Vulnerabilities > CVE-2014-3153

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
linux
redhat
suse
opensuse
canonical
oracle
nessus
exploit available
metasploit
NVD
Published: 2014-06-07
Updated: 2024-07-02

Summary

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

Vulnerable Configurations

Part Description Count
OS
Linux
4171
OS
Redhat
1
OS
Suse
7
OS
Opensuse
1
OS
Canonical
2
OS
Oracle
2

Exploit-Db

descriptionLinux Kernel - libfutex - Local Root for RHEL/CentOS 7.0.1406. CVE-2014-3153. Local exploit for linux platform
fileexploits/linux/local/35370.c
idEDB-ID:35370
last seen2016-02-04
modified2014-11-25
platformlinux
port
published2014-11-25
reporterKaiqu Chen
sourcehttps://www.exploit-db.com/download/35370/
titleLinux Kernel - libfutex - Local Root for RHEL/CentOS 7.0.1406
typelocal

Metasploit

descriptionThis module exploits a bug in futex_requeue in the Linux kernel, using similar techniques employed by the towelroot exploit. Any Android device with a kernel built before June 2014 is likely to be vulnerable.
idMSF:EXPLOIT/ANDROID/LOCAL/FUTEX_REQUEUE
last seen2020-05-24
modified2019-10-23
published2014-12-01
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/android/local/futex_requeue.rb
titleAndroid 'Towelroot' Futex Requeue Kernel Exploit

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2239-1.NASL
    descriptionPinkie Pie discovered a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id74359
    published2014-06-06
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74359
    titleUbuntu 12.04 LTS : linux-lts-saucy vulnerabilities (USN-2239-1)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-2239-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(74359);
  script_version("1.19");
  script_cvs_date("Date: 2019/09/19 12:54:30");

  script_cve_id("CVE-2014-0155", "CVE-2014-2568", "CVE-2014-3122", "CVE-2014-3153");
  script_xref(name:"USN", value:"2239-1");

  script_name(english:"Ubuntu 12.04 LTS : linux-lts-saucy vulnerabilities (USN-2239-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An
unprivileged local user could exploit this flaw to cause a denial of
service (system crash) or gain administrative privileges.
(CVE-2014-3153)

A flaw was discovered in the Linux kernel virtual machine's (kvm)
validation of interrupt requests (irq). A guest OS user could exploit
this flaw to cause a denial of service (host OS crash).
(CVE-2014-0155)

An information leak was discovered in the netfilter subsystem of the
Linux kernel. An attacker could exploit this flaw to obtain sensitive
information from kernel memory. (CVE-2014-2568)

Sasha Levin reported a bug in the Linux kernel's virtual memory
management subsystem. An unprivileged local user could exploit this
flaw to cause a denial of service (system crash). (CVE-2014-3122).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/2239-1/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Update the affected linux-image-3.11-generic and / or
linux-image-3.11-generic-lpae packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Android "Towelroot" Futex Requeue Kernel Exploit');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.11-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.11-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/06/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/06");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("ksplice.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2014-0155", "CVE-2014-2568", "CVE-2014-3122", "CVE-2014-3153");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2239-1");
  }
  else
  {
    _ubuntu_report = ksplice_reporting_text();
  }
}

flag = 0;

if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.11.0-23-generic", pkgver:"3.11.0-23.40~precise1")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.11.0-23-generic-lpae", pkgver:"3.11.0-23.40~precise1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.11-generic / linux-image-3.11-generic-lpae");
}
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2238-1.NASL
    descriptionPinkie Pie discovered a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id74358
    published2014-06-06
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74358
    titleUbuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-2238-1)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-2238-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(74358);
  script_version("1.21");
  script_cvs_date("Date: 2019/09/19 12:54:30");

  script_cve_id("CVE-2013-4483", "CVE-2014-3153");
  script_bugtraq_id(63445);
  script_xref(name:"USN", value:"2238-1");

  script_name(english:"Ubuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-2238-1)");
  script_summary(english:"Checks dpkg output for updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Ubuntu host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An
unprivileged local user could exploit this flaw to cause a denial of
service (system crash) or gain administrative privileges.
(CVE-2014-3153)

A flaw was discovered in the Linux kernel's IPC reference counting. An
unprivileged local user could exploit this flaw to cause a denial of
service (OOM system crash). (CVE-2013-4483).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/2238-1/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected linux-image-3.8-generic package."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Android "Towelroot" Futex Requeue Kernel Exploit');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.8-generic");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/06/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/06");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("ksplice.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2013-4483", "CVE-2014-3153");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2238-1");
  }
  else
  {
    _ubuntu_report = ksplice_reporting_text();
  }
}

flag = 0;

if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.8.0-42-generic", pkgver:"3.8.0-42.62~precise1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.8-generic");
}
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2014-124.NASL
    descriptionMultiple vulnerabilities has been found and corrected in the Linux kernel : kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number (CVE-2014-3917). The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification (CVE-2014-3153). Race condition in the ath_tx_aggr_sleep function in drivers/net/wireless/ath/ath9k/xmit.c in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via a large amount of network traffic that triggers certain list deletions (CVE-2014-2672). The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced (CVE-2014-3144). The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced (CVE-2014-3145). Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter (CVE-2014-2851). The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the LECHO !OPOST case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings (CVE-2014-0196). The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device (CVE-2014-1738). The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device (CVE-2014-1737). The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports (CVE-2014-2678). drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions (CVE-2014-0077). The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets (CVE-2014-2309). Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device (CVE-2013-2897). net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function (CVE-2014-2523). Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c (CVE-2014-2706). The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk (CVE-2014-0101). The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer (CVE-2014-0069). arch/s390/kernel/head64.S in the Linux kernel before 3.13.5 on the s390 platform does not properly handle attempted use of the linkage stack, which allows local users to cause a denial of service (system crash) by executing a crafted instruction (CVE-2014-2039). Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setup_routing_entry function before invoking the kvm_set_irq function (CVE-2012-2137). The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context (CVE-2014-1874). The updated packages provides a solution for these security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id74513
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/74513
    titleMandriva Linux Security Advisory : kernel (MDVSA-2014:124)
    code
    #%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2014:124. 
# The text itself is copyright (C) Mandriva S.A.
#

if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if (description)
{
  script_id(74513);
  script_version("1.14");
  script_cvs_date("Date: 2019/08/02 13:32:56");

  script_cve_id("CVE-2012-2137", "CVE-2013-2897", "CVE-2014-0069", "CVE-2014-0077", "CVE-2014-0101", "CVE-2014-0196", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-1874", "CVE-2014-2039", "CVE-2014-2309", "CVE-2014-2523", "CVE-2014-2672", "CVE-2014-2678", "CVE-2014-2706", "CVE-2014-2851", "CVE-2014-3144", "CVE-2014-3145", "CVE-2014-3153", "CVE-2014-3917");
  script_bugtraq_id(54063, 62044, 65459, 65588, 65700, 65943, 66095, 66279, 66492, 66543, 66591, 66678, 66779, 67282, 67300, 67302, 67309, 67321, 67906);
  script_xref(name:"MDVSA", value:"2014:124");

  script_name(english:"Mandriva Linux Security Advisory : kernel (MDVSA-2014:124)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple vulnerabilities has been found and corrected in the Linux
kernel :

kernel/auditsc.c in the Linux kernel through 3.14.5, when
CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows
local users to obtain potentially sensitive single-bit values from
kernel memory or cause a denial of service (OOPS) via a large value of
a syscall number (CVE-2014-3917).

The futex_requeue function in kernel/futex.c in the Linux kernel
through 3.14.5 does not ensure that calls have two different futex
addresses, which allows local users to gain privileges via a crafted
FUTEX_REQUEUE command that facilitates unsafe waiter modification
(CVE-2014-3153).

Race condition in the ath_tx_aggr_sleep function in
drivers/net/wireless/ath/ath9k/xmit.c in the Linux kernel before
3.13.7 allows remote attackers to cause a denial of service (system
crash) via a large amount of network traffic that triggers certain
list deletions (CVE-2014-2672).

The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension
implementations in the sk_run_filter function in net/core/filter.c in
the Linux kernel through 3.14.3 do not check whether a certain length
value is sufficiently large, which allows local users to cause a
denial of service (integer underflow and system crash) via crafted BPF
instructions. NOTE: the affected code was moved to the
__skb_get_nlattr and __skb_get_nlattr_nest functions before the
vulnerability was announced (CVE-2014-3144).

The BPF_S_ANC_NLATTR_NEST extension implementation in the
sk_run_filter function in net/core/filter.c in the Linux kernel
through 3.14.3 uses the reverse order in a certain subtraction, which
allows local users to cause a denial of service (over-read and system
crash) via crafted BPF instructions. NOTE: the affected code was moved
to the __skb_get_nlattr_nest function before the vulnerability was
announced (CVE-2014-3145).

Integer overflow in the ping_init_sock function in net/ipv4/ping.c in
the Linux kernel through 3.14.1 allows local users to cause a denial
of service (use-after-free and system crash) or possibly gain
privileges via a crafted application that leverages an improperly
managed reference counter (CVE-2014-2851).

The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel
through 3.14.3 does not properly manage tty driver access in the LECHO
!OPOST case, which allows local users to cause a denial of service
(memory corruption and system crash) or gain privileges by triggering
a race condition involving read and write operations with long strings
(CVE-2014-0196).

The raw_cmd_copyout function in drivers/block/floppy.c in the Linux
kernel through 3.14.3 does not properly restrict access to certain
pointers during processing of an FDRAWCMD ioctl call, which allows
local users to obtain sensitive information from kernel heap memory by
leveraging write access to a /dev/fd device (CVE-2014-1738).

The raw_cmd_copyin function in drivers/block/floppy.c in the Linux
kernel through 3.14.3 does not properly handle error conditions during
processing of an FDRAWCMD ioctl call, which allows local users to
trigger kfree operations and gain privileges by leveraging write
access to a /dev/fd device (CVE-2014-1737).

The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel
through 3.14 allows local users to cause a denial of service (NULL
pointer dereference and system crash) or possibly have unspecified
other impact via a bind system call for an RDS socket on a system that
lacks RDS transports (CVE-2014-2678).

drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable
buffers are disabled, does not properly validate packet lengths, which
allows guest OS users to cause a denial of service (memory corruption
and host OS crash) or possibly gain privileges on the host OS via
crafted packets, related to the handle_rx and get_rx_bufs functions
(CVE-2014-0077).

The ip6_route_add function in net/ipv6/route.c in the Linux kernel
through 3.13.6 does not properly count the addition of routes, which
allows remote attackers to cause a denial of service (memory
consumption) via a flood of ICMPv6 Router Advertisement packets
(CVE-2014-2309).

Multiple array index errors in drivers/hid/hid-multitouch.c in the
Human Interface Device (HID) subsystem in the Linux kernel through
3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically
proximate attackers to cause a denial of service (heap memory
corruption, or NULL pointer dereference and OOPS) via a crafted device
(CVE-2013-2897).

net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through
3.13.6 uses a DCCP header pointer incorrectly, which allows remote
attackers to cause a denial of service (system crash) or possibly
execute arbitrary code via a DCCP packet that triggers a call to the
(1) dccp_new, (2) dccp_packet, or (3) dccp_error function
(CVE-2014-2523).

Race condition in the mac80211 subsystem in the Linux kernel before
3.13.7 allows remote attackers to cause a denial of service (system
crash) via network traffic that improperly interacts with the
WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and
tx.c (CVE-2014-2706).

The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the
Linux kernel through 3.13.6 does not validate certain auth_enable and
auth_capable fields before making an sctp_sf_authenticate call, which
allows remote attackers to cause a denial of service (NULL pointer
dereference and system crash) via an SCTP handshake with a modified
INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk
(CVE-2014-0101).

The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel
through 3.13.5 does not properly handle uncached write operations that
copy fewer than the requested number of bytes, which allows local
users to obtain sensitive information from kernel memory, cause a
denial of service (memory corruption and system crash), or possibly
gain privileges via a writev system call with a crafted pointer
(CVE-2014-0069).

arch/s390/kernel/head64.S in the Linux kernel before 3.13.5 on the
s390 platform does not properly handle attempted use of the linkage
stack, which allows local users to cause a denial of service (system
crash) by executing a crafted instruction (CVE-2014-2039).

Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the
Linux kernel before 3.2.24 allows local users to cause a denial of
service (crash) and possibly execute arbitrary code via vectors
related to Message Signaled Interrupts (MSI), irq routing entries, and
an incorrect check by the setup_routing_entry function before invoking
the kvm_set_irq function (CVE-2012-2137).

The security_context_to_sid_core function in
security/selinux/ss/services.c in the Linux kernel before 3.13.4
allows local users to cause a denial of service (system crash) by
leveraging the CAP_MAC_ADMIN capability to set a zero-length security
context (CVE-2014-1874).

The updated packages provides a solution for these security issues."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Android "Towelroot" Futex Requeue Kernel Exploit');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:cpupower");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-firmware");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-server-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64cpupower-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64cpupower0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perf");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/06/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"cpupower-3.4.93-1.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", reference:"kernel-firmware-3.4.93-1.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"kernel-headers-3.4.93-1.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"kernel-server-3.4.93-1.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"kernel-server-devel-3.4.93-1.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", reference:"kernel-source-3.4.93-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64cpupower-devel-3.4.93-1.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64cpupower0-3.4.93-1.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"perf-3.4.93-1.1.mbs1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2949.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation : - CVE-2014-3144/ CVE-2014-3145 A local user can cause a denial of service (system crash) via crafted BPF instructions. - CVE-2014-3153 Pinkie Pie discovered an issue in the futex subsystem that allows a local user to gain ring 0 control via the futex syscall. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation.
    last seen2020-03-17
    modified2014-06-06
    plugin id74336
    published2014-06-06
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74336
    titleDebian DSA-2949-1 : linux - security update
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-2949. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(74336);
  script_version("1.17");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");

  script_cve_id("CVE-2014-3144", "CVE-2014-3145", "CVE-2014-3153");
  script_bugtraq_id(67309, 67321);
  script_xref(name:"DSA", value:"2949");

  script_name(english:"Debian DSA-2949-1 : linux - security update");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service or privilege escalation :

  - CVE-2014-3144/ CVE-2014-3145
    A local user can cause a denial of service (system
    crash) via crafted BPF instructions.

  - CVE-2014-3153
    Pinkie Pie discovered an issue in the futex subsystem
    that allows a local user to gain ring 0 control via the
    futex syscall. An unprivileged user could use this flaw
    to crash the kernel (resulting in denial of service) or
    for privilege escalation."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2014-3144"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2014-3145"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2014-3153"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2014/dsa-2949"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the linux packages.

For the stable distribution (wheezy), these problems have been fixed
in version 3.2.57-3+deb7u2."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Android "Towelroot" Futex Requeue Kernel Exploit');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/05/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/06/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/06");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"7.0", prefix:"linux", reference:"3.2.57-3+deb7u2")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_KERNEL-140604.NASL
    descriptionThe SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix a critical privilege escalation security issue : - The futex acquisition code in kernel/futex.c can be used to gain ring0 access via the futex syscall. This could be used for privilege escalation by non-root users. (bnc#880892). (CVE-2014-3153)
    last seen2020-06-05
    modified2014-06-11
    plugin id74462
    published2014-06-11
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/74462
    titleSuSE 11.3 Security Update : Linux Kernel (SAT Patch Numbers 9328 / 9329 / 9330)
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if (description)
{
  script_id(74462);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2014-3153");

  script_name(english:"SuSE 11.3 Security Update : Linux Kernel (SAT Patch Numbers 9328 / 9329 / 9330)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 11 host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix
a critical privilege escalation security issue :

  - The futex acquisition code in kernel/futex.c can be used
    to gain ring0 access via the futex syscall. This could
    be used for privilege escalation by non-root users.
    (bnc#880892). (CVE-2014-3153)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=880892"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-3153.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Apply SAT patch number 9328 / 9329 / 9330 as appropriate."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Android "Towelroot" Futex Requeue Kernel Exploit');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-man");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-syms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-pae");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/06/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/11");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);

pl = get_kb_item("Host/SuSE/patchlevel");
if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3");


flag = 0;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-default-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-default-base-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-default-devel-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-default-extra-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-pae-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-pae-base-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-pae-devel-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-pae-extra-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-source-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-syms-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-trace-devel-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-xen-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-xen-base-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-xen-devel-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-xen-extra-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"xen-kmp-default-4.2.4_02_3.0.101_0.31-0.7.33")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"xen-kmp-pae-4.2.4_02_3.0.101_0.31-0.7.33")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-default-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-default-base-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-default-devel-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-default-extra-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-source-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-syms-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-trace-devel-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-xen-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-xen-base-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-xen-devel-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-xen-extra-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"xen-kmp-default-4.2.4_02_3.0.101_0.31-0.7.33")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"kernel-default-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"kernel-default-base-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"kernel-default-devel-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"kernel-source-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"kernel-syms-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"kernel-trace-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"kernel-trace-base-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"kernel-trace-devel-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-ec2-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-ec2-base-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-ec2-devel-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-pae-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-pae-base-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-pae-devel-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-xen-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-xen-base-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-xen-devel-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"xen-kmp-default-4.2.4_02_3.0.101_0.31-0.7.33")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"xen-kmp-pae-4.2.4_02_3.0.101_0.31-0.7.33")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-default-man-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-ec2-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-ec2-base-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-ec2-devel-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-xen-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-xen-base-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-xen-devel-3.0.101-0.31.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"xen-kmp-default-4.2.4_02_3.0.101_0.31-0.7.33")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2235-1.NASL
    descriptionPinkie Pie discovered a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id74356
    published2014-06-06
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74356
    titleUbuntu 12.04 LTS : linux vulnerabilities (USN-2235-1)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-2235-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(74356);
  script_version("1.21");
  script_cvs_date("Date: 2019/09/19 12:54:30");

  script_cve_id("CVE-2014-0055", "CVE-2014-3122", "CVE-2014-3153");
  script_bugtraq_id(66441, 67162);
  script_xref(name:"USN", value:"2235-1");

  script_name(english:"Ubuntu 12.04 LTS : linux vulnerabilities (USN-2235-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An
unprivileged local user could exploit this flaw to cause a denial of
service (system crash) or gain administrative privileges.
(CVE-2014-3153)

A flaw was discovered in the vhost-net subsystem of the Linux kernel.
Guest OS users could exploit this flaw to cause a denial of service
(host OS crash). (CVE-2014-0055)

Sasha Levin reported a bug in the Linux kernel's virtual memory
management subsystem. An unprivileged local user could exploit this
flaw to cause a denial of service (system crash). (CVE-2014-3122).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/2235-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Android "Towelroot" Futex Requeue Kernel Exploit');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/06/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/06");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("ksplice.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2014-0055", "CVE-2014-3122", "CVE-2014-3153");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2235-1");
  }
  else
  {
    _ubuntu_report = ksplice_reporting_text();
  }
}

flag = 0;

if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-64-generic", pkgver:"3.2.0-64.97")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-64-generic-pae", pkgver:"3.2.0-64.97")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-64-highbank", pkgver:"3.2.0-64.97")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-64-virtual", pkgver:"3.2.0-64.97")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.2-generic / linux-image-3.2-generic-pae / etc");
}
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2237-1.NASL
    descriptionPinkie Pie discovered a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id74357
    published2014-06-06
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74357
    titleUbuntu 12.04 LTS : linux-lts-quantal vulnerability (USN-2237-1)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-2237-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(74357);
  script_version("1.17");
  script_cvs_date("Date: 2019/09/19 12:54:30");

  script_cve_id("CVE-2014-3153");
  script_xref(name:"USN", value:"2237-1");

  script_name(english:"Ubuntu 12.04 LTS : linux-lts-quantal vulnerability (USN-2237-1)");
  script_summary(english:"Checks dpkg output for updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Ubuntu host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An
unprivileged local user could exploit this flaw to cause a denial of
service (system crash) or gain administrative privileges.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/2237-1/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected linux-image-3.5-generic package."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Android "Towelroot" Futex Requeue Kernel Exploit');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-generic");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/06/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/06");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("ksplice.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2014-3153");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2237-1");
  }
  else
  {
    _ubuntu_report = ksplice_reporting_text();
  }
}

flag = 0;

if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.5.0-51-generic", pkgver:"3.5.0-51.77~precise1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.5-generic");
}
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-3070.NASL
    descriptionThe remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
    last seen2020-06-01
    modified2020-06-02
    plugin id77355
    published2014-08-23
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77355
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2014-3070)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2240-1.NASL
    descriptionPinkie Pie discovered a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id74360
    published2014-06-06
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74360
    titleUbuntu 14.04 LTS : linux vulnerabilities (USN-2240-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_KERNEL-BIGSMP-201409-140924.NASL
    descriptionThe SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues. The following security bugs have been fixed : - The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call. (bnc#882804). (CVE-2014-1739) - mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call. (bnc#883518). (CVE-2014-4171) - arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. (bnc#883724). (CVE-2014-4508) - The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet. (bnc#885422). (CVE-2014-4667) - The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. (bnc#887082). (CVE-2014-4943) - The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction. (bnc#889173). (CVE-2014-5077) - Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry. (bnc#892490). (CVE-2014-5471) - The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry. (bnc#892490). (CVE-2014-5472) - Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c. (bnc#871797). (CVE-2014-2706) - The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. (bnc#882639). (CVE-2014-4027) - The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. (bnc#880892). (CVE-2014-3153) - Avoid infinite loop when processing indirect ICBs (bnc#896689) The following non-security bugs have been fixed:. (CVE-2014-6410) - ACPI / PAD: call schedule() when need_resched() is true. (bnc#866911) - ACPI: Fix bug when ACPI reset register is implemented in system memory. (bnc#882900) - ACPI: Limit access to custom_method. (bnc#884333) - ALSA: hda - Enabling Realtek ALC 671 codec. (bnc#891746) - Add option to automatically enforce module signatures when in Secure Boot mode. (bnc#884333) - Add secure_modules() call. (bnc#884333) - Add wait_on_atomic_t() and wake_up_atomic_t(). (bnc#880344) - Backported new patches of Lock down functions for UEFI secure boot Also updated series.conf and removed old patches. - Btrfs: Return EXDEV for cross file system snapshot. - Btrfs: abort the transaction when we does not find our extent ref. - Btrfs: avoid warning bomb of btrfs_invalidate_inodes. - Btrfs: cancel scrub on transaction abortion. - Btrfs: correctly set profile flags on seqlock retry. - Btrfs: does not check nodes for extent items. - Btrfs: fix a possible deadlock between scrub and transaction committing. - Btrfs: fix corruption after write/fsync failure + fsync + log recovery. (bnc#894200) - Btrfs: fix csum tree corruption, duplicate and outdated checksums. (bnc#891619) - Btrfs: fix double free in find_lock_delalloc_range. - Btrfs: fix possible memory leak in btrfs_create_tree(). - Btrfs: fix use of uninit
    last seen2020-06-05
    modified2014-10-23
    plugin id78651
    published2014-10-23
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78651
    titleSuSE 11.3 Security Update : Linux kernel (SAT Patch Number 9750)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-451.NASL
    descriptionThe Linux kernel was updated to fix security issues and bugs : Security issues fixed: CVE-2014-3153: The futex_requeue function in kernel/futex.c in the Linux kernel did not ensure that calls have two different futex addresses, which allowed local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. CVE-2014-0077: drivers/vhost/net.c in the Linux kernel, when mergeable buffers are disabled, did not properly validate packet lengths, which allowed guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions. CVE-2014-0055: The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package did not properly handle vhost_get_vq_desc errors, which allowed guest OS users to cause a denial of service (host OS crash) via unspecified vectors. CVE-2014-2678: The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. CVE-2013-7339: The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. CVE-2014-2851: Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter. CVE-2014-3122: The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel did not properly consider which pages must be locked, which allowed local users to cause a denial of service (system crash) by triggering a memory-usage pattern that requires removal of page-table mappings. Bugs fixed : - memcg: deprecate memory.force_empty knob (bnc#878274).
    last seen2020-06-05
    modified2014-07-02
    plugin id76342
    published2014-07-02
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76342
    titleopenSUSE Security Update : kernel (openSUSE-SU-2014:0856-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-3038.NASL
    descriptionDescription of changes: [2.6.39-400.215.2.el6uek] - futex: Make lookup_pi_state more robust (Thomas Gleixner) [Orabug: 18918614] {CVE-2014-3153} - futex: Always cleanup owner tid in unlock_pi (Thomas Gleixner) [Orabug: 18918614] {CVE-2014-3153} - futex: Validate atomic acquisition in futex_lock_pi_atomic() (Thomas Gleixner) [Orabug: 18918614] {CVE-2014-3153} - futex: Forbid uaddr1 == uaddr2 in futex_requeue(..., requeue_pi=1) (Thomas Gleixner) [Orabug: 18918614] {CVE-2014-3153} {CVE-2014-3153}
    last seen2020-06-01
    modified2020-06-02
    plugin id74377
    published2014-06-09
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74377
    titleOracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3038)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20140619_KERNEL_ON_SL6_X.NASL
    description* A flaw was found in the way the Linux kernel
    last seen2020-03-18
    modified2014-06-20
    plugin id76157
    published2014-06-20
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76157
    titleScientific Linux Security Update : kernel on SL6.x i386/x86_64 (20140619)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0800.NASL
    descriptionUpdated kernel packages that fix three security issues are now available for Red Hat Enterprise Linux 6.2 Extended Update Support. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id79032
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79032
    titleRHEL 6 : kernel (RHSA-2014:0800)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2260-1.NASL
    descriptionA flaw was discovered in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id76295
    published2014-06-28
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76295
    titleUbuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2260-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0913.NASL
    descriptionUpdated kernel-rt packages that fix multiple security issues are now available for Red Hat Enterprise MRG 2.5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id76696
    published2014-07-23
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/76696
    titleRHEL 6 : kernel-rt (RHSA-2014:0913)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-7320.NASL
    descriptionUpdate to the latest upstream stable release, Linux v3.14.7 The 3.14.6 stable update contains a number of important fixes across the tree. The 3.14.5 stable update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-06-17
    plugin id76083
    published2014-06-17
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/76083
    titleFedora 19 : kernel-3.14.7-100.fc19 (2014-7320)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2014-363.NASL
    descriptionThe futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
    last seen2020-06-01
    modified2020-06-02
    plugin id78306
    published2014-10-12
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78306
    titleAmazon Linux AMI : kernel (ALAS-2014-363)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-7128.NASL
    descriptionThe 3.14.6 stable update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-06-12
    plugin id74478
    published2014-06-12
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/74478
    titleFedora 20 : kernel-3.14.6-200.fc20 (2014-7128)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-0771.NASL
    descriptionUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id76170
    published2014-06-23
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76170
    titleCentOS 6 : kernel (CESA-2014:0771)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-0771.NASL
    descriptionFrom Red Hat Security Advisory 2014:0771 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id76155
    published2014-06-20
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76155
    titleOracle Linux 6 : kernel (ELSA-2014-0771)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2014-392.NASL
    descriptionThe media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call. A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id78335
    published2014-10-12
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78335
    titleAmazon Linux AMI : kernel (ALAS-2014-392)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0900.NASL
    descriptionUpdated kernel packages that fix three security issues and one bug are now available for Red Hat Enterprise Linux 6.4 Extended Update Support. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id79035
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79035
    titleRHEL 6 : kernel (RHSA-2014:0900)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2233-1.NASL
    descriptionPinkie Pie discovered a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id74354
    published2014-06-06
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74354
    titleUbuntu 10.04 LTS : linux vulnerabilities (USN-2233-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1518.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature enabled(nested=1), is vulnerable to host memory leakage issue. It could occur while emulating VMXON instruction in
    last seen2020-03-19
    modified2019-05-14
    plugin id124971
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124971
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1518)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-3037.NASL
    descriptionDescription of changes: kernel-uek [3.8.13-35.1.1.el6uek] - futex: Make lookup_pi_state more robust (Thomas Gleixner) [Orabug: 18918552] {CVE-2014-3153} - futex: Always cleanup owner tid in unlock_pi (Thomas Gleixner) [Orabug: 18918552] {CVE-2014-3153} - futex: Validate atomic acquisition in futex_lock_pi_atomic() (Thomas Gleixner) [Orabug: 18918552] {CVE-2014-3153} - futex: Forbid uaddr == uaddr2 in futex_requeue(..., requeue_pi=1) (Thomas Gleixner) [Orabug: 18918552] {CVE-2014-3153} {CVE-2014-3153}
    last seen2020-06-01
    modified2020-06-02
    plugin id74376
    published2014-06-09
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74376
    titleOracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2014-3037)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2950.NASL
    descriptionMultiple vulnerabilities have been discovered in OpenSSL : - CVE-2014-0195 Jueri Aedla discovered that a buffer overflow in processing DTLS fragments could lead to the execution of arbitrary code or denial of service. - CVE-2014-0221 Imre Rad discovered the processing of DTLS hello packets is susceptible to denial of service. - CVE-2014-0224 KIKUCHI Masashi discovered that carefully crafted handshakes can force the use of weak keys, resulting in potential man-in-the-middle attacks. - CVE-2014-3470 Felix Groebert and Ivan Fratric discovered that the implementation of anonymous ECDH ciphersuites is suspectible to denial of service. Additional information can be found at http://www.openssl.org/news/secadv/20140605.txt
    last seen2020-03-17
    modified2014-06-06
    plugin id74337
    published2014-06-06
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74337
    titleDebian DSA-2950-1 : openssl - security update
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2241-1.NASL
    descriptionPinkie Pie discovered a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id74361
    published2014-06-06
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74361
    titleUbuntu 13.10 : linux vulnerabilities (USN-2241-1)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0057.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0057 for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id99163
    published2017-04-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99163
    titleOracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0771.NASL
    descriptionUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id76156
    published2014-06-20
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76156
    titleRHEL 6 : kernel (RHSA-2014:0771)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-3039.NASL
    descriptionDescription of changes: kernel-uek [2.6.32-400.36.2.el6uek] - futex: Make lookup_pi_state more robust (Thomas Gleixner) [Orabug: 18918736] {CVE-2014-3153} - futex: Always cleanup owner tid in unlock_pi (Thomas Gleixner) [Orabug: 18918736] {CVE-2014-3153} - futex: Validate atomic acquisition in futex_lock_pi_atomic() (Thomas Gleixner) [Orabug: 18918736] {CVE-2014-3153} - futex: Forbid uaddr1 == uaddr2 in futex_requeue(..., requeue_pi=1) (Thomas Gleixner) [Orabug: 18918736] {CVE-2014-3153} {CVE-2014-3153}
    last seen2020-06-01
    modified2020-06-02
    plugin id74378
    published2014-06-09
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74378
    titleOracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3039)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-0786.NASL
    descriptionFrom Red Hat Security Advisory 2014:0786 : Updated kernel packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id76738
    published2014-07-24
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76738
    titleOracle Linux 7 : kernel (ELSA-2014-0786)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_KERNEL-140924.NASL
    descriptionThe SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues. The following security bugs have been fixed : - The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call. (bnc#882804). (CVE-2014-1739) - mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call. (bnc#883518). (CVE-2014-4171) - arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. (bnc#883724). (CVE-2014-4508) - The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet. (bnc#885422). (CVE-2014-4667) - The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. (bnc#887082). (CVE-2014-4943) - The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction. (bnc#889173). (CVE-2014-5077) - Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry. (bnc#892490). (CVE-2014-5471) - The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry. (bnc#892490). (CVE-2014-5472) - Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c. (bnc#871797). (CVE-2014-2706) - The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. (bnc#882639). (CVE-2014-4027) - The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. (bnc#880892). (CVE-2014-3153) - Avoid infinite loop when processing indirect ICBs (bnc#896689) The following non-security bugs have been fixed:. (CVE-2014-6410) - ACPI / PAD: call schedule() when need_resched() is true. (bnc#866911) - ACPI: Fix bug when ACPI reset register is implemented in system memory. (bnc#882900) - ACPI: Limit access to custom_method. (bnc#884333) - ALSA: hda - Enabling Realtek ALC 671 codec. (bnc#891746) - Add option to automatically enforce module signatures when in Secure Boot mode. (bnc#884333) - Add secure_modules() call. (bnc#884333) - Add wait_on_atomic_t() and wake_up_atomic_t(). (bnc#880344) - Backported new patches of Lock down functions for UEFI secure boot Also updated series.conf and removed old patches. - Btrfs: Return EXDEV for cross file system snapshot. - Btrfs: abort the transaction when we does not find our extent ref. - Btrfs: avoid warning bomb of btrfs_invalidate_inodes. - Btrfs: cancel scrub on transaction abortion. - Btrfs: correctly set profile flags on seqlock retry. - Btrfs: does not check nodes for extent items. - Btrfs: fix a possible deadlock between scrub and transaction committing. - Btrfs: fix corruption after write/fsync failure + fsync + log recovery. (bnc#894200) - Btrfs: fix csum tree corruption, duplicate and outdated checksums. (bnc#891619) - Btrfs: fix double free in find_lock_delalloc_range. - Btrfs: fix possible memory leak in btrfs_create_tree(). - Btrfs: fix use of uninit
    last seen2020-06-05
    modified2014-10-23
    plugin id78650
    published2014-10-23
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78650
    titleSuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 9746 / 9749 / 9751)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-0290.NASL
    descriptionThe remote Oracle Linux host is missing a security update for one or more kernel-related packages.
    last seen2020-06-01
    modified2020-06-02
    plugin id81800
    published2015-03-13
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/81800
    titleOracle Linux 7 : kernel (ELSA-2015-0290)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2234-1.NASL
    descriptionPinkie Pie discovered a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id74355
    published2014-06-06
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74355
    titleUbuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2234-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1480.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id124804
    published2019-05-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124804
    titleEulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1480)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-441.NASL
    descriptionThe Linux kernel was updated to fix security issues and bugs. Security issues fixed: CVE-2014-3153: The futex_requeue function in kernel/futex.c in the Linux kernel did not ensure that calls have two different futex addresses, which allowed local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. CVE-2014-3144: The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel did not check whether a certain length value is sufficiently large, which allowed local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced. CVE-2014-3145: The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel used the reverse order in a certain subtraction, which allowed local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced. CVE-2014-0077: drivers/vhost/net.c in the Linux kernel, when mergeable buffers are disabled, did not properly validate packet lengths, which allowed guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions. CVE-2014-0055: The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package did not properly handle vhost_get_vq_desc errors, which allowed guest OS users to cause a denial of service (host OS crash) via unspecified vectors. CVE-2014-2678: The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. CVE-2013-7339: The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. CVE-2014-2851: Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter. - ext4: Fix buffer double free in ext4_alloc_branch() (bnc#880599 bnc#876981). - patches.fixes/firewire-01-net-fix-use-after-free.patch, patches.fixes/firewire-02-ohci-fix-probe-failure-with-ag ere-lsi-controllers.patch, patches.fixes/firewire-03-dont-use-prepare_delayed_work. patch: Add missing bug reference (bnc#881697). - firewire: don
    last seen2020-06-05
    modified2014-06-26
    plugin id76228
    published2014-06-26
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76228
    titleopenSUSE Security Update : kernel (openSUSE-SU-2014:0840-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0815.NASL
    descriptionAn updated rhev-hypervisor6 package that fixes several security issues is now available. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or, possibly, execute arbitrary code. (CVE-2014-3466) It was discovered that the asn1_get_bit_der() function of the libtasn1 library incorrectly reported the length of ASN.1-encoded data. Specially crafted ASN.1 input could cause an application using libtasn1 to perform an out-of-bounds access operation, causing the application to crash or, possibly, execute arbitrary code. (CVE-2014-3468) Multiple incorrect buffer boundary check issues were discovered in libtasn1. Specially crafted ASN.1 input could cause an application using libtasn1 to crash. (CVE-2014-3467) Multiple NULL pointer dereference flaws were found in libtasn1
    last seen2020-06-01
    modified2020-06-02
    plugin id79108
    published2014-11-11
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79108
    titleRHEL 6 : rhev-hypervisor6 (RHSA-2014:0815)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0786.NASL
    descriptionUpdated kernel packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id76901
    published2014-07-30
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76901
    titleRHEL 7 : kernel (RHSA-2014:0786)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/130329/futex_requeue.rb.txt
idPACKETSTORM:130329
last seen2016-12-05
published2015-02-09
reportertimwr
sourcehttps://packetstormsecurity.com/files/130329/Android-Futex-Requeue-Kernel-Exploit.html
titleAndroid Futex Requeue Kernel Exploit

Redhat

advisories
  • bugzilla
    id1103626
    titleCVE-2014-3153 kernel: futex: pi futexes requeue issue
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • commentkernel earlier than 0:2.6.32-431.20.3.el6 is currently running
          ovaloval:com.redhat.rhsa:tst:20140771027
        • commentkernel earlier than 0:2.6.32-431.20.3.el6 is set to boot up on next boot
          ovaloval:com.redhat.rhsa:tst:20140771028
      • OR
        • AND
          • commentkernel-doc is earlier than 0:2.6.32-431.20.3.el6
            ovaloval:com.redhat.rhsa:tst:20140771001
          • commentkernel-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842002
        • AND
          • commentkernel-abi-whitelists is earlier than 0:2.6.32-431.20.3.el6
            ovaloval:com.redhat.rhsa:tst:20140771003
          • commentkernel-abi-whitelists is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20131645022
        • AND
          • commentkernel-firmware is earlier than 0:2.6.32-431.20.3.el6
            ovaloval:com.redhat.rhsa:tst:20140771005
          • commentkernel-firmware is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842004
        • AND
          • commentperf is earlier than 0:2.6.32-431.20.3.el6
            ovaloval:com.redhat.rhsa:tst:20140771007
          • commentperf is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842006
        • AND
          • commentkernel-debug is earlier than 0:2.6.32-431.20.3.el6
            ovaloval:com.redhat.rhsa:tst:20140771009
          • commentkernel-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842014
        • AND
          • commentkernel-headers is earlier than 0:2.6.32-431.20.3.el6
            ovaloval:com.redhat.rhsa:tst:20140771011
          • commentkernel-headers is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842010
        • AND
          • commentkernel-debug-devel is earlier than 0:2.6.32-431.20.3.el6
            ovaloval:com.redhat.rhsa:tst:20140771013
          • commentkernel-debug-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842008
        • AND
          • commentkernel-devel is earlier than 0:2.6.32-431.20.3.el6
            ovaloval:com.redhat.rhsa:tst:20140771015
          • commentkernel-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842016
        • AND
          • commentkernel is earlier than 0:2.6.32-431.20.3.el6
            ovaloval:com.redhat.rhsa:tst:20140771017
          • commentkernel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842012
        • AND
          • commentpython-perf is earlier than 0:2.6.32-431.20.3.el6
            ovaloval:com.redhat.rhsa:tst:20140771019
          • commentpython-perf is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111530024
        • AND
          • commentkernel-kdump is earlier than 0:2.6.32-431.20.3.el6
            ovaloval:com.redhat.rhsa:tst:20140771021
          • commentkernel-kdump is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842020
        • AND
          • commentkernel-kdump-devel is earlier than 0:2.6.32-431.20.3.el6
            ovaloval:com.redhat.rhsa:tst:20140771023
          • commentkernel-kdump-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842022
        • AND
          • commentkernel-bootwrapper is earlier than 0:2.6.32-431.20.3.el6
            ovaloval:com.redhat.rhsa:tst:20140771025
          • commentkernel-bootwrapper is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842018
    rhsa
    idRHSA-2014:0771
    released2014-06-19
    severityImportant
    titleRHSA-2014:0771: kernel security and bug fix update (Important)
  • bugzilla
    id1103626
    titleCVE-2014-3153 kernel: futex: pi futexes requeue issue
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • commentkernel earlier than 0:3.10.0-123.4.2.el7 is currently running
          ovaloval:com.redhat.rhsa:tst:20140786031
        • commentkernel earlier than 0:3.10.0-123.4.2.el7 is set to boot up on next boot
          ovaloval:com.redhat.rhsa:tst:20140786032
      • OR
        • AND
          • commentkernel-abi-whitelists is earlier than 0:3.10.0-123.4.2.el7
            ovaloval:com.redhat.rhsa:tst:20140786001
          • commentkernel-abi-whitelists is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20131645022
        • AND
          • commentkernel-headers is earlier than 0:3.10.0-123.4.2.el7
            ovaloval:com.redhat.rhsa:tst:20140786003
          • commentkernel-headers is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842010
        • AND
          • commentkernel-tools is earlier than 0:3.10.0-123.4.2.el7
            ovaloval:com.redhat.rhsa:tst:20140786005
          • commentkernel-tools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140678012
        • AND
          • commentkernel is earlier than 0:3.10.0-123.4.2.el7
            ovaloval:com.redhat.rhsa:tst:20140786007
          • commentkernel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842012
        • AND
          • commentperf is earlier than 0:3.10.0-123.4.2.el7
            ovaloval:com.redhat.rhsa:tst:20140786009
          • commentperf is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842006
        • AND
          • commentkernel-debug-devel is earlier than 0:3.10.0-123.4.2.el7
            ovaloval:com.redhat.rhsa:tst:20140786011
          • commentkernel-debug-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842008
        • AND
          • commentkernel-tools-libs is earlier than 0:3.10.0-123.4.2.el7
            ovaloval:com.redhat.rhsa:tst:20140786013
          • commentkernel-tools-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140678016
        • AND
          • commentkernel-debug is earlier than 0:3.10.0-123.4.2.el7
            ovaloval:com.redhat.rhsa:tst:20140786015
          • commentkernel-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842014
        • AND
          • commentkernel-devel is earlier than 0:3.10.0-123.4.2.el7
            ovaloval:com.redhat.rhsa:tst:20140786017
          • commentkernel-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842016
        • AND
          • commentkernel-doc is earlier than 0:3.10.0-123.4.2.el7
            ovaloval:com.redhat.rhsa:tst:20140786019
          • commentkernel-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842002
        • AND
          • commentpython-perf is earlier than 0:3.10.0-123.4.2.el7
            ovaloval:com.redhat.rhsa:tst:20140786021
          • commentpython-perf is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111530024
        • AND
          • commentkernel-tools-libs-devel is earlier than 0:3.10.0-123.4.2.el7
            ovaloval:com.redhat.rhsa:tst:20140786023
          • commentkernel-tools-libs-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140678022
        • AND
          • commentkernel-kdump-devel is earlier than 0:3.10.0-123.4.2.el7
            ovaloval:com.redhat.rhsa:tst:20140786025
          • commentkernel-kdump-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842022
        • AND
          • commentkernel-kdump is earlier than 0:3.10.0-123.4.2.el7
            ovaloval:com.redhat.rhsa:tst:20140786027
          • commentkernel-kdump is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842020
        • AND
          • commentkernel-bootwrapper is earlier than 0:3.10.0-123.4.2.el7
            ovaloval:com.redhat.rhsa:tst:20140786029
          • commentkernel-bootwrapper is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842018
    rhsa
    idRHSA-2014:0786
    released2014-06-24
    severityImportant
    titleRHSA-2014:0786: kernel security, bug fix, and enhancement update (Important)
  • rhsa
    idRHSA-2014:0800
rpms
  • kernel-0:2.6.32-431.20.3.el6
  • kernel-abi-whitelists-0:2.6.32-431.20.3.el6
  • kernel-bootwrapper-0:2.6.32-431.20.3.el6
  • kernel-debug-0:2.6.32-431.20.3.el6
  • kernel-debug-debuginfo-0:2.6.32-431.20.3.el6
  • kernel-debug-devel-0:2.6.32-431.20.3.el6
  • kernel-debuginfo-0:2.6.32-431.20.3.el6
  • kernel-debuginfo-common-i686-0:2.6.32-431.20.3.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-431.20.3.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-431.20.3.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-431.20.3.el6
  • kernel-devel-0:2.6.32-431.20.3.el6
  • kernel-doc-0:2.6.32-431.20.3.el6
  • kernel-firmware-0:2.6.32-431.20.3.el6
  • kernel-headers-0:2.6.32-431.20.3.el6
  • kernel-kdump-0:2.6.32-431.20.3.el6
  • kernel-kdump-debuginfo-0:2.6.32-431.20.3.el6
  • kernel-kdump-devel-0:2.6.32-431.20.3.el6
  • perf-0:2.6.32-431.20.3.el6
  • perf-debuginfo-0:2.6.32-431.20.3.el6
  • python-perf-0:2.6.32-431.20.3.el6
  • python-perf-debuginfo-0:2.6.32-431.20.3.el6
  • kernel-0:3.10.0-123.4.2.el7
  • kernel-abi-whitelists-0:3.10.0-123.4.2.el7
  • kernel-bootwrapper-0:3.10.0-123.4.2.el7
  • kernel-debug-0:3.10.0-123.4.2.el7
  • kernel-debug-debuginfo-0:3.10.0-123.4.2.el7
  • kernel-debug-devel-0:3.10.0-123.4.2.el7
  • kernel-debuginfo-0:3.10.0-123.4.2.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-123.4.2.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-123.4.2.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-123.4.2.el7
  • kernel-devel-0:3.10.0-123.4.2.el7
  • kernel-doc-0:3.10.0-123.4.2.el7
  • kernel-headers-0:3.10.0-123.4.2.el7
  • kernel-kdump-0:3.10.0-123.4.2.el7
  • kernel-kdump-debuginfo-0:3.10.0-123.4.2.el7
  • kernel-kdump-devel-0:3.10.0-123.4.2.el7
  • kernel-tools-0:3.10.0-123.4.2.el7
  • kernel-tools-debuginfo-0:3.10.0-123.4.2.el7
  • kernel-tools-libs-0:3.10.0-123.4.2.el7
  • kernel-tools-libs-devel-0:3.10.0-123.4.2.el7
  • perf-0:3.10.0-123.4.2.el7
  • perf-debuginfo-0:3.10.0-123.4.2.el7
  • python-perf-0:3.10.0-123.4.2.el7
  • python-perf-debuginfo-0:3.10.0-123.4.2.el7
  • kernel-0:2.6.32-220.52.1.el6
  • kernel-debug-0:2.6.32-220.52.1.el6
  • kernel-debug-debuginfo-0:2.6.32-220.52.1.el6
  • kernel-debug-devel-0:2.6.32-220.52.1.el6
  • kernel-debuginfo-0:2.6.32-220.52.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-220.52.1.el6
  • kernel-devel-0:2.6.32-220.52.1.el6
  • kernel-doc-0:2.6.32-220.52.1.el6
  • kernel-firmware-0:2.6.32-220.52.1.el6
  • kernel-headers-0:2.6.32-220.52.1.el6
  • perf-0:2.6.32-220.52.1.el6
  • perf-debuginfo-0:2.6.32-220.52.1.el6
  • python-perf-0:2.6.32-220.52.1.el6
  • python-perf-debuginfo-0:2.6.32-220.52.1.el6
  • kernel-0:2.6.32-358.46.1.el6
  • kernel-bootwrapper-0:2.6.32-358.46.1.el6
  • kernel-debug-0:2.6.32-358.46.1.el6
  • kernel-debug-debuginfo-0:2.6.32-358.46.1.el6
  • kernel-debug-devel-0:2.6.32-358.46.1.el6
  • kernel-debuginfo-0:2.6.32-358.46.1.el6
  • kernel-debuginfo-common-i686-0:2.6.32-358.46.1.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-358.46.1.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-358.46.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-358.46.1.el6
  • kernel-devel-0:2.6.32-358.46.1.el6
  • kernel-doc-0:2.6.32-358.46.1.el6
  • kernel-firmware-0:2.6.32-358.46.1.el6
  • kernel-headers-0:2.6.32-358.46.1.el6
  • kernel-kdump-0:2.6.32-358.46.1.el6
  • kernel-kdump-debuginfo-0:2.6.32-358.46.1.el6
  • kernel-kdump-devel-0:2.6.32-358.46.1.el6
  • perf-0:2.6.32-358.46.1.el6
  • perf-debuginfo-0:2.6.32-358.46.1.el6
  • python-perf-0:2.6.32-358.46.1.el6
  • python-perf-debuginfo-0:2.6.32-358.46.1.el6
  • kernel-rt-0:3.10.33-rt32.43.el6rt
  • kernel-rt-debug-0:3.10.33-rt32.43.el6rt
  • kernel-rt-debug-debuginfo-0:3.10.33-rt32.43.el6rt
  • kernel-rt-debug-devel-0:3.10.33-rt32.43.el6rt
  • kernel-rt-debuginfo-0:3.10.33-rt32.43.el6rt
  • kernel-rt-debuginfo-common-x86_64-0:3.10.33-rt32.43.el6rt
  • kernel-rt-devel-0:3.10.33-rt32.43.el6rt
  • kernel-rt-doc-0:3.10.33-rt32.43.el6rt
  • kernel-rt-firmware-0:3.10.33-rt32.43.el6rt
  • kernel-rt-trace-0:3.10.33-rt32.43.el6rt
  • kernel-rt-trace-debuginfo-0:3.10.33-rt32.43.el6rt
  • kernel-rt-trace-devel-0:3.10.33-rt32.43.el6rt
  • kernel-rt-vanilla-0:3.10.33-rt32.43.el6rt
  • kernel-rt-vanilla-debuginfo-0:3.10.33-rt32.43.el6rt
  • kernel-rt-vanilla-devel-0:3.10.33-rt32.43.el6rt

Saint

bid67906
descriptionLinux kernel futex_requeue privilege elevation
idmisc_linuxkernel
osvdb107752
titlelinux_kernel_futex_requeue
typelocal

The Hacker News

References