Oracle VM Server for x86 Bulletin - July 2017 - Oracle CVRF Oracle VM Server for x86 Bulletin Advisory OVMBulletinJul2017 Final 3.0 1.0 2017-07-18T13:00:00-07:00 Initial Distribution 2.0 2017-08-18T13:00:00-07:00 New CVEs added. 3.0 2017-09-18T13:00:00-07:00 New CVEs added. This document contains descriptions of Oracle VM Server for x86 security vulnerabilities which have had fixes released for all supported versions and platforms. http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2017-3832369.html URL to html version of Advisory Oracle VM Server for x86 3.2 Oracle VM Server for x86 3.3 Oracle VM Server for x86 3.4 This is a vulnerability in Unbreakable Enterprise kernel in Oracle VM Server for x86. Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing boundscheck, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partial control over the command line) can overflow the parport_nr array in the following code, by appending many (>LP_NO) 'lp=none' arguments to the command line. CVSS Base Score: 7.2 CVSS V2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C. Fix has been released CVE-2017-1000363 P-4455V-3.4 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C Oracle VM Server for x86 Security Advisory Oracle VM Server for x86 customers http://linux.oracle.com/errata/OVMSA-2017-0126.html P-4455V-3.4 This is a vulnerability in Unbreakable Enterprise kernel in Oracle VM Server for x86. The Linux Kernel imposes a size restriction on the arguments andenvironmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23. CVSS Base Score: 7.2 CVSS V2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C. Fix has been released CVE-2017-1000365 P-4455V-3.4 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C Oracle VM Server for x86 Security Advisory Oracle VM Server for x86 customers http://linux.oracle.com/errata/OVMSA-2017-0145.html P-4455V-3.4 This is a vulnerability in Unbreakable Enterprise kernel in Oracle VM Server for x86. The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linuxkernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. CVSS Base Score: 7.2 CVSS V2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C. Fix has been released CVE-2017-9077 P-4455V-3.4 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C Oracle VM Server for x86 Security Advisory Oracle VM Server for x86 customers http://linux.oracle.com/errata/OVMSA-2017-0126.html P-4455V-3.4 This is a vulnerability in sudo in Oracle VM Server for x86. Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to aninput validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution. CVSS Base Score: 7.2 CVSS V2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C. Fix has been released CVE-2017-1000368 P-4455V-3.3 P-4455V-3.4 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C Oracle VM Server for x86 Security Advisory Oracle VM Server for x86 customers http://linux.oracle.com/errata/OVMSA-2017-0114.html P-4455V-3.3 P-4455V-3.4 This is a vulnerability in sudo in Oracle VM Server for x86. Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to aninput validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution. CVSS Base Score: 7.2 CVSS V2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C. Fix has been released CVE-2017-1000368 P-4455V-3.2 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C Oracle VM Server for x86 Security Advisory Oracle VM Server for x86 customers http://linux.oracle.com/errata/OVMSA-2017-0125.html P-4455V-3.2 This is a vulnerability in xen in Oracle VM Server for x86. arch/x86/mm.c in Xen allows local PV guest OS users to gain host OSprivileges via vectors related to map_grant_ref. CVSS Base Score: 7.2 CVSS V2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C. Fix has been released CVE-2017-12137 P-4455V-3.4 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C Oracle VM Server for x86 Security Advisory Oracle VM Server for x86 customers http://linux.oracle.com/errata/OVMSA-2017-0142.html P-4455V-3.4 This is a vulnerability in xen in Oracle VM Server for x86. arch/x86/mm.c in Xen allows local PV guest OS users to gain host OSprivileges via vectors related to map_grant_ref. CVSS Base Score: 7.2 CVSS V2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C. Fix has been released CVE-2017-12137 P-4455V-3.3 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C Oracle VM Server for x86 Security Advisory Oracle VM Server for x86 customers http://linux.oracle.com/errata/OVMSA-2017-0148.html P-4455V-3.3 This is a vulnerability in xen in Oracle VM Server for x86. arch/x86/mm.c in Xen allows local PV guest OS users to gain host OSprivileges via vectors related to map_grant_ref. CVSS Base Score: 7.2 CVSS V2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C. Fix has been released CVE-2017-12137 P-4455V-3.2 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C Oracle VM Server for x86 Security Advisory Oracle VM Server for x86 customers http://linux.oracle.com/errata/OVMSA-2017-0149.html P-4455V-3.2 This is a vulnerability in Unbreakable Enterprise kernel in Oracle VM Server for x86. The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernelthrough 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. CVSS Base Score: 7.1 CVSS V2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C. Fix has been released CVE-2017-7645 P-4455V-3.4 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Oracle VM Server for x86 Security Advisory Oracle VM Server for x86 customers http://linux.oracle.com/errata/OVMSA-2017-0119.html P-4455V-3.4 This is a vulnerability in Unbreakable Enterprise kernel in Oracle VM Server for x86. The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernelthrough 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. CVSS Base Score: 7.1 CVSS V2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C. Fix has been released CVE-2017-7645 P-4455V-3.3 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Oracle VM Server for x86 Security Advisory Oracle VM Server for x86 customers http://linux.oracle.com/errata/OVMSA-2017-0120.html P-4455V-3.3 This is a vulnerability in Unbreakable Enterprise kernel in Oracle VM Server for x86. The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernelthrough 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. CVSS Base Score: 7.1 CVSS V2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C. Fix has been released CVE-2017-7645 P-4455V-3.2 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Oracle VM Server for x86 Security Advisory Oracle VM Server for x86 customers http://linux.oracle.com/errata/OVMSA-2017-0121.html P-4455V-3.2 This is a vulnerability in Unbreakable Enterprise kernel in Oracle VM Server for x86. Heap-based buffer overflow in drivers/net/macsec.c in the MACsec modulein the Linux kernel through 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by leveraging the use of a MAX_SKB_FRAGS+1 size in conjunction with the NETIF_F_FRAGLIST feature, leading to an error in the skb_to_sgvec function. CVSS Base Score: 6.9 CVSS V2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C. Fix has been released CVE-2017-7477 P-4455V-3.4 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C Oracle VM Server for x86 Security Advisory Oracle VM Server for x86 customers http://linux.oracle.com/errata/OVMSA-2017-0119.html P-4455V-3.4 This is a vulnerability in poppler in Oracle VM Server for x86. Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc inpdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. CVSS Base Score: 6.8 CVSS V2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P. Fix has been released CVE-2017-9776 P-4455V-3.3 P-4455V-3.4 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Oracle VM Server for x86 Security Advisory Oracle VM Server for x86 customers http://linux.oracle.com/errata/OVMSA-2017-0147.html P-4455V-3.3 P-4455V-3.4 This is a vulnerability in Unbreakable Enterprise kernel in Oracle VM Server for x86. An issue was discovered in the size of the stack guard page on Linux,specifically a 4k stack guard page is not sufficiently large and can be jumped over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010). CVSS Base Score: 6.2 CVSS V2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C. Fix has been released CVE-2017-1000364 P-4455V-3.4 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C Oracle VM Server for x86 Security Advisory Oracle VM Server for x86 customers http://linux.oracle.com/errata/OVMSA-2017-0115.html P-4455V-3.4 This is a vulnerability in glibc in Oracle VM Server for x86. glibc contains a vulnerability that allows specially craftedLD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. CVSS Base Score: 6.2 CVSS V2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C. Fix has been released CVE-2017-1000366 P-4455V-3.3 P-4455V-3.4 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C Oracle VM Server for x86 Security Advisory Oracle VM Server for x86 customers http://linux.oracle.com/errata/OVMSA-2017-0113.html P-4455V-3.3 P-4455V-3.4 This is a vulnerability in glibc in Oracle VM Server for x86. glibc contains a vulnerability that allows specially craftedLD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. CVSS Base Score: 6.2 CVSS V2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C. Fix has been released CVE-2017-1000366 P-4455V-3.2 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C Oracle VM Server for x86 Security Advisory Oracle VM Server for x86 customers http://linux.oracle.com/errata/OVMSA-2017-0124.html P-4455V-3.2 This is a vulnerability in openssh in Oracle VM Server for x86. sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for userpassword hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided. CVSS Base Score: 5 CVSS V2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N. Fix has been released CVE-2016-6210 P-4455V-3.3 P-4455V-3.4 5 AV:N/AC:L/Au:N/C:P/I:N/A:N Oracle VM Server for x86 Security Advisory Oracle VM Server for x86 customers http://linux.oracle.com/errata/OVMSA-2017-0150.html P-4455V-3.3 P-4455V-3.4 This is a vulnerability in Unbreakable Enterprise kernel in Oracle VM Server for x86. The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linuxkernel 4.x before 4.9.4 allows physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report. CVSS Base Score: 4.6 CVSS V2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P. Fix has been released CVE-2017-7273 P-4455V-3.4 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P Oracle VM Server for x86 Security Advisory Oracle VM Server for x86 customers http://linux.oracle.com/errata/OVMSA-2017-0126.html P-4455V-3.4 This is a vulnerability in xen in Oracle VM Server for x86. Xen allows local OS guest users to cause a denial of service (crash)or possibly obtain sensitive information or gain privileges via vectors involving transitive grants. CVSS Base Score: 4.6 CVSS V2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P. Fix has been released CVE-2017-12135 P-4455V-3.4 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P Oracle VM Server for x86 Security Advisory Oracle VM Server for x86 customers http://linux.oracle.com/errata/OVMSA-2017-0142.html P-4455V-3.4 This is a vulnerability in xen in Oracle VM Server for x86. Xen allows local OS guest users to cause a denial of service (crash)or possibly obtain sensitive information or gain privileges via vectors involving transitive grants. CVSS Base Score: 4.6 CVSS V2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P. Fix has been released CVE-2017-12135 P-4455V-3.3 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P Oracle VM Server for x86 Security Advisory Oracle VM Server for x86 customers http://linux.oracle.com/errata/OVMSA-2017-0148.html P-4455V-3.3 This is a vulnerability in xen in Oracle VM Server for x86. Xen allows local OS guest users to cause a denial of service (crash)or possibly obtain sensitive information or gain privileges via vectors involving transitive grants. CVSS Base Score: 4.6 CVSS V2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P. Fix has been released CVE-2017-12135 P-4455V-3.2 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P Oracle VM Server for x86 Security Advisory Oracle VM Server for x86 customers http://linux.oracle.com/errata/OVMSA-2017-0149.html P-4455V-3.2 This is a vulnerability in Unbreakable Enterprise kernel in Oracle VM Server for x86. fs/namespace.c in the Linux kernel before 4.9 does not restrict howmany mounts may exist in a mount namespace, which allows local users to cause a denial of service (memory consumption and deadlock) via MS_BIND mount system calls, as demonstrated by a loop that triggers exponential growth in the number of mounts. CVSS Base Score: 4 CVSS V2 Vector: AV:L/AC:H/Au:N/C:N/I:N/A:C. Fix has been released CVE-2016-6213 P-4455V-3.4 4 AV:L/AC:H/Au:N/C:N/I:N/A:C Oracle VM Server for x86 Security Advisory Oracle VM Server for x86 customers http://linux.oracle.com/errata/OVMSA-2017-0143.html P-4455V-3.4 This is a vulnerability in Unbreakable Enterprise kernel in Oracle VM Server for x86. The filesystem implementation in the Linux kernel through 4.8.2preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. CVSS Base Score: 3.3 CVSS V2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:N. Fix has been released CVE-2016-7097 P-4455V-3.3 3.3 AV:L/AC:M/Au:N/C:P/I:P/A:N Oracle VM Server for x86 Security Advisory Oracle VM Server for x86 customers http://linux.oracle.com/errata/OVMSA-2017-0127.html P-4455V-3.3 This is a vulnerability in Unbreakable Enterprise kernel in Oracle VM Server for x86. Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in theLinux kernel before 4.5.1 allow local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations. CVSS Base Score: 2.1 CVSS V2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N. Fix has been released CVE-2016-9685 P-4455V-3.3 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N Oracle VM Server for x86 Security Advisory Oracle VM Server for x86 customers http://linux.oracle.com/errata/OVMSA-2017-0144.html P-4455V-3.3 This is a vulnerability in Unbreakable Enterprise kernel in Oracle VM Server for x86. sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to adata race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time. CVSS Base Score: 2.1 CVSS V2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N. Fix has been released CVE-2017-1000380 P-4455V-3.4 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N Oracle VM Server for x86 Security Advisory Oracle VM Server for x86 customers http://linux.oracle.com/errata/OVMSA-2017-0126.html P-4455V-3.4 This is a vulnerability in xen in Oracle VM Server for x86. Xen maintains the _GTF_{read,writ}ing bits as appropriate, to informthe guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some circumstances, Xen will clear the status bits too early, incorrectly informing the guest that the grant is no longer in use. A guest may prematurely believe that a granted frame is safely private again, and reuse it in a way which contains sensitive information, while the domain on the far end of the grant is still using the grant. Xen 4.9, 4.8, 4.7, 4.6, and 4.5 are affected. CVSS Base Score: 2.1 CVSS V2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N. Fix has been released CVE-2017-12855 P-4455V-3.4 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N Oracle VM Server for x86 Security Advisory Oracle VM Server for x86 customers http://linux.oracle.com/errata/OVMSA-2017-0142.html P-4455V-3.4 This is a vulnerability in xen in Oracle VM Server for x86. Xen maintains the _GTF_{read,writ}ing bits as appropriate, to informthe guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some circumstances, Xen will clear the status bits too early, incorrectly informing the guest that the grant is no longer in use. A guest may prematurely believe that a granted frame is safely private again, and reuse it in a way which contains sensitive information, while the domain on the far end of the grant is still using the grant. Xen 4.9, 4.8, 4.7, 4.6, and 4.5 are affected. CVSS Base Score: 2.1 CVSS V2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N. Fix has been released CVE-2017-12855 P-4455V-3.3 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N Oracle VM Server for x86 Security Advisory Oracle VM Server for x86 customers http://linux.oracle.com/errata/OVMSA-2017-0148.html P-4455V-3.3 This is a vulnerability in xen in Oracle VM Server for x86. Xen maintains the _GTF_{read,writ}ing bits as appropriate, to informthe guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some circumstances, Xen will clear the status bits too early, incorrectly informing the guest that the grant is no longer in use. A guest may prematurely believe that a granted frame is safely private again, and reuse it in a way which contains sensitive information, while the domain on the far end of the grant is still using the grant. Xen 4.9, 4.8, 4.7, 4.6, and 4.5 are affected. CVSS Base Score: 2.1 CVSS V2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N. Fix has been released CVE-2017-12855 P-4455V-3.2 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N Oracle VM Server for x86 Security Advisory Oracle VM Server for x86 customers http://linux.oracle.com/errata/OVMSA-2017-0149.html P-4455V-3.2 This is a vulnerability in Unbreakable Enterprise kernel in Oracle VM Server for x86. ** RESERVED **This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: 1.2 CVSS V2 Vector: AV:L/AC:H/Au:N/C:N/I:P/A:N. Fix has been released CVE-2016-9604 P-4455V-3.4 1.2 AV:L/AC:H/Au:N/C:N/I:P/A:N Oracle VM Server for x86 Security Advisory Oracle VM Server for x86 customers http://linux.oracle.com/errata/OVMSA-2017-0143.html P-4455V-3.4 This is a vulnerability in Unbreakable Enterprise kernel in Oracle VM Server for x86. ** RESERVED **This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: 1.2 CVSS V2 Vector: AV:L/AC:H/Au:N/C:N/I:P/A:N. Fix has been released CVE-2016-9604 P-4455V-3.3 1.2 AV:L/AC:H/Au:N/C:N/I:P/A:N Oracle VM Server for x86 Security Advisory Oracle VM Server for x86 customers http://linux.oracle.com/errata/OVMSA-2017-0144.html P-4455V-3.3 This is a vulnerability in Unbreakable Enterprise kernel in Oracle VM Server for x86. Race condition in the L2TPv3 IP Encapsulation feature in the Linuxkernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c. CVSS Base Score: 0 CVSS V2 Vector: AV:N/AC:N/Au:N/C:N/I:N/A:N. Fix has been released CVE-2016-10200 P-4455V-3.4 0 AV:N/AC:N/Au:N/C:N/I:N/A:N Oracle VM Server for x86 Security Advisory Oracle VM Server for x86 customers http://linux.oracle.com/errata/OVMSA-2017-0143.html P-4455V-3.4 This is a vulnerability in Unbreakable Enterprise kernel in Oracle VM Server for x86. Race condition in the L2TPv3 IP Encapsulation feature in the Linuxkernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c. CVSS Base Score: 0 CVSS V2 Vector: AV:N/AC:N/Au:N/C:N/I:N/A:N. Fix has been released CVE-2016-10200 P-4455V-3.3 0 AV:N/AC:N/Au:N/C:N/I:N/A:N Oracle VM Server for x86 Security Advisory Oracle VM Server for x86 customers http://linux.oracle.com/errata/OVMSA-2017-0144.html P-4455V-3.3 This is a vulnerability in Unbreakable Enterprise kernel in Oracle VM Server for x86. ** RESERVED **This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: 0 CVSS V2 Vector: AV:N/AC:N/Au:N/C:N/I:N/A:N. Fix has been released CVE-2017-12134 P-4455V-3.4 0 AV:N/AC:N/Au:N/C:N/I:N/A:N Oracle VM Server for x86 Security Advisory Oracle VM Server for x86 customers http://linux.oracle.com/errata/OVMSA-2017-0145.html P-4455V-3.4 This is a vulnerability in Unbreakable Enterprise kernel in Oracle VM Server for x86. Race condition in the fsnotify implementation in the Linux kernelthrough 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions. CVSS Base Score: 0 CVSS V2 Vector: AV:N/AC:N/Au:N/C:N/I:N/A:N. Fix has been released CVE-2017-7533 P-4455V-3.4 0 AV:N/AC:N/Au:N/C:N/I:N/A:N Oracle VM Server for x86 Security Advisory Oracle VM Server for x86 customers http://linux.oracle.com/errata/OVMSA-2017-0143.html P-4455V-3.4 This is a vulnerability in Unbreakable Enterprise kernel in Oracle VM Server for x86. The __ip6_append_data function in net/ipv6/ip6_output.c in the Linuxkernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls. CVSS Base Score: 0 CVSS V2 Vector: AV:N/AC:N/Au:N/C:N/I:N/A:N. Fix has been released CVE-2017-9242 P-4455V-3.4 0 AV:N/AC:N/Au:N/C:N/I:N/A:N Oracle VM Server for x86 Security Advisory Oracle VM Server for x86 customers http://linux.oracle.com/errata/OVMSA-2017-0143.html P-4455V-3.4 This is a vulnerability in Unbreakable Enterprise kernel in Oracle VM Server for x86. The __ip6_append_data function in net/ipv6/ip6_output.c in the Linuxkernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls. CVSS Base Score: 0 CVSS V2 Vector: AV:N/AC:N/Au:N/C:N/I:N/A:N. Fix has been released CVE-2017-9242 P-4455V-3.3 0 AV:N/AC:N/Au:N/C:N/I:N/A:N Oracle VM Server for x86 Security Advisory Oracle VM Server for x86 customers http://linux.oracle.com/errata/OVMSA-2017-0144.html P-4455V-3.3 This is a vulnerability in bind in Oracle VM Server for x86. ** RESERVED **This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: 0 CVSS V2 Vector: AV:N/AC:N/Au:N/C:N/I:N/A:N. Fix has been released CVE-2017-3142 P-4455V-3.3 P-4455V-3.4 0 AV:N/AC:N/Au:N/C:N/I:N/A:N Oracle VM Server for x86 Security Advisory Oracle VM Server for x86 customers http://linux.oracle.com/errata/OVMSA-2017-0122.html P-4455V-3.3 P-4455V-3.4 This is a vulnerability in bind in Oracle VM Server for x86. ** RESERVED **This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: 0 CVSS V2 Vector: AV:N/AC:N/Au:N/C:N/I:N/A:N. Fix has been released CVE-2017-3143 P-4455V-3.3 P-4455V-3.4 0 AV:N/AC:N/Au:N/C:N/I:N/A:N Oracle VM Server for x86 Security Advisory Oracle VM Server for x86 customers http://linux.oracle.com/errata/OVMSA-2017-0122.html P-4455V-3.3 P-4455V-3.4 This is a vulnerability in xen in Oracle VM Server for x86. ** RESERVED **This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: 0 CVSS V2 Vector: AV:N/AC:N/Au:N/C:N/I:N/A:N. Fix has been released CVE-2017-12136 P-4455V-3.4 0 AV:N/AC:N/Au:N/C:N/I:N/A:N Oracle VM Server for x86 Security Advisory Oracle VM Server for x86 customers http://linux.oracle.com/errata/OVMSA-2017-0142.html P-4455V-3.4