CVE-2017-0794: A elevation of privilege vulnerability in the Upstream kernel scsi driver. Product: Android. Versions: Android kernel. Android ID: A-35644812.

CVE-2015-8539 [HIGH] Linux kernel vulnerabilities Title: Linux kernel vulnerabilities Summary: Several security issues were fixed in the Linux kernel. Dmitry Vyukov discovered that the key management subsystem in the Linux kernel did not properly restrict adding a key that already exists but is negatively instantiated. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2015-8539) It was discovered that a use-after-free vulnerability existed in the device driver for XCeive xc2028/xc3028 tuners in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-7913) Pengfei Ding (丁鹏飞), Chenfu Bao (包沉浮), and Lenx Wei (韦韬) discovered a race condition in the generic SCSI driver (sg) of the Linux kern

CVE-2015-8539 [HIGH] Linux kernel (Trusty HWE) vulnerabilities Title: Linux kernel (Trusty HWE) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. USN-3798-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Dmitry Vyukov discovered that the key management subsystem in the Linux kernel did not properly restrict adding a key that already exists but is negatively instantiated. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2015-8539) It was discovered that a use-after-free vulnerability existed in the device driver for XCeive xc2028/xc3028 tuners in the Linux kernel. A local attacker could use this to

CVE-2017-0794 [HIGH] CVE-2017-0794: SCSI driver Android Security Bulletin 2017-09-01 CVE: CVE-2017-0794 Severity: MEDIUM Type: EoP Component: SCSI driver References: A-35644812*

CVE-2017-0794 [HIGH] CWE-362 GHSA-fj69-r64j-ffgq: A elevation of privilege vulnerability in the Upstream kernel scsi driver A elevation of privilege vulnerability in the Upstream kernel scsi driver. Product: Android. Versions: Android kernel. Android ID: A-35644812.

CVE-2015-8539 [HIGH] linux vulnerabilities linux vulnerabilities Dmitry Vyukov discovered that the key management subsystem in the Linux kernel did not properly restrict adding a key that already exists but is negatively instantiated. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2015-8539) It was discovered that a use-after-free vulnerability existed in the device driver for XCeive xc2028/xc3028 tuners in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-7913) Pengfei Ding (丁鹏飞), Chenfu Bao (包沉浮), and Lenx Wei (韦韬) discovered a race condition in the generic SCSI driver (sg) of the Linux kernel. A local attacker could use this to cause a denial of service (system crash)

CVE-2017-0794 [HIGH] CVE-2017-0794: A elevation of privilege vulnerability in the Upstream kernel scsi driver A elevation of privilege vulnerability in the Upstream kernel scsi driver. Product: Android. Versions: Android kernel. Android ID: A-35644812.

CVE-2017-5495 [HIGH] CVE-2017-5495 quagga: Telnet interface input buffer allocates unbounded amounts of memory CVE-2017-5495 quagga: Telnet interface input buffer allocates unbounded amounts of memory A vulnerability was found in quagga. Telnet interface input buffer allocates unbounded amounts of memory which leads to Denial-of-service. References: http://savannah.nongnu.org/forum/forum.php?forum_id=8783 http://mirror.easyname.at/nongnu//quagga/quagga-1.1.1.changelog.txt Discussion: Created quagga tracking bugs for this issue: Affects: fedora-all [bug 1416017] --- External References: https://lists.quagga.net/pipermail/quagga-dev/2017-January/016586.html --- This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2017:0794 https://rhn.redhat.com/errata/RHSA-2017-0794.html

CVE-2016-4049 [HIGH] CVE-2016-4049 quagga: denial of service vulnerability in BGP routing daemon CVE-2016-4049 quagga: denial of service vulnerability in BGP routing daemon A denial of service flaw was found in the Quagga BGP routing daemon (bgpd). Under certain circumstances, an attacker could use a crafted packet to crash the bgpd service. External References: http://openwall.com/lists/oss-security/2016/04/27/7 Discussion: Created quagga tracking bugs for this issue: Affects: fedora-all [bug 1331373] --- This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2017:0794 https://rhn.redhat.com/errata/RHSA-2017-0794.html