Vulnerabilities > CVE-2015-5156 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets.

Vulnerable Configurations

Part Description Count
OS
Linux
2234

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-3094.NASL
    descriptionDescription of changes: kernel-uek [2.6.32-400.37.12.el6uek] - virtio-net: drop NETIF_F_FRAGLIST (Jason Wang) [Orabug: 22145596] {CVE-2015-5156}
    last seen2020-06-01
    modified2020-06-02
    plugin id86780
    published2015-11-06
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86780
    titleOracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3094)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2016-0037.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2016-0037 for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id90019
    published2016-03-18
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90019
    titleOracleVM 3.2 : kernel-uek (OVMSA-2016-0037)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1487.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was found that the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id124811
    published2019-05-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124811
    titleEulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1487)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-2292-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.51 to receive various security and bugfixes. Following features were added : - hwrng: Add a driver for the hwrng found in power7+ systems (fate#315784). Following security bugs were fixed : - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. (bsc#955354) - CVE-2015-5156: The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel attempted to support a FRAGLIST feature without proper memory allocation, which allowed guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets (bnc#940776). - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (OOPS) via crafted keyctl commands (bnc#951440). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux kernel did not properly handle rename actions inside a bind mount, which allowed local users to bypass an intended container protection mechanism by renaming a directory, related to a
    last seen2020-06-01
    modified2020-06-02
    plugin id87495
    published2015-12-18
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87495
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2015:2292-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1080-1.NASL
    descriptionThe SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). Enhancements and bugfixes over the previous fixes have been added to this kernel. - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have allowed local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608). - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536). - CVE-2018-7566: There was a buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bnc#1083483). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem allowed attackers to gain privileges via unspecified vectors (bnc#1088260). - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162). - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver. (bnc#1072865). - CVE-2017-18203: The dm_get_from_kobject function in drivers/md/dm.c allowed local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices (bnc#1083242). - CVE-2017-16911: The vhci_hcd driver allowed allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP (bnc#1078674). - CVE-2017-18208: The madvise_willneed function in mm/madvise.c local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping (bnc#1083494). - CVE-2017-16644: The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c allowed local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067118). - CVE-2018-6927: The futex_requeue function in kernel/futex.c in the Linux kernel might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value (bnc#1080757). - CVE-2017-16914: The
    last seen2020-06-01
    modified2020-06-02
    plugin id109360
    published2018-04-26
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109360
    titleSUSE SLES11 Security Update : kernel (SUSE-SU-2018:1080-1) (Spectre)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20160510_KERNEL_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - It was found that reporting emulation failures to user space could lead to either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313) denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. Please note that on certain systems, HPET is mapped to userspace as part of vdso (vvar) and thus an unprivileged user may generate MMIO transactions (and enter the emulator) this way. (CVE-2010-5313, CVE-2014-7842, Moderate) - It was found that the Linux kernel did not properly account file descriptors passed over the unix socket against the process limit. A local user could use this flaw to exhaust all available memory on the system. (CVE-2013-4312, Moderate) - A buffer overflow flaw was found in the way the Linux kernel
    last seen2020-03-18
    modified2016-06-17
    plugin id91643
    published2016-06-17
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91643
    titleScientific Linux Security Update : kernel on SL6.x i386/x86_64 (20160510)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-3098.NASL
    descriptionThe remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
    last seen2020-06-01
    modified2020-06-02
    plugin id86881
    published2015-11-16
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86881
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3098)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2777-1.NASL
    descriptionIt was discovered that virtio networking in the Linux kernel did not handle fragments correctly, leading to kernel memory corruption. A remote attacker could use this to cause a denial of service (system crash) or possibly execute code with administrative privileges. (CVE-2015-5156) Benjamin Randazzo discovered an information leak in the md (multiple device) driver when the bitmap_info.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel. (CVE-2015-5697) Marc-Andre Lureau discovered that the vhost driver did not properly release the userspace provided log file descriptor. A privileged attacker could use this to cause a denial of service (resource exhaustion). (CVE-2015-6252) It was discovered that the Reliable Datagram Sockets (RDS) implementation in the Linux kernel did not verify sockets were properly bound before attempting to send a message, which could cause a NULL pointer dereference. An attacker could use this to cause a denial of service (system crash). (CVE-2015-6937) Ben Hutchings discovered that the Advanced Union Filesystem (aufs) for the Linux kernel did not correctly handle references of memory mapped files from an aufs mount. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2015-7312). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id86468
    published2015-10-20
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86468
    titleUbuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2777-1)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2015-0144.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - virtio-net: drop NETIF_F_FRAGLIST (Jason Wang) [Orabug: 22145600] (CVE-2015-5156) - netdev: fix NETIF_F_GSO_UDP_TUNNEL_BIT enum shift in i40e driver import (Todd Vierling) [Orabug: 22066176] - xen/blkfront: remove redundant flush_op (Vitaly Kuznetsov) [Orabug: 21868758] - xen/blkfront: improve protection against issuing unsupported REQ_FUA (Vitaly Kuznetsov) [Orabug: 21868758] - xen-blkfront: introduce blkfront_gather_backend_features (Bob Liu) [Orabug: 20190614] - sched/x86: Fix up typo in topology detection (Dave Hansen) [Orabug: 21845184]
    last seen2020-06-01
    modified2020-06-02
    plugin id86781
    published2015-11-06
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86781
    titleOracleVM 3.3 : kernel-uek (OVMSA-2015-0144)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-C15F00EB95.NASL
    descriptionThe 4.2.3 stable rebase contains a number of new features and important bug fixes across the tree and improved hardware support. kernel-4.2.3-200.fc22 - Linux v4.2.3 - CVE-2015-5156 virtio-net: bug overflow with large fraglist (rhbz 1243852 1266515) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-03-04
    plugin id89392
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89392
    titleFedora 22 : kernel-4.2.3-200.fc22 (2015-c15f00eb95)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-310.NASL
    descriptionThis update fixes the CVEs described below. CVE-2015-0272 It was discovered that NetworkManager would set IPv6 MTUs based on the values received in IPv6 RAs (Router Advertisements), without sufficiently validating these values. A remote attacker could exploit this attack to disable IPv6 connectivity. This has been mitigated by adding validation in the kernel. CVE-2015-5156 Jason Wang discovered that when a virtio_net device is connected to a bridge in the same VM, a series of TCP packets forwarded through the bridge may cause a heap buffer overflow. A remote attacker could use this to cause a denial of service (crash) or possibly for privilege escalation. CVE-2015-5364 It was discovered that the Linux kernel does not properly handle invalid UDP checksums. A remote attacker could exploit this flaw to cause a denial of service using a flood of UDP packets with invalid checksums. CVE-2015-5366 It was discovered that the Linux kernel does not properly handle invalid UDP checksums. A remote attacker can cause a denial of service against applications that use epoll by injecting a single packet with an invalid checksum. CVE-2015-5697 A flaw was discovered in the md driver in the Linux kernel leading to an information leak. CVE-2015-5707 An integer overflow in the SCSI generic driver in the Linux kernel was discovered. A local user with write permission on a SCSI generic device could potentially exploit this flaw for privilege escalation. CVE-2015-6937 It was found that the Reliable Datagram Sockets (RDS) protocol implementation did not verify that an underlying transport exists when creating a connection. Depending on how a local RDS application initialised its sockets, a remote attacker might be able to cause a denial of service (crash) by sending a crafted packet. For the oldoldstable distribution (squeeze), these problems have been fixed in version 2.6.32-48squeeze14. For the oldstable distribution (wheezy), these problems have been fixed in version 3.2.68-1+deb7u4 or earlier. For the stable distribution (jessie), these problems have been fixed in version 3.16.7-ckt11-1+deb8u4 or earlier. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2015-09-22
    plugin id86049
    published2015-09-22
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86049
    titleDebian DLA-310-1 : linux-2.6 security update
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-1978.NASL
    descriptionUpdated kernel packages that fix two security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id86718
    published2015-11-04
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86718
    titleRHEL 7 : kernel (RHSA-2015:1978)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2773-1.NASL
    descriptionIt was discovered that virtio networking in the Linux kernel did not handle fragments correctly, leading to kernel memory corruption. A remote attacker could use this to cause a denial of service (system crash) or possibly execute code with administrative privileges. (CVE-2015-5156) It was discovered that the Reliable Datagram Sockets (RDS) implementation in the Linux kernel did not verify sockets were properly bound before attempting to send a message, which could cause a NULL pointer dereference. An attacker could use this to cause a denial of service (system crash). (CVE-2015-6937). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id86465
    published2015-10-20
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86465
    titleUbuntu 12.04 LTS : linux vulnerabilities (USN-2773-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20151103_KERNEL_ON_SL7_X.NASL
    description* A flaw was found in the way the Linux kernel
    last seen2020-03-18
    modified2015-11-05
    plugin id86747
    published2015-11-05
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86747
    titleScientific Linux Security Update : kernel on SL7.x x86_64 (20151103)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2776-1.NASL
    descriptionIt was discovered that the Linux kernel did not check if a new IPv6 MTU set by a user space application was valid. A remote attacker could forge a route advertisement with an invalid MTU that a user space daemon like NetworkManager would honor and apply to the kernel, causing a denial of service. (CVE-2015-0272) It was discovered that virtio networking in the Linux kernel did not handle fragments correctly, leading to kernel memory corruption. A remote attacker could use this to cause a denial of service (system crash) or possibly execute code with administrative privileges. (CVE-2015-5156) It was discovered that the Reliable Datagram Sockets (RDS) implementation in the Linux kernel did not verify sockets were properly bound before attempting to send a message, which could cause a NULL pointer dereference. An attacker could use this to cause a denial of service (system crash). (CVE-2015-6937) Ben Hutchings discovered that the Advanced Union Filesystem (aufs) for the Linux kernel did not correctly handle references of memory mapped files from an aufs mount. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2015-7312). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id86467
    published2015-10-20
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86467
    titleUbuntu 14.04 LTS : linux vulnerabilities (USN-2776-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-0253D1F070.NASL
    descriptionkernel-4.1.12-101.fc21 - Linux v4.1.12 ---- kernel-4.1.12-100.fc21 - Linux v4.1.12 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-03-04
    plugin id89129
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89129
    titleFedora 21 : kernel-4.1.12-101.fc21 (2015-0253d1f070)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-3092.NASL
    descriptionDescription of changes: kernel-uek [3.8.13-98.5.2.el7uek] - virtio-net: drop NETIF_F_FRAGLIST (Jason Wang) [Orabug: 22145600] {CVE-2015-5156} [3.8.13-98.5.1.el7uek] - netdev: fix NETIF_F_GSO_UDP_TUNNEL_BIT enum shift in i40e driver import (Todd Vierling) [Orabug: 22066176]
    last seen2020-06-01
    modified2020-06-02
    plugin id86778
    published2015-11-06
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86778
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3092)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1531.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel through 3.11.1 allows local users to gain privileges by leveraging the CAP_NET_ADMIN capability and providing an invalid tuntap interface name in a TUNSETIFF ioctl call.(CVE-2013-4343i1/4%0 - It was found that when the gcc stack protector was enabled, reading the /proc/keys file could cause a panic in the Linux kernel due to stack corruption. This happened because an incorrect buffer size was used to hold a 64-bit timeout value rendered as weeks.(CVE-2016-7042i1/4%0 - A flaw was found in the Linux kernel that fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode. This allows local users to cause a denial of service by modifying a certain e_cpos field.(CVE-2017-18224i1/4%0 - The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2017-9075i1/4%0 - In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel, up to and including 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.(CVE-2018-6412i1/4%0 - A race condition flaw was found in the way the Linux kernel
    last seen2020-03-19
    modified2019-05-14
    plugin id124984
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124984
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1531)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0057.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0057 for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id99163
    published2017-04-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99163
    titleOracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3364.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service. - CVE-2015-8215 It was discovered that NetworkManager would set IPv6 MTUs based on the values received in IPv6 RAs (Router Advertisements), without sufficiently validating these values. A remote attacker could exploit this attack to disable IPv6 connectivity. This has been mitigated by adding validation in the kernel. - CVE-2015-2925 Jann Horn discovered that when a subdirectory of a filesystem is bind-mounted into a container that has its own user and mount namespaces, a process with CAP_SYS_ADMIN capability in the user namespace can access files outside of the subdirectory. The default Debian configuration mitigated this as it does not allow unprivileged users to create new user namespaces. - CVE-2015-5156 Jason Wang discovered that when a virtio_net device is connected to a bridge in the same VM, a series of TCP packets forwarded through the bridge may cause a heap buffer overflow. A remote attacker could use this to cause a denial of service (crash) or possibly for privilege escalation. - CVE-2015-6252 Michael S. Tsirkin of Red Hat Engineering found that the vhost driver leaked file descriptors passed to it with the VHOST_SET_LOG_FD ioctl command. A privileged local user with access to the /dev/vhost-net file, either directly or via libvirt, could use this to cause a denial of service (hang or crash). - CVE-2015-6937 It was found that the Reliable Datagram Sockets (RDS) protocol implementation did not verify that an underlying transport exists when creating a connection. Depending on how a local RDS application initialised its sockets, a remote attacker might be able to cause a denial of service (crash) by sending a crafted packet. - CVE-2015-7312 Xavier Chantry discovered that the patch provided by the aufs project to correct behaviour of memory-mapped files from an aufs mount introduced a race condition in the msync() system call. Ben Hutchings found that it also introduced a similar bug in the madvise_remove() function. A local attacker could use this to cause a denial of service or possibly for privilege escalation.
    last seen2020-06-01
    modified2020-06-02
    plugin id86050
    published2015-09-22
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86050
    titleDebian DSA-3364-1 : linux - security update
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2775-1.NASL
    descriptionIt was discovered that the Linux kernel did not check if a new IPv6 MTU set by a user space application was valid. A remote attacker could forge a route advertisement with an invalid MTU that a user space daemon like NetworkManager would honor and apply to the kernel, causing a denial of service. (CVE-2015-0272) It was discovered that virtio networking in the Linux kernel did not handle fragments correctly, leading to kernel memory corruption. A remote attacker could use this to cause a denial of service (system crash) or possibly execute code with administrative privileges. (CVE-2015-5156) It was discovered that the Reliable Datagram Sockets (RDS) implementation in the Linux kernel did not verify sockets were properly bound before attempting to send a message, which could cause a NULL pointer dereference. An attacker could use this to cause a denial of service (system crash). (CVE-2015-6937) Ben Hutchings discovered that the Advanced Union Filesystem (aufs) for the Linux kernel did not correctly handle references of memory mapped files from an aufs mount. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2015-7312). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id86466
    published2015-10-20
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86466
    titleUbuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2775-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1172-1.NASL
    descriptionThe SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. (bsc#1087088) - CVE-2018-8897: An unprivileged system user could use incorrect set up interrupt stacks to crash the Linux kernel resulting in DoS issue. (bsc#1087088) - CVE-2018-10124: The kill_something_info function in kernel/signal.c might allow local users to cause a denial of service via an INT_MIN argument (bnc#1089752). - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608). - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536 1087209). - CVE-2018-7566: A Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user was fixed (bnc#1083483). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem allowed attackers to gain privileges via unspecified vectors (bnc#1088260). - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162). - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver. (bnc#1072865). - CVE-2017-18203: The dm_get_from_kobject function in drivers/md/dm.c allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices (bnc#1083242). - CVE-2017-16911: The vhci_hcd driver allowed allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP (bnc#1078674). - CVE-2017-18208: The madvise_willneed function in mm/madvise.c allowed local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping (bnc#1083494). - CVE-2017-16644: The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c allowed local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067118). - CVE-2018-6927: The futex_requeue function in kernel/futex.c might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value (bnc#1080757). - CVE-2017-16914: The
    last seen2020-06-01
    modified2020-06-02
    plugin id109646
    published2018-05-09
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109646
    titleSUSE SLES11 Security Update : kernel (SUSE-SU-2018:1172-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-0855.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * It was found that reporting emulation failures to user space could lead to either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313) denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. Please note that on certain systems, HPET is mapped to userspace as part of vdso (vvar) and thus an unprivileged user may generate MMIO transactions (and enter the emulator) this way. (CVE-2010-5313, CVE-2014-7842, Moderate) * It was found that the Linux kernel did not properly account file descriptors passed over the unix socket against the process limit. A local user could use this flaw to exhaust all available memory on the system. (CVE-2013-4312, Moderate) * A buffer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id91170
    published2016-05-17
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91170
    titleCentOS 6 : kernel (CESA-2016:0855)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2778-1.NASL
    descriptionIt was discovered that the Linux kernel did not check if a new IPv6 MTU set by a user space application was valid. A remote attacker could forge a route advertisement with an invalid MTU that a user space daemon like NetworkManager would honor and apply to the kernel, causing a denial of service. (CVE-2015-0272) It was discovered that virtio networking in the Linux kernel did not handle fragments correctly, leading to kernel memory corruption. A remote attacker could use this to cause a denial of service (system crash) or possibly execute code with administrative privileges. (CVE-2015-5156) It was discovered that the Reliable Datagram Sockets (RDS) implementation in the Linux kernel did not verify sockets were properly bound before attempting to send a message, which could cause a NULL pointer dereference. An attacker could use this to cause a denial of service (system crash). (CVE-2015-6937) Ben Hutchings discovered that the Advanced Union Filesystem (aufs) for the Linux kernel did not correctly handle references of memory mapped files from an aufs mount. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2015-7312). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id86492
    published2015-10-21
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86492
    titleUbuntu 14.04 LTS : linux-lts-vivid vulnerabilities (USN-2778-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-1727-1.NASL
    descriptionThe SUSE Linux Enterprise 12 kernel was updated to 3.12.48-52.27 to receive various security and bugfixes. Following security bugs were fixed : - CVE-2015-7613: A flaw was found in the Linux kernel IPC code that could lead to arbitrary code execution. The ipc_addid() function initialized a shared object that has unset uid/gid values. Since the fields are not initialized, the check can falsely succeed. (bsc#948536) - CVE-2015-5156: When a guests KVM network devices is in a bridge configuration the kernel can create a situation in which packets are fragmented in an unexpected fashion. The GRO functionality can create a situation in which multiple SKB
    last seen2020-06-01
    modified2020-06-02
    plugin id86378
    published2015-10-14
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86378
    titleSUSE SLED12 / SLES12 Security Update : kernel-source (SUSE-SU-2015:1727-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-1977.NASL
    descriptionUpdated kernel-rt packages that fix two security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id86717
    published2015-11-04
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86717
    titleRHEL 7 : kernel-rt (RHSA-2015:1977)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-0855.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * It was found that reporting emulation failures to user space could lead to either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313) denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. Please note that on certain systems, HPET is mapped to userspace as part of vdso (vvar) and thus an unprivileged user may generate MMIO transactions (and enter the emulator) this way. (CVE-2010-5313, CVE-2014-7842, Moderate) * It was found that the Linux kernel did not properly account file descriptors passed over the unix socket against the process limit. A local user could use this flaw to exhaust all available memory on the system. (CVE-2013-4312, Moderate) * A buffer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id91077
    published2016-05-12
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91077
    titleRHEL 6 : kernel (RHSA-2016:0855)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-3093.NASL
    descriptionDescription of changes: [2.6.39-400.264.5.el6uek] - virtio-net: drop NETIF_F_FRAGLIST (Jason Wang) [Orabug: 22145599] {CVE-2015-5156}
    last seen2020-06-01
    modified2020-06-02
    plugin id86779
    published2015-11-06
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86779
    titleOracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3093)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2779-1.NASL
    descriptionIt was discovered that the Linux kernel did not check if a new IPv6 MTU set by a user space application was valid. A remote attacker could forge a route advertisement with an invalid MTU that a user space daemon like NetworkManager would honor and apply to the kernel, causing a denial of service. (CVE-2015-0272) It was discovered that virtio networking in the Linux kernel did not handle fragments correctly, leading to kernel memory corruption. A remote attacker could use this to cause a denial of service (system crash) or possibly execute code with administrative privileges. (CVE-2015-5156) It was discovered that the Reliable Datagram Sockets (RDS) implementation in the Linux kernel did not verify sockets were properly bound before attempting to send a message, which could cause a NULL pointer dereference. An attacker could use this to cause a denial of service (system crash). (CVE-2015-6937) Ben Hutchings discovered that the Advanced Union Filesystem (aufs) for the Linux kernel did not correctly handle references of memory mapped files from an aufs mount. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2015-7312). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id86493
    published2015-10-21
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86493
    titleUbuntu 15.04 : linux vulnerabilities (USN-2779-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-1978.NASL
    descriptionFrom Red Hat Security Advisory 2015:1978 : Updated kernel packages that fix two security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id86714
    published2015-11-04
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86714
    titleOracle Linux 7 : kernel (ELSA-2015-1978)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-0855.NASL
    descriptionFrom Red Hat Security Advisory 2016:0855 : An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * It was found that reporting emulation failures to user space could lead to either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313) denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. Please note that on certain systems, HPET is mapped to userspace as part of vdso (vvar) and thus an unprivileged user may generate MMIO transactions (and enter the emulator) this way. (CVE-2010-5313, CVE-2014-7842, Moderate) * It was found that the Linux kernel did not properly account file descriptors passed over the unix socket against the process limit. A local user could use this flaw to exhaust all available memory on the system. (CVE-2013-4312, Moderate) * A buffer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id91210
    published2016-05-18
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91210
    titleOracle Linux 6 : kernel (ELSA-2016-0855)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2015-0147.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2015-0147 for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id86882
    published2015-11-16
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86882
    titleOracleVM 3.3 : kernel-uek (OVMSA-2015-0147)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-1978.NASL
    descriptionUpdated kernel packages that fix two security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id86723
    published2015-11-05
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86723
    titleCentOS 7 : kernel (CESA-2015:1978)

Redhat

advisories
  • bugzilla
    id1266915
    titlekernel-rt: update to the RHEL7.1.z batch 6 source tree
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentkernel-rt-debug-devel is earlier than 0:3.10.0-229.20.1.rt56.141.14.el7_1
            ovaloval:com.redhat.rhsa:tst:20151977001
          • commentkernel-rt-debug-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727010
        • AND
          • commentkernel-rt-debug is earlier than 0:3.10.0-229.20.1.rt56.141.14.el7_1
            ovaloval:com.redhat.rhsa:tst:20151977003
          • commentkernel-rt-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727014
        • AND
          • commentkernel-rt-trace is earlier than 0:3.10.0-229.20.1.rt56.141.14.el7_1
            ovaloval:com.redhat.rhsa:tst:20151977005
          • commentkernel-rt-trace is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727008
        • AND
          • commentkernel-rt-trace-devel is earlier than 0:3.10.0-229.20.1.rt56.141.14.el7_1
            ovaloval:com.redhat.rhsa:tst:20151977007
          • commentkernel-rt-trace-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727004
        • AND
          • commentkernel-rt-devel is earlier than 0:3.10.0-229.20.1.rt56.141.14.el7_1
            ovaloval:com.redhat.rhsa:tst:20151977009
          • commentkernel-rt-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727012
        • AND
          • commentkernel-rt is earlier than 0:3.10.0-229.20.1.rt56.141.14.el7_1
            ovaloval:com.redhat.rhsa:tst:20151977011
          • commentkernel-rt is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727006
        • AND
          • commentkernel-rt-doc is earlier than 0:3.10.0-229.20.1.rt56.141.14.el7_1
            ovaloval:com.redhat.rhsa:tst:20151977013
          • commentkernel-rt-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727002
    rhsa
    idRHSA-2015:1977
    released2015-11-03
    severityModerate
    titleRHSA-2015:1977: kernel-rt security, bug fix, and enhancement update (Moderate)
  • bugzilla
    id1243852
    titleCVE-2015-5156 kernel: buffer overflow with fraglist larger than MAX_SKB_FRAGS + 2 in virtio-net
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • commentkernel earlier than 0:3.10.0-229.20.1.el7 is currently running
          ovaloval:com.redhat.rhsa:tst:20151978031
        • commentkernel earlier than 0:3.10.0-229.20.1.el7 is set to boot up on next boot
          ovaloval:com.redhat.rhsa:tst:20151978032
      • OR
        • AND
          • commentkernel-doc is earlier than 0:3.10.0-229.20.1.el7
            ovaloval:com.redhat.rhsa:tst:20151978001
          • commentkernel-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842002
        • AND
          • commentkernel-abi-whitelists is earlier than 0:3.10.0-229.20.1.el7
            ovaloval:com.redhat.rhsa:tst:20151978003
          • commentkernel-abi-whitelists is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20131645022
        • AND
          • commentkernel-devel is earlier than 0:3.10.0-229.20.1.el7
            ovaloval:com.redhat.rhsa:tst:20151978005
          • commentkernel-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842016
        • AND
          • commentkernel is earlier than 0:3.10.0-229.20.1.el7
            ovaloval:com.redhat.rhsa:tst:20151978007
          • commentkernel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842012
        • AND
          • commentkernel-tools is earlier than 0:3.10.0-229.20.1.el7
            ovaloval:com.redhat.rhsa:tst:20151978009
          • commentkernel-tools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140678012
        • AND
          • commentkernel-debug-devel is earlier than 0:3.10.0-229.20.1.el7
            ovaloval:com.redhat.rhsa:tst:20151978011
          • commentkernel-debug-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842008
        • AND
          • commentperf is earlier than 0:3.10.0-229.20.1.el7
            ovaloval:com.redhat.rhsa:tst:20151978013
          • commentperf is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842006
        • AND
          • commentkernel-bootwrapper is earlier than 0:3.10.0-229.20.1.el7
            ovaloval:com.redhat.rhsa:tst:20151978015
          • commentkernel-bootwrapper is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842018
        • AND
          • commentkernel-tools-libs is earlier than 0:3.10.0-229.20.1.el7
            ovaloval:com.redhat.rhsa:tst:20151978017
          • commentkernel-tools-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140678016
        • AND
          • commentkernel-debug is earlier than 0:3.10.0-229.20.1.el7
            ovaloval:com.redhat.rhsa:tst:20151978019
          • commentkernel-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842014
        • AND
          • commentkernel-headers is earlier than 0:3.10.0-229.20.1.el7
            ovaloval:com.redhat.rhsa:tst:20151978021
          • commentkernel-headers is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842010
        • AND
          • commentkernel-kdump-devel is earlier than 0:3.10.0-229.20.1.el7
            ovaloval:com.redhat.rhsa:tst:20151978023
          • commentkernel-kdump-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842022
        • AND
          • commentkernel-kdump is earlier than 0:3.10.0-229.20.1.el7
            ovaloval:com.redhat.rhsa:tst:20151978025
          • commentkernel-kdump is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842020
        • AND
          • commentpython-perf is earlier than 0:3.10.0-229.20.1.el7
            ovaloval:com.redhat.rhsa:tst:20151978027
          • commentpython-perf is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111530024
        • AND
          • commentkernel-tools-libs-devel is earlier than 0:3.10.0-229.20.1.el7
            ovaloval:com.redhat.rhsa:tst:20151978029
          • commentkernel-tools-libs-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140678022
    rhsa
    idRHSA-2015:1978
    released2015-11-03
    severityModerate
    titleRHSA-2015:1978: kernel security, bug fix, and enhancement update (Moderate)
  • rhsa
    idRHSA-2016:0855
rpms
  • kernel-rt-0:3.10.0-229.20.1.rt56.141.14.el7_1
  • kernel-rt-debug-0:3.10.0-229.20.1.rt56.141.14.el7_1
  • kernel-rt-debug-debuginfo-0:3.10.0-229.20.1.rt56.141.14.el7_1
  • kernel-rt-debug-devel-0:3.10.0-229.20.1.rt56.141.14.el7_1
  • kernel-rt-debuginfo-0:3.10.0-229.20.1.rt56.141.14.el7_1
  • kernel-rt-debuginfo-common-x86_64-0:3.10.0-229.20.1.rt56.141.14.el7_1
  • kernel-rt-devel-0:3.10.0-229.20.1.rt56.141.14.el7_1
  • kernel-rt-doc-0:3.10.0-229.20.1.rt56.141.14.el7_1
  • kernel-rt-trace-0:3.10.0-229.20.1.rt56.141.14.el7_1
  • kernel-rt-trace-debuginfo-0:3.10.0-229.20.1.rt56.141.14.el7_1
  • kernel-rt-trace-devel-0:3.10.0-229.20.1.rt56.141.14.el7_1
  • kernel-0:3.10.0-229.20.1.ael7b
  • kernel-0:3.10.0-229.20.1.el7
  • kernel-abi-whitelists-0:3.10.0-229.20.1.ael7b
  • kernel-abi-whitelists-0:3.10.0-229.20.1.el7
  • kernel-bootwrapper-0:3.10.0-229.20.1.ael7b
  • kernel-bootwrapper-0:3.10.0-229.20.1.el7
  • kernel-debug-0:3.10.0-229.20.1.ael7b
  • kernel-debug-0:3.10.0-229.20.1.el7
  • kernel-debug-debuginfo-0:3.10.0-229.20.1.ael7b
  • kernel-debug-debuginfo-0:3.10.0-229.20.1.el7
  • kernel-debug-devel-0:3.10.0-229.20.1.ael7b
  • kernel-debug-devel-0:3.10.0-229.20.1.el7
  • kernel-debuginfo-0:3.10.0-229.20.1.ael7b
  • kernel-debuginfo-0:3.10.0-229.20.1.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-229.20.1.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-229.20.1.ael7b
  • kernel-debuginfo-common-s390x-0:3.10.0-229.20.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-229.20.1.el7
  • kernel-devel-0:3.10.0-229.20.1.ael7b
  • kernel-devel-0:3.10.0-229.20.1.el7
  • kernel-doc-0:3.10.0-229.20.1.ael7b
  • kernel-doc-0:3.10.0-229.20.1.el7
  • kernel-headers-0:3.10.0-229.20.1.ael7b
  • kernel-headers-0:3.10.0-229.20.1.el7
  • kernel-kdump-0:3.10.0-229.20.1.el7
  • kernel-kdump-debuginfo-0:3.10.0-229.20.1.el7
  • kernel-kdump-devel-0:3.10.0-229.20.1.el7
  • kernel-tools-0:3.10.0-229.20.1.ael7b
  • kernel-tools-0:3.10.0-229.20.1.el7
  • kernel-tools-debuginfo-0:3.10.0-229.20.1.ael7b
  • kernel-tools-debuginfo-0:3.10.0-229.20.1.el7
  • kernel-tools-libs-0:3.10.0-229.20.1.ael7b
  • kernel-tools-libs-0:3.10.0-229.20.1.el7
  • kernel-tools-libs-devel-0:3.10.0-229.20.1.ael7b
  • kernel-tools-libs-devel-0:3.10.0-229.20.1.el7
  • perf-0:3.10.0-229.20.1.ael7b
  • perf-0:3.10.0-229.20.1.el7
  • perf-debuginfo-0:3.10.0-229.20.1.ael7b
  • perf-debuginfo-0:3.10.0-229.20.1.el7
  • python-perf-0:3.10.0-229.20.1.ael7b
  • python-perf-0:3.10.0-229.20.1.el7
  • python-perf-debuginfo-0:3.10.0-229.20.1.ael7b
  • python-perf-debuginfo-0:3.10.0-229.20.1.el7
  • kernel-0:2.6.32-642.el6
  • kernel-abi-whitelists-0:2.6.32-642.el6
  • kernel-bootwrapper-0:2.6.32-642.el6
  • kernel-debug-0:2.6.32-642.el6
  • kernel-debug-debuginfo-0:2.6.32-642.el6
  • kernel-debug-devel-0:2.6.32-642.el6
  • kernel-debuginfo-0:2.6.32-642.el6
  • kernel-debuginfo-common-i686-0:2.6.32-642.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-642.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-642.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-642.el6
  • kernel-devel-0:2.6.32-642.el6
  • kernel-doc-0:2.6.32-642.el6
  • kernel-firmware-0:2.6.32-642.el6
  • kernel-headers-0:2.6.32-642.el6
  • kernel-kdump-0:2.6.32-642.el6
  • kernel-kdump-debuginfo-0:2.6.32-642.el6
  • kernel-kdump-devel-0:2.6.32-642.el6
  • perf-0:2.6.32-642.el6
  • perf-debuginfo-0:2.6.32-642.el6
  • python-perf-0:2.6.32-642.el6
  • python-perf-debuginfo-0:2.6.32-642.el6