Professional Documents
Culture Documents
B310s-927 Firmware Release Notes: Huawei Technologies Co., LTD
B310s-927 Firmware Release Notes: Huawei Technologies Co., LTD
B310s-927 CONFIDENTIAL
Product version
Total 51 pages
V13.0
1 Main Features
The B310s-927 mainly supports the following features:
LTE FDD (DL) data service of up to 150 Mbit/s
LTE FDD (UL) data service of up to 50 Mbit/s
LTE TDD (DL) data service of up to 112 Mbit/s
LTE TDD (UL) data service of up to 10 Mbit/s
DC-HSPA+ (DL) data service of up to 42 Mbit/s
HSPA+ (DL) data service of up to 21.6 Mbit/s
HSDPA (DL) data service of up to 14.4 Mbit/s
HSUPA (UL) data service of up to 5.76 Mbit/s
UMTS data service of up to 384 kbit/s
EDGE data service of up to 236.8 kbit/s
EDGE data service of download to 296 kbit/s
GPRS data service of up to 85.6 kbit/s
PS domain data service based on LTE/UMTS/GSM
SMS based on CS/PS domain of GSM and UMTS, CS domain of LTE
Wi-Fi
Support for HUAWEI Mobile WiFi App
Press and Play
IPv6v4 /IPv4 dual stack
Built-in DHCP Server, DNS RELAY and NAT
Online software upgrade
Traffic statistic
LED indicators
Built-in UMTS and WLAN high gain antenna LTE/GSM
Windows XP SP3, Windows Vista SP1/SP2, Windows 7, Windows 8, Windows 8.1 (does not
support Windows RT), MAC OS X 10.7, 10.8 and 10.9 with latest upgrades
Page 4
B310s-927 Firmware Release Notes V13.0 CONFIDENTIAL
2 Hardware
Item Specifications
Technical WAN: LTE/ DC-HSPA+/HSPA+/HSPA/UMTS/EDGE/GPRS/GSM
standard
WLAN: IEEE 802.11b/g/n
802.11g: 17 dBm
802.11n: 17 dBm
802.11g: Up to 54 Mbit/s
Maximum power 12 W
consumption
DC: 12 V, 1 A
Page 5
B310s-927 Firmware Release Notes V13.0 CONFIDENTIAL
Item Specifications
Indicators Mode: cyan: 4G mode
blue: 3G mode
yellow: 2G mode
green:WAN mode
Red: No SIM/USIM card is found, the PIN is not
verified, or the SIM/USIM card is not working
properly.
Failed to connect to a mobile network
LAN On/Off
Power On/Off
Page 6
B310s-927 Firmware Release Notes V13.0 CONFIDENTIAL
3 Firmware
Item Description
SMS Writing/Sending/Receiving
LAN IP Filter
Virtual Server
DMZ Service
Page 7
B310s-927 Firmware Release Notes V13.0 CONFIDENTIAL
Item Description
NAT setup CONE NAT
Symmetric NAT
ALG
VPN passthrough
DHCP setup DHCP server enabling and disabling
Page 8
B310s-927 Firmware Release Notes V13.0 CONFIDENTIAL
4 WebUI
Item Specifications
NA NA
NA NA NA
NA NA NA
[Third-party software is type of computer software that is sold together with of provided for free in Huawei
products or soutions with the ownership of intellectual prperty rights(IPR) held by the original contributors.
Third-party software can be but is not limited to: Purchased software, Software that is built in or attached to
purchased hardware, Software in products of the original euipment manufactureer(OEM) or original design
manufacturer(ODM), Software that is developed with technical contribution from partners(owenership of IRP
all or partially held bu the partners.),Software that is legally abtained free of charge.
The data of third-party software vuluerabilities fixes can be exported from PDM.
If the table is excessivvely long, you can divide it into multiple ones by product version, or deliover it in an excel
file with patch relesase notes and provide reference information in this section.]
Vulnerabilites information is available through CVE IDs in NVD(National Vulneratility Database) website:
http://web.nvd.nist.gov/view/vuln/search
Page 9
B310s-927 Firmware Release Notes V13.0 CONFIDENTIAL
Page 10
B310s-927 Firmware Release Notes V13.0 CONFIDENTIAL
a malformed packet.
Samba 3.0.37 CVE-20 The SMB2 implementation in https://ftp.samba.
13-0454 Samba 3.6.x before 3.6.6, as used org/pub/samba/p
on the IBM Storwize V7000 Unified atches/security/s
1.3 before 1.3.2.3 and 1.4 before amba-3.6-CVE-2
1.4.0.1 and possibly other products, 013-0454.patch
does not properly enforce CIFS
share attributes, which allows
remote authenticated users to (1)
write to a read-only share; (2)
trigger data-integrity problems
related to the oplock, locking,
coherency, or leases attribute; or
(3) have an unspecified impact by
leveraging incorrect handling of the
browseable or "hide unreadable"
parameter.
Samba 3.0.37 CVE-20 Cross-site request forgery (CSRF) https://download.
13-0214 vulnerability in the Samba Web samba.org/pub/s
Administration Tool (SWAT) in amba/patches/se
Samba 3.x before 3.5.21, 3.6.x curity/samba-3.5.
before 3.6.12, and 4.x before 4.0.2 20-CVE-2013-02
allows remote attackers to hijack 13-CVE-2013-02
the authentication of arbitrary users 14.patch
by leveraging knowledge of a
password and composing requests
that perform SWAT actions.
Samba 3.0.37 CVE-20 The Samba Web Administration https://download.
13-0213 Tool (SWAT) in Samba 3.x before samba.org/pub/s
3.5.21, 3.6.x before 3.6.12, and 4.x amba/patches/se
before 4.0.2 allows remote curity/samba-3.5.
attackers to conduct clickjacking 20-CVE-2013-02
attacks via a (1) FRAME or (2) 13-CVE-2013-02
IFRAME element. 14.patch
Samba 3.0.37 CVE-20 The RPC code generator in Samba https://download.
12-1182 3.x before 3.4.16, 3.5.x before samba.org/pub/s
3.5.14, and 3.6.x before 3.6.4 does amba/patches/se
not implement validation of an array curity/samba-3.0.
length in a manner consistent with 37-CVE-2012-11
validation of array memory 82.patch
allocation, which allows remote
attackers to execute arbitrary code
via a crafted RPC call.
Samba 3.0.37 CVE-20 The check_mtab function in Don’t involve
11-2724 client/mount.cifs.c in mount.cifs in closing.Refer to:
smbfs in Samba 3.5.10 and earlier
https://cve.mitre.o
does not properly verify that the (1)
rg/cgi-bin/cvenam
device name and (2) mountpoint
e.cgi?name=CVE
strings are composed of valid
-2011-2724
characters, which allows local
users to cause a denial of service
(mtab corruption) via a crafted
string. NOTE: this vulnerability
exists because of an incorrect fix
for CVE-2010-0547.
Samba 3.0.37 CVE-20 Cross-site scripting (XSS) https://download.
11-2694 vulnerability in the chg_passwd samba.org/pub/s
Page 11
B310s-927 Firmware Release Notes V13.0 CONFIDENTIAL
Page 13
B310s-927 Firmware Release Notes V13.0 CONFIDENTIAL
0
Samba 3.0.37 CVE-20 Heap-based buffer overflow in the Don’t involve
13-4408 dcerpc_read_ncacn_packet_done closing.The
function in librpc/rpc/dcerpc_util.c in current version
winbindd in Samba 3.x before does not have
3.6.22, 4.0.x before 4.0.13, and this function, do
4.1.x before 4.1.3 allows remote not need to deal
AD domain controllers to execute with. Refer to
arbitrary code via an invalid https://cve.mitre.o
fragment length in a DCE-RPC rg/cgi-bin/cvenam
packet. e.cgi?name=CVE
-2013-4408
Openssl 1.0.1e CVE-20 The https://git.openssl
14-3470 ssl3_send_client_key_exchange .org/gitweb/?p=op
function in s3_clnt.c in OpenSSL enssl.git;a=comm
before 0.9.8za, 1.0.0 before it;h=8011cd56e39
1.0.0m, and 1.0.1 before 1.0.1h, a433b183746525
when an anonymous ECDH cipher 9a9bd24a38727f
suite is used, allows remote b
attackers to cause a denial of
service (NULL pointer dereference
and client crash) by triggering a
NULL certificate value.
Openssl 1.0.1e CVE-20 The https://git.openssl
14-3470 ssl3_send_client_key_exchange .org/gitweb/?p=op
function in s3_clnt.c in OpenSSL enssl.git;a=comm
before 0.9.8za, 1.0.0 before it;h=8011cd56e39
1.0.0m, and 1.0.1 before 1.0.1h, a433b183746525
when an anonymous ECDH cipher 9a9bd24a38727f
suite is used, allows remote b
attackers to cause a denial of
service (NULL pointer dereference
and client crash) by triggering a
NULL certificate value.
Openssl 1.0.1e CVE-20 The https://git.openssl
14-3470 ssl3_send_client_key_exchange .org/gitweb/?p=op
function in s3_clnt.c in OpenSSL enssl.git;a=comm
before 0.9.8za, 1.0.0 before it;h=8011cd56e39
1.0.0m, and 1.0.1 before 1.0.1h, a433b183746525
when an anonymous ECDH cipher 9a9bd24a38727f
suite is used, allows remote b
attackers to cause a denial of
service (NULL pointer dereference
and client crash) by triggering a
NULL certificate value.
Openssl 1.0.1e CVE-20 OpenSSL before 0.9.8za, 1.0.0 https://git.openssl
14-0224 before 1.0.0m, and 1.0.1 before .org/gitweb/?p=op
1.0.1h does not properly restrict enssl.git;a=comm
processing of ChangeCipherSpec it;h=bc8923b1ec9
messages, which allows c467755cd86f784
man-in-the-middle attackers to 8c50ee8812e441
trigger use of a zero-length master
key in certain
OpenSSL-to-OpenSSL
communications, and consequently
hijack sessions or obtain sensitive
information, via a crafted TLS
Page 14
B310s-927 Firmware Release Notes V13.0 CONFIDENTIAL
version is 3.0.37,
the specific
reference:http://w
ww.samba.org/sa
mba/security/CV
E-2012-6150
iptables 1.4.0 CVE-20 extensions/libxt_tcp.c in iptables Don’t involve
12-2663 through 1.4.21 does not match TCP closing .he
SYN+FIN packets in --syn rules, influence of
which might allow remote attackers CVE-2012-2663
to bypass intended firewall kernel version of
restrictions via crafted packets. the Linux kernel
NOTE: the CVE-2012-6638 fix 2.6.x, the official
makes this issue less relevant. website address
access to modify
the kernel code,
the EUAP code of
Linux kernel
code, and do not
call `iptables -m
TCP --syn
command
parameter, so no
need to merge.
Specific
reference:http://gi
t.kernel.org/cgit/li
nux/kernel/git/dav
em/net-next.git/co
mmit/?id=fdf5af0d
af8019cec2396cd
ef8fb042d80fe71f
a
CUPS 1.6.1 CVE-20 Cross-site scripting (XSS) http://www.cups.o
14-2856 vulnerability in scheduler/client.c in rg/strfiles.php/326
Common Unix Printing System 8/str4356.patch
(CUPS) before 1.7.2 allows remote
attackers to inject arbitrary web
script or HTML via the URL path,
related to the is_path_absolute
function.
Openssl 0.98y CVE-20 Race condition in the http://ftp.openbsd
10-5298 ssl3_read_bytes function in .org/pub/OpenBS
s3_pkt.c in OpenSSL through D/patches/5.5/co
1.0.1g, when mmon/004_open
SSL_MODE_RELEASE_BUFFERS ssl.patch.sig
is enabled, allows remote attackers
to inject data across sessions or
cause a denial of service
(use-after-free and parsing error)
via an SSL connection in a
multithreaded environment.
Openssl 1.0.1e CVE- The dtls1_reassemble_fragment https://git.openssl
2014-01 function in d1_both.c in OpenSSL .org/gitweb/?p=op
95 before 0.9.8za, 1.0.0 before enssl.git;a=comm
1.0.0m, and 1.0.1 before 1.0.1h it;h=1632ef74487
does not properly validate fragment 2edc2aa2a53d48
Page 18
B310s-927 Firmware Release Notes V13.0 CONFIDENTIAL
in gena/gena_device.c in gs/133/
Portable UPnP SDK (aka
libupnp) before 1.6.21 allows
remote attackers to cause a
denial of service (crash) or
possibly execute arbitrary
code via a valid URI followed
by an invalid one in the
CALLBACK header of an
SUBSCRIBE request.
Kernel 3.4.5 CVE-20 kernel/events/core.c in the https://git.kernel.o
15-9004 Linux kernel before 3.19 rg/pub/scm/linux/
mishandles counter grouping, kernel/git/torvalds
which allows local users to /linux.git/commit/
?id=c3c87e77045
gain privileges via a crafted
8aa004bd7ed3f2
application, related to the 9945ff436fd6511
perf_pmu_register and
perf_event_open functions
Kernel 3.4.5 CVE-20 Race condition in the https://git.kernel.o
16-9794 snd_pcm_period_elapsed rg/pub/scm/linux/
function in kernel/git/torvalds
sound/core/pcm_lib.c in the /linux.git/commit/
?id=3aa02cb664c
ALSA subsystem in the Linux
5fb1042958c8d1
kernel before 4.7 allows local aa8c35055a2ebc
users to cause a denial of 4
service (use-after-free) or
possibly have unspecified
other impact via a crafted
SNDRV_PCM_TRIGGER_STAR
T command.
Kernel 3.4.5 The xfrm_replay_verify_len https://git.kernel.o
function in rg/pub/scm/linux/
net/xfrm/xfrm_user.c in the kernel/git/torvalds
Linux kernel through 4.10.6 /linux.git/commit/
?id=677e806da4
does not validate certain size
d9160525853017
data after an 85d847c3b3e618
XFRM_MSG_NEWAE update, 6a
which allows local users to
obtain root privileges or
cause a denial of service
(heap-based out-of-bounds
access) by leveraging the
CAP_NET_ADMIN capability,
as demonstrated during a
Pwn2Own competition at
CanSecWest 2017 for the
Ubuntu 16.10 linux-image-*
package 4.8.0.41.52.
Iptables 1.4.11. CVE-20 extensions/libxt_tcp.c in http://www.spinic
1 12-2663 iptables through 1.4.21 does s.net/lists/netfilter
not match TCP SYN+FIN -devel/msg21248.
html
Page 31
B310s-927 Firmware Release Notes V13.0 CONFIDENTIAL
Page 32
B310s-927 Firmware Release Notes V13.0 CONFIDENTIAL
Page 33
B310s-927 Firmware Release Notes V13.0 CONFIDENTIAL
Fix details:
The fix is designed to only
drop the dst packet if it's safe
to do so.
Kernel 3.4.5 CVE-20 Technical details: NA
17-0710 A process with
CAP_SYS_RESOURCE
bypasses the permission
check allowing arbitrary
ptrace access.
Fix details:
The fix replaced
CAP_SYS_RESOURCE with
CAP_SYS_PTRACE for
processes needing ptrace
capability, and removed the
CAP_SYS_RESOURCE bypass.
Ffmpeg 2.6.6 CVE-20 FFmpeg before 2017-01-23 https://github.com
17-7866 has an out-of-bounds write /FFmpeg/FFmpe
caused by a stack-based g/commit/e371f03
buffer overflow related to the 1b942d73e02c09
0170975561fabd
decode_zbuf function in
5c264
libavcodec/pngdec.c.
Ffmpeg 2.6.6 CVE-20 Ffmpeg 2.6.6
16-2329
CVE-20 The read_gab2_sub function https://git.ffmpeg.
16-7905 in libavformat/avidec.c in org/gitweb/ffmpeg
FFmpeg before 3.1.4 allows .git/commit/622cc
remote attackers to cause a bd8ab894e3ac6c
df607e3d4f39e40
denial of service (NULL 6786e9
pointer used) via a crafted
AVI file.
Ffmpeg 2.6.6 CVE-20 The avi_read_seek function https://git.ffmpeg.
16-7785 in libavformat/avidec.c in org/gitweb/ffmpeg
FFmpeg before 3.1.4 allows .git/commit/c8c5f
remote attackers to cause a 66b42edc37474b
aa5cb51460cbf6f
denial of service (assert fault)
33075b
via a crafted AVI file.
Ffmpeg 2.6.6 CVE-20 The Linux kernel before 3.12, https://git.kernel.o
13-4470 when UDP Fragmentation rg/pub/scm/linux/
Offload (UFO) is enabled, kernel/git/torvalds
/linux.git/commit/
does not properly initialize
?id=c547dbf55d5f
certain data structures, which
8cf615ccc0e7265
allows local users to cause a e98db27d3fb8b
denial of service (memory
corruption and system crash)
or possibly gain privileges via
a crafted application that
uses the UDP_CORK option in
a setsockopt system call and
sends both short and long
packets, related to the
Page 34
B310s-927 Firmware Release Notes V13.0 CONFIDENTIAL
ip_ufo_append_data function
in net/ipv4/ip_output.c and
the ip6_ufo_append_data
function in
net/ipv6/ip6_output.c.
Ffmpeg 2.6.6 CVE-20 The validate_event function https://git.kernel.o
13-4254 in rg/pub/scm/linux/
arch/arm/kernel/perf_event.c kernel/git/torvalds
in the Linux kernel before /linux.git/commit/
?id=c95eb3184ea
3.10.8 on the ARM platform
1a3a2551df5719
allows local users to gain 0c81da695e2144
privileges or cause a denial of b
service (NULL pointer
dereference and system
crash) by adding a hardware
event to an event group led
by a software event.
Ffmpeg 2.6.6 CVE-20 Integer overflow in the https://git.kernel.o
13-2596 fb_mmap function in rg/pub/scm/linux/
drivers/video/fbmem.c in the kernel/git/torvalds
Linux kernel before 3.8.9, as /linux.git/commit/
?id=b4cbb197c7e
used in a certain Motorola
7a68dbad0d4912
build of Android 4.1.2 and 42e3ca67420c13
other products, allows local e
users to create a read-write
memory mapping for the
entirety of kernel memory,
and consequently gain
privileges, via crafted
/dev/graphics/fb0 mmap2
system calls, as
demonstrated by the
Motochopper pwn program.
Ffmpeg 2.6.6 CVE-20 https://git.kernel.o
14-4653 sound/core/control.c in the rg/pub/scm/linux/
ALSA control kernel/git/torvalds
implementation in the Linux /linux.git/commit/
kernel before 3.15.2 does ?id=fd9f26e4eca5
not ensure possession of a d08a27d12c0933
read/write lock, which fceef76ed9663d
allows local users to cause a
denial of service
(use-after-free) and obtain
sensitive information from
kernel memory by
leveraging
/dev/snd/controlCX access.
Ffmpeg 2.6.6 CVE-20 Use-after-free vulnerability in https://git.kernel.o
13-1767 the shmem_remount_fs rg/pub/scm/linux/
function in mm/shmem.c in kernel/git/torvalds
the Linux kernel before /linux.git/commit/
?id=5f00110f727
Page 35
B310s-927 Firmware Release Notes V13.0 CONFIDENTIAL
Page 36
B310s-927 Firmware Release Notes V13.0 CONFIDENTIAL
Page 37
B310s-927 Firmware Release Notes V13.0 CONFIDENTIAL
Page 38
B310s-927 Firmware Release Notes V13.0 CONFIDENTIAL
to the ida_locked_ioctl
function in
drivers/block/cpqarray.c or
(2) a crafted
CCISS_PASSTHRU32
command for a /dev/cciss
device, related to the
cciss_ioctl32_passthru
function in
drivers/block/cciss.c.
Ffmpeg 2.6.6 CVE-20 Three errors resulting in https://git.kernel.o
13-2548 kernel memory disclosure: rg/pub/scm/linux/
kernel/git/torvalds
1/ The structures used for /linux.git/commit/
?id=9a5467bf7b6
the netlink based crypto
e9e02ec9c3da4e
algorithm report API 23747c05faeaac6
are located on the stack. As
snprintf() does not fill the
remainder of
the buffer with null bytes,
those stack bytes will be
disclosed to users
of the API. Switch to
strncpy() to fix this.
2/ crypto_report_one() does
not initialize all field of struct
crypto_user_alg. Fix this to
fix the heap info leak.
Page 40
B310s-927 Firmware Release Notes V13.0 CONFIDENTIAL
CVE-2014-3568 fix.
linux 3.4.5 CVE-20 The sock_setsockopt function https://git.kernel.o
kernel 12-6704 in net/core/sock.c in the rg/pub/scm/linux/
Linux kernel before 3.5 kernel/git/torvalds
mishandles negative values /linux.git/commit/
?id=8298193012
of sk_sndbuf and sk_rcvbuf, 5abfd39d7c8378
which allows local users to a9cfdf5e1be2002
cause a denial of service b
(memory corruption and
system crash) or possibly
have unspecified other
impact by leveraging the
CAP_NET_ADMIN capability
for a crafted setsockopt
system call with the (1)
SO_SNDBUF or (2)
SO_RCVBUF option.
Openssl 1.0.1e CVE-20 Double free vulnerability in https://git.openssl
16-0705 the dsa_priv_decode function .org/?p=openssl.g
in crypto/dsa/dsa_ameth.c in it;a=commit;h=6c
OpenSSL 1.0.1 before 1.0.1s 88c71b4e4825c7
bc0489306d062d
and 1.0.2 before 1.0.2g
017634eb88
allows remote attackers to
cause a denial of service
(memory corruption) or
possibly have unspecified
other impact via a malformed
DSA private key.
linux 3.4.5 CVE-20 The handling of the https://git.kernel.o
kernel 17-1066 might_cancel queueing is not rg/pub/scm/linux/
1 properly protected, so kernel/git/stable/li
parallel operations on the file nux-stable.git/co
mmit/?id=1e38da
descriptor could race with
300e1e395a1504
each other and lead to list 8b0af1e5305bd9
corruptions or use after free. 1402f6
linux 3.4.5 CVE-20 The KEYS subsystem in the
kernel 17-7472 Linux kernel before 4.10.13
allows local users to cause a
denial of service (memory
consumption) via a series of
KEY_REQKEY_DEFL_THREAD
_KEYRING
https://git.kernel.org/pub/sc
m/linux/kernel/git/torvalds/li
nux.git/commit/?id=c9f838d1
04fed6f2f61d68164712e3204
bf5271bkeyctl_set_reqkey_k
eyring calls.
linux 3.4.5 CVE-20 The tcp_splice_read function https://git.kernel.o
kernel 17-6214 in net/ipv4/tcp.c in the Linux rg/pub/scm/linux/
kernel before 4.9.11 allows kernel/git/torvalds
/linux.git/commit/
Page 41
B310s-927 Firmware Release Notes V13.0 CONFIDENTIAL
Page 42
B310s-927 Firmware Release Notes V13.0 CONFIDENTIAL
Page 43
B310s-927 Firmware Release Notes V13.0 CONFIDENTIAL
https://git.kernel.o
rg/cgit/linux/kerne
l/git/davem/net.git
/commit/?id=4ab4
Page 47
B310s-927 Firmware Release Notes V13.0 CONFIDENTIAL
2d78e37a294ac7
bc56901d563c64
2e03c4ae
Page 48
B310s-927 Firmware Release Notes V13.0 CONFIDENTIAL
e24204299b462b
d1383184a5
Kernel CVE-201 The snd_timer_user_params function in http://git.
6-4569 sound/core/timer.c in the Linux kernel kernel.or
through 4.6 does not initialize a certain g/cgit/lin
data structure, which allows local users ux/kerne
to obtain sensitive information from l/git/torv
kernel stack memory via crafted use of alds/linu
the ALSA timer interface. x.git/co
mmit/?id
=cec8f9
6e49d9b
e372fdb
0c3836d
cf31ec7
1e457e
Kernel CVE-201 The fuse_fill_write_pages function in http://git.kernel.or
5-8785 fs/fuse/file.c in the Linux kernel before g/cgit/linux/kernel
4.4 allows local users to cause a denial of /git/torvalds/linux.
service (infinite loop) via a writev git/commit/?id=3c
system call that triggers a zero length for a8138f014a913f9
the first segment of an iov. 8e6ef40e939868
e1e9ea876
Kernel CVE-201 sound/core/timer.c in the Linux kernel http://git.kernel.or
6-2546 before 4.4.1 uses an incorrect type of g/cgit/linux/kernel
mutex, which allows local users to cause /git/torvalds/linux.
a denial of service (race condition, git/commit/?id=af
use-after-free, and system crash) via a 368027a49a751d
crafted ioctl call. 6ff4ee9e3f9961f3
5bb4fede
Kernel CVE-201 The Linux kernel before 4.5 allows local http://git.kernel.or
6-2550 users to bypass file-descriptor limits and g/cgit/linux/kernel
cause a denial of service (memory /git/torvalds/linux.
consumption) by leveraging incorrect git/commit/?id=41
tracking of descriptor ownership and 5e3d3e90ce9e18
sending each descriptor over a UNIX 727e8843ae343e
socket before closing it. NOTE: this da5a58fad6
vulnerability exists because of an
incorrect fix for CVE-2013-4312.
Kernel CVE-201 fs/pipe.c in the Linux kernel before 4.5 http://git.kernel.or
6-2847 does not limit the amount of unread data g/cgit/linux/kernel
in pipes, which allows local users to /git/torvalds/linux.
cause a denial of service (memory git/commit/?id=75
consumption) by creating many pipes 9c01142a5d0f36
with non-default sizes. 4a462346168a56
de28a80f52
Andriod CVE-20 KEYS: fix dereferencing NULL https://git.kernel.o
17-1527 payload with nonzero length rg/pub/scm/linux/
4 kernel/git/torvalds
/linux.git/commit/
?id=5649645d72
5c73df4302428e
e4e02c869248b4
c5
Andriod CVE-20 KEYS: prevent KEYCTL_READ https://git.kernel.o
17-1219 on negative key rg/pub/scm/linux/
2 kernel/git/torvalds
Page 49
B310s-927 Firmware Release Notes V13.0 CONFIDENTIAL
/linux.git/commit/
?id=37863c43b2c
6464f252862bf2e
9768264e961678
Andriod CVE-20 packet: fix tp_reserve race in https://git.kernel.o
17-1000 packet_set_ring rg/pub/scm/linux/
111 kernel/git/torvalds
/linux.git/commit/
?id=c27927e372f
0785f3303e8fad9
4b85945e2c97b7
Kernel CVE-201 The futex_requeue function in http://git.kernel.org/
8-6927 kernel/futex.c in the Linux kernel cgit/linux/kernel/git/
before 4.14.15 might allow torvalds/linux.git/co
mmit/?id=fbe0e839d
attackers to cause a denial of
1e22d88810f3ee3e2
service (integer overflow) or f1479be4c0aa4a
possibly have unspecified other
impact by triggering a negative
wake or requeue value.
Kernel 3.4.5 CVE-201 A flaw was found in the Linux https://github.com/to
8-1068 rvalds/linux/commit/
4.x kernel's implementation b71812168571fa55e
of 32-bit syscall interface for 44cdd0254471331b
bridging. This allowed a 9c4c4c6
privileged user to arbitrarily
write to a limited range of
kernel memory.
Kernel 3.4.5 CVE-201 The
7-17558
usb_destroy_configuration
function in
drivers/usb/core/config.c in
the USB core subsystem in
the Linux kernel through
4.14.5 does not consider the
maximum number of
configurations and interfaces
before attempting to release
resources, which allows local
users to cause a denial of
service (out-of-bounds write
access) or possibly have
unspecified other impact via
a crafted USB device.
Kernel 3.4.5 CVE-201 The raw_sendmsg() function CONFIRM:http://git
7-17712
in net/ipv4/raw.c in the Linux .kernel.org/cgit/linu
x/kernel/git/torvalds/
kernel through 4.14.6 has a
linux.git/commit/?id
race condition in =8f659a03a0ba9289
inet->hdrincl that leads to b9aeb9b4470e6fb26
uninitialized stack pointer 3d6f483
usage; this allows a local
user to execute code and
gain privileges.
Kernel 3.4.5 CVE-201 drivers/usb/core/config.c in MISC:https://github.
7-16531
the Linux kernel before com/torvalds/linux/c
Page 50
B310s-927 Firmware Release Notes V13.0 CONFIDENTIAL
Page 51