Vulnerabilities > CVE-2015-0239 - Improper Privilege Management vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Restful Privilege Elevation Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic. This means that unless the services are properly ACL'd and the application's service implementation are following these guidelines then an HTTP request can easily execute a delete or update on the server side. The attacker identifies a HTTP Get URL such as http://victimsite/updateOrder, which calls out to a program to update orders on a database or other resource. The URL is not idempotent so the request can be submitted multiple times by the attacker, additionally, the attacker may be able to exploit the URL published as a Get method that actually performs updates (instead of merely retrieving data). This may result in malicious or inadvertent altering of data on the server.
Nessus
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-3053.NASL description Description of changes: kernel-uek [3.8.13-68.3.5.el7uek] - KVM: x86: SYSENTER emulation is broken (Nadav Amit) [Orabug: 21502739] {CVE-2015-0239} {CVE-2015-0239} - fs: take i_mutex during prepare_binprm for set[ug]id executables (Jann Horn) [Orabug: 21502254] {CVE-2015-3339} - eCryptfs: Remove buggy and unnecessary write in file name decode routine (Michael Halcrow) [Orabug: 21502065] {CVE-2014-9683} last seen 2020-06-01 modified 2020-06-02 plugin id 85118 published 2015-07-30 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85118 title Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3053) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2016-1026.NASL description According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that the Linux kernel KVM subsystem last seen 2020-05-06 modified 2017-05-01 plugin id 99789 published 2017-05-01 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99789 title EulerOS 2.0 SP1 : kernel (EulerOS-SA-2016-1026) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-1272.NASL description The remote Oracle Linux host is missing a security update for one or more kernel-related packages. last seen 2020-06-01 modified 2020-06-02 plugin id 85097 published 2015-07-30 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/85097 title Oracle Linux 6 : kernel (ELSA-2015-1272) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2517-1.NASL description A flaw was discovered in the Kernel Virtual Machine last seen 2020-06-01 modified 2020-06-02 plugin id 81570 published 2015-02-27 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81570 title Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2517-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-2152.NASL description From Red Hat Security Advisory 2015:2152 : Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 7. This is the second regular update. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 87090 published 2015-11-30 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87090 title Oracle Linux 7 : kernel (ELSA-2015-2152) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2016-0037.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2016-0037 for details. last seen 2020-06-01 modified 2020-06-02 plugin id 90019 published 2016-03-18 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/90019 title OracleVM 3.2 : kernel-uek (OVMSA-2016-0037) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-3064.NASL description The remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s). last seen 2020-06-01 modified 2020-06-02 plugin id 85177 published 2015-08-03 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85177 title Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3064) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2015-0109.NASL description The remote OracleVM system is missing necessary patches to address critical security updates in kernel-uek. last seen 2020-06-01 modified 2020-06-02 plugin id 85188 published 2015-08-04 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/85188 title OracleVM 3.3 : kernel-uek (OVMSA-2015-0109) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2518-1.NASL description A flaw was discovered in the Kernel Virtual Machine last seen 2020-06-01 modified 2020-06-02 plugin id 81571 published 2015-02-27 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81571 title Ubuntu 14.10 : linux vulnerabilities (USN-2518-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1485.NASL description According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way the Linux kernel last seen 2020-03-19 modified 2019-05-13 plugin id 124809 published 2019-05-13 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124809 title EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1485) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-058.NASL description Multiple vulnerabilities has been found and corrected in the Linux kernel : The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644 (CVE-2013-7421). arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU (CVE-2014-3690). arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a set_thread_area system call and later reads a 16-bit value (CVE-2014-8133). net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers (CVE-2014-8160). The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a negative groups issue, related to kernel/groups.c, kernel/uid16.c, and kernel/user_namespace.c (CVE-2014-8989). The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address (CVE-2014-9419). The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image (CVE-2014-9420). The batadv_frag_merge_packets function in net/batman-adv/fragmentation.c in the B.A.T.M.A.N. implementation in the Linux kernel through 3.18.1 uses an incorrect length field during a calculation of an amount of memory, which allows remote attackers to cause a denial of service (mesh-node system crash) via fragmented packets (CVE-2014-9428). Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key (CVE-2014-9529). The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image (CVE-2014-9584). The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD (CVE-2014-9585). The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-2013-7421 (CVE-2014-9644). Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename (CVE-2014-9683). The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction (CVE-2015-0239). The updated packages provides a solution for these security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 81941 published 2015-03-19 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81941 title Mandriva Linux Security Advisory : kernel (MDVSA-2015:058) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3170.NASL description Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leaks or privilege escalation. - CVE-2013-7421 / CVE-2014-9644 It was discovered that the Crypto API allowed unprivileged users to load arbitrary kernel modules. A local user can use this flaw to exploit vulnerabilities in modules that would not normally be loaded. - CVE-2014-7822 Akira Fujita found that the splice() system call did not validate the given file offset and length. A local unprivileged user can use this flaw to cause filesystem corruption on ext4 filesystems, or possibly other effects. - CVE-2014-8160 Florian Westphal discovered that a netfilter (iptables/ip6tables) rule accepting packets to a specific SCTP, DCCP, GRE or UDPlite port/endpoint could result in incorrect connection tracking state. If only the generic connection tracking module (nf_conntrack) was loaded, and not the protocol-specific connection tracking module, this would allow access to any port/endpoint of the specified protocol. - CVE-2014-8559 It was found that kernel functions that iterate over a directory tree can dead-lock or live-lock in case some of the directory entries were recently deleted or dropped from the cache. A local unprivileged user can use this flaw for denial of service. - CVE-2014-9585 Andy Lutomirski discovered that address randomisation for the vDSO in 64-bit processes is extremely biased. A local unprivileged user could potentially use this flaw to bypass the ASLR protection mechanism. - CVE-2014-9683 Dmitry Chernenkov discovered that eCryptfs writes past the end of the allocated buffer during encrypted filename decoding, resulting in local denial of service. - CVE-2015-0239 It was found that KVM did not correctly emulate the x86 SYSENTER instruction. An unprivileged user within a guest system that has not enabled SYSENTER, for example because the emulated CPU vendor is AMD, could potentially use this flaw to cause a denial of service or privilege escalation in that guest. - CVE-2015-1420 It was discovered that the open_by_handle_at() system call reads the handle size from user memory a second time after validating it. A local user with the CAP_DAC_READ_SEARCH capability could use this flaw for privilege escalation. - CVE-2015-1421 It was found that the SCTP implementation could free an authentication state while it was still in use, resulting in heap corruption. This could allow remote users to cause a denial of service or privilege escalation. - CVE-2015-1593 It was found that address randomisation for the initial stack in 64-bit processes was limited to 20 rather than 22 bits of entropy. A local unprivileged user could potentially use this flaw to bypass the ASLR protection mechanism. last seen 2020-03-17 modified 2015-02-24 plugin id 81449 published 2015-02-24 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81449 title Debian DSA-3170-1 : linux - security update NASL family Scientific Linux Local Security Checks NASL id SL_20150722_KERNEL_ON_SL6_X.NASL description * A flaw was found in the way Linux kernel last seen 2020-03-18 modified 2015-08-04 plugin id 85198 published 2015-08-04 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85198 title Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20150722) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-3055.NASL description Description of changes: kernel-uek [2.6.32-400.37.9.el6uek] - x86, tls: Interpret an all-zero struct user_desc as last seen 2020-06-01 modified 2020-06-02 plugin id 85176 published 2015-08-03 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85176 title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3055) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2515-1.NASL description A flaw was discovered in the Kernel Virtual Machine last seen 2020-06-01 modified 2020-06-02 plugin id 81568 published 2015-02-27 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81568 title Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2515-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2513-1.NASL description A flaw was discovered in the Kernel Virtual Machine last seen 2020-05-23 modified 2015-02-27 plugin id 81567 published 2015-02-27 reporter Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81567 title Ubuntu 12.04 LTS : linux vulnerabilities (USN-2513-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1518.NASL description According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature enabled(nested=1), is vulnerable to host memory leakage issue. It could occur while emulating VMXON instruction in last seen 2020-03-19 modified 2019-05-14 plugin id 124971 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124971 title EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1518) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-3054.NASL description Description of changes: [2.6.39-400.250.9.el6uek] - x86, tls: Interpret an all-zero struct user_desc as last seen 2020-06-01 modified 2020-06-02 plugin id 85175 published 2015-08-03 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85175 title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3054) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2017-0057.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0057 for details. last seen 2020-06-01 modified 2020-06-02 plugin id 99163 published 2017-04-03 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99163 title OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2516-3.NASL description USN-2516-1 fixed vulnerabilities in the Linux kernel, and the fix in USN-2516-2 was incomplete. There was an unrelated regression in the use of the virtual counter (CNTVCT) on arm64 architectures. This update fixes the problem. We apologize for the inconvenience. A flaw was discovered in the Kernel Virtual Machine last seen 2020-06-01 modified 2020-06-02 plugin id 81646 published 2015-03-05 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81646 title Ubuntu 14.04 LTS : linux vulnerabilities (USN-2516-3) NASL family Fedora Local Security Checks NASL id FEDORA_2015-1657.NASL description This update should fix the adjtimex issues seen on 32bit systems with 3.18.5-200 The 3.18.5 stable update contains a number of important fixes across the tree. The 3.18.4 stable update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-02-06 plugin id 81192 published 2015-02-06 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81192 title Fedora 21 : kernel-3.18.5-201.fc21 (2015-1657) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2515-2.NASL description USN-2515-1 fixed vulnerabilities in the Linux kernel. There was an unrelated regression in the use of the virtual counter (CNTVCT) on arm64 architectures. This update fixes the problem. We apologize for the inconvenience. A flaw was discovered in the Kernel Virtual Machine last seen 2020-06-01 modified 2020-06-02 plugin id 81645 published 2015-03-05 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81645 title Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2515-2) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2015-0104.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - KVM: x86: SYSENTER emulation is broken (Nadav Amit) [Orabug: 21502739] (CVE-2015-0239) (CVE-2015-0239) - fs: take i_mutex during prepare_binprm for set[ug]id executables (Jann Horn) [Orabug: 21502254] (CVE-2015-3339) - eCryptfs: Remove buggy and unnecessary write in file name decode routine (Michael Halcrow) [Orabug: 21502065] (CVE-2014-9683) last seen 2020-06-01 modified 2020-06-02 plugin id 85145 published 2015-07-31 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85145 title OracleVM 3.3 : kernel-uek (OVMSA-2015-0104) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2516-2.NASL description USN-2516-1 fixed vulnerabilities in the Linux kernel. There was an unrelated regression in the use of the virtual counter (CNTVCT) on arm64 architectures. This update fixes the problem. We apologize for the inconvenience. A flaw was discovered in the Kernel Virtual Machine last seen 2020-06-01 modified 2020-06-02 plugin id 81590 published 2015-03-02 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81590 title Ubuntu 14.04 LTS : linux vulnerability (USN-2516-2) NASL family Scientific Linux Local Security Checks NASL id SL_20151119_KERNEL_ON_SL7_X.NASL description * A flaw was found in the way the Linux kernel last seen 2020-03-18 modified 2015-12-22 plugin id 87559 published 2015-12-22 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87559 title Scientific Linux Security Update : kernel on SL7.x x86_64 (20151119) NASL family Fedora Local Security Checks NASL id FEDORA_2015-1672.NASL description This update should fix the adjtimex issues seen on 32bit systems with 3.18.5-100 The 3.18.5 stable update contains a number of important fixes across the tree. The 3.18.4 stable update contains a number new features and drivers as well as several important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-02-09 plugin id 81219 published 2015-02-09 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81219 title Fedora 20 : kernel-3.18.5-101.fc20 (2015-1672) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-1272.NASL description Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6. This is the seventh regular update. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 85010 published 2015-07-28 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85010 title CentOS 6 : kernel (CESA-2015:1272) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-2152.NASL description Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 7. This is the second regular update. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 86972 published 2015-11-20 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86972 title RHEL 7 : kernel (RHSA-2015:2152) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-2152.NASL description Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 7. This is the second regular update. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 87135 published 2015-12-02 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87135 title CentOS 7 : kernel (CESA-2015:2152) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-1272.NASL description Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6. This is the seventh regular update. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 84936 published 2015-07-23 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84936 title RHEL 6 : kernel (RHSA-2015:1272) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2516-1.NASL description A flaw was discovered in the Kernel Virtual Machine last seen 2020-06-01 modified 2020-06-02 plugin id 81569 published 2015-02-27 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81569 title Ubuntu 14.04 LTS : linux vulnerabilities (USN-2516-1)
Redhat
advisories |
| ||||
rpms |
|
References
- http://permalink.gmane.org/gmane.linux.kernel.commits.head/502245
- https://github.com/torvalds/linux/commit/f3747379accba8e95d70cec0eae0582c8c182050
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.5
- http://www.openwall.com/lists/oss-security/2015/01/27/6
- https://bugzilla.redhat.com/show_bug.cgi?id=1186448
- http://www.ubuntu.com/usn/USN-2518-1
- http://www.ubuntu.com/usn/USN-2515-1
- http://www.ubuntu.com/usn/USN-2516-1
- http://www.ubuntu.com/usn/USN-2517-1
- http://www.securityfocus.com/bid/72842
- http://www.ubuntu.com/usn/USN-2514-1
- http://www.ubuntu.com/usn/USN-2513-1
- http://www.debian.org/security/2015/dsa-3170
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:058
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://rhn.redhat.com/errata/RHSA-2015-1272.html
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f3747379accba8e95d70cec0eae0582c8c182050