was found in the gstreamer h264 component where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly code execution. The vulnerability is related to the `gst h264 slice parse dec ref pic marking` function and is associated with a buffer overflow in memory, which could allow a remote attacker to execute arbitrary code or cause a denial of service. **Recommendations** For versions prior to 1.18.1, update to version 1.18.1 or later to resolve the issue. As a temporary workaround, consider disabling the `gst h264 slice parse dec ref pic marking` function until a patch is available. Restrict access to the gstreamer h264 component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.5-rc1 **Description** The issue is related to a buffer overflow in memory, allowing an attacker to cause a denial of service. A flaw was found in the Linux kernel's implementation of string matching within a packet, which can be exploited by a privileged user to insert a rule that can panic the system. **Recommendations** For Linux kernel versions prior to 5.5-rc1, update to a version 5.5-rc1 or later to resolve the issue. As a temporary workaround, consider restricting the insertion of iptables rules to minimize the risk of exploitation. Avoid using the `iptables` command with untrusted input until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.15-rc4 **Description** A flaw was found in the crypto subsystem of the Linux kernel. The issue involves the "null skcipher" being dropped when each `af alg ctx` is freed instead of when the `aead tfm` is freed. This can cause the null skcipher to be freed while it is still in use, leading to a local user being able to crash the system or possibly escalate privileges. **Recommendations** For Linux kernel versions prior to 4.15-rc4, update to version 4.15-rc4 or later to resolve the issue. As a temporary workaround, consider restricting access to the crypto subsystem to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.4 **Description** The issue allows local users to cause a denial of service, resulting in an infinite loop. This occurs when a writev system call is made, triggering a zero length for the first segment of an iov. **Recommendations** For versions prior to 4.4, update to version 4.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.5 **Description** The issue is related to the incorrect identification of error conditions in the Linux kernel component drivers/infiniband/hw/cxgb3/iwch cm.c. This can be exploited by a remote attacker using specially crafted network traffic, potentially allowing the execution of arbitrary code or causing a denial of service (use-after-free). **Recommendations** For Linux kernel versions prior to 4.5, update to version 4.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Red Hat Enterprise Linux 7 kernel-rt Red Hat Enterprise MRG 2 **Description** A race condition exists in the kernel when the nfnetlink log module is loaded, allowing local users to cause a denial of service by creating netlink sockets. **Recommendations** For Red Hat Enterprise Linux 7, consider disabling the nfnetlink log module as a temporary workaround until a patch is available. For kernel-rt, restrict access to the netlink sockets to minimize the risk of exploitation. For Red Hat Enterprise MRG 2, avoid using the nfnetlink log module in the kernel until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.3 **Description** The issue is related to the `net/sctp/sm sideeffect.c` file in the Linux kernel, where it does not properly manage the relationship between a lock and a socket. This allows local users to cause a denial of service, specifically a deadlock, by making a crafted `sctp accept` call. **Recommendations** For Linux kernel versions prior to 4.3, update to version 4.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.0.5 **Description** The issue is related to the fs pin implementation in the Linux kernel, which does not ensure the internal consistency of a certain list data structure. This allows local users with user-namespace root access to cause a denial of service, resulting in a system crash, by leveraging an MNT DETACH umount2 system call. The issue is related to the fs/fs pin.c and include/linux/fs pin.h files. **Recommendations** For Linux kernel versions prior to 4.0.5, update to version 4.0.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.0.5 **Description** The issue is related to the collect mounts function in fs/namespace.c, which does not properly handle the case when it executes after a path has been unmounted. This allows local users with user-namespace root access to cause a denial of service, resulting in a system crash, by making an MNT DETACH umount2 system call. **Recommendations** For Linux kernel versions prior to 4.0.5, update to version 4.0.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.0.2 **Description** The issue concerns a problem in the Linux kernel where the fs/namespace.c file does not properly support mount connectivity. This allows local users with user-namespace root access to read arbitrary files by deleting a file or directory. **Recommendations** For versions prior to 4.0.2, update to version 4.0.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 3.x **Description** The issue allows local users to cause a denial of service, specifically capability stripping, via a failed invocation of a system call. This can be demonstrated by using the chown command to remove a capability from certain programs, such as ping or Wireshark dumpcap. **Recommendations** For Linux kernel version 3.x, consider restricting the use of the chown command to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the chown command to remove capabilities from sensitive programs.

**Name of the Vulnerable Software and Affected Versions** Ceph versions prior to 3.16.3 Linux kernel versions prior to 3.16.3 **Description** The issue is related to the improper validation of auth replies in the net/ceph/auth x.c component. This can be exploited by remote attackers using crafted data from the IP address of a Ceph Monitor, potentially leading to a denial of service (system crash) or other unspecified impacts. **Recommendations** For Ceph versions prior to 3.16.3, update to version 3.16.3 or later to resolve the issue. For Linux kernel versions prior to 3.16.3, update to version 3.16.3 or later to resolve the issue.