Vulnerabilities > CVE-2012-2373 - Race Condition vulnerability in Linux Kernel
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The Linux kernel before 3.4.5 on the x86 platform, when Physical Address Extension (PAE) is enabled, does not properly use the Page Middle Directory (PMD), which allows local users to cause a denial of service (panic) via a crafted application that triggers a race condition.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 15 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Leveraging Race Conditions This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
- Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1532-1.NASL description An error was discovered in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 61510 published 2012-08-13 reporter Ubuntu Security Notice (C) 2012 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61510 title USN-1532-1 : linux-ti-omap4 vulnerabilities code # This script was automatically generated from Ubuntu Security # Notice USN-1532-1. It is released under the Nessus Script # Licence. # # Ubuntu Security Notices are (C) Canonical, Inc. # See http://www.ubuntu.com/usn/ # Ubuntu(R) is a registered trademark of Canonical, Inc. if (!defined_func("bn_random")) exit(0); include("compat.inc"); if (description) { script_id(61510); script_version("$Revision: 1.3 $"); script_cvs_date("$Date: 2016/12/01 20:56:51 $"); script_cve_id("CVE-2012-2136", "CVE-2012-2373", "CVE-2012-3375", "CVE-2012-3400"); script_xref(name:"USN", value:"1532-1"); script_name(english:"USN-1532-1 : linux-ti-omap4 vulnerabilities"); script_summary(english:"Checks dpkg output for updated package(s)"); script_set_attribute(attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches."); script_set_attribute(attribute:"description", value: "An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. (CVE-2012-2136) Ulrich Obergfell discovered an error in the Linux kernel's memory management subsystem on 32 bit PAE systems with more than 4GB of memory installed. A local unprivileged user could exploit this flaw to crash the system. (CVE-2012-2373) A flaw was discovered in the Linux kernel's epoll system call. An unprivileged local user could use this flaw to crash the system. (CVE-2012-3375) Some errors where discovered in the Linux kernel's UDF file system, which is used to mount some CD-ROMs and DVDs. An unprivileged local user could use these flaws to crash the system. (CVE-2012-3400)"); script_set_attribute(attribute:"see_also", value:"http://www.ubuntu.com/usn/usn-1532-1/"); script_set_attribute(attribute:"solution", value:"Update the affected package(s)."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"patch_publication_date", value:"2012/08/10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Ubuntu Local Security Checks"); script_copyright("Ubuntu Security Notice (C) 2012 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("ubuntu.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/Ubuntu/release")) exit(0, "The host is not running Ubuntu."); if (!get_kb_item("Host/Debian/dpkg-l")) exit(1, "Could not obtain the list of installed packages."); flag = 0; if (ubuntu_check(osver:"11.10", pkgname:"linux-image-3.0.0-1214-omap4", pkgver:"3.0.0-1214.26")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:ubuntu_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-2020.NASL description Description of changes: * CVE-2012-2123: Privilege escalation when assigning permissions using fcaps. If a process increases permissions using fcaps, all of the dangerous personality flags which are cleared for suid apps are not cleared. This has allowed programs that gained elevated permissions using fcaps to disable the address space randomization of other processes. * CVE-2012-2121: Memory leak in KVM device assignment. KVM uses memory slots to track and map guest regions of memory. When device assignment is used, the pages backing these slots are pinned in memory and mapped into the iommu. The problem is that when a memory slot is destroyed the pages for the associated memory slot are neither unpinned nor unmapped from the iommu. * Memory corruption in KVM device assignment slot handling. A race condition in the KVM device assignment slot handling caused by missing locks around the unmapping of memory slots could cause a memory corruption. * CVE-2012-2136: Privilege escalation in TUN/TAP virtual device. The length of packet fragments to be sent wasn last seen 2020-06-01 modified 2020-06-02 plugin id 68675 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68675 title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2020) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Oracle Linux Security Advisory ELSA-2012-2020. # include("compat.inc"); if (description) { script_id(68675); script_version("1.11"); script_cvs_date("Date: 2019/09/30 10:58:17"); script_cve_id("CVE-2012-1179", "CVE-2012-2121", "CVE-2012-2123", "CVE-2012-2136", "CVE-2012-2137", "CVE-2012-2373"); script_name(english:"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2020)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Description of changes: * CVE-2012-2123: Privilege escalation when assigning permissions using fcaps. If a process increases permissions using fcaps, all of the dangerous personality flags which are cleared for suid apps are not cleared. This has allowed programs that gained elevated permissions using fcaps to disable the address space randomization of other processes. * CVE-2012-2121: Memory leak in KVM device assignment. KVM uses memory slots to track and map guest regions of memory. When device assignment is used, the pages backing these slots are pinned in memory and mapped into the iommu. The problem is that when a memory slot is destroyed the pages for the associated memory slot are neither unpinned nor unmapped from the iommu. * Memory corruption in KVM device assignment slot handling. A race condition in the KVM device assignment slot handling caused by missing locks around the unmapping of memory slots could cause a memory corruption. * CVE-2012-2136: Privilege escalation in TUN/TAP virtual device. The length of packet fragments to be sent wasn't validated before use, leading to heap overflow. A user having access to TUN/TAP virtual device could use this flaw to crash the system or to potentially escalate their privileges. * CVE-2012-2137: Buffer overflow in KVM MSI routing entry handler. A buffer overflow flaw was found in the setup_routing_entry() function in the KVM subsystem of the Linux kernel in the way the Message Signaled Interrupts (MSI) routing entry was handled. A local, unprivileged user could use this flaw to cause a denial of service or, possibly, escalate their privileges. * CVE-2012-1179 and CVE-2012-2373: Hugepage denial of service. CVE-2012-1179: Denial of service in page mapping of the hugepage subsystem. In some cases, the hugepage subsystem would allocate new PMDs when not expected by the memory management subsystem. A privileged user in the KVM guest can use this flaw to crash the host, an unprivileged local user could use this flaw to crash the system. CVE-2012-2373: Denial of service in PAE page tables. On a PAE system, a non-atomic load could be corrupted by a page fault resulting in a kernel crash, triggerable by an unprivileged user. * Regression in handling of bind() with AF_UNSPEC family sockets. Legacy applications used to bind() with AF_UNSPEC instead of AF_INET. Allow them to continue doing so, but verify that the address is indeed INADDR_ANY. kernel-uek: [2.6.32-300.27.1.el6uek] - net: sock: validate data_len before allocating skb (Jason Wang) [Bugdb: 13966]{CVE-2012-2136} - fcaps: clear the same personality flags as suid when fcaps are used (Eric Paris) [Bugdb: 13966] {CVE-2012-2123} - Revert 'nfs: when attempting to open a directory, fall back on normal lookup (Todd Vierling) [Orabug 14141154] [2.6.32-300.26.1.el6uek] - mptsas: do not call __mptsas_probe in kthread (Maxim Uvarov) [Orabug: 14175509] - mm: check if any page in a pageblock is reserved before marking it MIGRATE_RESERVE (Maxim Uvarov) [Orabug: 14073214] - mm: reduce the amount of work done when updating min_free_kbytes (Mel Gorman) [Orabug: 14073214] - vmxnet3: Updated to el6-u2 (Guangyu Sun) [Orabug: 14027961] - xen: expose host uuid via sysfs. (Zhigang Wang) - sched: Fix cgroup movement of waking process (Daisuke Nishimura) [Orabug: 13946210] - sched: Fix cgroup movement of newly created process (Daisuke Nishimura) [Orabug: 13946210] - sched: Fix cgroup movement of forking process (Daisuke Nishimura) [Orabug: 13946210] - x86, boot: Wait for boot cpu to show up if nr_cpus limit is about to hit (Zhenzhong Duan) [Orabug: 13629087] - smp: Use nr_cpus= to set nr_cpu_ids early (Zhenzhong Duan) [Orabug: 13629087] - net: ipv4: relax AF_INET check in bind() (Maxim Uvarov) [Orabug: 14054411] ofa-2.6.32-300.27.1.el6uek: [1.5.1-4.0.58] - Add Patch 158-169" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2012-June/002870.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2012-June/002871.html" ); script_set_attribute( attribute:"solution", value:"Update the affected unbreakable enterprise kernel packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-firmware"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-300.27.1.el5uek"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-300.27.1.el5uekdebug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-300.27.1.el6uek"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-300.27.1.el6uekdebug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ofa-2.6.32-300.27.1.el5uek"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ofa-2.6.32-300.27.1.el5uekdebug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ofa-2.6.32-300.27.1.el6uek"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ofa-2.6.32-300.27.1.el6uekdebug"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/17"); script_set_attribute(attribute:"patch_publication_date", value:"2012/06/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); include("ksplice.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5 / 6", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2012-1179", "CVE-2012-2121", "CVE-2012-2123", "CVE-2012-2136", "CVE-2012-2137", "CVE-2012-2373"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2012-2020"); } else { __rpm_report = ksplice_reporting_text(); } } kernel_major_minor = get_kb_item("Host/uname/major_minor"); if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level."); expected_kernel_major_minor = "2.6"; if (kernel_major_minor != expected_kernel_major_minor) audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor); flag = 0; if (rpm_exists(release:"EL5", rpm:"kernel-uek-2.6.32") && rpm_check(release:"EL5", reference:"kernel-uek-2.6.32-300.27.1.el5uek")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-uek-debug-2.6.32") && rpm_check(release:"EL5", reference:"kernel-uek-debug-2.6.32-300.27.1.el5uek")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-uek-debug-devel-2.6.32") && rpm_check(release:"EL5", reference:"kernel-uek-debug-devel-2.6.32-300.27.1.el5uek")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-uek-devel-2.6.32") && rpm_check(release:"EL5", reference:"kernel-uek-devel-2.6.32-300.27.1.el5uek")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-uek-doc-2.6.32") && rpm_check(release:"EL5", reference:"kernel-uek-doc-2.6.32-300.27.1.el5uek")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-uek-firmware-2.6.32") && rpm_check(release:"EL5", reference:"kernel-uek-firmware-2.6.32-300.27.1.el5uek")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-uek-headers-2.6.32") && rpm_check(release:"EL5", reference:"kernel-uek-headers-2.6.32-300.27.1.el5uek")) flag++; if (rpm_check(release:"EL5", reference:"mlnx_en-2.6.32-300.27.1.el5uek-1.5.7-2")) flag++; if (rpm_check(release:"EL5", reference:"mlnx_en-2.6.32-300.27.1.el5uekdebug-1.5.7-2")) flag++; if (rpm_check(release:"EL5", reference:"ofa-2.6.32-300.27.1.el5uek-1.5.1-4.0.58")) flag++; if (rpm_check(release:"EL5", reference:"ofa-2.6.32-300.27.1.el5uekdebug-1.5.1-4.0.58")) flag++; if (rpm_exists(release:"EL6", rpm:"kernel-uek-2.6.32") && rpm_check(release:"EL6", reference:"kernel-uek-2.6.32-300.27.1.el6uek")) flag++; if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-2.6.32") && rpm_check(release:"EL6", reference:"kernel-uek-debug-2.6.32-300.27.1.el6uek")) flag++; if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-devel-2.6.32") && rpm_check(release:"EL6", reference:"kernel-uek-debug-devel-2.6.32-300.27.1.el6uek")) flag++; if (rpm_exists(release:"EL6", rpm:"kernel-uek-devel-2.6.32") && rpm_check(release:"EL6", reference:"kernel-uek-devel-2.6.32-300.27.1.el6uek")) flag++; if (rpm_exists(release:"EL6", rpm:"kernel-uek-doc-2.6.32") && rpm_check(release:"EL6", reference:"kernel-uek-doc-2.6.32-300.27.1.el6uek")) flag++; if (rpm_exists(release:"EL6", rpm:"kernel-uek-firmware-2.6.32") && rpm_check(release:"EL6", reference:"kernel-uek-firmware-2.6.32-300.27.1.el6uek")) flag++; if (rpm_exists(release:"EL6", rpm:"kernel-uek-headers-2.6.32") && rpm_check(release:"EL6", reference:"kernel-uek-headers-2.6.32-300.27.1.el6uek")) flag++; if (rpm_check(release:"EL6", reference:"mlnx_en-2.6.32-300.27.1.el6uek-1.5.7-0.1")) flag++; if (rpm_check(release:"EL6", reference:"mlnx_en-2.6.32-300.27.1.el6uekdebug-1.5.7-0.1")) flag++; if (rpm_check(release:"EL6", reference:"ofa-2.6.32-300.27.1.el6uek-1.5.1-4.0.58")) flag++; if (rpm_check(release:"EL6", reference:"ofa-2.6.32-300.27.1.el6uekdebug-1.5.1-4.0.58")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel"); }
NASL family SuSE Local Security Checks NASL id SUSE_11_KERNEL-120620.NASL description The SUSE Linux Enterprise 11 SP2 kernel was updated to 3.0.34, fixing a lot of bugs and security issues. The update from Linux kernel 3.0.31 to 3.0.34 also fixes various bugs not listed here. The following security issues have been fixed : - Local attackers could trigger an overflow in sock_alloc_send_pksb(), potentially crashing the machine or escalate privileges. (CVE-2012-2136) - A memory leak in transparent hugepages on mmap failure could be used by local attacker to run the machine out of memory (local denial of service). (CVE-2012-2390) - A malicious guest driver could overflow the host stack by passing a long descriptor, so potentially crashing the host system or escalating privileges on the host. (CVE-2012-2119) - Malicious NFS server could crash the clients when more than 2 GETATTR bitmap words are returned in response to the FATTR4_ACL attribute requests, only incompletely fixed by CVE-2011-4131. (CVE-2012-2375) The following non-security bugs have been fixed : Hyper-V : - storvsc: Properly handle errors from the host. (bnc#747404) - HID: hid-hyperv: Do not use hid_parse_report() directly. - HID: hyperv: Set the hid drvdata correctly. - drivers/hv: Get rid of an unnecessary check in vmbus_prep_negotiate_resp(). - drivers/hv: util: Properly handle version negotiations. - hv: fix return type of hv_post_message(). - net/hyperv: Add flow control based on hi/low watermark. - usb/net: rndis: break out <1/rndis.h> defines. only net/hyperv part - usb/net: rndis: remove ambiguous status codes. only net/hyperv part - usb/net: rndis: merge command codes. only net/hyperv part - net/hyperv: Adding cancellation to ensure rndis filter is closed. - update hv drivers to 3.4-rc1, requires new hv_kvp_daemon : - drivers: hv: kvp: Add/cleanup connector defines. - drivers: hv: kvp: Move the contents of hv_kvp.h to hyperv.h. - net/hyperv: Convert camel cased variables in rndis_filter.c to lower cases. - net/hyperv: Correct the assignment in netvsc_recv_callback(). - net/hyperv: Remove the unnecessary memset in rndis_filter_send(). - drivers: hv: Cleanup the kvp related state in hyperv.h. - tools: hv: Use hyperv.h to get the KVP definitions. - drivers: hv: kvp: Cleanup the kernel/user protocol. - drivers: hv: Increase the number of VCPUs supported in the guest. - net/hyperv: Fix data corruption in rndis_filter_receive(). - net/hyperv: Add support for vlan trunking from guests. - Drivers: hv: Add new message types to enhance KVP. - Drivers: hv: Support the newly introduced KVP messages in the driver. - Tools: hv: Fully support the new KVP verbs in the user level daemon. - Tools: hv: Support enumeration from all the pools. - net/hyperv: Fix the code handling tx busy. - patches.suse/suse-hv-pata_piix-ignore-disks.patch replace our version of this patch with upstream variant: ata_piix: defer disks to the Hyper-V drivers by default libata: add a host flag to ignore detected ATA devices. Btrfs : - btrfs: more module message prefixes. - vfs: re-implement writeback_inodes_sb(_nr)_if_idle() and rename them - btrfs: flush all the dirty pages if try_to_writeback_inodes_sb_nr() fails - vfs: re-implement writeback_inodes_sb(_nr)_if_idle() and rename them - btrfs: fix locking in btrfs_destroy_delayed_refs - btrfs: wake up transaction waiters when aborting a transaction - btrfs: abort the transaction if the commit fails - btrfs: fix btrfs_destroy_marked_extents - btrfs: unlock everything properly in the error case for nocow - btrfs: fix return code in drop_objectid_items - btrfs: check to see if the inode is in the log before fsyncing - btrfs: pass locked_page into extent_clear_unlock_delalloc if theres an error - btrfs: check the return code of btrfs_save_ino_cache - btrfs: do not update atime for RO snapshots (FATE#306586). - btrfs: convert the inode bit field to use the actual bit operations - btrfs: fix deadlock when the process of delayed refs fails - btrfs: stop defrag the files automatically when doin readonly remount or umount - btrfs: avoid memory leak of extent state in error handling routine - btrfs: make sure that we have made everything in pinned tree clean - btrfs: destroy the items of the delayed inodes in error handling routine - btrfs: ulist realloc bugfix - btrfs: bugfix in btrfs_find_parent_nodes - btrfs: bugfix: ignore the wrong key for indirect tree block backrefs - btrfs: avoid buffer overrun in btrfs_printk - btrfs: fall back to non-inline if we do not have enough space - btrfs: NUL-terminate path buffer in DEV_INFO ioctl result - btrfs: avoid buffer overrun in mount option handling - btrfs: do not do balance in readonly mode - btrfs: fix the same inode id problem when doing auto defragment - btrfs: fix wrong error returned by adding a device - btrfs: use fastpath in extent state ops as much as possible Misc : - tcp: drop SYN+FIN messages. (bnc#765102) - mm: avoid swapping out with swappiness==0 (swappiness). - thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE. (bnc#762991) - paravirt: Split paravirt MMU ops (bnc#556135, bnc#754690, FATE#306453). - paravirt: Only export pv_mmu_ops symbol if PARAVIRT_MMU - parvirt: Stub support KABI for KVM_MMU (bnc#556135, bnc#754690, FATE#306453). - tmpfs: implement NUMA node interleaving. (bnc#764209) - synaptics-hp-clickpad: Fix the detection of LED on the recent HP laptops. (bnc#765524) - supported.conf: mark xt_AUDIT as supported. (bnc#765253) - mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition. (bnc#762991 / CVE-2012-2373) - xhci: Do not free endpoints in xhci_mem_cleanup(). (bnc#763307) - xhci: Fix invalid loop check in xhci_free_tt_info(). (bnc#763307) - drm: Skip too big EDID extensions. (bnc#764900) - drm/i915: Add HP EliteBook to LVDS-temporary-disable list. (bnc#763717) - hwmon: (fam15h_power) Increase output resolution. (bnc#759336) - hwmon: (k10temp) Add support for AMD Trinity CPUs. (bnc#759336) - rpm/kernel-binary.spec.in: Own the right -kdump initrd. (bnc#764500) - memcg: prevent from OOM with too many dirty pages. - dasd: re-prioritize partition detection message (bnc#764091,LTC#81617). - kernel: pfault task state race (bnc#764091,LTC#81724). - kernel: clear page table for sw large page emulation (bnc#764091,LTC#81933). - USB: fix bug of device descriptor got from superspeed device. (bnc#761087) - xfrm: take net hdr len into account for esp payload size calculation. (bnc#759545) - st: clean up dev cleanup in st_probe. (bnc#760806) - st: clean up device file creation and removal. (bnc#760806) - st: get rid of scsi_tapes array. (bnc#760806) - st: raise device limit. (bnc#760806) - st: Use static class attributes. (bnc#760806) - mm: Optimize put_mems_allowed() usage (VM performance). - cifs: fix oops while traversing open file list (try #4). (bnc#756050) - scsi: Fix dm-multipath starvation when scsi host is busy. (bnc#763485) - dasd: process all requests in the device tasklet. (bnc#763267) - rt2x00:Add RT539b chipset support. (bnc#760237) - kabi/severities: Ignore changes in drivers/net/wireless/rt2x00, these are just exports used among the rt2x00 modules. - rt2800: radio 3xxx: reprogram only lower bits of RF_R3. (bnc#759805) - rt2800: radio 3xxx: program RF_R1 during channel switch. (bnc#759805) - rt2800: radio 3xxxx: channel switch RX/TX calibration fixes. (bnc#759805) - rt2x00: Avoid unnecessary uncached. (bnc#759805) - rt2x00: Introduce sta_add/remove callbacks. (bnc#759805) - rt2x00: Add WCID to crypto struct. (bnc#759805) - rt2x00: Add WCID to HT TX descriptor. (bnc#759805) - rt2x00: Move bssidx calculation into its own function. (bnc#759805) - rt2x00: Make use of sta_add/remove callbacks in rt2800. (bnc#759805) - rt2x00: Forbid aggregation for STAs not programmed into the hw. (bnc#759805) - rt2x00: handle spurious pci interrupts. (bnc#759805) - rt2800: disable DMA after firmware load. - rt2800: radio 3xxx: add channel switch calibration routines. (bnc#759805) - rpm/kernel-binary.spec.in: Obsolete ath3k, as it is now in the tree. - floppy: remove floppy-specific O_EXCL handling. (bnc#757315) - floppy: convert to delayed work and single-thread wq. (bnc#761245) last seen 2020-06-05 modified 2013-01-25 plugin id 64175 published 2013-01-25 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64175 title SuSE 11.2 Security Update : Linux kernel (SAT Patch Number 6463) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(64175); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2011-4131", "CVE-2012-2119", "CVE-2012-2136", "CVE-2012-2373", "CVE-2012-2375", "CVE-2012-2390"); script_name(english:"SuSE 11.2 Security Update : Linux kernel (SAT Patch Number 6463)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The SUSE Linux Enterprise 11 SP2 kernel was updated to 3.0.34, fixing a lot of bugs and security issues. The update from Linux kernel 3.0.31 to 3.0.34 also fixes various bugs not listed here. The following security issues have been fixed : - Local attackers could trigger an overflow in sock_alloc_send_pksb(), potentially crashing the machine or escalate privileges. (CVE-2012-2136) - A memory leak in transparent hugepages on mmap failure could be used by local attacker to run the machine out of memory (local denial of service). (CVE-2012-2390) - A malicious guest driver could overflow the host stack by passing a long descriptor, so potentially crashing the host system or escalating privileges on the host. (CVE-2012-2119) - Malicious NFS server could crash the clients when more than 2 GETATTR bitmap words are returned in response to the FATTR4_ACL attribute requests, only incompletely fixed by CVE-2011-4131. (CVE-2012-2375) The following non-security bugs have been fixed : Hyper-V : - storvsc: Properly handle errors from the host. (bnc#747404) - HID: hid-hyperv: Do not use hid_parse_report() directly. - HID: hyperv: Set the hid drvdata correctly. - drivers/hv: Get rid of an unnecessary check in vmbus_prep_negotiate_resp(). - drivers/hv: util: Properly handle version negotiations. - hv: fix return type of hv_post_message(). - net/hyperv: Add flow control based on hi/low watermark. - usb/net: rndis: break out <1/rndis.h> defines. only net/hyperv part - usb/net: rndis: remove ambiguous status codes. only net/hyperv part - usb/net: rndis: merge command codes. only net/hyperv part - net/hyperv: Adding cancellation to ensure rndis filter is closed. - update hv drivers to 3.4-rc1, requires new hv_kvp_daemon : - drivers: hv: kvp: Add/cleanup connector defines. - drivers: hv: kvp: Move the contents of hv_kvp.h to hyperv.h. - net/hyperv: Convert camel cased variables in rndis_filter.c to lower cases. - net/hyperv: Correct the assignment in netvsc_recv_callback(). - net/hyperv: Remove the unnecessary memset in rndis_filter_send(). - drivers: hv: Cleanup the kvp related state in hyperv.h. - tools: hv: Use hyperv.h to get the KVP definitions. - drivers: hv: kvp: Cleanup the kernel/user protocol. - drivers: hv: Increase the number of VCPUs supported in the guest. - net/hyperv: Fix data corruption in rndis_filter_receive(). - net/hyperv: Add support for vlan trunking from guests. - Drivers: hv: Add new message types to enhance KVP. - Drivers: hv: Support the newly introduced KVP messages in the driver. - Tools: hv: Fully support the new KVP verbs in the user level daemon. - Tools: hv: Support enumeration from all the pools. - net/hyperv: Fix the code handling tx busy. - patches.suse/suse-hv-pata_piix-ignore-disks.patch replace our version of this patch with upstream variant: ata_piix: defer disks to the Hyper-V drivers by default libata: add a host flag to ignore detected ATA devices. Btrfs : - btrfs: more module message prefixes. - vfs: re-implement writeback_inodes_sb(_nr)_if_idle() and rename them - btrfs: flush all the dirty pages if try_to_writeback_inodes_sb_nr() fails - vfs: re-implement writeback_inodes_sb(_nr)_if_idle() and rename them - btrfs: fix locking in btrfs_destroy_delayed_refs - btrfs: wake up transaction waiters when aborting a transaction - btrfs: abort the transaction if the commit fails - btrfs: fix btrfs_destroy_marked_extents - btrfs: unlock everything properly in the error case for nocow - btrfs: fix return code in drop_objectid_items - btrfs: check to see if the inode is in the log before fsyncing - btrfs: pass locked_page into extent_clear_unlock_delalloc if theres an error - btrfs: check the return code of btrfs_save_ino_cache - btrfs: do not update atime for RO snapshots (FATE#306586). - btrfs: convert the inode bit field to use the actual bit operations - btrfs: fix deadlock when the process of delayed refs fails - btrfs: stop defrag the files automatically when doin readonly remount or umount - btrfs: avoid memory leak of extent state in error handling routine - btrfs: make sure that we have made everything in pinned tree clean - btrfs: destroy the items of the delayed inodes in error handling routine - btrfs: ulist realloc bugfix - btrfs: bugfix in btrfs_find_parent_nodes - btrfs: bugfix: ignore the wrong key for indirect tree block backrefs - btrfs: avoid buffer overrun in btrfs_printk - btrfs: fall back to non-inline if we do not have enough space - btrfs: NUL-terminate path buffer in DEV_INFO ioctl result - btrfs: avoid buffer overrun in mount option handling - btrfs: do not do balance in readonly mode - btrfs: fix the same inode id problem when doing auto defragment - btrfs: fix wrong error returned by adding a device - btrfs: use fastpath in extent state ops as much as possible Misc : - tcp: drop SYN+FIN messages. (bnc#765102) - mm: avoid swapping out with swappiness==0 (swappiness). - thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE. (bnc#762991) - paravirt: Split paravirt MMU ops (bnc#556135, bnc#754690, FATE#306453). - paravirt: Only export pv_mmu_ops symbol if PARAVIRT_MMU - parvirt: Stub support KABI for KVM_MMU (bnc#556135, bnc#754690, FATE#306453). - tmpfs: implement NUMA node interleaving. (bnc#764209) - synaptics-hp-clickpad: Fix the detection of LED on the recent HP laptops. (bnc#765524) - supported.conf: mark xt_AUDIT as supported. (bnc#765253) - mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition. (bnc#762991 / CVE-2012-2373) - xhci: Do not free endpoints in xhci_mem_cleanup(). (bnc#763307) - xhci: Fix invalid loop check in xhci_free_tt_info(). (bnc#763307) - drm: Skip too big EDID extensions. (bnc#764900) - drm/i915: Add HP EliteBook to LVDS-temporary-disable list. (bnc#763717) - hwmon: (fam15h_power) Increase output resolution. (bnc#759336) - hwmon: (k10temp) Add support for AMD Trinity CPUs. (bnc#759336) - rpm/kernel-binary.spec.in: Own the right -kdump initrd. (bnc#764500) - memcg: prevent from OOM with too many dirty pages. - dasd: re-prioritize partition detection message (bnc#764091,LTC#81617). - kernel: pfault task state race (bnc#764091,LTC#81724). - kernel: clear page table for sw large page emulation (bnc#764091,LTC#81933). - USB: fix bug of device descriptor got from superspeed device. (bnc#761087) - xfrm: take net hdr len into account for esp payload size calculation. (bnc#759545) - st: clean up dev cleanup in st_probe. (bnc#760806) - st: clean up device file creation and removal. (bnc#760806) - st: get rid of scsi_tapes array. (bnc#760806) - st: raise device limit. (bnc#760806) - st: Use static class attributes. (bnc#760806) - mm: Optimize put_mems_allowed() usage (VM performance). - cifs: fix oops while traversing open file list (try #4). (bnc#756050) - scsi: Fix dm-multipath starvation when scsi host is busy. (bnc#763485) - dasd: process all requests in the device tasklet. (bnc#763267) - rt2x00:Add RT539b chipset support. (bnc#760237) - kabi/severities: Ignore changes in drivers/net/wireless/rt2x00, these are just exports used among the rt2x00 modules. - rt2800: radio 3xxx: reprogram only lower bits of RF_R3. (bnc#759805) - rt2800: radio 3xxx: program RF_R1 during channel switch. (bnc#759805) - rt2800: radio 3xxxx: channel switch RX/TX calibration fixes. (bnc#759805) - rt2x00: Avoid unnecessary uncached. (bnc#759805) - rt2x00: Introduce sta_add/remove callbacks. (bnc#759805) - rt2x00: Add WCID to crypto struct. (bnc#759805) - rt2x00: Add WCID to HT TX descriptor. (bnc#759805) - rt2x00: Move bssidx calculation into its own function. (bnc#759805) - rt2x00: Make use of sta_add/remove callbacks in rt2800. (bnc#759805) - rt2x00: Forbid aggregation for STAs not programmed into the hw. (bnc#759805) - rt2x00: handle spurious pci interrupts. (bnc#759805) - rt2800: disable DMA after firmware load. - rt2800: radio 3xxx: add channel switch calibration routines. (bnc#759805) - rpm/kernel-binary.spec.in: Obsolete ath3k, as it is now in the tree. - floppy: remove floppy-specific O_EXCL handling. (bnc#757315) - floppy: convert to delayed work and single-thread wq. (bnc#761245)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=556135" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=735909" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=743579" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=744404" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=747404" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=754690" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=756050" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=757315" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=758243" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=759336" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=759545" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=759805" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=760237" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=760806" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=761087" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=761245" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=762991" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=762992" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=763267" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=763307" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=763485" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=763717" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=764091" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=764150" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=764209" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=764500" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=764900" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=765102" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=765253" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=765320" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=765524" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-4131.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-2119.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-2136.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-2373.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-2375.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-2390.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 6463."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-syms"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-extra"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2012/06/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, "SuSE 11.2"); flag = 0; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-base-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-devel-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-extra-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-source-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-syms-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-base-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-devel-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-extra-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-base-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-devel-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-extra-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-default-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-default-base-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-default-devel-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-ec2-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-ec2-base-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-ec2-devel-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-source-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-syms-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-trace-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-trace-base-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-trace-devel-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-xen-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-xen-base-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-xen-devel-3.0.34-0.7.9")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1539-1.NASL description An error was discovered in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 61549 published 2012-08-15 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61549 title Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1539-1) NASL family Scientific Linux Local Security Checks NASL id SL_20120618_KERNEL_ON_SL6_X.NASL description The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : - A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. (CVE-2012-0044, Important) - A buffer overflow flaw was found in the macvtap device driver, used for creating a bridged network between the guest and the host in KVM (Kernel-based Virtual Machine) environments. A privileged guest user in a KVM guest could use this flaw to crash the host. Note: This issue only affected hosts that have the vhost_net module loaded with the experimental_zcopytx module option enabled (it is not enabled by default), and that also have macvtap configured for at least one guest. (CVE-2012-2119, Important) - When a set user ID (setuid) application is executed, certain personality flags for controlling the application last seen 2020-03-18 modified 2012-08-01 plugin id 61331 published 2012-08-01 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61331 title Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20120618) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-0743.NASL description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. (CVE-2012-0044, Important) * A buffer overflow flaw was found in the macvtap device driver, used for creating a bridged network between the guest and the host in KVM (Kernel-based Virtual Machine) environments. A privileged guest user in a KVM guest could use this flaw to crash the host. Note: This issue only affected hosts that have the vhost_net module loaded with the experimental_zcopytx module option enabled (it is not enabled by default), and that also have macvtap configured for at least one guest. (CVE-2012-2119, Important) * When a set user ID (setuid) application is executed, certain personality flags for controlling the application last seen 2020-06-01 modified 2020-06-02 plugin id 59609 published 2012-06-21 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59609 title CentOS 6 : kernel (CESA-2012:0743) NASL family Fedora Local Security Checks NASL id FEDORA_2012-8890.NASL description Linux v3.3.8 Fixes for CVE-2012-2390 and CVE-2012-2372. Disabled 32bit NX emulation which is suspected of being broken and aligns us more with upstream. Final 3.3.x update before rebasing to the 3.4 kernel series. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-06-14 plugin id 59487 published 2012-06-14 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59487 title Fedora 16 : kernel-3.3.8-1.fc16 (2012-8890) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2012-0042.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix bug number for commit last seen 2020-06-01 modified 2020-06-02 plugin id 79484 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79484 title OracleVM 3.1 : kernel-uek (OVMSA-2012-0042) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-0743.NASL description From Red Hat Security Advisory 2012:0743 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. (CVE-2012-0044, Important) * A buffer overflow flaw was found in the macvtap device driver, used for creating a bridged network between the guest and the host in KVM (Kernel-based Virtual Machine) environments. A privileged guest user in a KVM guest could use this flaw to crash the host. Note: This issue only affected hosts that have the vhost_net module loaded with the experimental_zcopytx module option enabled (it is not enabled by default), and that also have macvtap configured for at least one guest. (CVE-2012-2119, Important) * When a set user ID (setuid) application is executed, certain personality flags for controlling the application last seen 2020-06-01 modified 2020-06-02 plugin id 68544 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68544 title Oracle Linux 6 : kernel (ELSA-2012-0743) NASL family Fedora Local Security Checks NASL id FEDORA_2012-8824.NASL description The 3.4 kernel contains a large number of bug fixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-06-07 plugin id 59390 published 2012-06-07 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59390 title Fedora 17 : kernel-3.4.0-1.fc17 (2012-8824) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-2021.NASL description Description of changes: * CVE-2012-2123: Privilege escalation when assigning permissions using fcaps. If a process increases permissions using fcaps, all of the dangerous personality flags which are cleared for suid apps are not cleared. This has allowed programs that gained elevated permissions using fcaps to disable the address space randomization of other processes. * CVE-2012-2121: Memory leak in KVM device assignment. KVM uses memory slots to track and map guest regions of memory. When device assignment is used, the pages backing these slots are pinned in memory and mapped into the iommu. The problem is that when a memory slot is destroyed the pages for the associated memory slot are neither unpinned nor unmapped from the iommu. * Memory corruption in KVM device assignment slot handling. A race condition in the KVM device assignment slot handling caused by missing locks around the unmapping of memory slots could cause a memory corruption. * CVE-2012-2136: Privilege escalation in TUN/TAP virtual device. The length of packet fragments to be sent wasn last seen 2020-06-01 modified 2020-06-02 plugin id 68676 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68676 title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2021) NASL family Fedora Local Security Checks NASL id FEDORA_2012-8931.NASL description Update to Linux 2.6.43.8 (3.3.8). Disabled 32bit NX emulation. Suspected of being broken and it deviates from upstream. Unless there are further security issues, this will likely be the last F15 kernel update before End-of-Life. The 3.3.7 stable kernel contains a number of important bug fixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-06-25 plugin id 59661 published 2012-06-25 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59661 title Fedora 15 : kernel-2.6.43.8-1.fc15 (2012-8931) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1514-1.NASL description A flaw was discovered in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 61506 published 2012-08-13 reporter Ubuntu Security Notice (C) 2012 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61506 title USN-1514-1 : linux-ti-omap4 vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-0743.NASL description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. (CVE-2012-0044, Important) * A buffer overflow flaw was found in the macvtap device driver, used for creating a bridged network between the guest and the host in KVM (Kernel-based Virtual Machine) environments. A privileged guest user in a KVM guest could use this flaw to crash the host. Note: This issue only affected hosts that have the vhost_net module loaded with the experimental_zcopytx module option enabled (it is not enabled by default), and that also have macvtap configured for at least one guest. (CVE-2012-2119, Important) * When a set user ID (setuid) application is executed, certain personality flags for controlling the application last seen 2020-06-01 modified 2020-06-02 plugin id 59562 published 2012-06-19 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59562 title RHEL 6 : kernel (RHSA-2012:0743) NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-357.NASL description This kernel update of the openSUSE 12.1 kernel brings various bug and security fixes. Following issues were fixed : - tcp: drop SYN+FIN messages (bnc#765102, CVE-2012-2663). - net: sock: validate data_len before allocating skb in sock_alloc_send_pskb() (bnc#765320, CVE-2012-2136). - thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE (bnc#762991). - be2net: non-member vlan pkts not received in promiscous mode (bnc#732006 CVE-2011-3347). - fcaps: clear the same personality flags as suid when fcaps are used (bnc#758260 CVE-2012-2123). - macvtap: zerocopy: validate vectors before building skb (bnc#758243 CVE-2012-2119). - macvtap: zerocopy: set SKBTX_DEV_ZEROCOPY only when skb is built successfully (bnc#758243 CVE-2012-2119). - macvtap: zerocopy: put page when fail to get all requested user pages (bnc#758243 CVE-2012-2119). - macvtap: zerocopy: fix offset calculation when building skb (bnc#758243 CVE-2012-2119). - Avoid reading past buffer when calling GETACL (bnc#762992). - Avoid beyond bounds copy while caching ACL (bnc#762992). - Fix length of buffer copied in __nfs4_get_acl_uncached (bnc#762992). - hfsplus: Fix potential buffer overflows (bnc#760902 CVE-2009-4020). - usb/net: rndis: merge command codes. only net/hyperv part - usb/net: rndis: remove ambiguous status codes. only net/hyperv part - usb/net: rndis: break out <linux/rndis.h> defines. only net/hyperv part - net/hyperv: Add flow control based on hi/low watermark. - hv: fix return type of hv_post_message(). - Drivers: hv: util: Properly handle version negotiations. - Drivers: hv: Get rid of an unnecessary check in vmbus_prep_negotiate_resp(). - HID: hyperv: Set the hid drvdata correctly. - HID: hid-hyperv: Do not use hid_parse_report() directly. - [SCSI] storvsc: Properly handle errors from the host (bnc#747404). - Delete patches.suse/suse-hv-storvsc-ignore-ata_16.patch. - patches.suse/suse-hv-pata_piix-ignore-disks.patch replace our version of this patch with upstream variant: ata_piix: defer disks to the Hyper-V drivers by default libata: add a host flag to ignore detected ATA devices. - mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition (bnc#762991 CVE-2012-2373). - xfrm: take net hdr len into account for esp payload size calculation (bnc#759545). - net/hyperv: Adding cancellation to ensure rndis filter is closed. - xfs: Fix oops on IO error during xlog_recover_process_iunlinks() (bnc#761681). - thp: reduce khugepaged freezing latency (bnc#760860). - igb: fix rtnl race in PM resume path (bnc#748859). - ixgbe: add missing rtnl_lock in PM resume path (bnc#748859). - cdc_ether: Ignore bogus union descriptor for RNDIS devices (bnc#735362). Taking the fix from net-next - Fix kABI breakage due to including proc_fs.h in kernel/fork.c modversion changed because of changes in struct proc_dir_entry (became defined) Refresh patches.fixes/procfs-namespace-pid_ns-fix-leakage-on-for k-failure. - Disabled MMC_TEST (bnc#760077). - Input: ALPS - add semi-MT support for v3 protocol (bnc#716996). - Input: ALPS - add support for protocol versions 3 and 4 (bnc#716996). - Input: ALPS - remove assumptions about packet size (bnc#716996). - Input: ALPS - add protocol version field in alps_model_info (bnc#716996). - Input: ALPS - move protocol information to Documentation (bnc#716996). - sysctl/defaults: kernel.hung_task_timeout -> kernel.hung_task_timeout_secs (bnc#700174) - btrfs: partial revert of truncation improvements (FATE#306586 bnc#748463 bnc#760279). - libata: skip old error history when counting probe trials. - procfs, namespace, pid_ns: fix leakage upon fork() failure (bnc#757783). - cdc-wdm: fix race leading leading to memory corruption (bnc#759554). This patch fixes a race whereby a pointer to a buffer would be overwritten while the buffer was in use leading to a double free and a memory leak. This causes crashes. This bug was introduced in 2.6.34 - netfront: delay gARP until backend switches to Connected. - xenbus: Reject replies with payload > XENSTORE_PAYLOAD_MAX. - xenbus: check availability of XS_RESET_WATCHES command. - xenbus_dev: add missing error checks to watch handling. - drivers/xen/: use strlcpy() instead of strncpy(). - blkfront: properly fail packet requests (bnc#745929). - Linux 3.1.10. - Update Xen config files. - Refresh other Xen patches. - tlan: add cast needed for proper 64 bit operation (bnc#756840). - dl2k: Tighten ioctl permissions (bnc#758813). - mqueue: fix a vfsmount longterm reference leak (bnc#757783). - cciss: Add IRQF_SHARED back in for the non-MSI(X) interrupt handler (bnc#757789). - procfs: fix a vfsmount longterm reference leak (bnc#757783). - uwb: fix error handling (bnc#731720). This fixes a kernel error on unplugging an uwb dongle - uwb: fix use of del_timer_sync() in interrupt (bnc#731720). This fixes a kernel warning on plugging in an uwb dongle - acer-wmi: Detect communication hot key number. - acer-wmi: replaced the hard coded bitmap by the communication devices bitmap from SMBIOS. - acer-wmi: add ACER_WMID_v2 interface flag to represent new notebooks. - acer-wmi: No wifi rfkill on Sony machines. - acer-wmi: No wifi rfkill on Lenovo machines. - [media] cx22702: Fix signal strength. - fs: cachefiles: Add support for large files in filesystem caching (bnc#747038). - Drivers: scsi: storvsc: Account for in-transit packets in the RESET path. - CPU hotplug, cpusets, suspend: Don last seen 2020-06-05 modified 2014-06-13 plugin id 74661 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74661 title openSUSE Security Update : Kernel (openSUSE-SU-2012:0812-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1533-1.NASL description An error was discovered in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 61511 published 2012-08-13 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61511 title Ubuntu 11.10 : linux vulnerabilities (USN-1533-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1529-1.NASL description A flaw was discovered in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 61507 published 2012-08-13 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61507 title Ubuntu 12.04 LTS : linux vulnerabilities (USN-1529-1) NASL family SuSE Local Security Checks NASL id SUSE_11_KERNEL-120621.NASL description The SUSE Linux Enterprise 11 SP2 kernel was updated to 3.0.34, fixing a lot of bugs and security issues. The update from Linux kernel 3.0.31 to 3.0.34 also fixes various bugs not listed here. The following security issues have been fixed : - Local attackers could trigger an overflow in sock_alloc_send_pksb(), potentially crashing the machine or escalate privileges. (CVE-2012-2136) - A memory leak in transparent hugepages on mmap failure could be used by local attacker to run the machine out of memory (local denial of service). (CVE-2012-2390) - A malicious guest driver could overflow the host stack by passing a long descriptor, so potentially crashing the host system or escalating privileges on the host. (CVE-2012-2119) - Malicious NFS server could crash the clients when more than 2 GETATTR bitmap words are returned in response to the FATTR4_ACL attribute requests, only incompletely fixed by CVE-2011-4131. (CVE-2012-2375) The following non-security bugs have been fixed : Hyper-V : - storvsc: Properly handle errors from the host. (bnc#747404) - HID: hid-hyperv: Do not use hid_parse_report() directly. - HID: hyperv: Set the hid drvdata correctly. - drivers/hv: Get rid of an unnecessary check in vmbus_prep_negotiate_resp(). - drivers/hv: util: Properly handle version negotiations. - hv: fix return type of hv_post_message(). - net/hyperv: Add flow control based on hi/low watermark. - usb/net: rndis: break out <1/rndis.h> defines. only net/hyperv part - usb/net: rndis: remove ambiguous status codes. only net/hyperv part - usb/net: rndis: merge command codes. only net/hyperv part - net/hyperv: Adding cancellation to ensure rndis filter is closed. - update hv drivers to 3.4-rc1, requires new hv_kvp_daemon : - drivers: hv: kvp: Add/cleanup connector defines. - drivers: hv: kvp: Move the contents of hv_kvp.h to hyperv.h. - net/hyperv: Convert camel cased variables in rndis_filter.c to lower cases. - net/hyperv: Correct the assignment in netvsc_recv_callback(). - net/hyperv: Remove the unnecessary memset in rndis_filter_send(). - drivers: hv: Cleanup the kvp related state in hyperv.h. - tools: hv: Use hyperv.h to get the KVP definitions. - drivers: hv: kvp: Cleanup the kernel/user protocol. - drivers: hv: Increase the number of VCPUs supported in the guest. - net/hyperv: Fix data corruption in rndis_filter_receive(). - net/hyperv: Add support for vlan trunking from guests. - Drivers: hv: Add new message types to enhance KVP. - Drivers: hv: Support the newly introduced KVP messages in the driver. - Tools: hv: Fully support the new KVP verbs in the user level daemon. - Tools: hv: Support enumeration from all the pools. - net/hyperv: Fix the code handling tx busy. - patches.suse/suse-hv-pata_piix-ignore-disks.patch replace our version of this patch with upstream variant: ata_piix: defer disks to the Hyper-V drivers by default libata: add a host flag to ignore detected ATA devices. Btrfs : - btrfs: more module message prefixes. - vfs: re-implement writeback_inodes_sb(_nr)_if_idle() and rename them - btrfs: flush all the dirty pages if try_to_writeback_inodes_sb_nr() fails - vfs: re-implement writeback_inodes_sb(_nr)_if_idle() and rename them - btrfs: fix locking in btrfs_destroy_delayed_refs - btrfs: wake up transaction waiters when aborting a transaction - btrfs: abort the transaction if the commit fails - btrfs: fix btrfs_destroy_marked_extents - btrfs: unlock everything properly in the error case for nocow - btrfs: fix return code in drop_objectid_items - btrfs: check to see if the inode is in the log before fsyncing - btrfs: pass locked_page into extent_clear_unlock_delalloc if theres an error - btrfs: check the return code of btrfs_save_ino_cache - btrfs: do not update atime for RO snapshots (FATE#306586). - btrfs: convert the inode bit field to use the actual bit operations - btrfs: fix deadlock when the process of delayed refs fails - btrfs: stop defrag the files automatically when doin readonly remount or umount - btrfs: avoid memory leak of extent state in error handling routine - btrfs: make sure that we have made everything in pinned tree clean - btrfs: destroy the items of the delayed inodes in error handling routine - btrfs: ulist realloc bugfix - btrfs: bugfix in btrfs_find_parent_nodes - btrfs: bugfix: ignore the wrong key for indirect tree block backrefs - btrfs: avoid buffer overrun in btrfs_printk - btrfs: fall back to non-inline if we do not have enough space - btrfs: NUL-terminate path buffer in DEV_INFO ioctl result - btrfs: avoid buffer overrun in mount option handling - btrfs: do not do balance in readonly mode - btrfs: fix the same inode id problem when doing auto defragment - btrfs: fix wrong error returned by adding a device - btrfs: use fastpath in extent state ops as much as possible Misc : - tcp: drop SYN+FIN messages. (bnc#765102) - mm: avoid swapping out with swappiness==0 (swappiness). - thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE. (bnc#762991) - paravirt: Split paravirt MMU ops (bnc#556135, bnc#754690, FATE#306453). - paravirt: Only export pv_mmu_ops symbol if PARAVIRT_MMU - parvirt: Stub support KABI for KVM_MMU (bnc#556135, bnc#754690, FATE#306453). - tmpfs: implement NUMA node interleaving. (bnc#764209) - synaptics-hp-clickpad: Fix the detection of LED on the recent HP laptops. (bnc#765524) - supported.conf: mark xt_AUDIT as supported. (bnc#765253) - mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition. (bnc#762991 / CVE-2012-2373) - xhci: Do not free endpoints in xhci_mem_cleanup(). (bnc#763307) - xhci: Fix invalid loop check in xhci_free_tt_info(). (bnc#763307) - drm: Skip too big EDID extensions. (bnc#764900) - drm/i915: Add HP EliteBook to LVDS-temporary-disable list. (bnc#763717) - hwmon: (fam15h_power) Increase output resolution. (bnc#759336) - hwmon: (k10temp) Add support for AMD Trinity CPUs. (bnc#759336) - rpm/kernel-binary.spec.in: Own the right -kdump initrd. (bnc#764500) - memcg: prevent from OOM with too many dirty pages. - dasd: re-prioritize partition detection message (bnc#764091,LTC#81617). - kernel: pfault task state race (bnc#764091,LTC#81724). - kernel: clear page table for sw large page emulation (bnc#764091,LTC#81933). - USB: fix bug of device descriptor got from superspeed device. (bnc#761087) - xfrm: take net hdr len into account for esp payload size calculation. (bnc#759545) - st: clean up dev cleanup in st_probe. (bnc#760806) - st: clean up device file creation and removal. (bnc#760806) - st: get rid of scsi_tapes array. (bnc#760806) - st: raise device limit. (bnc#760806) - st: Use static class attributes. (bnc#760806) - mm: Optimize put_mems_allowed() usage (VM performance). - cifs: fix oops while traversing open file list (try #4). (bnc#756050) - scsi: Fix dm-multipath starvation when scsi host is busy. (bnc#763485) - dasd: process all requests in the device tasklet. (bnc#763267) - rt2x00:Add RT539b chipset support. (bnc#760237) - kabi/severities: Ignore changes in drivers/net/wireless/rt2x00, these are just exports used among the rt2x00 modules. - rt2800: radio 3xxx: reprogram only lower bits of RF_R3. (bnc#759805) - rt2800: radio 3xxx: program RF_R1 during channel switch. (bnc#759805) - rt2800: radio 3xxxx: channel switch RX/TX calibration fixes. (bnc#759805) - rt2x00: Avoid unnecessary uncached. (bnc#759805) - rt2x00: Introduce sta_add/remove callbacks. (bnc#759805) - rt2x00: Add WCID to crypto struct. (bnc#759805) - rt2x00: Add WCID to HT TX descriptor. (bnc#759805) - rt2x00: Move bssidx calculation into its own function. (bnc#759805) - rt2x00: Make use of sta_add/remove callbacks in rt2800. (bnc#759805) - rt2x00: Forbid aggregation for STAs not programmed into the hw. (bnc#759805) - rt2x00: handle spurious pci interrupts. (bnc#759805) - rt2800: disable DMA after firmware load. - rt2800: radio 3xxx: add channel switch calibration routines. (bnc#759805) - rpm/kernel-binary.spec.in: Obsolete ath3k, as it is now in the tree. - floppy: remove floppy-specific O_EXCL handling. (bnc#757315) - floppy: convert to delayed work and single-thread wq. (bnc#761245) last seen 2020-06-05 modified 2013-01-25 plugin id 64176 published 2013-01-25 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64176 title SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 6453 / 6457)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 53614 CVE ID: CVE-2012-2373 Linux Kernel是Linux操作系统的内核。 Linux Kernel在实现上存在本地拒绝服务漏洞,攻击者可利用此漏洞使主机系统崩溃,造成拒绝服务。 0 Linux kernel 2.6.x 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.kernel.org/ |
id | SSV:60138 |
last seen | 2017-11-19 |
modified | 2012-05-21 |
published | 2012-05-21 |
reporter | Root |
title | Linux kernel 2.6.x 竞争条件本地拒绝服务漏洞 |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=822821
- http://www.openwall.com/lists/oss-security/2012/05/18/11
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5
- https://github.com/torvalds/linux/commit/26c191788f18129af0eb32a358cdaea0c7479626
- http://rhn.redhat.com/errata/RHSA-2012-0743.html
- http://ubuntu.com/usn/usn-1529-1
- http://marc.info/?l=bugtraq&m=139447903326211&w=2
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=26c191788f18129af0eb32a358cdaea0c7479626