Vulnerabilities > CVE-2013-6885 - Resource Management Errors vulnerability in AMD products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 1 | |
Hardware | 2 |
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-0372-1.NASL description The SUSE Linux Enterprise Server 11 Service Pack 2 LTSS Xen hypervisor and toolset has been updated to fix various security issues and several bugs. The following security issues have been addressed : XSA-88: CVE-2014-1950: Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xc_cpumap_alloc function, which allows local users with access to management functions to cause a denial of service (heap corruption) and possibly gain privileges via unspecified vectors. (bnc#861256) XSA-87: CVE-2014-1666: The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service (host or guest malfunction) or possibly gain privileges via unspecified vectors. (bnc#860302) XSA-84: CVE-2014-1894: Xen 3.2 (and presumably earlier) exhibit both problems with the overflow issue being present for more than just the suboperations listed above. (bnc#860163) XSA-84: CVE-2014-1892 CVE-2014-1893: Xen 3.3 through 4.1, while not affected by the above overflow, have a different overflow issue on FLASK_{GET,SET}BOOL and expose unreasonably large memory allocation to arbitrary guests. (bnc#860163) XSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL, FLASK_USER and FLASK_CONTEXT_TO_SID suboperations of the flask hypercall are vulnerable to an integer overflow on the input size. The hypercalls attempt to allocate a buffer which is 1 larger than this size and is therefore vulnerable to integer overflow and an attempt to allocate then access a zero byte buffer. (bnc#860163) XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue. (bnc#853049) XSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2. (bnc#849668) XSA-74: CVE-2013-4553: The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to cause a denial of service (host deadlock). (bnc#849667) XSA-60: CVE-2013-2212: The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling chaches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GFN range. (bnc#831120) Also the following non-security bugs have been fixed : - Boot Failure with xen kernel in UEFI mode with error last seen 2020-06-05 modified 2015-05-20 plugin id 83613 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83613 title SUSE SLES11 Security Update : Xen (SUSE-SU-2014:0372-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-0285.NASL description Updated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A buffer overflow flaw was found in the way the qeth_snmp_command() function in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 72986 published 2014-03-14 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72986 title CentOS 5 : kernel (CESA-2014:0285) NASL family SuSE Local Security Checks NASL id SUSE_11_KERNEL-140321.NASL description The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix various bugs and security issues. ---------------------------------------------------------------------- - WARNING: If you are running KVM with PCI pass-through on a system with one of the following Intel chipsets: 5500 (revision 0x13), 5520 (revision 0x13) or X58 (revisions 0x12, 0x13, 0x22), please make sure to read the following support document before installing this update: https://www.suse.com/support/kb/doc.php?id=7014344 . You will have to update your KVM setup to no longer make use of PCI pass-through before rebooting to the updated kernel. ---------------------------------------------------------------------- - The following security bugs were fixed : - The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c. (bnc#847672). (CVE-2013-4470) - The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue. (bnc#852967). (CVE-2013-6885) - The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c. (bnc#857643). (CVE-2013-7263) - The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (bnc#857643). (CVE-2013-7264) - The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (bnc#857643). (CVE-2013-7265) - The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer. (bnc#864025). (CVE-2014-0069) The following non-security bugs were fixed : - kabi: protect symbols modified by bnc#864833 fix. (bnc#864833) - mm: mempolicy: fix mbind_range() && vma_adjust() interaction (VM Functionality (bnc#866428)). - mm: merging memory blocks resets mempolicy (VM Functionality (bnc#866428)). - mm/page-writeback.c: do not count anon pages as dirtyable memory (High memory utilisation performance (bnc#859225)). - mm: vmscan: Do not force reclaim file pages until it exceeds anon (High memory utilisation performance (bnc#859225)). - mm: vmscan: fix endless loop in kswapd balancing (High memory utilisation performance (bnc#859225)). - mm: vmscan: Update rotated and scanned when force reclaimed (High memory utilisation performance (bnc#859225)). - mm: exclude memory less nodes from zone_reclaim. (bnc#863526) - mm: fix return type for functions nr_free_*_pages kabi fixup. (bnc#864058) - mm: fix return type for functions nr_free_*_pages. (bnc#864058) - mm: swap: Use swapfiles in priority order (Use swap files in priority order (bnc#862957)). - x86: Save cr2 in NMI in case NMIs take a page fault (follow-up for patches.fixes/x86-Add-workaround-to-NMI-iret-woes.patch) . - powerpc: Add VDSO version of getcpu (fate#316816, bnc#854445). - vmscan: change type of vm_total_pages to unsigned long. (bnc#864058) - audit: dynamically allocate audit_names when not enough space is in the names array. (bnc#857358) - audit: make filetype matching consistent with other filters. (bnc#857358) - arch/x86/mm/srat: Skip NUMA_NO_NODE while parsing SLIT. (bnc#863178) - hwmon: (coretemp) Fix truncated name of alarm attributes. - privcmd: allow preempting long running user-mode originating hypercalls. (bnc#861093) - nohz: Check for nohz active instead of nohz enabled. (bnc#846790) - nohz: Fix another inconsistency between CONFIG_NO_HZ=n and nohz=off. (bnc#846790) - iommu/vt-d: add quirk for broken interrupt remapping on 55XX chipsets. (bnc#844513) - balloon: do not crash in HVM-with-PoD guests. - crypto: s390 - fix des and des3_ede ctr concurrency issue (bnc#862796, LTC#103744). - crypto: s390 - fix des and des3_ede cbc concurrency issue (bnc#862796, LTC#103743). - kernel: oops due to linkage stack instructions (bnc#862796, LTC#103860). - crypto: s390 - fix concurrency issue in aes-ctr mode (bnc#862796, LTC#103742). - dump: Fix dump memory detection (bnc#862796,LTC#103575). - net: change type of virtio_chan->p9_max_pages. (bnc#864058) - inet: Avoid potential NULL peer dereference. (bnc#864833) - inet: Hide route peer accesses behind helpers. (bnc#864833) - inet: Pass inetpeer root into inet_getpeer*() interfaces. (bnc#864833) - tcp: syncookies: reduce cookie lifetime to 128 seconds. (bnc#833968) - tcp: syncookies: reduce mss table to four values. (bnc#833968) - ipv6 routing, NLM_F_* flag support: REPLACE and EXCL flags support, warn about missing CREATE flag. (bnc#865783) - ipv6: send router reachability probe if route has an unreachable gateway. (bnc#853162) - sctp: Implement quick failover draft from tsvwg. (bnc#827670) - ipvs: fix AF assignment in ip_vs_conn_new(). (bnc#856848) - NFSD/sunrpc: avoid deadlock on TCP connection due to memory pressure. (bnc#853455) - btrfs: bugfix collection - fs/nfsd: change type of max_delegations, nfsd_drc_max_mem and nfsd_drc_mem_used. (bnc#864058) - fs/buffer.c: change type of max_buffer_heads to unsigned long. (bnc#864058) - ncpfs: fix rmdir returns Device or resource busy. (bnc#864880) - fs/fscache: Handle removal of unadded object to the fscache_object_list rb tree. (bnc#855885) - scsi_dh_alua: fixup RTPG retry delay miscalculation. (bnc#854025) - scsi_dh_alua: Simplify state machine. (bnc#854025) - xhci: Fix resume issues on Renesas chips in Samsung laptops. (bnc#866253) - bonding: disallow enslaving a bond to itself. (bnc#599263) - USB: hub: handle -ETIMEDOUT during enumeration. (bnc#855825) - dm-multipath: Do not stall on invalid ioctls. (bnc#865342) - scsi_dh_alua: endless STPG retries for a failed LUN. (bnc#865342) - net/mlx4_en: Fix pages never dma unmapped on rx. (bnc#858604) - dlm: remove get_comm. (bnc#827670) - dlm: Avoid LVB truncation. (bnc#827670) - dlm: disable nagle for SCTP. (bnc#827670) - dlm: retry failed SCTP sends. (bnc#827670) - dlm: try other IPs when sctp init assoc fails. (bnc#827670) - dlm: clear correct bit during sctp init failure handling. (bnc#827670) - dlm: set sctp assoc id during setup. (bnc#827670) - dlm: clear correct init bit during sctp setup. (bnc#827670) - dlm: fix deadlock between dlm_send and dlm_controld. (bnc#827670) - dlm: Fix return value from lockspace_busy(). (bnc#827670) - Avoid occasional hang with NFS. (bnc#852488) - mpt2sas: Fix unsafe using smp_processor_id() in preemptible. (bnc#853166) - lockd: send correct lock when granting a delayed lock. (bnc#859342) last seen 2017-10-29 modified 2014-06-13 plugin id 73244 published 2014-03-28 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=73244 title SuSE 11.3 Security Update : Linux Kernel (SAT Patch Numbers 9047 / 9050 / 9051) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-155.NASL description This update fixes the CVEs described below. A further issue, CVE-2014-9419, was considered, but appears to require extensive changes with a consequent high risk of regression. It is now unlikely to be fixed in squeeze-lts. CVE-2013-6885 It was discovered that under specific circumstances, a combination of write operations to write-combined memory and locked CPU instructions may cause a core hang on AMD 16h 00h through 0Fh processors. A local user can use this flaw to mount a denial of service (system hang) via a crafted application. For more information please refer to the AMD CPU erratum 793 in http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide. pdf CVE-2014-7822 It was found that the splice() system call did not validate the given file offset and length. A local unprivileged user can use this flaw to cause filesystem corruption on ext4 filesystems, or possibly other effects. CVE-2014-8133 It was found that the espfix functionality can be bypassed by installing a 16-bit RW data segment into GDT instead of LDT (which espfix checks for) and using it for stack. A local unprivileged user could potentially use this flaw to leak kernel stack addresses. CVE-2014-8134 It was found that the espfix functionality is wrongly disabled in a 32-bit KVM guest. A local unprivileged user could potentially use this flaw to leak kernel stack addresses. CVE-2014-8160 It was found that a netfilter (iptables or ip6tables) rule accepting packets to a specific SCTP, DCCP, GRE or UDPlite port/endpoint could result in incorrect connection tracking state. If only the generic connection tracking module (nf_conntrack) was loaded, and not the protocol-specific connection tracking module, this would allow access to any port/endpoint of the specified protocol. CVE-2014-9420 It was found that the ISO-9660 filesystem implementation (isofs) follows arbitrarily long chains, including loops, of Continuation Entries (CEs). This allows local users to mount a denial of service via a crafted disc image. CVE-2014-9584 It was found that the ISO-9660 filesystem implementation (isofs) does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted disc image. CVE-2014-9585 It was discovered that address randomisation for the vDSO in 64-bit processes is extremely biassed. A local unprivileged user could potentially use this flaw to bypass the ASLR protection mechanism. CVE-2015-1421 It was found that the SCTP implementation could free authentication state while it was still in use, resulting in heap corruption. This could allow remote users to cause a denial of service or privilege escalation. CVE-2015-1593 It was found that address randomisation for the initial stack in 64-bit processes was limited to 20 rather than 22 bits of entropy. A local unprivileged user could potentially use this flaw to bypass the ASLR protection mechanism. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2015-03-26 plugin id 82138 published 2015-03-26 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82138 title Debian DLA-155-1 : linux-2.6 security update NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-271.NASL description Xen was updated to fix various bugs and security issues : Update to Xen version 4.2.4 c/s 26280. - bnc#861256 - CVE-2014-1950: xen: XSA-88: use-after-free in xc_cpupool_getinfo() under memory pressure. (fix included with update) - bnc#863297: xend/pvscsi: recognize also SCSI CDROM devices - bnc#858496 - CVE-2014-1642: Xen: XSA-83: Out-of-memory condition yielding memory corruption during IRQ setup - bnc#860163 - xen: XSA-84: integer overflow in several XSM/Flask hypercalls (CVE-2014-1891 CVE-2014-1892 CVE-2014-1893 CVE-2014-1894) - bnc#860165 - CVE-2014-1895: xen: XSA-85: Off-by-one error in FLASK_AVC_CACHESTAT hypercall - bnc#860300 - CVE-2014-1896: xen: XSA-86: libvchan failure handling malicious ring indexes - bnc#860302 - CVE-2014-1666: xen: XSA-87: PHYSDEVOP_(prepare,release)_msix exposed to unprivileged guests - bnc#858311 - Server is not booting in kernel XEN after latest updates - (XEN) setup 0000:00:18.0 for d0 failed (-19) - bnc#858496 - CVE-2014-1642: Xen: XSA-83: Out-of-memory condition yielding memory corruption during IRQ setup - bnc#853049 - CVE-2013-6885: xen: XSA-82: Guest triggerable AMD CPU erratum may cause host hang - bnc#853048 - CVE-2013-6400: xen: XSA-80: IOMMU TLB flushing may be inadvertently suppressed - bnc#831120 - CVE-2013-2212: xen: XSA-60: Excessive time to disable caching with HVM guests with PCI passthrough - bnc#848014 - [HP HPS] Xen hypervisor panics on 8-blades nPar with 46-bit memory addressing - bnc#833251 - [HP BCS SLES11 Bug]: In HPs UEFI x86_64 platform and with xen environment, in booting stage ,xen hypervisor will panic. - pygrub: Support (/dev/xvda) style disk specifications - bnc#849667 - CVE-2014-1895: xen: XSA-74: Lock order reversal between page_alloc_lock and mm_rwlock - bnc#849668 - CVE-2013-4554: xen: XSA-76: Hypercalls exposed to privilege rings 1 and 2 of HVM guests - bnc#842417 - In HPs UEFI x86_64 platform and sles11sp3 with xen environment, dom0 will soft lockup on multiple blades nPar. - bnc#848014 - [HP HPS] Xen hypervisor panics on 8-blades nPar with 46-bit memory addressing - bnc#846849 - Soft lockup with PCI passthrough and many VCPUs - bnc#833483 - Boot Failure with xen kernel in UEFI mode with error last seen 2020-06-05 modified 2014-06-13 plugin id 75312 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75312 title openSUSE Security Update : xen (openSUSE-SU-2014:0483-1) NASL family SuSE Local Security Checks NASL id SUSE_11_XEN-201402-140227.NASL description The SUSE Linux Enterprise Server 11 Service Pack 3 Xen hypervisor and toolset has been updated to 4.2.4 to fix various bugs and security issues : The following security issues have been addressed : - XSA-60: CVE-2013-2212: The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling chaches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GFN range. (bnc#831120) - XSA-80: CVE-2013-6400: Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been assigned, does not clear the flag that suppresses IOMMU TLB flushes when unspecified errors occur, which causes the TLB entries to not be flushed and allows local guest administrators to cause a denial of service (host crash) or gain privileges via unspecified vectors. (bnc#853048) - XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue. (bnc#853049) - XSA-83: CVE-2014-1642: The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest administrators to cause a denial of service (memory corruption and hypervisor crash) and possibly execute arbitrary code via vectors related to an out-of-memory error that triggers a (1) use-after-free or (2) double free. (bnc#860092) - XSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL, FLASK_USER and FLASK_CONTEXT_TO_SID suboperations of the flask hypercall are vulnerable to an integer overflow on the input size. The hypercalls attempt to allocate a buffer which is 1 larger than this size and is therefore vulnerable to integer overflow and an attempt to allocate then access a zero byte buffer. (bnc#860163) - XSA-84: CVE-2014-1892 / CVE-2014-1893: Xen 3.3 through 4.1, while not affected by the above overflow, have a different overflow issue on FLASK_{GET,SET}BOOL and expose unreasonably large memory allocation to aribitrary guests. (bnc#860163) - XSA-84: CVE-2014-1894: Xen 3.2 (and presumably earlier) exhibit both problems with the overflow issue being present for more than just the suboperations listed above. (bnc#860163) - XSA-85: CVE-2014-1895: The FLASK_AVC_CACHESTAT hypercall, which provides access to per-cpu statistics on the Flask security policy, incorrectly validates the CPU for which statistics are being requested. (bnc#860165) - XSA-86: CVE-2014-1896: libvchan (a library for inter-domain communication) does not correctly handle unusual or malicious contents in the xenstore ring. A malicious guest can exploit this to cause a libvchan-using facility to read or write past the end of the ring. (bnc#860300) - XSA-87: CVE-2014-1666: The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service (host or guest malfunction) or possibly gain privileges via unspecified vectors. (bnc#860302) - XSA-88: CVE-2014-1950: Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xc_cpumap_alloc function, which allows local users with access to management functions to cause a denial of service (heap corruption) and possibly gain privileges via unspecified vectors. (bnc#861256) Also the following non-security bugs have been fixed : - Fixed boot problems with Xen kernel. last seen 2020-06-05 modified 2014-03-14 plugin id 73015 published 2014-03-14 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73015 title SuSE 11.3 Security Update : Xen (SAT Patch Number 8973) NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-0446-1.NASL description The SUSE Linux Enterprise Server 11 Service Pack 1 LTSS Xen hypervisor and toolset have been updated to fix various security issues and some bugs. The following security issues have been addressed : XSA-84: CVE-2014-1894: Xen 3.2 (and presumably earlier) exhibit both problems with the overflow issue being present for more than just the suboperations listed above. (bnc#860163) XSA-84: CVE-2014-1892 CVE-2014-1893: Xen 3.3 through 4.1, while not affected by the above overflow, have a different overflow issue on FLASK_{GET,SET}BOOL and expose unreasonably large memory allocation to arbitrary guests. (bnc#860163) XSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL, FLASK_USER and FLASK_CONTEXT_TO_SID suboperations of the flask hypercall are vulnerable to an integer overflow on the input size. The hypercalls attempt to allocate a buffer which is 1 larger than this size and is therefore vulnerable to integer overflow and an attempt to allocate then access a zero byte buffer. (bnc#860163) XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue. (bnc#853049) XSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2. (bnc#849668) XSA-74: CVE-2013-4553: The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to cause a denial of service (host deadlock). (bnc#849667) XSA-73: CVE-2013-4494: Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors. (bnc#848657) XSA-67: CVE-2013-4368: The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information (hypervisor stack content) via unspecified vectors related to stale data in a segment register. (bnc#842511) XSA-66: CVE-2013-4361: The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by reading the values used by the instruction. (bnc#841766) XSA-63: CVE-2013-4355: Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified operations related to addresses without associated memory. (bnc#840592) XSA-62: CVE-2013-1442: Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCPU after touching other restored extended registers, which allows local guest OSes to obtain sensitive information by reading the registers. (bnc#839596) XSA-61: CVE-2013-4329: The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows local HVM guest domains to gain privileges or cause a denial of service via a DMA instruction. (bnc#839618) XSA-60: CVE-2013-2212: The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling chaches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GFN range. (bnc#831120) XSA-58: CVE-2013-1918: Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to last seen 2020-06-05 modified 2015-05-20 plugin id 83616 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83616 title SUSE SLES11 Security Update : Xen (SUSE-SU-2014:0446-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-0470-1.NASL description The SUSE Linux Enterprise 10 Service Pack 3 LTSS Xen hypervisor and toolset have been updated to fix various security issues : The following security issues have been addressed : XSA-20: CVE-2012-4535: Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop and physical CPU consumption) by setting a VCPU with an last seen 2020-06-05 modified 2015-05-20 plugin id 83617 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83617 title SUSE SLES10 Security Update : Xen (SUSE-SU-2014:0470-1) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2015-0068.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2015-0068 for details. last seen 2020-06-01 modified 2020-06-02 plugin id 84140 published 2015-06-12 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84140 title OracleVM 3.2 : xen (OVMSA-2015-0068) (POODLE) (Venom) NASL family Scientific Linux Local Security Checks NASL id SL_20140312_KERNEL_ON_SL5_X.NASL description * A buffer overflow flaw was found in the way the qeth_snmp_command() function in the Linux kernel last seen 2020-03-18 modified 2014-03-14 plugin id 73012 published 2014-03-14 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73012 title Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20140312) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-3034.NASL description The remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s). last seen 2020-06-01 modified 2020-06-02 plugin id 74101 published 2014-05-20 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74101 title Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2014-3034) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0285.NASL description Updated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A buffer overflow flaw was found in the way the qeth_snmp_command() function in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 72975 published 2014-03-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72975 title RHEL 5 : kernel (RHSA-2014:0285) NASL family SuSE Local Security Checks NASL id SUSE_11_KERNEL-140408.NASL description The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues. ---------------------------------------------------------------------- - WARNING: If you are running KVM with PCI pass-through on a system with one of the following Intel chipsets: 5500 (revision 0x13), 5520 (revision 0x13) or X58 (revisions 0x12, 0x13, 0x22), please make sure to read the following support document before installing this update : https://www.suse.com/support/kb/doc.php?id=7014344 You will have to update your KVM setup to no longer make use of PCI pass-through before rebooting to the updated kernel. ---------------------------------------------------------------------- - The following security bugs have been fixed : - The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c. (bnc#847672). (CVE-2013-4470) - The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue. (bnc#852967). (CVE-2013-6885) - The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c. (bnc#857643). (CVE-2013-7263) - The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (bnc#857643). (CVE-2013-7264) - The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (bnc#857643). (CVE-2013-7265) - The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer. (bnc#864025). (CVE-2014-0069) Also the following non-security bugs have been fixed : - kabi: protect symbols modified by bnc#864833 fix. (bnc#864833) - mm: mempolicy: fix mbind_range() && vma_adjust() interaction (VM Functionality (bnc#866428)). - mm: merging memory blocks resets mempolicy (VM Functionality (bnc#866428)). - mm/page-writeback.c: do not count anon pages as dirtyable memory (High memory utilisation performance (bnc#859225)). - mm: vmscan: Do not force reclaim file pages until it exceeds anon (High memory utilisation performance (bnc#859225)). - mm: vmscan: fix endless loop in kswapd balancing (High memory utilisation performance (bnc#859225)). - mm: vmscan: Update rotated and scanned when force reclaimed (High memory utilisation performance (bnc#859225)). - mm: exclude memory less nodes from zone_reclaim. (bnc#863526) - mm: fix return type for functions nr_free_*_pages kabi fixup. (bnc#864058) - mm: fix return type for functions nr_free_*_pages. (bnc#864058) - mm: swap: Use swapfiles in priority order (Use swap files in priority order (bnc#862957)). - x86: Save cr2 in NMI in case NMIs take a page fault (follow-up for patches.fixes/x86-Add-workaround-to-NMI-iret-woes.patch) . - powerpc: Add VDSO version of getcpu (fate#316816, bnc#854445). - vmscan: change type of vm_total_pages to unsigned long. (bnc#864058) - audit: dynamically allocate audit_names when not enough space is in the names array. (bnc#857358) - audit: make filetype matching consistent with other filters. (bnc#857358) - arch/x86/mm/srat: Skip NUMA_NO_NODE while parsing SLIT. (bnc#863178) - hwmon: (coretemp) Fix truncated name of alarm attributes. - privcmd: allow preempting long running user-mode originating hypercalls. (bnc#861093) - nohz: Check for nohz active instead of nohz enabled. (bnc#846790) - nohz: Fix another inconsistency between CONFIG_NO_HZ=n and nohz=off. (bnc#846790) - iommu/vt-d: add quirk for broken interrupt remapping on 55XX chipsets. (bnc#844513) - balloon: do not crash in HVM-with-PoD guests. - crypto: s390 - fix des and des3_ede ctr concurrency issue (bnc#862796, LTC#103744). - crypto: s390 - fix des and des3_ede cbc concurrency issue (bnc#862796, LTC#103743). - kernel: oops due to linkage stack instructions (bnc#862796, LTC#103860). - crypto: s390 - fix concurrency issue in aes-ctr mode (bnc#862796, LTC#103742). - dump: Fix dump memory detection (bnc#862796,LTC#103575). - net: change type of virtio_chan->p9_max_pages. (bnc#864058) - inet: handle rt{,6}_bind_peer() failure correctly. (bnc#870801) - inet: Avoid potential NULL peer dereference. (bnc#864833) - inet: Hide route peer accesses behind helpers. (bnc#864833) - inet: Pass inetpeer root into inet_getpeer*() interfaces. (bnc#864833) - tcp: syncookies: reduce cookie lifetime to 128 seconds. (bnc#833968) - tcp: syncookies: reduce mss table to four values. (bnc#833968) - ipv6 routing, NLM_F_* flag support: REPLACE and EXCL flags support, warn about missing CREATE flag. (bnc#865783) - ipv6: send router reachability probe if route has an unreachable gateway. (bnc#853162) - sctp: Implement quick failover draft from tsvwg. (bnc#827670) - ipvs: fix AF assignment in ip_vs_conn_new(). (bnc#856848) - NFSD/sunrpc: avoid deadlock on TCP connection due to memory pressure. (bnc#853455) - btrfs: bugfix collection - fs/nfsd: change type of max_delegations, nfsd_drc_max_mem and nfsd_drc_mem_used. (bnc#864058) - fs/buffer.c: change type of max_buffer_heads to unsigned long. (bnc#864058) - ncpfs: fix rmdir returns Device or resource busy. (bnc#864880) - scsi_dh_alua: fixup RTPG retry delay miscalculation. (bnc#854025) - scsi_dh_alua: Simplify state machine. (bnc#854025) - xhci: Fix resume issues on Renesas chips in Samsung laptops. (bnc#866253) - bonding: disallow enslaving a bond to itself. (bnc#599263) - USB: hub: handle -ETIMEDOUT during enumeration. (bnc#855825) - dm-multipath: Do not stall on invalid ioctls. (bnc#865342) - scsi_dh_alua: endless STPG retries for a failed LUN. (bnc#865342) - net/mlx4_en: Fix pages never dma unmapped on rx. (bnc#858604) - dlm: remove get_comm. (bnc#827670) - dlm: Avoid LVB truncation. (bnc#827670) - dlm: disable nagle for SCTP. (bnc#827670) - dlm: retry failed SCTP sends. (bnc#827670) - dlm: try other IPs when sctp init assoc fails. (bnc#827670) - dlm: clear correct bit during sctp init failure handling. (bnc#827670) - dlm: set sctp assoc id during setup. (bnc#827670) - dlm: clear correct init bit during sctp setup. (bnc#827670) - dlm: fix deadlock between dlm_send and dlm_controld. (bnc#827670) - dlm: Fix return value from lockspace_busy(). (bnc#827670) - Avoid occasional hang with NFS. (bnc#852488) - mpt2sas: Fix unsafe using smp_processor_id() in preemptible. (bnc#853166) - lockd: send correct lock when granting a delayed lock. (bnc#859342) last seen 2020-06-05 modified 2014-04-16 plugin id 73554 published 2014-04-16 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73554 title SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 9102 / 9104 / 9105) NASL family Fedora Local Security Checks NASL id FEDORA_2013-22888.NASL description HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-12-17 plugin id 71478 published 2013-12-17 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71478 title Fedora 19 : xen-4.2.3-11.fc19 (2013-22888) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-272.NASL description Xen was updated to fix security issues and bugs. Update to bug fix release Xen 4.3.2 c/s 27404 - CVE-2013-6885: xen: XSA-82: A guest triggerable AMD CPU erratum may cause host hangs. - CVE-2013-6400: xen: XSA-80: IOMMU TLB flushing may be inadvertently suppressed, potentially leaking information to other guests. - CVE-2013-2212: xen: XSA-60: Excessive time to disable caching with HVM guests with PCI passthrough - pygrub: Support (/dev/xvda) style disk specifications last seen 2020-06-05 modified 2014-06-13 plugin id 75313 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75313 title openSUSE Security Update : xen (openSUSE-SU-2014:0482-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201407-03.NASL description The remote host is affected by the vulnerability described in GLSA-201407-03 (Xen: Multiple Vunlerabilities) Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact : A remote attacker can utilize multiple vectors to execute arbitrary code, cause Denial of Service, or gain access to data on the host. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 76544 published 2014-07-17 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76544 title GLSA-201407-03 : Xen: Multiple Vunlerabilities NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-375.NASL description This Linux kernel security update fixes various security issues and bugs. The Linux Kernel was updated to fix various security issues and bugs. Main security issues fixed : A security issue in the tty layer that was fixed that could be used by local attackers for code execution (CVE-2014-0196). Two security issues in the floppy driver were fixed that could be used by local attackers on machines with the floppy to crash the kernel or potentially execute code in the kernel (CVE-2014-1737 CVE-2014-1738). Other security issues and bugfixes : - netfilter: nf_nat: fix access to uninitialized buffer in IRC NAT helper (bnc#860835 CVE-2014-1690). - net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH (bnc#866102, CVE-2014-0101). - [media] ivtv: Fix Oops when no firmware is loaded (bnc#875440). - ALSA: hda - Add dock pin setups for Thinkpad T440 (bnc#876699). - ip6tnl: fix double free of fb_tnl_dev on exit (bnc#876531). - Update arm config files: Enable all USB-to-serial drivers Specifically, enable USB_SERIAL_WISHBONE and USB_SERIAL_QT2 on all arm flavors. - mei: limit the number of consecutive resets (bnc#821619,bnc#852656). - mei: revamp mei reset state machine (bnc#821619,bnc#852656). - mei: use hbm idle state to prevent spurious resets (bnc#821619). - mei: do not run reset flow from the interrupt thread (bnc#821619,bnc#852656). - mei: don last seen 2020-06-05 modified 2014-06-13 plugin id 75363 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75363 title openSUSE Security Update : kernel (openSUSE-SU-2014:0678-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-0411-1.NASL description The SUSE Linux Enterprise Server 10 Service Pack 4 LTSS Xen hypervisor and toolset have been updated to fix various security issues. The following security issues have been addressed : - XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue. (bnc#853049) - XSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2. (bnc#849668) - XSA-73: CVE-2013-4494: Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors. (bnc#848657) - XSA-67: CVE-2013-4368: The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information (hypervisor stack content) via unspecified vectors related to stale data in a segment register. (bnc#842511) - XSA-63: CVE-2013-4355: Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified operations related to addresses without associated memory. (bnc#840592) - XSA-55: CVE-2013-2196: Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to last seen 2020-06-05 modified 2015-05-20 plugin id 83614 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83614 title SUSE SLES10 Security Update : Xen (SUSE-SU-2014:0411-1) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2017-0057.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0057 for details. last seen 2020-06-01 modified 2020-06-02 plugin id 99163 published 2017-04-03 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99163 title OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-376.NASL description The Linux Kernel was updated to fix various security issues and bugs. Main security issues fixed : A security issue in the tty layer that was fixed that could be used by local attackers for code execution (CVE-2014-0196). Two security issues in the floppy driver were fixed that could be used by local attackers on machines with the floppy to crash the kernel or potentially execute code in the kernel (CVE-2014-1737 CVE-2014-1738). Other security issues and bugs that were fixed : - netfilter: nf_nat: fix access to uninitialized buffer in IRC NAT helper (bnc#860835 CVE-2014-1690). - net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH (bnc#866102, CVE-2014-0101). - n_tty: Fix a n_tty_write crash and code execution when echoing in raw mode (bnc#871252 bnc#875690 CVE-2014-0196). - netfilter: nf_ct_sip: support Cisco 7941/7945 IP phones (bnc#873717). - Update config files: re-enable twofish crypto support Software twofish crypto support was disabled in several architectures since openSUSE 10.3. For i386 and x86_64 it was on purpose, because hardware-accelerated alternatives exist. However for all other architectures it was by accident. Re-enable software twofish crypto support in arm, ia64 and ppc configuration files, to guarantee that at least one implementation is always available (bnc#871325). - Update config files: disable CONFIG_TOUCHSCREEN_W90X900 The w90p910_ts driver only makes sense on the W90x900 architecture, which we do not support. - ath9k: protect tid->sched check (bnc#871148,CVE-2014-2672). - Fix dst_neigh_lookup/dst_neigh_lookup_skb return value handling bug (bnc#869898). - SELinux: Fix kernel BUG on empty security contexts (bnc#863335,CVE-2014-1874). - hamradio/yam: fix info leak in ioctl (bnc#858872, CVE-2014-1446). - wanxl: fix info leak in ioctl (bnc#858870, CVE-2014-1445). - farsync: fix info leak in ioctl (bnc#858869, CVE-2014-1444). - ARM: 7809/1: perf: fix event validation for software group leaders (CVE-2013-4254, bnc#837111). - netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages (bnc#868653, CVE-2014-2523). - ath9k_htc: properly set MAC address and BSSID mask (bnc#851426, CVE-2013-4579). - drm/ttm: don last seen 2020-06-05 modified 2014-06-13 plugin id 75364 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75364 title openSUSE Security Update : kernel (openSUSE-SU-2014:0677-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-0285-1.NASL description From Red Hat Security Advisory 2014:0285 : Updated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A buffer overflow flaw was found in the way the qeth_snmp_command() function in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 73006 published 2014-03-14 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73006 title Oracle Linux 5 : kernel (ELSA-2014-0285-1) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2013-0091.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - x86/AMD: work around erratum 793 The recommendation is to set a bit in an MSR - do this if the firmware didn last seen 2020-06-01 modified 2020-06-02 plugin id 79527 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79527 title OracleVM 3.1 : xen (OVMSA-2013-0091) NASL family Fedora Local Security Checks NASL id FEDORA_2013-22754.NASL description HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-12-14 plugin id 71422 published 2013-12-14 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71422 title Fedora 20 : xen-4.3.1-5.fc20 (2013-22754) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2013-0092.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - x86/AMD: work around erratum 793 XSA-82 (Jan Beulich) [17884839] (CVE-2013-6885) last seen 2020-06-01 modified 2020-06-02 plugin id 79528 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79528 title OracleVM 2.2 : xen (OVMSA-2013-0092) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-0285.NASL description From Red Hat Security Advisory 2014:0285 : Updated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A buffer overflow flaw was found in the way the qeth_snmp_command() function in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 73007 published 2014-03-14 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73007 title Oracle Linux 5 : kernel (ELSA-2014-0285) NASL family Fedora Local Security Checks NASL id FEDORA_2013-22866.NASL description HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-12-17 plugin id 71477 published 2013-12-17 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71477 title Fedora 18 : xen-4.2.3-11.fc18 (2013-22866) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3128.NASL description Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or information leaks. - CVE-2013-6885 It was discovered that under specific circumstances, a combination of write operations to write-combined memory and locked CPU instructions may cause a core hang on AMD 16h 00h through 0Fh processors. A local user can use this flaw to mount a denial of service (system hang) via a crafted application. For more information please refer to the AMD CPU erratum 793 in http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf - CVE-2014-8133 It was found that the espfix funcionality can be bypassed by installing a 16-bit RW data segment into GDT instead of LDT (which espfix checks for) and using it for stack. A local unprivileged user could potentially use this flaw to leak kernel stack addresses and thus allowing to bypass the ASLR protection mechanism. - CVE-2014-9419 It was found that on Linux kernels compiled with the 32 bit interfaces (CONFIG_X86_32) a malicious user program can do a partial ASLR bypass through TLS base addresses leak when attacking other programs. - CVE-2014-9529 It was discovered that the Linux kernel is affected by a race condition flaw when doing key garbage collection, allowing local users to cause a denial of service (memory corruption or panic). - CVE-2014-9584 It was found that the Linux kernel does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image. last seen 2020-03-17 modified 2015-01-16 plugin id 80558 published 2015-01-16 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80558 title Debian DSA-3128-1 : linux - security update NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2013-0090.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - x86/AMD: work around erratum 793 The recommendation is to set a bit in an MSR - do this if the firmware didn last seen 2020-06-01 modified 2020-06-02 plugin id 79526 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79526 title OracleVM 3.2 : xen (OVMSA-2013-0090)
Redhat
advisories |
| ||||
rpms |
|
References
- http://lists.dragonflybsd.org/pipermail/kernel/2011-December/046594.html
- http://www.zdnet.com/blog/hardware/amd-owns-up-to-cpu-bug/18924
- http://openwall.com/lists/oss-security/2013/11/28/1
- https://bugzilla.redhat.com/show_bug.cgi?id=1035823
- http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf
- http://www.openwall.com/lists/oss-security/2013/12/02/1
- http://www.securitytracker.com/id/1029415
- http://secunia.com/advisories/55840
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123553.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124199.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124195.html
- http://www.securityfocus.com/bid/63983
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html
- http://rhn.redhat.com/errata/RHSA-2014-0285.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html
- http://www.debian.org/security/2015/dsa-3128
- http://security.gentoo.org/glsa/glsa-201407-03.xml
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89335
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html