Vulnerabilities > CVE-2015-8215 - Improper Input Validation vulnerability in Linux Kernel
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Server Side Include (SSI) Injection An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
- Cross Zone Scripting An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
- Cross Site Scripting through Log Files An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
- Command Line Execution through SQL Injection An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-2074-1.NASL description The SUSE Linux Enterprise 11 SP2 kernel was updated to receive various security and bug fixes. The following security bugs were fixed : - CVE-2016-4486: Fixed 4 byte information leak in net/core/rtnetlink.c (bsc#978822). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126). - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of unread data in pipes, which allowed local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes (bnc#970948). - CVE-2016-2188: The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970956). - CVE-2016-3138: The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor (bnc#970911). - CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions (bnc#970970). - CVE-2016-3140: The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970892). - CVE-2016-2186: The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970958). - CVE-2016-2185: The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971124). - CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandles destruction of device objects, which allowed guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses (bnc#971360). - CVE-2016-2184: The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971125). - CVE-2016-3139: The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970909). - CVE-2016-2143: The fork implementation in the Linux kernel on s390 platforms mishandled the case of four page-table levels, which allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h (bnc#970504). - CVE-2016-2782: The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint (bnc#968670). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bnc#968010). - CVE-2015-7566: The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint (bnc#961512). - CVE-2016-2549: sound/core/hrtimer.c in the Linux kernel did not prevent recursive callback access, which allowed local users to cause a denial of service (deadlock) via a crafted ioctl call (bnc#968013). - CVE-2016-2547: sound/core/timer.c in the Linux kernel employed a locking approach that did not consider slave timer instances, which allowed local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call (bnc#968011). - CVE-2016-2548: sound/core/timer.c in the Linux kernel retained certain linked lists after a close or stop action, which allowed local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions (bnc#968012). - CVE-2016-2546: sound/core/timer.c in the Linux kernel used an incorrect type of mutex, which allowed local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call (bnc#967975). - CVE-2016-2545: The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel did not properly maintain a certain linked list, which allowed local users to cause a denial of service (race condition and system crash) via a crafted ioctl call (bnc#967974). - CVE-2016-2544: Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time (bnc#967973). - CVE-2016-2543: The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel did not verify FIFO assignment before proceeding with FIFO clearing, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted ioctl call (bnc#967972). - CVE-2016-2384: Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor (bnc#966693). - CVE-2015-8812: drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel did not properly identify error conditions, which allowed remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets (bnc#966437). - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel allowed local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov (bnc#963765). - CVE-2016-2069: Race condition in arch/x86/mm/tlb.c in the Linux kernel .4.1 allowed local users to gain privileges by triggering access to a paging structure by a different CPU (bnc#963767). - CVE-2016-0723: Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call (bnc#961500). - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654). - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not properly manage the relationship between a lock and a socket, which allowed local users to cause a denial of service (deadlock) via a crafted sctp_accept call (bnc#961509). - CVE-2015-7515: The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints (bnc#956708). - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272 (bnc#955354). - CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel did not properly use a semaphore, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls (bnc#958951). - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190). - CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959399). - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886). - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c (bnc#958463). - CVE-2015-7509: fs/ext4/namei.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015 (bnc#956709). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c (bnc#954404). - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c (bnc#953527). - CVE-2015-7990: Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bnc#952384). - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (OOPS) via crafted keyctl commands (bnc#951440). - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bnc#945825). - CVE-2015-6252: The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation (bnc#942367). - CVE-2015-3339: Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel allowed local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped (bnc#928130). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 93289 published 2016-09-02 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93289 title SUSE SLES11 Security Update : kernel (SUSE-SU-2016:2074-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-2152.NASL description From Red Hat Security Advisory 2015:2152 : Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 7. This is the second regular update. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 87090 published 2015-11-30 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87090 title Oracle Linux 7 : kernel (ELSA-2015-2152) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-1203-1.NASL description The SUSE Linux Enterprise 11 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654). - CVE-2015-7509: fs/ext4/namei.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015 (bnc#956707). - CVE-2015-7515: An out of bounds memory access in the aiptek USB driver could be used by physical local attackers to crash the kernel (bnc#956708). - CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel did not properly use a semaphore, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls (bnc#958951). - CVE-2015-7566: A malicious USB device could cause kernel crashes in the visor device driver (bnc#961512). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product (bnc#955354). - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c (bnc#958463). - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886). - CVE-2015-8550: Optimizations introduced by the compiler could have lead to double fetch vulnerabilities, potentially possibly leading to arbitrary code execution in backend (bsc#957988). (bsc#957988 XSA-155). - CVE-2015-8551: The PCI backend driver in Xen, when running on an x86 system and using Linux as the driver domain, allowed local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka last seen 2020-06-01 modified 2020-06-02 plugin id 90884 published 2016-05-04 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/90884 title SUSE SLES11 Security Update : kernel (SUSE-SU-2016:1203-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-2194-1.NASL description The SUSE Linux Enterprise 12 kernel was updated to 3.12.51 to receive various security and bugfixes. Following security bugs were fixed : - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers were valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-5283: The sctp_init function in net/sctp/protocol.c in the Linux kernel had an incorrect sequence of protocol-initialization steps, which allowed local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished (bnc#947155). - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux kernel did not properly handle rename actions inside a bind mount, which allowed local users to bypass an intended container protection mechanism by renaming a directory, related to a last seen 2020-06-01 modified 2020-06-02 plugin id 87214 published 2015-12-07 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87214 title SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2015:2194-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-2292-1.NASL description The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.51 to receive various security and bugfixes. Following features were added : - hwrng: Add a driver for the hwrng found in power7+ systems (fate#315784). Following security bugs were fixed : - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. (bsc#955354) - CVE-2015-5156: The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel attempted to support a FRAGLIST feature without proper memory allocation, which allowed guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets (bnc#940776). - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (OOPS) via crafted keyctl commands (bnc#951440). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux kernel did not properly handle rename actions inside a bind mount, which allowed local users to bypass an intended container protection mechanism by renaming a directory, related to a last seen 2020-06-01 modified 2020-06-02 plugin id 87495 published 2015-12-18 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87495 title SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2015:2292-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2016-3567.NASL description Description of changes: kernel-uek [2.6.32-400.37.17.el6uek] - net: add validation for the socket syscall protocol argument (Hannes Frederic Sowa) [Orabug: 23267965] {CVE-2015-8543} {CVE-2015-8543} - ext4: Fix null dereference in ext4_fill_super() (Ben Hutchings) [Orabug: 23263398] {CVE-2015-8324} {CVE-2015-8324} - ipv6: addrconf: validate new MTU before applying it (Marcelo Leitner) [Orabug: 23263242] {CVE-2015-8215} - ext4: avoid hang when mounting non-journal filesystems with orphan list (Theodore Ts last seen 2020-06-01 modified 2020-06-02 plugin id 91293 published 2016-05-23 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91293 title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3567) NASL family Scientific Linux Local Security Checks NASL id SL_20160510_KERNEL_ON_SL6_X.NASL description Security Fix(es) : - It was found that reporting emulation failures to user space could lead to either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313) denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. Please note that on certain systems, HPET is mapped to userspace as part of vdso (vvar) and thus an unprivileged user may generate MMIO transactions (and enter the emulator) this way. (CVE-2010-5313, CVE-2014-7842, Moderate) - It was found that the Linux kernel did not properly account file descriptors passed over the unix socket against the process limit. A local user could use this flaw to exhaust all available memory on the system. (CVE-2013-4312, Moderate) - A buffer overflow flaw was found in the way the Linux kernel last seen 2020-03-18 modified 2016-06-17 plugin id 91643 published 2016-06-17 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91643 title Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20160510) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2016-0053.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - KEYS: Fix ASN.1 indefinite length object parsing This fixes CVE-2016-0758. (David Howells) [Orabug: 23279020] (CVE-2016-0758) - net: add validation for the socket syscall protocol argument (Hannes Frederic Sowa) [Orabug: 23267997] (CVE-2015-8543) (CVE-2015-8543) - ipv6: addrconf: validate new MTU before applying it (Marcelo Leitner) [Orabug: 23263252] (CVE-2015-8215) - unix: properly account for FDs passed over unix sockets (willy tarreau) [Orabug: 23262276] (CVE-2013-4312) (CVE-2013-4312) last seen 2020-06-01 modified 2020-06-02 plugin id 91295 published 2016-05-23 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91295 title OracleVM 3.3 : kernel-uek (OVMSA-2016-0053) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-0585-1.NASL description The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.53 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654). - CVE-2015-5707: Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request (bnc#940338). - CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel did not properly use a semaphore, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls (bnc#958951). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that was (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272 (bnc#955354). - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c (bnc#958463). - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886). - CVE-2015-8550: Optimizations introduced by the compiler could have lead to double fetch vulnerabilities, potentially possibly leading to arbitrary code execution in backend (bsc#957988). - CVE-2015-8551: Xen PCI backend driver did not perform proper sanity checks on the device last seen 2020-06-01 modified 2020-06-02 plugin id 89022 published 2016-02-29 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89022 title SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:0585-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-124.NASL description The openSUSE 13.1 kernel was updated to receive various security and bugfixes. Following security bugs were fixed : - CVE-2016-0728: A reference leak in keyring handling with join_session_keyring() could lead to local attackers gain root privileges. (bsc#962075). - CVE-2015-7550: A local user could have triggered a race between read and revoke in keyctl (bnc#958951). - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190). - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886). - CVE-2014-8989: The Linux kernel did not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allowed local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a last seen 2020-06-05 modified 2016-02-03 plugin id 88545 published 2016-02-03 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88545 title openSUSE Security Update : the Linux Kernel (openSUSE-2016-124) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1488.NASL description According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way the Linux kernel handled IRET faults during the processing of NMIs. An unprivileged, local user could use this flaw to crash the system or, potentially (although highly unlikely), escalate their privileges on the system.(CVE-2015-5157) - A denial of service vulnerability was found in the WhiteHEAT USB Serial Driver (whiteheat_attach function in drivers/usb/serial/whiteheat.c). In the driver, the COMMAND_PORT variable was hard coded and set to 4 (5th element). The driver assumed that the number of ports would always be 5 and used port number 5 as the command port. However, when using a USB device in which the number of ports was set to a number less than 5 (for example, 3), the driver triggered a kernel NULL-pointer dereference. A non-privileged attacker could use this flaw to panic the host.(CVE-2015-5257) - A NULL pointer dereference flaw was found in the SCTP implementation. A local user could use this flaw to cause a denial of service on the system by triggering a kernel panic when creating multiple sockets in parallel while the system did not have the SCTP module loaded.(CVE-2015-5283) - It was found that the x86 ISA (Instruction Set Architecture) is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way (sequential) delivering of benign exceptions such as #AC (alignment check exception) is handled. A privileged user inside a guest could use this flaw to create denial of service conditions on the host kernel.(CVE-2015-5307) - A flaw was found in the way the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 124812 published 2019-05-13 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124812 title EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1488) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-136.NASL description The openSUSE 13.2 kernel was updated to receive various security and bugfixes. Following security bugs were fixed : - CVE-2016-0728: A reference leak in keyring handling with join_session_keyring() could lead to local attackers gain root privileges. (bsc#962075). - CVE-2015-7550: A local user could have triggered a race between read and revoke in keyctl (bnc#958951). - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190). - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886). - CVE-2014-8989: The Linux kernel did not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allowed local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a last seen 2020-06-05 modified 2016-02-08 plugin id 88605 published 2016-02-08 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88605 title openSUSE Security Update : the Linux Kernel (openSUSE-2016-136) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2016-3565.NASL description Description of changes: kernel-uek [3.8.13-118.6.2.el7uek] - KEYS: Fix ASN.1 indefinite length object parsing This fixes CVE-2016-0758. (David Howells) [Orabug: 23279020] {CVE-2016-0758} - net: add validation for the socket syscall protocol argument (Hannes Frederic Sowa) [Orabug: 23267997] {CVE-2015-8543} {CVE-2015-8543} - ipv6: addrconf: validate new MTU before applying it (Marcelo Leitner) [Orabug: 23263252] {CVE-2015-8215} - unix: properly account for FDs passed over unix sockets (willy tarreau) [Orabug: 23262276] {CVE-2013-4312} {CVE-2013-4312} last seen 2020-06-01 modified 2020-06-02 plugin id 91291 published 2016-05-23 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91291 title Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3565) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2017-0057.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0057 for details. last seen 2020-06-01 modified 2020-06-02 plugin id 99163 published 2017-04-03 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99163 title OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3364.NASL description Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service. - CVE-2015-8215 It was discovered that NetworkManager would set IPv6 MTUs based on the values received in IPv6 RAs (Router Advertisements), without sufficiently validating these values. A remote attacker could exploit this attack to disable IPv6 connectivity. This has been mitigated by adding validation in the kernel. - CVE-2015-2925 Jann Horn discovered that when a subdirectory of a filesystem is bind-mounted into a container that has its own user and mount namespaces, a process with CAP_SYS_ADMIN capability in the user namespace can access files outside of the subdirectory. The default Debian configuration mitigated this as it does not allow unprivileged users to create new user namespaces. - CVE-2015-5156 Jason Wang discovered that when a virtio_net device is connected to a bridge in the same VM, a series of TCP packets forwarded through the bridge may cause a heap buffer overflow. A remote attacker could use this to cause a denial of service (crash) or possibly for privilege escalation. - CVE-2015-6252 Michael S. Tsirkin of Red Hat Engineering found that the vhost driver leaked file descriptors passed to it with the VHOST_SET_LOG_FD ioctl command. A privileged local user with access to the /dev/vhost-net file, either directly or via libvirt, could use this to cause a denial of service (hang or crash). - CVE-2015-6937 It was found that the Reliable Datagram Sockets (RDS) protocol implementation did not verify that an underlying transport exists when creating a connection. Depending on how a local RDS application initialised its sockets, a remote attacker might be able to cause a denial of service (crash) by sending a crafted packet. - CVE-2015-7312 Xavier Chantry discovered that the patch provided by the aufs project to correct behaviour of memory-mapped files from an aufs mount introduced a race condition in the msync() system call. Ben Hutchings found that it also introduced a similar bug in the madvise_remove() function. A local attacker could use this to cause a denial of service or possibly for privilege escalation. last seen 2020-06-01 modified 2020-06-02 plugin id 86050 published 2015-09-22 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86050 title Debian DSA-3364-1 : linux - security update NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-2339-1.NASL description The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Following security bugs were fixed : - CVE-2015-7509: Mounting ext4 filesystems in no-journal mode could hav lead to a system crash (bsc#956709). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c (bnc#954404). - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c (bnc#953527). - CVE-2015-7990: RDS: There was no verification that an underlying transport exists when creating a connection, causing usage of a NULL pointer (bsc#952384). - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the x86_64 platform mishandled IRET faults in processing NMIs that occurred during userspace execution, which might have allowed local users to gain privileges by triggering an NMI (bnc#938706). - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (OOPS) via crafted keyctl commands (bnc#951440). - CVE-2015-0272: Missing checks allowed remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215 (bnc#944296). - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bnc#945825). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 87651 published 2015-12-29 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87651 title SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2015:2339-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2016-0855.NASL description An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * It was found that reporting emulation failures to user space could lead to either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313) denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. Please note that on certain systems, HPET is mapped to userspace as part of vdso (vvar) and thus an unprivileged user may generate MMIO transactions (and enter the emulator) this way. (CVE-2010-5313, CVE-2014-7842, Moderate) * It was found that the Linux kernel did not properly account file descriptors passed over the unix socket against the process limit. A local user could use this flaw to exhaust all available memory on the system. (CVE-2013-4312, Moderate) * A buffer overflow flaw was found in the way the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 91170 published 2016-05-17 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91170 title CentOS 6 : kernel (CESA-2016:0855) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2016-0060.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - IPoIB: increase send queue size to 4 times (Ajaykumar Hotchandani) - IB/ipoib: Change send workqueue size for CM mode (Ajaykumar Hotchandani) [Orabug: 22287489] - Avoid 60sec timeout when receiving rtpg sense code 06/00/00 (John Sobecki) [Orabug: 22336257] - stop recursive fault in print_context_stack after stack overflow (John Sobecki) [Orabug: 23174777] - IB/security: Restrict use of the write interface (Jason Gunthorpe) [Orabug: 23287131] (CVE-2016-4565) - net: add validation for the socket syscall protocol argument (Hannes Frederic Sowa) [Orabug: 23267976] (CVE-2015-8543) (CVE-2015-8543) - ipv6: addrconf: validate new MTU before applying it (Marcelo Leitner) [Orabug: 23263251] (CVE-2015-8215) - ext4: avoid hang when mounting non-journal filesystems with orphan list (Theodore Ts last seen 2020-06-01 modified 2020-06-02 plugin id 91743 published 2016-06-22 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91743 title OracleVM 3.2 : kernel-uek (OVMSA-2016-0060) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2016-3566.NASL description Description of changes: [2.6.39-400.278.3.el6uek] - net: add validation for the socket syscall protocol argument (Hannes Frederic Sowa) [Orabug: 23267976] {CVE-2015-8543} {CVE-2015-8543} - ipv6: addrconf: validate new MTU before applying it (Marcelo Leitner) [Orabug: 23263251] {CVE-2015-8215} - ext4: avoid hang when mounting non-journal filesystems with orphan list (Theodore Ts last seen 2020-06-01 modified 2020-06-02 plugin id 91292 published 2016-05-23 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91292 title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3566) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2016-0855.NASL description An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * It was found that reporting emulation failures to user space could lead to either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313) denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. Please note that on certain systems, HPET is mapped to userspace as part of vdso (vvar) and thus an unprivileged user may generate MMIO transactions (and enter the emulator) this way. (CVE-2010-5313, CVE-2014-7842, Moderate) * It was found that the Linux kernel did not properly account file descriptors passed over the unix socket against the process limit. A local user could use this flaw to exhaust all available memory on the system. (CVE-2013-4312, Moderate) * A buffer overflow flaw was found in the way the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 91077 published 2016-05-12 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91077 title RHEL 6 : kernel (RHSA-2016:0855) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-2152.NASL description Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 7. This is the second regular update. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 86972 published 2015-11-20 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86972 title RHEL 7 : kernel (RHSA-2015:2152) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-2152.NASL description Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 7. This is the second regular update. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 87135 published 2015-12-02 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87135 title CentOS 7 : kernel (CESA-2015:2152) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2016-0855.NASL description From Red Hat Security Advisory 2016:0855 : An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * It was found that reporting emulation failures to user space could lead to either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313) denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. Please note that on certain systems, HPET is mapped to userspace as part of vdso (vvar) and thus an unprivileged user may generate MMIO transactions (and enter the emulator) this way. (CVE-2010-5313, CVE-2014-7842, Moderate) * It was found that the Linux kernel did not properly account file descriptors passed over the unix socket against the process limit. A local user could use this flaw to exhaust all available memory on the system. (CVE-2013-4312, Moderate) * A buffer overflow flaw was found in the way the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 91210 published 2016-05-18 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91210 title Oracle Linux 6 : kernel (ELSA-2016-0855) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1532.NASL description According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way the Linux kernel last seen 2020-03-19 modified 2019-05-14 plugin id 124985 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124985 title EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1532)
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77751427a1ff25b27d47a4c36b12c3c8667855ac
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html
- http://rhn.redhat.com/errata/RHSA-2016-0855.html
- http://www.debian.org/security/2015/dsa-3364
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.securityfocus.com/bid/85274
- https://bugs.launchpad.net/bugs/1500810
- https://bugzilla.novell.com/show_bug.cgi?id=944296
- https://bugzilla.redhat.com/show_bug.cgi?id=1192132
- https://github.com/torvalds/linux/commit/77751427a1ff25b27d47a4c36b12c3c8667855ac