[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2017-0064":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":46,"duplicates":47,"related":48,"reserved_at":9,"published_at":65,"modified_at":66,"state":9,"summary":67,"references_raw":69,"kevs":126,"epss":9,"epss_history":127,"metrics":128,"affected":129},"MGASA-2017-0064","Updated kernel-tmb packages fixes security vulnerabilities\n\nThis kernel-tmb update is based on upstream 4.4.50 and fixes at least\nthe following security issues:\n\nThe cgroup offline implementation in the Linux kernel through 4.8.11\nmishandles certain drain operations, which allows local users to cause\na denial of service (system hang) by leveraging access to a container\nenvironment for executing a crafted application, as demonstrated by\ntrinity (CVE-2016-9191).\n\narch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP\nand #OF exceptions, which allows guest OS users to cause a denial of\nservice (guest OS crash) by declining to handle an exception thrown by\nan L2 guest (CVE-2016-9588).\n\nThe sg implementation in the Linux kernel through 4.9 does not properly\nrestrict write operations in situations where the KERNEL_DS option is set,\nwhich allows local users to read or write to arbitrary kernel memory\nlocations or cause a denial of service (use-after-free) by leveraging\naccess to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c\n(CVE-2016-10088).\n\nThe ext4_fill_super function in fs/ext4/super.c in the Linux kernel\nthrough 4.9.8 does not properly validate meta block groups, which\nallows physically proximate attackers to cause a denial of service\n(out-of-bounds read and system crash) via a crafted ext4 image\n(CVE-2016-10208).\n\nThe load_segment_descriptor implementation in arch/x86/kvm/emulate.c in\nthe Linux kernel before 4.9.5 improperly emulates a \"MOV SS, NULL\nselector\" instruction, which allows guest OS users to cause a denial of\nservice (guest OS crash) or gain guest OS privileges via a crafted\napplication (CVE-2017-2583).\n\narch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local\nusers to obtain sensitive information from kernel memory or cause a\ndenial of service (use-after-free) via a crafted application that\nleverages instruction emulation for fxrstor, fxsave, sgdt, and sidt\n(CVE-2017-2584).\n\ndrivers/hid/hid-corsair.c in the Linux kernel 4.9.x before 4.9.6\ninteracts incorrectly with the CONFIG_VMAP_STACK option, which allows\nlocal users to cause a denial of service (system crash or memory\ncorruption) or possibly have unspecified other impact by leveraging\nuse of more than one virtual page for a DMA scatterlist (CVE-2017-5547).\n\ndrivers/net/ieee802154/atusb.c in the Linux kernel 4.9.x before 4.9.6\ninteracts incorrectly with the CONFIG_VMAP_STACK option, which allows\nlocal users to cause a denial of service (system crash or memory\ncorruption) or possibly have unspecified other impact by leveraging\nuse of more than one virtual page for a DMA scatterlist (CVE-2017-5548).\n\nThe klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c\nin the Linux kernel before 4.9.5 places uninitialized heap-memory\ncontents into a log entry upon a failure to read the line status, which\nallows local users to obtain sensitive information by reading the log\n(CVE-2017-5549).\n\nThe simple_set_acl function in fs/posix_acl.c in the Linux kernel before\n4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs\nfilesystem, which allows local users to gain group privileges by\nleveraging the existence of a setgid program with restrictions on\nexecute permissions (CVE-2017-5551).\n\nAn issue was found in the Linux kernel ipv6 implementation of GRE tunnels\nwhich allows a remote attacker to trigger an out-of-bounds access\n(CVE-2017-5897).\n\nThe ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux\nkernel through 4.9.9 allows attackers to cause a denial of service\n(system crash) via (1) an application that makes crafted system calls or\npossibly (2) IPv4 traffic with invalid IP options (CVE-2017-5970).\n\nRace condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c\nin the Linux kernel before 4.9.11 allows local users to cause a denial\nof service (assertion failure and panic) via a multithreaded application\nthat peels off an association in a certain buffer-full state\n(CVE-2017-5986).\n\nThe dccp_rcv_state_process function in net/dccp/input.c in the Linux\nkernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures\nin the LISTEN state, which allows local users to obtain root privileges\nor cause a denial of service (double free) via an application that makes\nan IPV6_RECVPKTINFO setsockopt system call (CVE-2017-6074).\n\nThe tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before\n4.9.11 allows remote attackers to cause a denial of service (infinite loop\nand soft lockup) via vectors involving a TCP packet with the URG flag\n(CVE-2017-6214).\n\nnet/sctp/socket.c in the Linux kernel through 4.10.1 does not properly\nrestrict association peel-off operations during certain wait states, which\nallows local users to cause a denial of service (invalid unlock and double\nfree) via a multithreaded application (CVE-2017-6353).\n\nFor other upstream fixes in this update, see the referenced changelogs.\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44],{"_key":15},"CVE-2016-10088",{"_key":17},"CVE-2016-10208",{"_key":19},"CVE-2016-9191",{"_key":21},"CVE-2016-9588",{"_key":23},"CVE-2017-2583",{"_key":25},"CVE-2017-2584",{"_key":27},"CVE-2017-5547",{"_key":29},"CVE-2017-5548",{"_key":31},"CVE-2017-5549",{"_key":33},"CVE-2017-5551",{"_key":35},"CVE-2017-5897",{"_key":37},"CVE-2017-5970",{"_key":39},"CVE-2017-5986",{"_key":41},"CVE-2017-6074",{"_key":43},"CVE-2017-6214",{"_key":45},"CVE-2017-6353",[],[],[49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":43},{"_key":45},"2017-02-25T08:29:30Z","2026-04-16T06:26:02.360594521Z",{"cisa_kev":68,"cisa_ransomware":68,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[70,76,81,86,90,94,98,102,106,110,114,118,122],{"url":71,"sources":72,"tags":74},"https://advisories.mageia.org/MGASA-2017-0064.html",[73],"osv_mageia",[75],"Advisory",{"url":77,"sources":78,"tags":79},"https://bugs.mageia.org/show_bug.cgi?id=20314",[73],[80],"REPORT",{"url":82,"sources":83,"tags":84},"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.40",[73],[80,85],"WEB",{"url":87,"sources":88,"tags":89},"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.41",[73],[80,85],{"url":91,"sources":92,"tags":93},"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.42",[73],[80,85],{"url":95,"sources":96,"tags":97},"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.43",[73],[80,85],{"url":99,"sources":100,"tags":101},"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.44",[73],[80,85],{"url":103,"sources":104,"tags":105},"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.45",[73],[80,85],{"url":107,"sources":108,"tags":109},"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.46",[73],[80,85],{"url":111,"sources":112,"tags":113},"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.47",[73],[80,85],{"url":115,"sources":116,"tags":117},"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.48",[73],[80,85],{"url":119,"sources":120,"tags":121},"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.49",[73],[80,85],{"url":123,"sources":124,"tags":125},"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.50",[73],[80,85],[],[],[],[130],{"ecosystem":131,"name":132,"vendor":133,"product":132,"cpe_part":9,"purl_type":134,"purl_namespace":133,"purl_name":132,"source":9,"versions":135},"Mageia","kernel-tmb","mageia","rpm",[136],{"version":137,"is_range":138,"range_type":139,"version_start":9,"version_start_type":9,"version_end":140,"version_end_type":141,"fixed_in":9},"lt4_4_50_2_mga5",true,"ecosystem","4.4.50-2.mga5","excluding"]