Vulnerabilities > CVE-2014-9715 - Unspecified vulnerability in Linux Kernel

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
linux
nessus

Summary

include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that triggers extension loading, as demonstrated by configuring a PPTP tunnel in a NAT environment.

Vulnerable Configurations

Part Description Count
OS
Linux
1978

Nessus

  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-1534.NASL
    descriptionUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * An integer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id85305
    published2015-08-11
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85305
    titleCentOS 7 : kernel (CESA-2015:1534)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2015:1534 and 
    # CentOS Errata and Security Advisory 2015:1534 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(85305);
      script_version("2.6");
      script_cvs_date("Date: 2020/01/02");
    
      script_cve_id("CVE-2014-9715", "CVE-2015-2666", "CVE-2015-2922", "CVE-2015-3636");
      script_xref(name:"RHSA", value:"2015:1534");
    
      script_name(english:"CentOS 7 : kernel (CESA-2015:1534)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that fix multiple security issues and several
    bugs are now available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having Moderate
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    * An integer overflow flaw was found in the way the Linux kernel's
    netfilter connection tracking implementation loaded extensions. An
    attacker on a local network could potentially send a sequence of
    specially crafted packets that would initiate the loading of a large
    number of extensions, causing the targeted system in that network to
    crash. (CVE-2014-9715, Moderate)
    
    * A stack-based buffer overflow flaw was found in the Linux kernel's
    early load microcode functionality. On a system with UEFI Secure Boot
    enabled, a local, privileged user could use this flaw to increase
    their privileges to the kernel (ring0) level, bypassing intended
    restrictions in place. (CVE-2015-2666, Moderate)
    
    * It was found that the Linux kernel's ping socket implementation did
    not properly handle socket unhashing during spurious disconnects,
    which could lead to a use-after-free flaw. On x86-64 architecture
    systems, a local user able to create ping sockets could use this flaw
    to crash the system. On non-x86-64 architecture systems, a local user
    able to create ping sockets could use this flaw to escalate their
    privileges on the system. (CVE-2015-3636, Moderate)
    
    * It was found that the Linux kernel's TCP/IP protocol suite
    implementation for IPv6 allowed the Hop Limit value to be set to a
    smaller value than the default one. An attacker on a local network
    could use this flaw to prevent systems on that network from sending or
    receiving network packets. (CVE-2015-2922, Low)
    
    Red Hat would like to thank Nathan Hoad for reporting the
    CVE-2014-9715 issue.
    
    This update also fixes several bugs. Refer to the following
    Knowledgebase article for further information :
    
    https://access.redhat.com/articles/1474193
    
    All kernel users are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues. The system
    must be rebooted for this update to take effect."
      );
      # https://lists.centos.org/pipermail/centos-announce/2015-August/021297.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d4646204"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-2666");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/05/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/08/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/08/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-3.10.0-229.11.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-abi-whitelists-3.10.0-229.11.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-debug-3.10.0-229.11.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-229.11.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-devel-3.10.0-229.11.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-doc-3.10.0-229.11.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-headers-3.10.0-229.11.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-tools-3.10.0-229.11.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-229.11.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-229.11.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"perf-3.10.0-229.11.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"python-perf-3.10.0-229.11.1.el7")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc");
    }
    
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2016-0037.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2016-0037 for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id90019
    published2016-03-18
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90019
    titleOracleVM 3.2 : kernel-uek (OVMSA-2016-0037)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from OracleVM
    # Security Advisory OVMSA-2016-0037.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(90019);
      script_version("2.8");
      script_cvs_date("Date: 2019/09/27 13:00:35");
    
      script_cve_id("CVE-2010-5313", "CVE-2012-3520", "CVE-2013-7421", "CVE-2014-3215", "CVE-2014-7842", "CVE-2014-8133", "CVE-2014-8159", "CVE-2014-9419", "CVE-2014-9420", "CVE-2014-9584", "CVE-2014-9585", "CVE-2014-9644", "CVE-2014-9683", "CVE-2014-9715", "CVE-2015-0239", "CVE-2015-1421", "CVE-2015-1593", "CVE-2015-2150", "CVE-2015-2830", "CVE-2015-2922", "CVE-2015-3331", "CVE-2015-3339", "CVE-2015-3636", "CVE-2015-5156", "CVE-2015-5307", "CVE-2015-5364", "CVE-2015-5366", "CVE-2015-5697", "CVE-2015-7613", "CVE-2015-7872", "CVE-2015-8104");
      script_bugtraq_id(55152, 67341, 71078, 71363, 71684, 71717, 71794, 71883, 71990, 72320, 72322, 72356, 72607, 72643, 72842, 73014, 73060, 73699, 73953, 74235, 74243, 74315, 74450, 75510);
    
      script_name(english:"OracleVM 3.2 : kernel-uek (OVMSA-2016-0037)");
      script_summary(english:"Checks the RPM output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote OracleVM host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote OracleVM system is missing necessary patches to address
    critical security updates : please see Oracle VM Security Advisory
    OVMSA-2016-0037 for details."
      );
      # https://oss.oracle.com/pipermail/oraclevm-errata/2016-March/000442.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?8111de50"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel-uek / kernel-uek-firmware packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek-firmware");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/03/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/18");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"OracleVM Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/OracleVM/release");
    if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
    if (! preg(pattern:"^OVS" + "3\.2" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.2", "OracleVM " + release);
    if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"OVS3.2", reference:"kernel-uek-2.6.39-400.277.1.el5uek")) flag++;
    if (rpm_check(release:"OVS3.2", reference:"kernel-uek-firmware-2.6.39-400.277.1.el5uek")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-uek / kernel-uek-firmware");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1533.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An integer overflow flaw was found in the way the Linux kernel
    last seen2020-03-19
    modified2019-05-14
    plugin id124986
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124986
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1533)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124986);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/19");
    
      script_cve_id(
        "CVE-2013-4515",
        "CVE-2013-6378",
        "CVE-2014-0196",
        "CVE-2014-3673",
        "CVE-2014-3690",
        "CVE-2014-9715",
        "CVE-2014-9731",
        "CVE-2015-2672",
        "CVE-2015-6937",
        "CVE-2015-7613",
        "CVE-2015-8844",
        "CVE-2016-0821",
        "CVE-2016-2066",
        "CVE-2016-6156",
        "CVE-2017-1000251",
        "CVE-2017-18200",
        "CVE-2017-2671",
        "CVE-2018-10883",
        "CVE-2018-15594",
        "CVE-2018-5344"
      );
      script_bugtraq_id(
        63518,
        63886,
        67199,
        67282,
        70691,
        70883,
        73953,
        75001
      );
    
      script_name(english:"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1533)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization for ARM 64 host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the kernel packages installed, the
    EulerOS Virtualization for ARM 64 installation on the remote host is
    affected by the following vulnerabilities :
    
      - An integer overflow flaw was found in the way the Linux
        kernel's netfilter connection tracking implementation
        loaded extensions. An attacker on a local network could
        potentially send a sequence of specially crafted
        packets that would initiate the loading of a large
        number of extensions, causing the targeted system in
        that network to crash.(CVE-2014-9715i1/4%0
    
      - A flaw was found in the Linux kernel which could cause
        a kernel panic when restoring machine specific
        registers on the PowerPC platform. Incorrect
        transactional memory state registers could
        inadvertently change the call path on return from
        userspace and cause the kernel to enter an unknown
        state and crash.(CVE-2015-8844i1/4%0
    
      - A timing flaw was found in the Chrome EC driver in the
        Linux kernel. An attacker could abuse timing to skip
        validation checks to copy additional data from
        userspace possibly increasing privilege or crashing the
        system.(CVE-2016-6156i1/4%0
    
      - A race condition flaw was found in the way the Linux
        kernel's IPC subsystem initialized certain fields in an
        IPC object structure that were later used for
        permission checking before inserting the object into a
        globally visible list. A local, unprivileged user could
        potentially use this flaw to elevate their privileges
        on the system.(CVE-2015-7613i1/4%0
    
      - A path length checking flaw was found in Linux kernels
        built with UDF file system (CONFIG_UDF_FS) support. An
        attacker able to mount a corrupted/malicious UDF file
        system image could use this flaw to leak kernel memory
        to user-space.(CVE-2014-9731i1/4%0
    
      - A race condition leading to a NULL pointer dereference
        was found in the Linux kernel's Link Layer Control
        implementation. A local attacker with access to ping
        sockets could use this flaw to crash the
        system.(CVE-2017-2671i1/4%0
    
      - The f2fs implementation in the Linux kernel, before
        4.14, mishandles reference counts associated with
        f2fs_wait_discard_bios calls. This allows local users
        to cause a denial of service (BUG), as demonstrated by
        fstrim.(CVE-2017-18200i1/4%0
    
      - The LIST_POISON feature in include/linux/poison.h in
        the Linux kernel before 4.3, as used in Android 6.0.1
        before 2016-03-01, does not properly consider the
        relationship to the mmap_min_addr value, which makes it
        easier for attackers to bypass a poison-pointer
        protection mechanism by triggering the use of an
        uninitialized list entry, aka Android internal bug
        26186802, a different vulnerability than
        CVE-2015-3636.(CVE-2016-0821i1/4%0
    
      - The xsave/xrstor implementation in
        arch/x86/include/asm/xsave.h in the Linux kernel before
        3.19.2 creates certain .altinstr_replacement pointers
        and consequently does not provide any protection
        against instruction faulting, which allows local users
        to cause a denial of service (panic) by triggering a
        fault, as demonstrated by an unaligned memory operand
        or a non-canonical address memory
        operand.(CVE-2015-2672i1/4%0
    
      - The n_tty_write function in drivers/tty/n_tty.c in the
        Linux kernel through 3.14.3 does not properly manage
        tty driver access in the 'LECHO i1/4+ !OPOST' case, which
        allows local users to cause a denial of service (memory
        corruption and system crash) or gain privileges by
        triggering a race condition involving read and write
        operations with long strings.(CVE-2014-0196i1/4%0
    
      - In the Linux kernel through 4.14.13,
        drivers/block/loop.c mishandles lo_release
        serialization, which allows attackers to cause a denial
        of service (__lock_acquire use-after-free) or possibly
        have unspecified other impact.(CVE-2018-5344i1/4%0
    
      - The lbs_debugfs_write function in
        drivers/net/wireless/libertas/debugfs.c in the Linux
        kernel through 3.12.1 allows local users to cause a
        denial of service (OOPS) by leveraging root privileges
        for a zero-length write operation.(CVE-2013-6378i1/4%0
    
      - A NULL-pointer dereference vulnerability was discovered
        in the Linux kernel. The kernel's Reliable Datagram
        Sockets (RDS) protocol implementation did not verify
        that an underlying transport existed before creating a
        connection to a remote server. A local system user
        could exploit this flaw to crash the system by creating
        sockets at specific times to trigger a NULL pointer
        dereference.(CVE-2015-6937i1/4%0
    
      - A stack buffer overflow flaw was found in the way the
        Bluetooth subsystem of the Linux kernel processed
        pending L2CAP configuration responses from a client. On
        systems with the stack protection feature enabled in
        the kernel (CONFIG_CC_STACKPROTECTOR=y, which is
        enabled on all architectures other than s390x and
        ppc64le), an unauthenticated attacker able to initiate
        a connection to a system via Bluetooth could use this
        flaw to crash the system. Due to the nature of the
        stack protection feature, code execution cannot be
        fully ruled out, although we believe it is unlikely. On
        systems without the stack protection feature (ppc64le
        the Bluetooth modules are not built on s390x), an
        unauthenticated attacker able to initiate a connection
        to a system via Bluetooth could use this flaw to
        remotely execute arbitrary code on the system with ring
        0 (kernel) privileges.(CVE-2017-1000251i1/4%0
    
      - Integer signedness error in the MSM QDSP6 audio driver
        for the Linux kernel 3.x, as used in Qualcomm
        Innovation Center (QuIC) Android contributions for MSM
        devices and other products, allows attackers to gain
        privileges or cause a denial of service (memory
        corruption) via a crafted application that makes an
        ioctl call.(CVE-2016-2066i1/4%0
    
      - The bcm_char_ioctl function in
        drivers/staging/bcm/Bcmchar.c in the Linux kernel
        before 3.12 does not initialize a certain data
        structure, which allows local users to obtain sensitive
        information from kernel memory via an
        IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl
        call.(CVE-2013-4515i1/4%0
    
      - A flaw was found in the way the Linux kernel's Stream
        Control Transmission Protocol (SCTP) implementation
        handled malformed Address Configuration Change Chunks
        (ASCONF). A remote attacker could use either of these
        flaws to crash the system.(CVE-2014-3673i1/4%0
    
      - It was found that paravirt_patch_call/jump() functions
        in the arch/x86/kernel/paravirt.c in the Linux kernel
        mishandles certain indirect calls, which makes it
        easier for attackers to conduct Spectre-v2 attacks
        against paravirtualized guests.(CVE-2018-15594i1/4%0
    
      - It was found that the Linux kernel's KVM implementation
        did not ensure that the host CR4 control register value
        remained unchanged across VM entries on the same
        virtual CPU. A local, unprivileged user could use this
        flaw to cause a denial of service on the
        system.(CVE-2014-3690i1/4%0
    
      - A flaw was found in the Linux kernel's ext4 filesystem.
        A local user can cause an out-of-bound write in
        jbd2_journal_dirty_metadata(), a denial of service, and
        a system crash by mounting and operating on a crafted
        ext4 filesystem image.(CVE-2018-10883i1/4%0
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1533
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b6ad58ff");
      script_set_attribute(attribute:"solution", value:
    "Update the affected kernel packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["kernel-4.19.28-1.2.117",
            "kernel-devel-4.19.28-1.2.117",
            "kernel-headers-4.19.28-1.2.117",
            "kernel-tools-4.19.28-1.2.117",
            "kernel-tools-libs-4.19.28-1.2.117",
            "kernel-tools-libs-devel-4.19.28-1.2.117",
            "perf-4.19.28-1.2.117",
            "python-perf-4.19.28-1.2.117"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1485.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way the Linux kernel
    last seen2020-03-19
    modified2019-05-13
    plugin id124809
    published2019-05-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124809
    titleEulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1485)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-1565.NASL
    descriptionUpdated kernel-rt packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. * An integer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id85705
    published2015-08-31
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85705
    titleRHEL 7 : kernel-rt (RHSA-2015:1565)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3237.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2014-8159 It was found that the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id83065
    published2015-04-27
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83065
    titleDebian DSA-3237-1 : linux - security update
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150805_KERNEL_ON_SL7_X.NASL
    description* An integer overflow flaw was found in the way the Linux kernel
    last seen2020-03-18
    modified2015-08-07
    plugin id85264
    published2015-08-07
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85264
    titleScientific Linux Security Update : kernel on SL7.x x86_64 (20150805)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-124.NASL
    descriptionThe openSUSE 13.1 kernel was updated to receive various security and bugfixes. Following security bugs were fixed : - CVE-2016-0728: A reference leak in keyring handling with join_session_keyring() could lead to local attackers gain root privileges. (bsc#962075). - CVE-2015-7550: A local user could have triggered a race between read and revoke in keyctl (bnc#958951). - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190). - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886). - CVE-2014-8989: The Linux kernel did not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allowed local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a
    last seen2020-06-05
    modified2016-02-03
    plugin id88545
    published2016-02-03
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88545
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2016-124)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-1534.NASL
    descriptionFrom Red Hat Security Advisory 2015:1534 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * An integer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id85247
    published2015-08-06
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85247
    titleOracle Linux 7 : kernel (ELSA-2015-1534)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-3067.NASL
    descriptionDescription of changes: [2.6.39-400.250.10.el5uek] - md: use kzalloc() when bitmap is disabled (Benjamin Randazzo) [Orabug: 21563042] {CVE-2015-5697} - netfilter: nf_conntrack: reserve two bytes for nf_ct_ext->len (Andrey Vagin) [Orabug: 21562780] {CVE-2014-9715}
    last seen2020-06-01
    modified2020-06-02
    plugin id85262
    published2015-08-07
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85262
    titleOracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3067)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2614-1.NASL
    descriptionVincent Tondellier discovered an integer overflow in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id83760
    published2015-05-21
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83760
    titleUbuntu 14.04 LTS : linux vulnerabilities (USN-2614-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-1564.NASL
    descriptionUpdated kernel-rt packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. * An integer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id85249
    published2015-08-06
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85249
    titleRHEL 6 : MRG (RHSA-2015:1564)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-3068.NASL
    descriptionDescription of changes: kernel-uek [2.6.32-400.37.10.el5uek] - md: use kzalloc() when bitmap is disabled (Benjamin Randazzo) [Orabug: 21563043] {CVE-2015-5697} - netfilter: nf_conntrack: reserve two bytes for nf_ct_ext->len (Andrey Vagin) [Orabug: 21562781] {CVE-2014-9715}
    last seen2020-06-01
    modified2020-06-02
    plugin id85263
    published2015-08-07
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85263
    titleOracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3068)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2613-1.NASL
    descriptionVincent Tondellier discovered an integer overflow in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id83759
    published2015-05-21
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83759
    titleUbuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2613-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2611-1.NASL
    descriptionVincent Tondellier discovered an integer overflow in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id83758
    published2015-05-21
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83758
    titleUbuntu 12.04 LTS : linux vulnerability (USN-2611-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-1534.NASL
    descriptionUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * An integer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id85248
    published2015-08-06
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85248
    titleRHEL 7 : kernel (RHSA-2015:1534)

Redhat

advisories
  • rhsa
    idRHSA-2015:1534
  • rhsa
    idRHSA-2015:1564
rpms
  • kernel-0:3.10.0-229.11.1.ael7b
  • kernel-0:3.10.0-229.11.1.el7
  • kernel-abi-whitelists-0:3.10.0-229.11.1.ael7b
  • kernel-abi-whitelists-0:3.10.0-229.11.1.el7
  • kernel-bootwrapper-0:3.10.0-229.11.1.ael7b
  • kernel-bootwrapper-0:3.10.0-229.11.1.el7
  • kernel-debug-0:3.10.0-229.11.1.ael7b
  • kernel-debug-0:3.10.0-229.11.1.el7
  • kernel-debug-debuginfo-0:3.10.0-229.11.1.ael7b
  • kernel-debug-debuginfo-0:3.10.0-229.11.1.el7
  • kernel-debug-devel-0:3.10.0-229.11.1.ael7b
  • kernel-debug-devel-0:3.10.0-229.11.1.el7
  • kernel-debuginfo-0:3.10.0-229.11.1.ael7b
  • kernel-debuginfo-0:3.10.0-229.11.1.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-229.11.1.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-229.11.1.ael7b
  • kernel-debuginfo-common-s390x-0:3.10.0-229.11.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-229.11.1.el7
  • kernel-devel-0:3.10.0-229.11.1.ael7b
  • kernel-devel-0:3.10.0-229.11.1.el7
  • kernel-doc-0:3.10.0-229.11.1.ael7b
  • kernel-doc-0:3.10.0-229.11.1.el7
  • kernel-headers-0:3.10.0-229.11.1.ael7b
  • kernel-headers-0:3.10.0-229.11.1.el7
  • kernel-kdump-0:3.10.0-229.11.1.el7
  • kernel-kdump-debuginfo-0:3.10.0-229.11.1.el7
  • kernel-kdump-devel-0:3.10.0-229.11.1.el7
  • kernel-tools-0:3.10.0-229.11.1.ael7b
  • kernel-tools-0:3.10.0-229.11.1.el7
  • kernel-tools-debuginfo-0:3.10.0-229.11.1.ael7b
  • kernel-tools-debuginfo-0:3.10.0-229.11.1.el7
  • kernel-tools-libs-0:3.10.0-229.11.1.ael7b
  • kernel-tools-libs-0:3.10.0-229.11.1.el7
  • kernel-tools-libs-devel-0:3.10.0-229.11.1.ael7b
  • kernel-tools-libs-devel-0:3.10.0-229.11.1.el7
  • perf-0:3.10.0-229.11.1.ael7b
  • perf-0:3.10.0-229.11.1.el7
  • perf-debuginfo-0:3.10.0-229.11.1.ael7b
  • perf-debuginfo-0:3.10.0-229.11.1.el7
  • python-perf-0:3.10.0-229.11.1.ael7b
  • python-perf-0:3.10.0-229.11.1.el7
  • python-perf-debuginfo-0:3.10.0-229.11.1.ael7b
  • python-perf-debuginfo-0:3.10.0-229.11.1.el7
  • kernel-rt-1:3.10.0-229.rt56.158.el6rt
  • kernel-rt-debug-1:3.10.0-229.rt56.158.el6rt
  • kernel-rt-debug-debuginfo-1:3.10.0-229.rt56.158.el6rt
  • kernel-rt-debug-devel-1:3.10.0-229.rt56.158.el6rt
  • kernel-rt-debuginfo-1:3.10.0-229.rt56.158.el6rt
  • kernel-rt-debuginfo-common-x86_64-1:3.10.0-229.rt56.158.el6rt
  • kernel-rt-devel-1:3.10.0-229.rt56.158.el6rt
  • kernel-rt-doc-1:3.10.0-229.rt56.158.el6rt
  • kernel-rt-firmware-1:3.10.0-229.rt56.158.el6rt
  • kernel-rt-trace-1:3.10.0-229.rt56.158.el6rt
  • kernel-rt-trace-debuginfo-1:3.10.0-229.rt56.158.el6rt
  • kernel-rt-trace-devel-1:3.10.0-229.rt56.158.el6rt
  • kernel-rt-vanilla-1:3.10.0-229.rt56.158.el6rt
  • kernel-rt-vanilla-debuginfo-1:3.10.0-229.rt56.158.el6rt
  • kernel-rt-vanilla-devel-1:3.10.0-229.rt56.158.el6rt
  • kernel-rt-0:3.10.0-229.11.1.rt56.141.11.el7_1
  • kernel-rt-debug-0:3.10.0-229.11.1.rt56.141.11.el7_1
  • kernel-rt-debug-debuginfo-0:3.10.0-229.11.1.rt56.141.11.el7_1
  • kernel-rt-debug-devel-0:3.10.0-229.11.1.rt56.141.11.el7_1
  • kernel-rt-debuginfo-0:3.10.0-229.11.1.rt56.141.11.el7_1
  • kernel-rt-debuginfo-common-x86_64-0:3.10.0-229.11.1.rt56.141.11.el7_1
  • kernel-rt-devel-0:3.10.0-229.11.1.rt56.141.11.el7_1
  • kernel-rt-doc-0:3.10.0-229.11.1.rt56.141.11.el7_1
  • kernel-rt-trace-0:3.10.0-229.11.1.rt56.141.11.el7_1
  • kernel-rt-trace-debuginfo-0:3.10.0-229.11.1.rt56.141.11.el7_1
  • kernel-rt-trace-devel-0:3.10.0-229.11.1.rt56.141.11.el7_1