Vulnerabilities > CVE-2015-8543 - Unspecified vulnerability in Linux Kernel

047910
CVSS 7.0 - HIGH
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
high complexity
linux
nessus

Summary

The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application.

Vulnerable Configurations

Part Description Count
OS
Linux
2143

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2074-1.NASL
    descriptionThe SUSE Linux Enterprise 11 SP2 kernel was updated to receive various security and bug fixes. The following security bugs were fixed : - CVE-2016-4486: Fixed 4 byte information leak in net/core/rtnetlink.c (bsc#978822). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126). - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of unread data in pipes, which allowed local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes (bnc#970948). - CVE-2016-2188: The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970956). - CVE-2016-3138: The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor (bnc#970911). - CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions (bnc#970970). - CVE-2016-3140: The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970892). - CVE-2016-2186: The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970958). - CVE-2016-2185: The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971124). - CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandles destruction of device objects, which allowed guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses (bnc#971360). - CVE-2016-2184: The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971125). - CVE-2016-3139: The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970909). - CVE-2016-2143: The fork implementation in the Linux kernel on s390 platforms mishandled the case of four page-table levels, which allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h (bnc#970504). - CVE-2016-2782: The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint (bnc#968670). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bnc#968010). - CVE-2015-7566: The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint (bnc#961512). - CVE-2016-2549: sound/core/hrtimer.c in the Linux kernel did not prevent recursive callback access, which allowed local users to cause a denial of service (deadlock) via a crafted ioctl call (bnc#968013). - CVE-2016-2547: sound/core/timer.c in the Linux kernel employed a locking approach that did not consider slave timer instances, which allowed local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call (bnc#968011). - CVE-2016-2548: sound/core/timer.c in the Linux kernel retained certain linked lists after a close or stop action, which allowed local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions (bnc#968012). - CVE-2016-2546: sound/core/timer.c in the Linux kernel used an incorrect type of mutex, which allowed local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call (bnc#967975). - CVE-2016-2545: The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel did not properly maintain a certain linked list, which allowed local users to cause a denial of service (race condition and system crash) via a crafted ioctl call (bnc#967974). - CVE-2016-2544: Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time (bnc#967973). - CVE-2016-2543: The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel did not verify FIFO assignment before proceeding with FIFO clearing, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted ioctl call (bnc#967972). - CVE-2016-2384: Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor (bnc#966693). - CVE-2015-8812: drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel did not properly identify error conditions, which allowed remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets (bnc#966437). - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel allowed local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov (bnc#963765). - CVE-2016-2069: Race condition in arch/x86/mm/tlb.c in the Linux kernel .4.1 allowed local users to gain privileges by triggering access to a paging structure by a different CPU (bnc#963767). - CVE-2016-0723: Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call (bnc#961500). - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654). - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not properly manage the relationship between a lock and a socket, which allowed local users to cause a denial of service (deadlock) via a crafted sctp_accept call (bnc#961509). - CVE-2015-7515: The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints (bnc#956708). - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272 (bnc#955354). - CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel did not properly use a semaphore, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls (bnc#958951). - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190). - CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959399). - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886). - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c (bnc#958463). - CVE-2015-7509: fs/ext4/namei.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015 (bnc#956709). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c (bnc#954404). - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c (bnc#953527). - CVE-2015-7990: Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bnc#952384). - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (OOPS) via crafted keyctl commands (bnc#951440). - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bnc#945825). - CVE-2015-6252: The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation (bnc#942367). - CVE-2015-3339: Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel allowed local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped (bnc#928130). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id93289
    published2016-09-02
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93289
    titleSUSE SLES11 Security Update : kernel (SUSE-SU-2016:2074-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2888-1.NASL
    descriptionIt was discovered that a use-after-free vulnerability existed in the AF_UNIX implementation in the Linux kernel. A local attacker could use crafted epoll_ctl calls to cause a denial of service (system crash) or expose sensitive information. (CVE-2013-7446) It was discovered that the KVM implementation in the Linux kernel did not properly restore the values of the Programmable Interrupt Timer (PIT). A user-assisted attacker in a KVM guest could cause a denial of service in the host (system crash). (CVE-2015-7513) It was discovered that the Linux kernel keyring subsystem contained a race between read and revoke operations. A local attacker could use this to cause a denial of service (system crash). (CVE-2015-7550) Sasha Levin discovered that the Reliable Datagram Sockets (RDS) implementation in the Linux kernel had a race condition when checking whether a socket was bound or not. A local attacker could use this to cause a denial of service (system crash). (CVE-2015-7990) It was discovered that the Btrfs implementation in the Linux kernel incorrectly handled compressed inline extants on truncation. A local attacker could use this to expose sensitive information. (CVE-2015-8374) Guoyong Gang discovered that the Linux kernel networking implementation did not validate protocol identifiers for certain protocol families, A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2015-8543) Dmitry Vyukov discovered that the pptp implementation in the Linux kernel did not verify an address length when setting up a socket. A local attacker could use this to craft an application that exposed sensitive information from kernel memory. (CVE-2015-8569) David Miller discovered that the Bluetooth implementation in the Linux kernel did not properly validate the socket address length for Synchronous Connection-Oriented (SCO) sockets. A local attacker could use this to expose sensitive information. (CVE-2015-8575). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id88521
    published2016-02-02
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88521
    titleUbuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2888-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2016-1024.NASL
    descriptionAccording to the version of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Several Moderate and Low impact security issues were found in the Linux kernel. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2015-8543) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-05-01
    plugin id99787
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99787
    titleEulerOS 2.0 SP1 : kernel (EulerOS-SA-2016-1024)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2890-3.NASL
    descriptionIt was discovered that a use-after-free vulnerability existed in the AF_UNIX implementation in the Linux kernel. A local attacker could use crafted epoll_ctl calls to cause a denial of service (system crash) or expose sensitive information. (CVE-2013-7446) It was discovered that the KVM implementation in the Linux kernel did not properly restore the values of the Programmable Interrupt Timer (PIT). A user-assisted attacker in a KVM guest could cause a denial of service in the host (system crash). (CVE-2015-7513) It was discovered that the Linux kernel keyring subsystem contained a race between read and revoke operations. A local attacker could use this to cause a denial of service (system crash). (CVE-2015-7550) Sasha Levin discovered that the Reliable Datagram Sockets (RDS) implementation in the Linux kernel had a race condition when checking whether a socket was bound or not. A local attacker could use this to cause a denial of service (system crash). (CVE-2015-7990) It was discovered that the Btrfs implementation in the Linux kernel incorrectly handled compressed inline extants on truncation. A local attacker could use this to expose sensitive information. (CVE-2015-8374) Guoyong Gang discovered that the Linux kernel networking implementation did not validate protocol identifiers for certain protocol families, A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2015-8543) Dmitry Vyukov discovered that the pptp implementation in the Linux kernel did not verify an address length when setting up a socket. A local attacker could use this to craft an application that exposed sensitive information from kernel memory. (CVE-2015-8569) David Miller discovered that the Bluetooth implementation in the Linux kernel did not properly validate the socket address length for Synchronous Connection-Oriented (SCO) sockets. A local attacker could use this to expose sensitive information. (CVE-2015-8575) It was discovered that the netfilter Network Address Translation (NAT) implementation did not ensure that data structures were initialized when handling IPv4 addresses. An attacker could use this to cause a denial of service (system crash). (CVE-2015-8787). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id88526
    published2016-02-02
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88526
    titleUbuntu 15.10 : linux-raspi2 vulnerabilities (USN-2890-3)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3426.NASL
    descriptionThe update for linux issued as DSA-3426-1 and DSA-3434-1 to address CVE-2015-8543 uncovered a bug in ctdb, a clustered database to store temporary data, leading to broken clusters. Updated packages are now available to address this problem.
    last seen2020-06-01
    modified2020-06-02
    plugin id87509
    published2015-12-21
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87509
    titleDebian DSA-3426-2 : ctdb - security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-1203-1.NASL
    descriptionThe SUSE Linux Enterprise 11 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654). - CVE-2015-7509: fs/ext4/namei.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015 (bnc#956707). - CVE-2015-7515: An out of bounds memory access in the aiptek USB driver could be used by physical local attackers to crash the kernel (bnc#956708). - CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel did not properly use a semaphore, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls (bnc#958951). - CVE-2015-7566: A malicious USB device could cause kernel crashes in the visor device driver (bnc#961512). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product (bnc#955354). - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c (bnc#958463). - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886). - CVE-2015-8550: Optimizations introduced by the compiler could have lead to double fetch vulnerabilities, potentially possibly leading to arbitrary code execution in backend (bsc#957988). (bsc#957988 XSA-155). - CVE-2015-8551: The PCI backend driver in Xen, when running on an x86 system and using Linux as the driver domain, allowed local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka
    last seen2020-06-01
    modified2020-06-02
    plugin id90884
    published2016-05-04
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90884
    titleSUSE SLES11 Security Update : kernel (SUSE-SU-2016:1203-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2574.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * It was found that the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id94537
    published2016-11-04
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94537
    titleRHEL 7 : kernel (RHSA-2016:2574)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-3567.NASL
    descriptionDescription of changes: kernel-uek [2.6.32-400.37.17.el6uek] - net: add validation for the socket syscall protocol argument (Hannes Frederic Sowa) [Orabug: 23267965] {CVE-2015-8543} {CVE-2015-8543} - ext4: Fix null dereference in ext4_fill_super() (Ben Hutchings) [Orabug: 23263398] {CVE-2015-8324} {CVE-2015-8324} - ipv6: addrconf: validate new MTU before applying it (Marcelo Leitner) [Orabug: 23263242] {CVE-2015-8215} - ext4: avoid hang when mounting non-journal filesystems with orphan list (Theodore Ts
    last seen2020-06-01
    modified2020-06-02
    plugin id91293
    published2016-05-23
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91293
    titleOracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3567)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2890-1.NASL
    descriptionIt was discovered that a use-after-free vulnerability existed in the AF_UNIX implementation in the Linux kernel. A local attacker could use crafted epoll_ctl calls to cause a denial of service (system crash) or expose sensitive information. (CVE-2013-7446) It was discovered that the KVM implementation in the Linux kernel did not properly restore the values of the Programmable Interrupt Timer (PIT). A user-assisted attacker in a KVM guest could cause a denial of service in the host (system crash). (CVE-2015-7513) It was discovered that the Linux kernel keyring subsystem contained a race between read and revoke operations. A local attacker could use this to cause a denial of service (system crash). (CVE-2015-7550) Sasha Levin discovered that the Reliable Datagram Sockets (RDS) implementation in the Linux kernel had a race condition when checking whether a socket was bound or not. A local attacker could use this to cause a denial of service (system crash). (CVE-2015-7990) It was discovered that the Btrfs implementation in the Linux kernel incorrectly handled compressed inline extants on truncation. A local attacker could use this to expose sensitive information. (CVE-2015-8374) Guoyong Gang discovered that the Linux kernel networking implementation did not validate protocol identifiers for certain protocol families, A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2015-8543) Dmitry Vyukov discovered that the pptp implementation in the Linux kernel did not verify an address length when setting up a socket. A local attacker could use this to craft an application that exposed sensitive information from kernel memory. (CVE-2015-8569) David Miller discovered that the Bluetooth implementation in the Linux kernel did not properly validate the socket address length for Synchronous Connection-Oriented (SCO) sockets. A local attacker could use this to expose sensitive information. (CVE-2015-8575) It was discovered that the netfilter Network Address Translation (NAT) implementation did not ensure that data structures were initialized when handling IPv4 addresses. An attacker could use this to cause a denial of service (system crash). (CVE-2015-8787). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id88524
    published2016-02-02
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88524
    titleUbuntu 15.10 : linux vulnerabilities (USN-2890-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1489.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An information-leak vulnerability was found in the kernel when it truncated a file to a smaller size which consisted of an inline extent that was compressed. The data between the new file size and the old file size was not discarded and the number of bytes used by the inode were not correctly decremented, which gave the wrong report for callers of the stat(2) syscall. This wasted metadata space and allowed for the truncated data to be leaked, and data corruption or loss to occur. A caller of the clone ioctl could exploit this flaw by using only standard file-system operations without root access to read the truncated data.(CVE-2015-8374) - A flaw was found in the Linux kernel
    last seen2020-03-17
    modified2019-05-13
    plugin id124813
    published2019-05-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124813
    titleEulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1489)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20160510_KERNEL_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - It was found that reporting emulation failures to user space could lead to either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313) denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. Please note that on certain systems, HPET is mapped to userspace as part of vdso (vvar) and thus an unprivileged user may generate MMIO transactions (and enter the emulator) this way. (CVE-2010-5313, CVE-2014-7842, Moderate) - It was found that the Linux kernel did not properly account file descriptors passed over the unix socket against the process limit. A local user could use this flaw to exhaust all available memory on the system. (CVE-2013-4312, Moderate) - A buffer overflow flaw was found in the way the Linux kernel
    last seen2020-03-18
    modified2016-06-17
    plugin id91643
    published2016-06-17
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91643
    titleScientific Linux Security Update : kernel on SL6.x i386/x86_64 (20160510)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-116.NASL
    descriptionThe Linux kernel for openSUSE Leap 42.1 was updated to the 4.1.15 stable release, and also includes security and bugfixes. Following security bugs were fixed : - CVE-2016-0728: A reference leak in keyring handling with join_session_keyring() could lead to local attackers gain root privileges. (bsc#962075). - CVE-2015-7550: A local user could have triggered a race between read and revoke in keyctl (bnc#958951). - CVE-2015-8767: A case can occur when sctp_accept() is called by the user during a heartbeat timeout event after the 4-way handshake. Since sctp_assoc_migrate() changes both assoc->base.sk and assoc->ep, the bh_sock_lock in sctp_generate_heartbeat_event() will be taken with the listening socket but released with the new association socket. The result is a deadlock on any future attempts to take the listening socket lock. (bsc#961509) - CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges (bnc#958463). - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190). - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886). - CVE-2015-8575: Validate socket address length in sco_sock_bind() to prevent information leak (bsc#959399). - CVE-2015-8551, CVE-2015-8552: xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled (bsc#957990). - CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers could have lead to double fetch vulnerabilities, causing denial of service or arbitrary code execution (depending on the configuration) (bsc#957988). The following non-security bugs were fixed : - ALSA: hda - Add a fixup for Thinkpad X1 Carbon 2nd (bsc#958439). - ALSA: hda - Apply click noise workaround for Thinkpads generically (bsc#958439). - ALSA: hda - Fix noise problems on Thinkpad T440s (boo#958504). - ALSA: hda - Flush the pending probe work at remove (boo#960710). - ALSA: hda - Set codec to D3 at reboot/shutdown on Thinkpads (bsc#958439). - Add Cavium Thunderx network enhancements - Add RHEL to kernel-obs-build - Backport amd xgbe fixes and features - Backport arm64 patches from SLE12-SP1-ARM. - Btrfs: fix the number of transaction units needed to remove a block group (bsc#950178). - Btrfs: use global reserve when deleting unused block group after ENOSPC (bsc#950178). - Documentation: nousb is a module parameter (bnc#954324). - Driver for IBM System i/p VNIC protocol. - Enable CONFIG_PINCTRL_CHERRYVIEW (boo#954532) Needed for recent tablets/laptops. CONFIG_PINCTRL_BAYTRAIL is still disabled as it can
    last seen2020-06-05
    modified2016-02-03
    plugin id88542
    published2016-02-03
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88542
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2016-116)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2016-0053.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - KEYS: Fix ASN.1 indefinite length object parsing This fixes CVE-2016-0758. (David Howells) [Orabug: 23279020] (CVE-2016-0758) - net: add validation for the socket syscall protocol argument (Hannes Frederic Sowa) [Orabug: 23267997] (CVE-2015-8543) (CVE-2015-8543) - ipv6: addrconf: validate new MTU before applying it (Marcelo Leitner) [Orabug: 23263252] (CVE-2015-8215) - unix: properly account for FDs passed over unix sockets (willy tarreau) [Orabug: 23262276] (CVE-2013-4312) (CVE-2013-4312)
    last seen2020-06-01
    modified2020-06-02
    plugin id91295
    published2016-05-23
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91295
    titleOracleVM 3.3 : kernel-uek (OVMSA-2016-0053)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-0585-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.53 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654). - CVE-2015-5707: Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request (bnc#940338). - CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel did not properly use a semaphore, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls (bnc#958951). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that was (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272 (bnc#955354). - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c (bnc#958463). - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886). - CVE-2015-8550: Optimizations introduced by the compiler could have lead to double fetch vulnerabilities, potentially possibly leading to arbitrary code execution in backend (bsc#957988). - CVE-2015-8551: Xen PCI backend driver did not perform proper sanity checks on the device
    last seen2020-06-01
    modified2020-06-02
    plugin id89022
    published2016-02-29
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89022
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:0585-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-2574.NASL
    descriptionFrom Red Hat Security Advisory 2016:2574 : An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * It was found that the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id94697
    published2016-11-11
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94697
    titleOracle Linux 7 : kernel (ELSA-2016-2574)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-378.NASL
    descriptionThis update fixes the CVEs described below. CVE-2015-7550 Dmitry Vyukov discovered a race condition in the keyring subsystem that allows a local user to cause a denial of service (crash). CVE-2015-8543 It was discovered that a local user permitted to create raw sockets could cause a denial of service by specifying an invalid protocol number for the socket. The attacker must have the CAP_NET_RAW capability. CVE-2015-8575 David Miller discovered a flaw in the Bluetooth SCO sockets implementation that leads to an information leak to local users. In addition, this update fixes a regression in the previous update : #808293 A regression in the UDP implementation prevented freeradius and some other applications from receiving data. For the oldoldstable distribution (squeeze), these problems have been fixed in version 2.6.32-48squeeze18. For the oldstable distribution (wheezy), these problems have been fixed in version 3.2.73-2+deb7u2. For the stable distribution (jessie), these problems have been fixed in version 3.16.7-ckt20-1+deb8u2 or earlier. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2016-01-06
    plugin id87738
    published2016-01-06
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87738
    titleDebian DLA-378-1 : linux-2.6 security update
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-124.NASL
    descriptionThe openSUSE 13.1 kernel was updated to receive various security and bugfixes. Following security bugs were fixed : - CVE-2016-0728: A reference leak in keyring handling with join_session_keyring() could lead to local attackers gain root privileges. (bsc#962075). - CVE-2015-7550: A local user could have triggered a race between read and revoke in keyctl (bnc#958951). - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190). - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886). - CVE-2014-8989: The Linux kernel did not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allowed local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a
    last seen2020-06-05
    modified2016-02-03
    plugin id88545
    published2016-02-03
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88545
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2016-124)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2907-1.NASL
    descriptionhalfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. (CVE-2016-1576) halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. (CVE-2016-1575) It was discovered that the Linux kernel keyring subsystem contained a race between read and revoke operations. A local attacker could use this to cause a denial of service (system crash). (CVE-2015-7550) Guoyong Gang discovered that the Linux kernel networking implementation did not validate protocol identifiers for certain protocol families, A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2015-8543) Dmitry Vyukov discovered that the pptp implementation in the Linux kernel did not verify an address length when setting up a socket. A local attacker could use this to craft an application that exposed sensitive information from kernel memory. (CVE-2015-8569) David Miller discovered that the Bluetooth implementation in the Linux kernel did not properly validate the socket address length for Synchronous Connection-Oriented (SCO) sockets. A local attacker could use this to expose sensitive information. (CVE-2015-8575) It was discovered that the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id88895
    published2016-02-23
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88895
    titleUbuntu 14.04 LTS : linux vulnerabilities (USN-2907-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2886-1.NASL
    descriptionIt was discovered that a use-after-free vulnerability existed in the AF_UNIX implementation in the Linux kernel. A local attacker could use crafted epoll_ctl calls to cause a denial of service (system crash) or expose sensitive information. (CVE-2013-7446) It was discovered that the KVM implementation in the Linux kernel did not properly restore the values of the Programmable Interrupt Timer (PIT). A user-assisted attacker in a KVM guest could cause a denial of service in the host (system crash). (CVE-2015-7513) Guoyong Gang discovered that the ppp implementation in the Linux kernel did not ensure that certain slot numbers are valid. A local attacker with the privilege to call ioctl() on /dev/ppp could cause a denial of service (system crash). (CVE-2015-7799) Sasha Levin discovered that the Reliable Datagram Sockets (RDS) implementation in the Linux kernel had a race condition when checking whether a socket was bound or not. A local attacker could use this to cause a denial of service (system crash). (CVE-2015-7990) It was discovered that the Btrfs implementation in the Linux kernel incorrectly handled compressed inline extants on truncation. A local attacker could use this to expose sensitive information. (CVE-2015-8374) Guoyong Gang discovered that the Linux kernel networking implementation did not validate protocol identifiers for certain protocol families, A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2015-8543) Dmitry Vyukov discovered that the pptp implementation in the Linux kernel did not verify an address length when setting up a socket. A local attacker could use this to craft an application that exposed sensitive information from kernel memory. (CVE-2015-8569) David Miller discovered that the Bluetooth implementation in the Linux kernel did not properly validate the socket address length for Synchronous Connection-Oriented (SCO) sockets. A local attacker could use this to expose sensitive information. (CVE-2015-8575) It was discovered that the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id88518
    published2016-02-02
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88518
    titleUbuntu 12.04 LTS : linux vulnerabilities (USN-2886-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-136.NASL
    descriptionThe openSUSE 13.2 kernel was updated to receive various security and bugfixes. Following security bugs were fixed : - CVE-2016-0728: A reference leak in keyring handling with join_session_keyring() could lead to local attackers gain root privileges. (bsc#962075). - CVE-2015-7550: A local user could have triggered a race between read and revoke in keyctl (bnc#958951). - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190). - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886). - CVE-2014-8989: The Linux kernel did not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allowed local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a
    last seen2020-06-05
    modified2016-02-08
    plugin id88605
    published2016-02-08
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88605
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2016-136)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-0911-1.NASL
    descriptionThe SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Following feature was added to kernel-xen : - A improved XEN blkfront module was added, which allows more I/O bandwidth. (FATE#320200) It is called xen-blkfront in PV, and xen-vbd-upstream in HVM mode. The following security bugs were fixed : - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654). - CVE-2015-7515: An out of bounds memory access in the aiptek USB driver could be used by physical local attackers to crash the kernel (bnc#956708). - CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel did not properly use a semaphore, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls (bnc#958951). - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c (bnc#958463). - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886). - CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers could have lead to double fetch vulnerabilities, causing denial of service or arbitrary code execution (depending on the configuration) (bsc#957988). - CVE-2015-8551, CVE-2015-8552: xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled (bsc#957990). - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190). - CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190 bnc#959399). - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not properly manage the relationship between a lock and a socket, which allowed local users to cause a denial of service (deadlock) via a crafted sctp_accept call (bnc#961509). - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel allowed local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov (bnc#963765). - CVE-2015-8812: A use-after-free flaw was found in the CXGB3 kernel driver when the network was considered to be congested. This could be used by local attackers to cause machine crashes or potentially code execution (bsc#966437). - CVE-2016-0723: Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call (bnc#961500). - CVE-2016-2069: Race conditions in TLB syncing was fixed which could leak to information leaks (bnc#963767). - CVE-2016-2384: Removed a double free in the ALSA usb-audio driver in the umidi object which could lead to crashes (bsc#966693). - CVE-2016-2543: Added a missing NULL check at remove_events ioctl in ALSA that could lead to crashes. (bsc#967972). - CVE-2016-2544, CVE-2016-2545, CVE-2016-2546, CVE-2016-2547, CVE-2016-2548, CVE-2016-2549: Various race conditions in ALSAs timer handling were fixed. (bsc#967975, bsc#967974, bsc#967973, bsc#968011, bsc#968012, bsc#968013). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id90264
    published2016-04-01
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90264
    titleSUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2016:0911-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-2574.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * It was found that the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id95321
    published2016-11-28
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95321
    titleCentOS 7 : kernel (CESA-2016:2574)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-C1C2F5E168.NASL
    descriptionThe 4.2.8 stable kernel update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-03-04
    plugin id89393
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89393
    titleFedora 22 : kernel-4.2.8-200.fc22 (2015-c1c2f5e168)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-3565.NASL
    descriptionDescription of changes: kernel-uek [3.8.13-118.6.2.el7uek] - KEYS: Fix ASN.1 indefinite length object parsing This fixes CVE-2016-0758. (David Howells) [Orabug: 23279020] {CVE-2016-0758} - net: add validation for the socket syscall protocol argument (Hannes Frederic Sowa) [Orabug: 23267997] {CVE-2015-8543} {CVE-2015-8543} - ipv6: addrconf: validate new MTU before applying it (Marcelo Leitner) [Orabug: 23263252] {CVE-2015-8215} - unix: properly account for FDs passed over unix sockets (willy tarreau) [Orabug: 23262276] {CVE-2013-4312} {CVE-2013-4312}
    last seen2020-06-01
    modified2020-06-02
    plugin id91291
    published2016-05-23
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91291
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3565)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0057.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0057 for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id99163
    published2017-04-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99163
    titleOracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-0168-1.NASL
    descriptionThe SUSE Linux Enterprise 12 kernel was updated to receive various security and bugfixes. Following security bugs were fixed : - CVE-2015-7550: A local user could have triggered a race between read and revoke in keyctl (bnc#958951). - CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges (bnc#958463). - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886). - CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers could have lead to double fetch vulnerabilities, causing denial of service or arbitrary code execution (depending on the configuration) (bsc#957988). - CVE-2015-8551, CVE-2015-8552: xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled (bsc#957990). - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190). - CVE-2015-8575: Validate socket address length in sco_sock_bind() to prevent information leak (bsc#959399). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id88006
    published2016-01-20
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88006
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:0168-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2584.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * It was found that the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id94547
    published2016-11-04
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94547
    titleRHEL 7 : kernel-rt (RHSA-2016:2584)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-0855.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * It was found that reporting emulation failures to user space could lead to either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313) denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. Please note that on certain systems, HPET is mapped to userspace as part of vdso (vvar) and thus an unprivileged user may generate MMIO transactions (and enter the emulator) this way. (CVE-2010-5313, CVE-2014-7842, Moderate) * It was found that the Linux kernel did not properly account file descriptors passed over the unix socket against the process limit. A local user could use this flaw to exhaust all available memory on the system. (CVE-2013-4312, Moderate) * A buffer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id91170
    published2016-05-17
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91170
    titleCentOS 6 : kernel (CESA-2016:0855)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2016-0060.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - IPoIB: increase send queue size to 4 times (Ajaykumar Hotchandani) - IB/ipoib: Change send workqueue size for CM mode (Ajaykumar Hotchandani) [Orabug: 22287489] - Avoid 60sec timeout when receiving rtpg sense code 06/00/00 (John Sobecki) [Orabug: 22336257] - stop recursive fault in print_context_stack after stack overflow (John Sobecki) [Orabug: 23174777] - IB/security: Restrict use of the write interface (Jason Gunthorpe) [Orabug: 23287131] (CVE-2016-4565) - net: add validation for the socket syscall protocol argument (Hannes Frederic Sowa) [Orabug: 23267976] (CVE-2015-8543) (CVE-2015-8543) - ipv6: addrconf: validate new MTU before applying it (Marcelo Leitner) [Orabug: 23263251] (CVE-2015-8215) - ext4: avoid hang when mounting non-journal filesystems with orphan list (Theodore Ts
    last seen2020-06-01
    modified2020-06-02
    plugin id91743
    published2016-06-22
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91743
    titleOracleVM 3.2 : kernel-uek (OVMSA-2016-0060)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20161103_KERNEL_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - It was found that the Linux kernel
    last seen2020-03-18
    modified2016-12-15
    plugin id95841
    published2016-12-15
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95841
    titleScientific Linux Security Update : kernel on SL7.x x86_64 (20161103)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-3566.NASL
    descriptionDescription of changes: [2.6.39-400.278.3.el6uek] - net: add validation for the socket syscall protocol argument (Hannes Frederic Sowa) [Orabug: 23267976] {CVE-2015-8543} {CVE-2015-8543} - ipv6: addrconf: validate new MTU before applying it (Marcelo Leitner) [Orabug: 23263251] {CVE-2015-8215} - ext4: avoid hang when mounting non-journal filesystems with orphan list (Theodore Ts
    last seen2020-06-01
    modified2020-06-02
    plugin id91292
    published2016-05-23
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91292
    titleOracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3566)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2890-2.NASL
    descriptionIt was discovered that a use-after-free vulnerability existed in the AF_UNIX implementation in the Linux kernel. A local attacker could use crafted epoll_ctl calls to cause a denial of service (system crash) or expose sensitive information. (CVE-2013-7446) It was discovered that the KVM implementation in the Linux kernel did not properly restore the values of the Programmable Interrupt Timer (PIT). A user-assisted attacker in a KVM guest could cause a denial of service in the host (system crash). (CVE-2015-7513) It was discovered that the Linux kernel keyring subsystem contained a race between read and revoke operations. A local attacker could use this to cause a denial of service (system crash). (CVE-2015-7550) Sasha Levin discovered that the Reliable Datagram Sockets (RDS) implementation in the Linux kernel had a race condition when checking whether a socket was bound or not. A local attacker could use this to cause a denial of service (system crash). (CVE-2015-7990) It was discovered that the Btrfs implementation in the Linux kernel incorrectly handled compressed inline extants on truncation. A local attacker could use this to expose sensitive information. (CVE-2015-8374) Guoyong Gang discovered that the Linux kernel networking implementation did not validate protocol identifiers for certain protocol families, A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2015-8543) Dmitry Vyukov discovered that the pptp implementation in the Linux kernel did not verify an address length when setting up a socket. A local attacker could use this to craft an application that exposed sensitive information from kernel memory. (CVE-2015-8569) David Miller discovered that the Bluetooth implementation in the Linux kernel did not properly validate the socket address length for Synchronous Connection-Oriented (SCO) sockets. A local attacker could use this to expose sensitive information. (CVE-2015-8575) It was discovered that the netfilter Network Address Translation (NAT) implementation did not ensure that data structures were initialized when handling IPv4 addresses. An attacker could use this to cause a denial of service (system crash). (CVE-2015-8787). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id88525
    published2016-02-02
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88525
    titleUbuntu 14.04 LTS : linux-lts-wily vulnerabilities (USN-2890-2)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-0855.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * It was found that reporting emulation failures to user space could lead to either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313) denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. Please note that on certain systems, HPET is mapped to userspace as part of vdso (vvar) and thus an unprivileged user may generate MMIO transactions (and enter the emulator) this way. (CVE-2010-5313, CVE-2014-7842, Moderate) * It was found that the Linux kernel did not properly account file descriptors passed over the unix socket against the process limit. A local user could use this flaw to exhaust all available memory on the system. (CVE-2013-4312, Moderate) * A buffer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id91077
    published2016-05-12
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91077
    titleRHEL 6 : kernel (RHSA-2016:0855)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2910-1.NASL
    descriptionhalfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. (CVE-2016-1576) halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. (CVE-2016-1575) It was discovered that the Linux kernel keyring subsystem contained a race between read and revoke operations. A local attacker could use this to cause a denial of service (system crash). (CVE-2015-7550) Guoyong Gang discovered that the Linux kernel networking implementation did not validate protocol identifiers for certain protocol families, A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2015-8543) Dmitry Vyukov discovered that the pptp implementation in the Linux kernel did not verify an address length when setting up a socket. A local attacker could use this to craft an application that exposed sensitive information from kernel memory. (CVE-2015-8569) David Miller discovered that the Bluetooth implementation in the Linux kernel did not properly validate the socket address length for Synchronous Connection-Oriented (SCO) sockets. A local attacker could use this to expose sensitive information. (CVE-2015-8575) It was discovered that the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id88901
    published2016-02-23
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88901
    titleUbuntu 14.04 LTS : linux-lts-vivid vulnerabilities (USN-2910-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2907-2.NASL
    descriptionhalfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. (CVE-2016-1576) halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. (CVE-2016-1575) It was discovered that the Linux kernel keyring subsystem contained a race between read and revoke operations. A local attacker could use this to cause a denial of service (system crash). (CVE-2015-7550) Guoyong Gang discovered that the Linux kernel networking implementation did not validate protocol identifiers for certain protocol families, A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2015-8543) Dmitry Vyukov discovered that the pptp implementation in the Linux kernel did not verify an address length when setting up a socket. A local attacker could use this to craft an application that exposed sensitive information from kernel memory. (CVE-2015-8569) David Miller discovered that the Bluetooth implementation in the Linux kernel did not properly validate the socket address length for Synchronous Connection-Oriented (SCO) sockets. A local attacker could use this to expose sensitive information. (CVE-2015-8575) It was discovered that the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id88896
    published2016-02-23
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88896
    titleUbuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2907-2)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1525.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Mounting a crafted EXT4 image read-only leads to an attacker controlled memory corruption and SLAB-Out-of-Bounds reads.(CVE-2016-10208i1/4%0 - An issue was discovered in the hwpoison implementation in mm/memory-failure.c in the Linux kernel before 5.0.4. When soft_offline_in_use_page() runs on a thp tail page after pmd is split, an attacker can cause a denial of service (BUG).(CVE-2019-10124i1/4%0 - A stack-based buffer overflow flaw was found in the Linux kernel
    last seen2020-03-19
    modified2019-05-14
    plugin id124978
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124978
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1525)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-C59710B05D.NASL
    descriptionThe 4.2.8 stable kernel update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-03-04
    plugin id89400
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89400
    titleFedora 23 : kernel-4.2.8-300.fc23 (2015-c59710b05d)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2910-2.NASL
    descriptionUSN-2910-1 fixed vulnerabilities in the Ubuntu 15.04 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a regression that broke graphics displays for Ubuntu 14.04 LTS guests running the Ubuntu 15.04 backport kernel within VMware virtual machines. This update fixes the problem. We apologize for the inconvenience. halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. (CVE-2016-1576) halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. (CVE-2016-1575) It was discovered that the Linux kernel keyring subsystem contained a race between read and revoke operations. A local attacker could use this to cause a denial of service (system crash). (CVE-2015-7550) Guoyong Gang discovered that the Linux kernel networking implementation did not validate protocol identifiers for certain protocol families, A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2015-8543) Dmitry Vyukov discovered that the pptp implementation in the Linux kernel did not verify an address length when setting up a socket. A local attacker could use this to craft an application that exposed sensitive information from kernel memory. (CVE-2015-8569) David Miller discovered that the Bluetooth implementation in the Linux kernel did not properly validate the socket address length for Synchronous Connection-Oriented (SCO) sockets. A local attacker could use this to expose sensitive information. (CVE-2015-8575) It was discovered that the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id89026
    published2016-02-29
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89026
    titleUbuntu 14.04 LTS : linux-lts-vivid regression (USN-2910-2)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-0855.NASL
    descriptionFrom Red Hat Security Advisory 2016:0855 : An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * It was found that reporting emulation failures to user space could lead to either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313) denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. Please note that on certain systems, HPET is mapped to userspace as part of vdso (vvar) and thus an unprivileged user may generate MMIO transactions (and enter the emulator) this way. (CVE-2010-5313, CVE-2014-7842, Moderate) * It was found that the Linux kernel did not properly account file descriptors passed over the unix socket against the process limit. A local user could use this flaw to exhaust all available memory on the system. (CVE-2013-4312, Moderate) * A buffer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id91210
    published2016-05-18
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91210
    titleOracle Linux 6 : kernel (ELSA-2016-0855)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3426-1.NASL
    descriptionThe remote Debian host is running a version of the Linux kernel prior to 3.2.73-2+deb7u1 on Debian 7 or is running a version of the Linux kernel prior to 3.16.7-ckt20-1+deb8u1 on Debian 8. It is, therefore, affected by the following vulnerabilities : - A use-after-free error exists in the unix_dgram_poll() function within file net/unix/af_unix.c. A local attacker can exploit this, via specially crafted epoll_ctl calls, to cause a denial of service condition or bypass AF_UNIX socket permissions. (CVE-2013-7446) - A NULL pointer dereference flaw exists in the slhc_init() function within file drivers/net/slip/slhc.c due to improper validation of slot numbers. A local attacker can exploit this, via specially crafted PPPIOCSMAXCID IOCTL calls, to cause a denial of service condition. (CVE-2015-7799) - A flaw exists in the usbvision driver that allows a local attacker, via a nonzero bInterfaceNumber value in a USB device descriptor, to cause a kernel panic, resulting in a denial of service condition. (CVE-2015-7833) - An infinite loop condition exists in the KVM subsystem on some unspecified CPU chipsets. A local attacker who has sufficient privileges within a virtual guest OS can exploit this issue, by triggering many debug exceptions, to cause a denial of service condition. (CVE-2015-8104) - A flaw exists in the truncate_space_check() function within file /fs/btrfs/inode.c due to improper handling of compressed file extents. A local attacker can exploit this, via a clone action, to disclose sensitive pre-truncation information from a file. (CVE-2015-8374) - A NULL pointer dereference flaw exists in the inet_autobind() function within file net/ipv4/af_inet.c when handling connection attempts via IPv6. A local attacker can exploit this, via a specially crafted SOCK_RAW application that makes use of CLONE_NEWUSER support, to cause a denial of service condition or possibly gain elevated privileges. (CVE-2015-8543)
    last seen2020-06-01
    modified2020-06-02
    plugin id92679
    published2016-08-02
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/92679
    titleDebian DSA-3426-1 : Linux Security Update
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3434.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. - CVE-2015-7513 It was discovered that a local user permitted to use the x86 KVM subsystem could configure the PIT emulation to cause a denial of service (crash). - CVE-2015-7550 Dmitry Vyukov discovered a race condition in the keyring subsystem that allows a local user to cause a denial of service (crash). - CVE-2015-8543 It was discovered that a local user permitted to create raw sockets could cause a denial-of-service by specifying an invalid protocol number for the socket. The attacker must have the CAP_NET_RAW capability. - CVE-2015-8550 Felix Wilhelm of ERNW discovered that the Xen PV backend drivers may read critical data from shared memory multiple times. This flaw can be used by a guest kernel to cause a denial of service (crash) on the host, or possibly for privilege escalation. - CVE-2015-8551 / CVE-2015-8552 Konrad Rzeszutek Wilk of Oracle discovered that the Xen PCI backend driver does not adequately validate the device state when a guest configures MSIs. This flaw can be used by a guest kernel to cause a denial of service (crash or disk space exhaustion) on the host. - CVE-2015-8569 Dmitry Vyukov discovered a flaw in the PPTP sockets implementation that leads to an information leak to local users. - CVE-2015-8575 David Miller discovered a flaw in the Bluetooth SCO sockets implementation that leads to an information leak to local users. - CVE-2015-8709 Jann Horn discovered a flaw in the permission checks for use of the ptrace feature. A local user who has the CAP_SYS_PTRACE capability within their own user namespace could use this flaw for privilege escalation if a more privileged process ever enters that user namespace. This affects at least the LXC system. In addition, this update fixes some regressions in the previous update : - #808293 A regression in the UDP implementation prevented freeradius and some other applications from receiving data. - #808602 / #808953 A regression in the USB XHCI driver prevented use of some devices in USB 3 SuperSpeed ports. - #808973 A fix to the radeon driver interacted with an existing bug to cause a crash at boot when using some AMD/ATI graphics cards. This issue only affects wheezy.
    last seen2020-06-01
    modified2020-06-02
    plugin id87741
    published2016-01-06
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87741
    titleDebian DSA-3434-1 : linux - security update

Redhat

advisories
  • rhsa
    idRHSA-2016:0855
  • rhsa
    idRHSA-2016:2574
  • rhsa
    idRHSA-2016:2584
rpms
  • kernel-0:2.6.32-642.el6
  • kernel-abi-whitelists-0:2.6.32-642.el6
  • kernel-bootwrapper-0:2.6.32-642.el6
  • kernel-debug-0:2.6.32-642.el6
  • kernel-debug-debuginfo-0:2.6.32-642.el6
  • kernel-debug-devel-0:2.6.32-642.el6
  • kernel-debuginfo-0:2.6.32-642.el6
  • kernel-debuginfo-common-i686-0:2.6.32-642.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-642.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-642.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-642.el6
  • kernel-devel-0:2.6.32-642.el6
  • kernel-doc-0:2.6.32-642.el6
  • kernel-firmware-0:2.6.32-642.el6
  • kernel-headers-0:2.6.32-642.el6
  • kernel-kdump-0:2.6.32-642.el6
  • kernel-kdump-debuginfo-0:2.6.32-642.el6
  • kernel-kdump-devel-0:2.6.32-642.el6
  • perf-0:2.6.32-642.el6
  • perf-debuginfo-0:2.6.32-642.el6
  • python-perf-0:2.6.32-642.el6
  • python-perf-debuginfo-0:2.6.32-642.el6
  • kernel-0:3.10.0-514.el7
  • kernel-abi-whitelists-0:3.10.0-514.el7
  • kernel-bootwrapper-0:3.10.0-514.el7
  • kernel-debug-0:3.10.0-514.el7
  • kernel-debug-debuginfo-0:3.10.0-514.el7
  • kernel-debug-devel-0:3.10.0-514.el7
  • kernel-debuginfo-0:3.10.0-514.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-514.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-514.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-514.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-514.el7
  • kernel-devel-0:3.10.0-514.el7
  • kernel-doc-0:3.10.0-514.el7
  • kernel-headers-0:3.10.0-514.el7
  • kernel-kdump-0:3.10.0-514.el7
  • kernel-kdump-debuginfo-0:3.10.0-514.el7
  • kernel-kdump-devel-0:3.10.0-514.el7
  • kernel-tools-0:3.10.0-514.el7
  • kernel-tools-debuginfo-0:3.10.0-514.el7
  • kernel-tools-libs-0:3.10.0-514.el7
  • kernel-tools-libs-devel-0:3.10.0-514.el7
  • perf-0:3.10.0-514.el7
  • perf-debuginfo-0:3.10.0-514.el7
  • python-perf-0:3.10.0-514.el7
  • python-perf-debuginfo-0:3.10.0-514.el7
  • kernel-rt-0:3.10.0-514.rt56.420.el7
  • kernel-rt-debug-0:3.10.0-514.rt56.420.el7
  • kernel-rt-debug-debuginfo-0:3.10.0-514.rt56.420.el7
  • kernel-rt-debug-devel-0:3.10.0-514.rt56.420.el7
  • kernel-rt-debug-kvm-0:3.10.0-514.rt56.420.el7
  • kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.rt56.420.el7
  • kernel-rt-debuginfo-0:3.10.0-514.rt56.420.el7
  • kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.rt56.420.el7
  • kernel-rt-devel-0:3.10.0-514.rt56.420.el7
  • kernel-rt-doc-0:3.10.0-514.rt56.420.el7
  • kernel-rt-kvm-0:3.10.0-514.rt56.420.el7
  • kernel-rt-kvm-debuginfo-0:3.10.0-514.rt56.420.el7
  • kernel-rt-trace-0:3.10.0-514.rt56.420.el7
  • kernel-rt-trace-debuginfo-0:3.10.0-514.rt56.420.el7
  • kernel-rt-trace-devel-0:3.10.0-514.rt56.420.el7
  • kernel-rt-trace-kvm-0:3.10.0-514.rt56.420.el7
  • kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.rt56.420.el7

References