Vulnerabilities > CVE-2012-4461 - Unspecified vulnerability in Linux Kernel
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN linux
nessus
Summary
The KVM subsystem in the Linux kernel before 3.6.9, when running on hosts that use qemu userspace without XSAVE, allows local users to cause a denial of service (kernel OOPS) by using the KVM_SET_SREGS ioctl to set the X86_CR4_OSXSAVE bit in the guest cr4 register, then calling the KVM_RUN ioctl.
Vulnerable Configurations
Nessus
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-2503.NASL description Description of changes: [2.6.39-300.28.1.el6uek] - kmod: make __request_module() killable (Oleg Nesterov) [Orabug: 16286305] {CVE-2012-4398} - kmod: introduce call_modprobe() helper (Oleg Nesterov) [Orabug: 16286305] {CVE-2012-4398} - usermodehelper: implement UMH_KILLABLE (Oleg Nesterov) [Orabug: 16286305] {CVE-2012-4398} - usermodehelper: introduce umh_complete(sub_info) (Oleg Nesterov) [Orabug: 16286305] {CVE-2012-4398} - KVM: x86: invalid opcode oops on SET_SREGS with OSXSAVE bit set (CVE-2012-4461) (Jerry Snitselaar) [Orabug: 16286290] {CVE-2012-4461} - exec: do not leave bprm->interp on stack (Kees Cook) [Orabug: 16286267] {CVE-2012-4530} - exec: use -ELOOP for max recursion depth (Kees Cook) [Orabug: 16286267] {CVE-2012-4530} [2.6.39-300.27.1.el6uek] - xen-pciback: rate limit error messages from xen_pcibk_enable_msi{,x}() (Jan Beulich) [Orabug: 16243736] {CVE-2013-0231} - Xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests. (Frediano Ziglio) [Orabug: 16274171] {CVE-2013-0190} - netback: correct netbk_tx_err to handle wrap around. (Ian Campbell) [Orabug: 16243309] - xen/netback: free already allocated memory on failure in xen_netbk_get_requests (Ian Campbell) [Orabug: 16243309] - xen/netback: don last seen 2020-06-01 modified 2020-06-02 plugin id 68845 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68845 title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2503) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Oracle Linux Security Advisory ELSA-2013-2503. # include("compat.inc"); if (description) { script_id(68845); script_version("1.11"); script_cvs_date("Date: 2019/09/30 10:58:18"); script_cve_id("CVE-2012-4398", "CVE-2012-4461", "CVE-2012-4530", "CVE-2013-0190", "CVE-2013-0231"); script_name(english:"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2503)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Description of changes: [2.6.39-300.28.1.el6uek] - kmod: make __request_module() killable (Oleg Nesterov) [Orabug: 16286305] {CVE-2012-4398} - kmod: introduce call_modprobe() helper (Oleg Nesterov) [Orabug: 16286305] {CVE-2012-4398} - usermodehelper: implement UMH_KILLABLE (Oleg Nesterov) [Orabug: 16286305] {CVE-2012-4398} - usermodehelper: introduce umh_complete(sub_info) (Oleg Nesterov) [Orabug: 16286305] {CVE-2012-4398} - KVM: x86: invalid opcode oops on SET_SREGS with OSXSAVE bit set (CVE-2012-4461) (Jerry Snitselaar) [Orabug: 16286290] {CVE-2012-4461} - exec: do not leave bprm->interp on stack (Kees Cook) [Orabug: 16286267] {CVE-2012-4530} - exec: use -ELOOP for max recursion depth (Kees Cook) [Orabug: 16286267] {CVE-2012-4530} [2.6.39-300.27.1.el6uek] - xen-pciback: rate limit error messages from xen_pcibk_enable_msi{,x}() (Jan Beulich) [Orabug: 16243736] {CVE-2013-0231} - Xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests. (Frediano Ziglio) [Orabug: 16274171] {CVE-2013-0190} - netback: correct netbk_tx_err to handle wrap around. (Ian Campbell) [Orabug: 16243309] - xen/netback: free already allocated memory on failure in xen_netbk_get_requests (Ian Campbell) [Orabug: 16243309] - xen/netback: don't leak pages on failure in xen_netbk_tx_check_gop. (Ian Campbell) [Orabug: 16243309] - xen/netback: shutdown the ring if it contains garbage. (Ian Campbell) [Orabug: 16243309] - ixgbevf fix typo in Makefile (Maxim Uvarov) [Orabug: 16179639 16168292]" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2013-February/003243.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2013-February/003244.html" ); script_set_attribute( attribute:"solution", value:"Update the affected unbreakable enterprise kernel packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-firmware"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/01/22"); script_set_attribute(attribute:"patch_publication_date", value:"2013/02/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); include("ksplice.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5 / 6", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2012-4398", "CVE-2012-4461", "CVE-2012-4530", "CVE-2013-0190", "CVE-2013-0231"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2013-2503"); } else { __rpm_report = ksplice_reporting_text(); } } kernel_major_minor = get_kb_item("Host/uname/major_minor"); if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level."); expected_kernel_major_minor = "2.6"; if (kernel_major_minor != expected_kernel_major_minor) audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor); flag = 0; if (rpm_exists(release:"EL5", rpm:"kernel-uek-2.6.39") && rpm_check(release:"EL5", reference:"kernel-uek-2.6.39-300.28.1.el5uek")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-uek-debug-2.6.39") && rpm_check(release:"EL5", reference:"kernel-uek-debug-2.6.39-300.28.1.el5uek")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-uek-debug-devel-2.6.39") && rpm_check(release:"EL5", reference:"kernel-uek-debug-devel-2.6.39-300.28.1.el5uek")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-uek-devel-2.6.39") && rpm_check(release:"EL5", reference:"kernel-uek-devel-2.6.39-300.28.1.el5uek")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-uek-doc-2.6.39") && rpm_check(release:"EL5", reference:"kernel-uek-doc-2.6.39-300.28.1.el5uek")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-uek-firmware-2.6.39") && rpm_check(release:"EL5", reference:"kernel-uek-firmware-2.6.39-300.28.1.el5uek")) flag++; if (rpm_exists(release:"EL6", rpm:"kernel-uek-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-2.6.39-300.28.1.el6uek")) flag++; if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-debug-2.6.39-300.28.1.el6uek")) flag++; if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-devel-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-debug-devel-2.6.39-300.28.1.el6uek")) flag++; if (rpm_exists(release:"EL6", rpm:"kernel-uek-devel-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-devel-2.6.39-300.28.1.el6uek")) flag++; if (rpm_exists(release:"EL6", rpm:"kernel-uek-doc-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-doc-2.6.39-300.28.1.el6uek")) flag++; if (rpm_exists(release:"EL6", rpm:"kernel-uek-firmware-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-firmware-2.6.39-300.28.1.el6uek")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1696-2.NASL description USN-1696-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression inotify/fanotify stopped working after upgrading. This update fixes the problem. We apologize for the inconvenience. Jon Howell reported a flaw in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 64432 published 2013-02-04 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64432 title Ubuntu 12.04 LTS : linux regression (USN-1696-2) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1696-2. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(64432); script_version("1.8"); script_cvs_date("Date: 2019/09/19 12:54:28"); script_cve_id("CVE-2012-4461", "CVE-2012-4530", "CVE-2012-5532"); script_xref(name:"USN", value:"1696-2"); script_name(english:"Ubuntu 12.04 LTS : linux regression (USN-1696-2)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "USN-1696-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression inotify/fanotify stopped working after upgrading. This update fixes the problem. We apologize for the inconvenience. Jon Howell reported a flaw in the Linux kernel's KVM (Kernel-based virtual machine) subsystem's handling of the XSAVE feature. On hosts, using qemu userspace, without the XSAVE feature an unprivileged local attacker could exploit this flaw to crash the system. (CVE-2012-4461) A flaw was discovered in the Linux kernel's handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents. (CVE-2012-4530) Florian Weimer discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating source addresses of netlink packets. An untrusted local user can cause a denial of service by causing hypervkvpd to exit. (CVE-2012-5532). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1696-2/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/12/27"); script_set_attribute(attribute:"patch_publication_date", value:"2013/02/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("ksplice.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2012-4461", "CVE-2012-4530", "CVE-2012-5532"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-1696-2"); } else { _ubuntu_report = ksplice_reporting_text(); } } flag = 0; if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-37-generic", pkgver:"3.2.0-37.58")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-37-generic-pae", pkgver:"3.2.0-37.58")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-37-highbank", pkgver:"3.2.0-37.58")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-37-virtual", pkgver:"3.2.0-37.58")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.2-generic / linux-image-3.2-generic-pae / etc"); }NASL family Fedora Local Security Checks NASL id FEDORA_2012-18691.NASL description The linux 3.6.7 stable update contains a number of important bug fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-11-29 plugin id 63090 published 2012-11-29 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63090 title Fedora 16 : kernel-3.6.7-4.fc16 (2012-18691) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2013-166.NASL description It was found that a deadlock could occur in the Out of Memory (OOM) killer. A process could trigger this deadlock by consuming a large amount of memory, and then causing request_module() to be called. A local, unprivileged user could use this flaw to cause a denial of service (excessive memory consumption). (CVE-2012-4398) A flaw was found in the way the KVM (Kernel-based Virtual Machine) subsystem handled guests attempting to run with the X86_CR4_OSXSAVE CPU feature flag set. On hosts without the XSAVE CPU feature, a local, unprivileged user could use this flaw to crash the host system. (The last seen 2020-06-01 modified 2020-06-02 plugin id 69725 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69725 title Amazon Linux AMI : kernel (ALAS-2013-166) NASL family Scientific Linux Local Security Checks NASL id SL_20130205_KERNEL_ON_SL6_X.NASL description This update fixes the following security issues : - It was found that a deadlock could occur in the Out of Memory (OOM) killer. A process could trigger this deadlock by consuming a large amount of memory, and then causing request_module() to be called. A local, unprivileged user could use this flaw to cause a denial of service (excessive memory consumption). (CVE-2012-4398, Moderate) - A flaw was found in the way the KVM (Kernel-based Virtual Machine) subsystem handled guests attempting to run with the X86_CR4_OSXSAVE CPU feature flag set. On hosts without the XSAVE CPU feature, a local, unprivileged user could use this flaw to crash the host system. (The last seen 2020-03-18 modified 2013-02-07 plugin id 64489 published 2013-02-07 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64489 title Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20130205) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1688-1.NASL description Jon Howell reported a flaw in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 63539 published 2013-01-15 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63539 title Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1688-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0882.NASL description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.2 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the way the vhost kernel module handled descriptors that spanned multiple regions. A privileged guest user in a KVM (Kernel-based Virtual Machine) guest could use this flaw to crash the host or, potentially, escalate their privileges on the host. (CVE-2013-0311, Important) * A flaw was found in the way the KVM subsystem handled guests attempting to run with the X86_CR4_OSXSAVE CPU feature flag set. On hosts without the XSAVE CPU feature, a local, unprivileged user could use this flaw to crash the host system. (The last seen 2020-06-01 modified 2020-06-02 plugin id 66705 published 2013-05-31 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66705 title RHEL 6 : kernel (RHSA-2013:0882) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1689-1.NASL description Jon Howell reported a flaw in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 63540 published 2013-01-15 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63540 title Ubuntu 11.10 : linux vulnerabilities (USN-1689-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2668.NASL description Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2012-2121 Benjamin Herrenschmidt and Jason Baron discovered issues with the IOMMU mapping of memory slots used in KVM device assignment. Local users with the ability to assign devices could cause a denial of service due to a memory page leak. - CVE-2012-3552 Hafid Lin reported an issue in the IP networking subsystem. A remote user can cause a denial of service (system crash) on servers running applications that set options on sockets which are actively being processed. - CVE-2012-4461 Jon Howell reported a denial of service issue in the KVM subsystem. On systems that do not support the XSAVE feature, local users with access to the /dev/kvm interface can cause a system crash. - CVE-2012-4508 Dmitry Monakhov and Theodore Ts last seen 2020-03-17 modified 2013-05-15 plugin id 66431 published 2013-05-15 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66431 title Debian DSA-2668-1 : linux-2.6 - privilege escalation/denial of service/information leak NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1696-1.NASL description Jon Howell reported a flaw in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 63613 published 2013-01-18 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63613 title Ubuntu 12.04 LTS : linux vulnerabilities (USN-1696-1) NASL family Fedora Local Security Checks NASL id FEDORA_2012-18684.NASL description CVE-2012-4461: kvm: invalid opcode oops on SET_SREGS with OSXSAVE bit set Update to upstream stable release 3.6.7 Assorted other fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-11-23 plugin id 63013 published 2012-11-23 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63013 title Fedora 17 : kernel-3.6.7-4.fc17 (2012-18684) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-0223.NASL description Updated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * It was found that a deadlock could occur in the Out of Memory (OOM) killer. A process could trigger this deadlock by consuming a large amount of memory, and then causing request_module() to be called. A local, unprivileged user could use this flaw to cause a denial of service (excessive memory consumption). (CVE-2012-4398, Moderate) * A flaw was found in the way the KVM (Kernel-based Virtual Machine) subsystem handled guests attempting to run with the X86_CR4_OSXSAVE CPU feature flag set. On hosts without the XSAVE CPU feature, a local, unprivileged user could use this flaw to crash the host system. (The last seen 2020-06-01 modified 2020-06-02 plugin id 64492 published 2013-02-08 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64492 title CentOS 6 : kernel (CESA-2013:0223) NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL15797.NASL description The KVM subsystem in the Linux kernel before 3.6.9, when running on hosts that use qemu userspace without XSAVE, allows local users to cause a denial of service (kernel OOPS) by using the KVM_SET_SREGS ioctl to set the X86_CR4_OSXSAVE bit in the guest cr4 register, then calling the KVM_RUN ioctl. last seen 2020-06-01 modified 2020-06-02 plugin id 78877 published 2014-11-06 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78877 title F5 Networks BIG-IP : Linux kernel vulnerability (SOL15797) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1704-1.NASL description Brad Spengler discovered a flaw in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 63669 published 2013-01-23 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63669 title Ubuntu 12.04 LTS : linux-lts-quantal - Linux kernel hardware enablement from Quantal vulnerabilities (USN-1704-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-2507.NASL description The remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s). last seen 2020-06-01 modified 2020-06-02 plugin id 68847 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68847 title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2507) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1699-1.NASL description Jon Howell reported a flaw in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 63615 published 2013-01-18 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63615 title Ubuntu 12.10 : linux vulnerabilities (USN-1699-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-0223.NASL description From Red Hat Security Advisory 2013:0223 : Updated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * It was found that a deadlock could occur in the Out of Memory (OOM) killer. A process could trigger this deadlock by consuming a large amount of memory, and then causing request_module() to be called. A local, unprivileged user could use this flaw to cause a denial of service (excessive memory consumption). (CVE-2012-4398, Moderate) * A flaw was found in the way the KVM (Kernel-based Virtual Machine) subsystem handled guests attempting to run with the X86_CR4_OSXSAVE CPU feature flag set. On hosts without the XSAVE CPU feature, a local, unprivileged user could use this flaw to crash the host system. (The last seen 2020-06-01 modified 2020-06-02 plugin id 68724 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68724 title Oracle Linux 6 : kernel (ELSA-2013-0223) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1699-2.NASL description USN-1699-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression inotify/fanotify stopped working after upgrading. This update fixes the problem. We apologize for the inconvenience. Jon Howell reported a flaw in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 64434 published 2013-02-04 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64434 title Ubuntu 12.10 : linux regression (USN-1699-2) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2013-0008.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - kmod: make __request_module killable (Oleg Nesterov) [Orabug: 16286305] (CVE-2012-4398) - kmod: introduce call_modprobe helper (Oleg Nesterov) [Orabug: 16286305] (CVE-2012-4398) - usermodehelper: implement UMH_KILLABLE (Oleg Nesterov) [Orabug: 16286305] (CVE-2012-4398) - usermodehelper: introduce umh_complete(sub_info) (Oleg Nesterov) [Orabug: 16286305] (CVE-2012-4398) - KVM: x86: invalid opcode oops on SET_SREGS with OSXSAVE bit set (CVE-2012-4461) (Jerry Snitselaar) [Orabug: 16286290] (CVE-2012-4461) - exec: do not leave bprm->interp on stack (Kees Cook) [Orabug: 16286267] (CVE-2012-4530) - exec: use -ELOOP for max recursion depth (Kees Cook) [Orabug: 16286267] (CVE-2012-4530) - xen-pciback: rate limit error messages from xen_pcibk_enable_msi[,x] (Jan Beulich) [Orabug: 16243736] (CVE-2013-0231) - Xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests. (Frediano Ziglio) [Orabug: 16274171] (CVE-2013-0190) - netback: correct netbk_tx_err to handle wrap around. (Ian Campbell) [Orabug: 16243309] - xen/netback: free already allocated memory on failure in xen_netbk_get_requests (Ian Campbell) [Orabug: 16243309] - xen/netback: don last seen 2020-06-01 modified 2020-06-02 plugin id 79497 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79497 title OracleVM 3.2 : kernel-uek (OVMSA-2013-0008) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1704-2.NASL description USN-1704-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression inotify/fanotify stopped working after upgrading. This update fixes the problem. We apologize for the inconvenience. Brad Spengler discovered a flaw in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 64436 published 2013-02-04 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64436 title Ubuntu 12.04 LTS : linux-lts-quantal - Linux kernel hardware enablement from Quantal regression (USN-1704-2) NASL family Fedora Local Security Checks NASL id FEDORA_2012-18740.NASL description Fixes CVE-2012-4461 and adds support for two rebranded BCM20702A0 bluetooth adapters. Also adds 1/2 of the fix for bug 859485. Latest upstream stable release v3.6.7. As usual, fixes across the tree. In addition to the listed bugs, this also fixes : - correct module signatures on PAE and -debug/PAEdebug kernel flavours - external module builds with module signing - vanilla kernel builds Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-11-27 plugin id 63055 published 2012-11-27 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63055 title Fedora 18 : kernel-3.6.7-5.fc18 (2012-18740) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0223.NASL description Updated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * It was found that a deadlock could occur in the Out of Memory (OOM) killer. A process could trigger this deadlock by consuming a large amount of memory, and then causing request_module() to be called. A local, unprivileged user could use this flaw to cause a denial of service (excessive memory consumption). (CVE-2012-4398, Moderate) * A flaw was found in the way the KVM (Kernel-based Virtual Machine) subsystem handled guests attempting to run with the X86_CR4_OSXSAVE CPU feature flag set. On hosts without the XSAVE CPU feature, a local, unprivileged user could use this flaw to crash the host system. (The last seen 2020-06-01 modified 2020-06-02 plugin id 64479 published 2013-02-06 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64479 title RHEL 6 : kernel (RHSA-2013:0223) NASL family SuSE Local Security Checks NASL id SUSE_11_KERNEL-121203.NASL description The SUSE Linux Enterprise 11 SP2 kernel has been updated to 3.0.51 which fixes various bugs and security issues. It contains the following feature enhancements : - The cachefiles framework is now supported (FATE#312793, bnc#782369). The userland utilities were published seperately to support this feature. - The ipset netfilter modules are now supported (FATE#313309) The ipset userland utility will be published seperately to support this feature. - The tipc kernel module is now externally supported (FATE#305033). - Hyper-V KVP IP injection was implemented (FATE#314441). A seperate hyper-v package will be published to support this feature. - Intel Lynx Point PCH chipset support was added. (FATE#313409) - Enable various md/raid10 and DASD enhancements. (FATE#311379) These make it possible for RAID10 to cope with DASD devices being slow for various reasons - the affected device will be temporarily removed from the array. Also added support for reshaping of RAID10 arrays. mdadm changes will be published to support this feature. The following security issues have been fixed : - A race condition on hot adding memory could be used by local attackers to crash the system during hot adding new memory. (CVE-2012-5517) - A flaw has been found in the way Linux kernels KVM subsystem handled vcpu->arch.cr4 X86_CR4_OSXSAVE bit set upon guest enter. On hosts without the XSAVE feature and using qemu userspace an unprivileged local user could have used this flaw to crash the system. (CVE-2012-4461) - The KVM implementation in the Linux kernel allowed host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists. (CVE-2012-1601) - Attempting an rds connection from the IP address of an IPoIB interface to itself causes a kernel panic due to a BUG_ON() being triggered. Making the test less strict allows rds-ping to work without crashing the machine. A local unprivileged user could use this flaw to crash the sytem. (CVE-2012-2372) - Dimitry Monakhov, one of the ext4 developers, has discovered a race involving asynchronous I/O and fallocate which can lead to the exposure of stale data --- that is, an extent which should have had the last seen 2020-06-05 modified 2013-01-25 plugin id 64180 published 2013-01-25 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64180 title SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 7123 / 7127)
Redhat
| advisories |
| ||||||||
| rpms |
|
References
- http://www.openwall.com/lists/oss-security/2012/11/06/14
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.6.9
- http://article.gmane.org/gmane.comp.emulators.kvm.devel/100742
- https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html
- https://bugzilla.redhat.com/show_bug.cgi?id=862900
- http://www.securityfocus.com/bid/56414
- http://rhn.redhat.com/errata/RHSA-2013-0223.html
- http://secunia.com/advisories/51160
- http://rhn.redhat.com/errata/RHSA-2013-0882.html
- http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git%3Ba=commit%3Bh=6d1068b3a98519247d8ba4ec85cd40ac136dbdf9