Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Graphics class. Successful exploitation could lead to arbitrary code execution.

**Release date:** May 9, 2017

**Vulnerability identifier:** APSB17-15

**Priority:** See table below

**CVE number**: CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3071, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074 

**Platform**: Windows, Macintosh, Linux and Chrome OS

CVE-2017-3074: Adobe Security Bulletin

The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c.

Permalink

Browse files

mm: Tighten x86 /dev/mem with zeroing reads

Under CONFIG\_STRICT\_DEVMEM, reading System RAM through /dev/mem is
disallowed. However, on x86, the first 1MB was always allowed for BIOS
and similar things, regardless of it actually being System RAM. It was
possible for heap to end up getting allocated in low 1MB RAM, and then
read by things like x86info or dd, which would trip hardened usercopy:

usercopy: kernel memory exposure attempt detected from ffff880000090000 (dma-kmalloc-256) (4096 bytes)

This changes the x86 exception for the low 1MB by reading back zeros for
System RAM areas instead of blindly allowing them. More work is needed to
extend this to mmap, but currently mmap doesn't go through usercopy, so
hardened usercopy won't Oops the kernel.

Reported-by: Tommi Rantala <tommi.t.rantala@nokia.com>
Tested-by: Tommi Rantala <tommi.t.rantala@nokia.com>
Signed-off-by: Kees Cook <keescook@chromium.org>

*   Loading branch information

CVE-2017-7889: mm: Tighten x86 /dev/mem with zeroing reads · torvalds/linux@a4866aa

Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely.

CVE-2017-7374

Adobe Flash Player versions 24.0.0.221 and earlier have a vulnerability in the random number generator used for constant blinding. Successful exploitation could lead to information disclosure.

**Release date:** March 14, 2017

**Last updated:** April 13, 2017

**Vulnerability identifier:** APSB17-07

**Priority:** See table below

**CVE number**: CVE-2017-2994, CVE-2017-2997, CVE-2017-2998, CVE-2017-2999, CVE-2017-3000, CVE-2017-3001, CVE-2017-3002, CVE-2017-3003

**Platform**: Windows, Macintosh, Linux and Chrome OS

CVE-2017-3000: Adobe Security Bulletin

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in Primetime SDK event dispatch. Successful exploitation could lead to arbitrary code execution.

**Release date:** February 14, 2017

**Last updated:** April 13, 2017

**Vulnerability identifier:** APSB17-04

**Priority:** See table below

**CVE number**: CVE-2017-2982,CVE-2017-2984, CVE-2017-2985, CVE-2017-2986, CVE-2017-2987, CVE-2017-2988,CVE-2017-2990, CVE-2017-2991, CVE-2017-2992, CVE-2017-2993, CVE-2017-2995, CVE-2017-2996

**Platform**: Windows, Macintosh, Linux and Chrome OS

CVE-2017-2994: Adobe Security Bulletin

EMET 5.52 is the latest version of the Enhanced Mitigation Experience Toolkit (EMET) and is now available for download.
EMET 5.52 is a minor update from EMET 5.51 to address the following:
An issue with the EAF mitigation that causes some applications to hang on Windows 7 SP1. A fix to the MSI installer to allow in-place upgrade behavior.

EMET 5.52 is the latest version of the Enhanced Mitigation Experience Toolkit (EMET) and is now available for download.

EMET 5.52 is a minor update from EMET 5.51 to address the following:

*   An issue with the EAF mitigation that causes some applications to hang on Windows 7 SP1.
*   A fix to the MSI installer to allow in-place upgrade behavior.
*   Removed EAF+ mitigation for Chrome from “Popular Software.xml”
*   Fixed import behavior for System Mitigations.

EMET 5.52 and the updated user’s guide can be found by following the links on the EMET home page.

EMET 5.52 update is now available

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript MovieClip class. Successful exploitation could lead to arbitrary code execution.

**Release date:** January 10, 2017

**Vulnerability identifier:** APSB17-02

**Priority:** See table below

**CVE number**: CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935, CVE-2017-2936, CVE-2017-2937, CVE-2017-2938

**Platform:** Windows, Macintosh, Linux and Chrome OS

CVE-2017-2932: Adobe Security Bulletin

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability when setting the length property of an array object. Successful exploitation could lead to arbitrary code execution.

**Release date:** December 13, 2016

**Last updated:** December 14, 2016

**Vulnerability identifier:** APSB16-39

**Priority:** See table below

**CVE number**: CVE-2016-7867, CVE-2016-7868, CVE-2016-7869, CVE-2016-7870, CVE-2016-7871, CVE-2016-7872, CVE-2016-7873, CVE-2016-7874, CVE-2016-7875, CVE-2016-7876, CVE-2016-7877, CVE-2016-7878, CVE-2016-7879, CVE-2016-7880, CVE-2016-7881, CVE-2016-7890, CVE-2016-7892

**Platform:** Windows, Macintosh, Linux and Chrome OS

CVE-2016-7880: Adobe Security Bulletin

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-6987.

**Release date:** October 11, 2016

**Vulnerability identifier:** APSB16-32

**Priority:** See table below

**CVE number**: CVE-2016-4273, CVE-2016-4286, CVE-2016-6981, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6987, CVE-2016-6989, CVE-2016-6990, CVE-2016-6992

**Platform:** Windows, Macintosh, Linux and ChromeOS

CVE-2016-6981: Adobe Security Bulletin

Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.

Tag

#chrome