MGASA-2017-0097
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 31 Mar 2017, 20:28
Last modified:16 Apr 2026, 06:24
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
31 Mar 2017, 20:28
Published
Vulnerability first disclosed
16 Apr 2026, 06:24
Last Modified
Vulnerability information updated
Description
Updated kernel packages fixes security vulnerability This kernel update is based on upstream 4.4.59 and fixes at least the following security issue: The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability (CVE-2017-7184). For other upstream fixes in this update, see the referenced changelogs.
Affected Systems
- mageia•kernel
< 4.4.59-1.mga5
- mageia•kernel-userspace-headers
< 4.4.59-1.mga5
- mageia•kmod-vboxadditions
< 5.1.18-3.mga5
- mageia•kmod-virtualbox
< 5.1.18-3.mga5
- mageia•kmod-xtables-addons
< 2.10-36.mga5
References (6)
- https://advisories.mageia.org/MGASA-2017-0097.html
- https://bugs.mageia.org/show_bug.cgi?id=20607
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.56
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.57
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.58
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.59