Vulnerabilities > CVE-2016-0774 - Improper Input Validation vulnerability in multiple products

047910
CVSS 5.6 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
COMPLETE
local
low complexity
linux
google
CWE-20
nessus

Summary

The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-1805.

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Server Side Include (SSI) Injection
    An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
  • Cross Zone Scripting
    An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
  • Cross Site Scripting through Log Files
    An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
  • Command Line Execution through SQL Injection
    An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2967-1.NASL
    descriptionIt was discovered that the Linux kernel did not properly enforce rlimits for file descriptors sent over UNIX domain sockets. A local attacker could use this to cause a denial of service. (CVE-2013-4312) Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7515) Ralf Spenneberg discovered that the USB driver for Clie devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7566) Ralf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7833) It was discovered that a race condition existed when handling heartbeat- timeout events in the SCTP implementation of the Linux kernel. A remote attacker could use this to cause a denial of service. (CVE-2015-8767) Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id91087
    published2016-05-12
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91087
    titleUbuntu 12.04 LTS : linux vulnerabilities (USN-2967-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2967-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(91087);
      script_version("2.24");
      script_cvs_date("Date: 2019/09/18 12:31:45");
    
      script_cve_id("CVE-2013-4312", "CVE-2015-1805", "CVE-2015-7515", "CVE-2015-7566", "CVE-2015-7833", "CVE-2015-8767", "CVE-2015-8812", "CVE-2016-0723", "CVE-2016-0774", "CVE-2016-0821", "CVE-2016-2069", "CVE-2016-2543", "CVE-2016-2544", "CVE-2016-2545", "CVE-2016-2546", "CVE-2016-2547", "CVE-2016-2548", "CVE-2016-2549", "CVE-2016-2782", "CVE-2016-2847");
      script_xref(name:"USN", value:"2967-1");
    
      script_name(english:"Ubuntu 12.04 LTS : linux vulnerabilities (USN-2967-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that the Linux kernel did not properly enforce
    rlimits for file descriptors sent over UNIX domain sockets. A local
    attacker could use this to cause a denial of service. (CVE-2013-4312)
    
    Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in
    the Linux kernel did not properly sanity check the endpoints reported
    by the device. An attacker with physical access could cause a denial
    of service (system crash). (CVE-2015-7515)
    
    Ralf Spenneberg discovered that the USB driver for Clie devices in the
    Linux kernel did not properly sanity check the endpoints reported by
    the device. An attacker with physical access could cause a denial of
    service (system crash). (CVE-2015-7566)
    
    Ralf Spenneberg discovered that the usbvision driver in the Linux
    kernel did not properly sanity check the interfaces and endpoints
    reported by the device. An attacker with physical access could cause a
    denial of service (system crash). (CVE-2015-7833)
    
    It was discovered that a race condition existed when handling
    heartbeat- timeout events in the SCTP implementation of the Linux
    kernel. A remote attacker could use this to cause a denial of service.
    (CVE-2015-8767)
    
    Venkatesh Pottem discovered a use-after-free vulnerability in the
    Linux kernel's CXGB3 driver. A local attacker could use this to cause
    a denial of service (system crash) or possibly execute arbitrary code.
    (CVE-2015-8812)
    
    It was discovered that a race condition existed in the ioctl handler
    for the TTY driver in the Linux kernel. A local attacker could use
    this to cause a denial of service (system crash) or expose sensitive
    information. (CVE-2016-0723)
    
    It was discovered that the Linux kernel did not keep accurate track of
    pipe buffer details when error conditions occurred, due to an
    incomplete fix for CVE-2015-1805. A local attacker could use this to
    cause a denial of service (system crash) or possibly execute arbitrary
    code with administrative privileges. (CVE-2016-0774)
    
    Zach Riggle discovered that the Linux kernel's list poison feature did
    not take into account the mmap_min_addr value. A local attacker could
    use this to bypass the kernel's poison-pointer protection mechanism
    while attempting to exploit an existing kernel vulnerability.
    (CVE-2016-0821)
    
    Andy Lutomirski discovered a race condition in the Linux kernel's
    translation lookaside buffer (TLB) handling of flush events. A local
    attacker could use this to cause a denial of service or possibly leak
    sensitive information. (CVE-2016-2069)
    
    Dmitry Vyukov discovered that the Advanced Linux Sound Architecture
    (ALSA) framework did not verify that a FIFO was attached to a client
    before attempting to clear it. A local attacker could use this to
    cause a denial of service (system crash). (CVE-2016-2543)
    
    Dmitry Vyukov discovered that a race condition existed in the Advanced
    Linux Sound Architecture (ALSA) framework between timer setup and
    closing of the client, resulting in a use-after-free. A local attacker
    could use this to cause a denial of service. (CVE-2016-2544)
    
    Dmitry Vyukov discovered a race condition in the timer handling
    implementation of the Advanced Linux Sound Architecture (ALSA)
    framework, resulting in a use-after-free. A local attacker could use
    this to cause a denial of service (system crash). (CVE-2016-2545)
    
    Dmitry Vyukov discovered race conditions in the Advanced Linux Sound
    Architecture (ALSA) framework's timer ioctls leading to a
    use-after-free. A local attacker could use this to cause a denial of
    service (system crash) or possibly execute arbitrary code.
    (CVE-2016-2546)
    
    Dmitry Vyukov discovered that the Advanced Linux Sound Architecture
    (ALSA) framework's handling of high resolution timers did not properly
    manage its data structures. A local attacker could use this to cause a
    denial of service (system hang or crash) or possibly execute arbitrary
    code. (CVE-2016-2547, CVE-2016-2548)
    
    Dmitry Vyukov discovered that the Advanced Linux Sound Architecture
    (ALSA) framework's handling of high resolution timers could lead to a
    deadlock condition. A local attacker could use this to cause a denial
    of service (system hang). (CVE-2016-2549)
    
    Ralf Spenneberg discovered that the USB driver for Treo devices in the
    Linux kernel did not properly sanity check the endpoints reported by
    the device. An attacker with physical access could cause a denial of
    service (system crash). (CVE-2016-2782)
    
    It was discovered that the Linux kernel did not enforce limits on the
    amount of data allocated to buffer pipes. A local attacker could use
    this to cause a denial of service (resource exhaustion).
    (CVE-2016-2847).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2967-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/08/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/05/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2013-4312", "CVE-2015-1805", "CVE-2015-7515", "CVE-2015-7566", "CVE-2015-7833", "CVE-2015-8767", "CVE-2015-8812", "CVE-2016-0723", "CVE-2016-0774", "CVE-2016-0821", "CVE-2016-2069", "CVE-2016-2543", "CVE-2016-2544", "CVE-2016-2545", "CVE-2016-2546", "CVE-2016-2547", "CVE-2016-2548", "CVE-2016-2549", "CVE-2016-2782", "CVE-2016-2847");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2967-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-102-generic", pkgver:"3.2.0-102.142")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-102-generic-pae", pkgver:"3.2.0-102.142")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-102-highbank", pkgver:"3.2.0-102.142")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-102-virtual", pkgver:"3.2.0-102.142")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.2-generic / linux-image-3.2-generic-pae / etc");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-2152.NASL
    descriptionFrom Red Hat Security Advisory 2015:2152 : Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 7. This is the second regular update. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id87090
    published2015-11-30
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87090
    titleOracle Linux 7 : kernel (ELSA-2015-2152)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2015:2152 and 
    # Oracle Linux Security Advisory ELSA-2015-2152 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(87090);
      script_version("2.27");
      script_cvs_date("Date: 2019/09/27 13:00:36");
    
      script_cve_id("CVE-2010-5313", "CVE-2013-7421", "CVE-2014-3647", "CVE-2014-7842", "CVE-2014-8171", "CVE-2014-9419", "CVE-2014-9644", "CVE-2015-0239", "CVE-2015-2925", "CVE-2015-3288", "CVE-2015-3339", "CVE-2015-4170", "CVE-2015-5283", "CVE-2015-6526", "CVE-2015-7553", "CVE-2015-7613", "CVE-2015-7837", "CVE-2015-8215", "CVE-2016-0774");
      script_xref(name:"RHSA", value:"2015:2152");
    
      script_name(english:"Oracle Linux 7 : kernel (ELSA-2015-2152)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2015:2152 :
    
    Updated kernel packages that fix multiple security issues, address
    several hundred bugs, and add numerous enhancements are now available
    as part of the ongoing support and maintenance of Red Hat Enterprise
    Linux version 7. This is the second regular update.
    
    Red Hat Product Security has rated this update as having Important
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    * A flaw was found in the way the Linux kernel's file system
    implementation handled rename operations in which the source was
    inside and the destination was outside of a bind mount. A privileged
    user inside a container could use this flaw to escape the bind mount
    and, potentially, escalate their privileges on the system.
    (CVE-2015-2925, Important)
    
    * A race condition flaw was found in the way the Linux kernel's IPC
    subsystem initialized certain fields in an IPC object structure that
    were later used for permission checking before inserting the object
    into a globally visible list. A local, unprivileged user could
    potentially use this flaw to elevate their privileges on the system.
    (CVE-2015-7613, Important)
    
    * It was found that reporting emulation failures to user space could
    lead to either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313)
    denial of service. In the case of a local denial of service, an
    attacker must have access to the MMIO area or be able to access an I/O
    port. (CVE-2010-5313, CVE-2014-7842, Moderate)
    
    * A flaw was found in the way the Linux kernel's KVM subsystem handled
    non-canonical addresses when emulating instructions that change the
    RIP (for example, branches or calls). A guest user with access to an
    I/O or MMIO region could use this flaw to crash the guest.
    (CVE-2014-3647, Moderate)
    
    * It was found that the Linux kernel memory resource controller's
    (memcg) handling of OOM (out of memory) conditions could lead to
    deadlocks. An attacker could use this flaw to lock up the system.
    (CVE-2014-8171, Moderate)
    
    * A race condition flaw was found between the chown and execve system
    calls. A local, unprivileged user could potentially use this flaw to
    escalate their privileges on the system. (CVE-2015-3339, Moderate)
    
    * A flaw was discovered in the way the Linux kernel's TTY subsystem
    handled the tty shutdown phase. A local, unprivileged user could use
    this flaw to cause a denial of service on the system. (CVE-2015-4170,
    Moderate)
    
    * A NULL pointer dereference flaw was found in the SCTP
    implementation. A local user could use this flaw to cause a denial of
    service on the system by triggering a kernel panic when creating
    multiple sockets in parallel while the system did not have the SCTP
    module loaded. (CVE-2015-5283, Moderate)
    
    * A flaw was found in the way the Linux kernel's perf subsystem
    retrieved userlevel stack traces on PowerPC systems. A local,
    unprivileged user could use this flaw to cause a denial of service on
    the system. (CVE-2015-6526, Moderate)
    
    * A flaw was found in the way the Linux kernel's Crypto subsystem
    handled automatic loading of kernel modules. A local user could use
    this flaw to load any installed kernel module, and thus increase the
    attack surface of the running kernel. (CVE-2013-7421, CVE-2014-9644,
    Low)
    
    * An information leak flaw was found in the way the Linux kernel
    changed certain segment registers and thread-local storage (TLS)
    during a context switch. A local, unprivileged user could use this
    flaw to leak the user space TLS base address of an arbitrary process.
    (CVE-2014-9419, Low)
    
    * It was found that the Linux kernel KVM subsystem's sysenter
    instruction emulation was not sufficient. An unprivileged guest user
    could use this flaw to escalate their privileges by tricking the
    hypervisor to emulate a SYSENTER instruction in 16-bit mode, if the
    guest OS did not initialize the SYSENTER model-specific registers
    (MSRs). Note: Certified guest operating systems for Red Hat Enterprise
    Linux with KVM do initialize the SYSENTER MSRs and are thus not
    vulnerable to this issue when running on a KVM hypervisor.
    (CVE-2015-0239, Low)
    
    * A flaw was found in the way the Linux kernel handled the securelevel
    functionality after performing a kexec operation. A local attacker
    could use this flaw to bypass the security mechanism of the
    securelevel/secureboot combination. (CVE-2015-7837, Low)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2015-November/005581.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/11/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/30");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2010-5313", "CVE-2013-7421", "CVE-2014-3647", "CVE-2014-7842", "CVE-2014-8171", "CVE-2014-9419", "CVE-2014-9644", "CVE-2015-0239", "CVE-2015-2925", "CVE-2015-3288", "CVE-2015-3339", "CVE-2015-4170", "CVE-2015-5283", "CVE-2015-6526", "CVE-2015-7553", "CVE-2015-7613", "CVE-2015-7837", "CVE-2015-8215", "CVE-2016-0774");  
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2015-2152");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    kernel_major_minor = get_kb_item("Host/uname/major_minor");
    if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
    expected_kernel_major_minor = "3.10";
    if (kernel_major_minor != expected_kernel_major_minor)
      audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
    
    flag = 0;
    if (rpm_exists(release:"EL7", rpm:"kernel-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-3.10.0-327.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-abi-whitelists-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-abi-whitelists-3.10.0-327.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-debug-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-debug-3.10.0-327.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-debug-devel-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-327.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-devel-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-devel-3.10.0-327.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-doc-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-doc-3.10.0-327.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-headers-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-headers-3.10.0-327.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-tools-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-tools-3.10.0-327.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-tools-libs-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-327.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-tools-libs-devel-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-327.el7")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"perf-3.10.0-327.el7")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"python-perf-3.10.0-327.el7")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
    }
    
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2016-0046.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - skbuff: skb_segment: orphan frags before copying (Dongli Zhang) - RDS/IB: VRPC DELAY / OSS RECONNECT CAUSES 5 MINUTE STALL ON PORT FAILURE (Venkat Venkatsubra) [Orabug: 22888920] - mlx4_core: Introduce restrictions for PD update (Ajaykumar Hotchandani) - filename should be destroyed via final_putname instead of __putname (John Sobecki) [Orabug: 22346320] - RDS: Fix the atomicity for congestion map update (Wengang Wang) - sctp: Prevent soft lockup when sctp_accept is called during a timeout event (Karl Heiss) [Orabug: 23222753] (CVE-2015-8767) - x86_64: expand kernel stack to 16K (Minchan Kim) [Orabug: 21140371] - iommu/vt-d: add quirk for broken interrupt remapping on 55XX chipsets (Neil Horman) [Orabug: 22534160] - xen: remove unneeded variables and one constant (Daniel Kiper) - Revert
    last seen2020-06-01
    modified2020-06-02
    plugin id90988
    published2016-05-09
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90988
    titleOracleVM 3.3 : kernel-uek (OVMSA-2016-0046)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from OracleVM
    # Security Advisory OVMSA-2016-0046.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(90988);
      script_version("2.9");
      script_cvs_date("Date: 2019/09/27 13:00:35");
    
      script_cve_id("CVE-2015-1805", "CVE-2015-8767", "CVE-2016-0774");
      script_bugtraq_id(74951);
    
      script_name(english:"OracleVM 3.3 : kernel-uek (OVMSA-2016-0046)");
      script_summary(english:"Checks the RPM output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote OracleVM host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote OracleVM system is missing necessary patches to address
    critical security updates :
    
      - skbuff: skb_segment: orphan frags before copying (Dongli
        Zhang) 
    
      - RDS/IB: VRPC DELAY / OSS RECONNECT CAUSES 5 MINUTE STALL
        ON PORT FAILURE (Venkat Venkatsubra) [Orabug: 22888920]
    
      - mlx4_core: Introduce restrictions for PD update
        (Ajaykumar Hotchandani)
    
      - filename should be destroyed via final_putname instead
        of __putname (John Sobecki) [Orabug: 22346320]
    
      - RDS: Fix the atomicity for congestion map update
        (Wengang Wang) 
    
      - sctp: Prevent soft lockup when sctp_accept is called
        during a timeout event (Karl Heiss) [Orabug: 23222753]
        (CVE-2015-8767)
    
      - x86_64: expand kernel stack to 16K (Minchan Kim)
        [Orabug: 21140371]
    
      - iommu/vt-d: add quirk for broken interrupt remapping on
        55XX chipsets (Neil Horman) [Orabug: 22534160]
    
      - xen: remove unneeded variables and one constant (Daniel
        Kiper) 
    
      - Revert 'x86/xen: delay construction of mfn_list_list'
        (Daniel Kiper) 
    
      - ocfs2/dlm: fix misuse of list_move_tail in
        dlm_run_purge_list (Tariq Saeed) [Orabug: 22898384]
    
      - ocfs2/dlm: do not purge lockres that is queued for
        assert master (Xue jiufei) [Orabug: 22898384]
    
      - pipe: Fix buffer offset after partially failed read (Ben
        Hutchings) [Orabug: 22985903] (CVE-2016-0774)
        (CVE-2015-1805) (CVE-2016-0774)
    
      - xen-blkback: replace work_pending with work_busy in
        purge_persistent_gnt (Bob Liu) [Orabug: 22463905]
    
      - coredump: add new %PATCH variable in core_pattern
        (Herbert van den Bergh) [Orabug: 22666980]
    
      - veth: don&rsquo t modify ip_summed  doing so treats
        packets with bad checksums as good. (Vijay Pandurangan)
        [Orabug: 22725572]
    
      - libiscsi: Fix host busy blocking during connection
        teardown (John Soni Jose) [Orabug: 22735756]
    
      - RDS: Add interface for receive MSG latency trace
        (Santosh Shilimkar) 
    
      - RDS: Add support for per socket SO_TIMESTAMP for
        incoming messages (Santosh Shilimkar) [Orabug: 22868366]"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/oraclevm-errata/2016-May/000457.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel-uek / kernel-uek-firmware packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek-firmware");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/08/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/05/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/09");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"OracleVM Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/OracleVM/release");
    if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
    if (! preg(pattern:"^OVS" + "3\.3" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.3", "OracleVM " + release);
    if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"OVS3.3", reference:"kernel-uek-3.8.13-118.6.1.el6uek")) flag++;
    if (rpm_check(release:"OVS3.3", reference:"kernel-uek-firmware-3.8.13-118.6.1.el6uek")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-uek / kernel-uek-firmware");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-0785-1.NASL
    descriptionThe SUSE Linux Enterprise 12 kernel was updated to 3.12.55 to receive various security and bugfixes. Features added : - A improved XEN blkfront module was added, which allows more I/O bandwidth. (FATE#320625) It is called xen-blkfront in PV, and xen-vbd-upstream in HVM mode. The following security bugs were fixed : - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654). - CVE-2015-5707: Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request (bnc#940338). - CVE-2015-8709: kernel/ptrace.c in the Linux kernel mishandled uid and gid mappings, which allowed local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states
    last seen2020-06-01
    modified2020-06-02
    plugin id89993
    published2016-03-17
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89993
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:0785-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-3528.NASL
    descriptionDescription of changes: kernel-uek [3.8.13-118.4.2.el7uek] - pipe: Fix buffer offset after partially failed read (Ben Hutchings) [Orabug: 22985903] {CVE-2016-0774} {CVE-2015-1805} {CVE-2016-0774}
    last seen2020-06-01
    modified2020-06-02
    plugin id90178
    published2016-03-25
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90178
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3528)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL08440897.NASL
    descriptionThe (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an
    last seen2020-03-17
    modified2016-09-02
    plugin id93255
    published2016-09-02
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93255
    titleF5 Networks BIG-IP : Linux kernel vulnerability (K08440897)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-0103.NASL
    descriptionUpdated kernel packages that fix three security issues, multiple bugs, and one enhancement are now available for Red Hat Enterprise Linux 7.1 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the x86 ISA (Instruction Set Architecture) is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way (sequential) delivering of benign exceptions such as #DB (debug exception) is handled. A privileged user inside a guest could use this flaw to create denial of service conditions on the host kernel. (CVE-2015-8104, Important) * A use-after-free flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id88558
    published2016-02-03
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88558
    titleRHEL 7 : kernel (RHSA-2016:0103)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-0494.NASL
    descriptionUpdated kernel packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the fix for CVE-2015-1805 incorrectly kept buffer offset and buffer length in sync on a failed atomic read, potentially resulting in a pipe buffer state corruption. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space. (CVE-2016-0774, Moderate) The security impact of this issue was discovered by Red Hat. This update also fixes the following bugs : * In the anon_vma structure, the degree counts number of child anon_vmas and of VMAs which points to this anon_vma. Failure to decrement the parent
    last seen2020-06-01
    modified2020-06-02
    plugin id90123
    published2016-03-24
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90123
    titleCentOS 6 : kernel (CESA-2016:0494)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-0494.NASL
    descriptionFrom Red Hat Security Advisory 2016:0494 : Updated kernel packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the fix for CVE-2015-1805 incorrectly kept buffer offset and buffer length in sync on a failed atomic read, potentially resulting in a pipe buffer state corruption. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space. (CVE-2016-0774, Moderate) The security impact of this issue was discovered by Red Hat. This update also fixes the following bugs : * In the anon_vma structure, the degree counts number of child anon_vmas and of VMAs which points to this anon_vma. Failure to decrement the parent
    last seen2020-06-01
    modified2020-06-02
    plugin id90113
    published2016-03-23
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90113
    titleOracle Linux 6 : kernel (ELSA-2016-0494)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3503.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, information leak or data loss. - CVE-2013-4312, CVE-2016-2847 Tetsuo Handa discovered that users can use pipes queued on local (Unix) sockets to allocate an unfair share of kernel memory, leading to denial-of-service (resource exhaustion). This issue was previously mitigated for the stable suite by limiting the total number of files queued by each user on local sockets. The new kernel version in both suites includes that mitigation plus limits on the total size of pipe buffers allocated for each user. - CVE-2015-7566 Ralf Spenneberg of OpenSource Security reported that the visor driver crashes when a specially crafted USB device without bulk-out endpoint is detected. - CVE-2015-8767 An SCTP denial-of-service was discovered which can be triggered by a local attacker during a heartbeat timeout event after the 4-way handshake. - CVE-2015-8785 It was discovered that local users permitted to write to a file on a FUSE filesystem could cause a denial of service (unkillable loop in the kernel). - CVE-2015-8812 A flaw was found in the iw_cxgb3 Infiniband driver. Whenever it could not send a packet because the network was congested, it would free the packet buffer but later attempt to send the packet again. This use-after-free could result in a denial of service (crash or hang), data loss or privilege escalation. - CVE-2015-8816 A use-after-free vulnerability was discovered in the USB hub driver. This may be used by a physically present user for privilege escalation. - CVE-2015-8830 Ben Hawkes of Google Project Zero reported that the AIO interface permitted reading or writing 2 GiB of data or more in a single chunk, which could lead to an integer overflow when applied to certain filesystems, socket or device types. The full security impact has not been evaluated. - CVE-2016-0723 A use-after-free vulnerability was discovered in the TIOCGETD ioctl. A local attacker could use this flaw for denial-of-service. - CVE-2016-0774 It was found that the fix for CVE-2015-1805 in kernel versions older than Linux 3.16 did not correctly handle the case of a partially failed atomic read. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space. - CVE-2016-2069 Andy Lutomirski discovered a race condition in flushing of the TLB when switching tasks on an x86 system. On an SMP system this could possibly lead to a crash, information leak or privilege escalation. - CVE-2016-2384 Andrey Konovalov found that a crafted USB MIDI device with an invalid USB descriptor could trigger a double-free. This may be used by a physically present user for privilege escalation. - CVE-2016-2543 Dmitry Vyukov found that the core sound sequencer driver (snd-seq) lacked a necessary check for a NULL pointer, allowing a user with access to a sound sequencer device to cause a denial-of service (crash). - CVE-2016-2544, CVE-2016-2546, CVE-2016-2547, CVE-2016-2548 Dmitry Vyukov found various race conditions in the sound subsystem (ALSA)
    last seen2020-06-01
    modified2020-06-02
    plugin id89122
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89122
    titleDebian DSA-3503-1 : linux - security update
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2968-1.NASL
    descriptionRalf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7515) Ben Hawkes discovered that the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id91088
    published2016-05-12
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91088
    titleUbuntu 14.04 LTS : linux vulnerabilities (USN-2968-1)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0057.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0057 for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id99163
    published2017-04-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99163
    titleOracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2968-2.NASL
    descriptionUSN-2968-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7515) Ben Hawkes discovered that the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id91089
    published2016-05-12
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91089
    titleUbuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2968-2)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2016-1007.NASL
    descriptionAccording to the version of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that the fix for CVE-2015-1805 incorrectly kept buffer offset and buffer length in sync on a failed atomic read, potentially resulting in a pipe buffer state corruption. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space. (CVE-2016-0774i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-05-01
    plugin id99770
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99770
    titleEulerOS 2.0 SP1 : kernel (EulerOS-SA-2016-1007)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-0494.NASL
    descriptionUpdated kernel packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the fix for CVE-2015-1805 incorrectly kept buffer offset and buffer length in sync on a failed atomic read, potentially resulting in a pipe buffer state corruption. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space. (CVE-2016-0774, Moderate) The security impact of this issue was discovered by Red Hat. This update also fixes the following bugs : * In the anon_vma structure, the degree counts number of child anon_vmas and of VMAs which points to this anon_vma. Failure to decrement the parent
    last seen2020-06-01
    modified2020-06-02
    plugin id90117
    published2016-03-23
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90117
    titleRHEL 6 : kernel (RHSA-2016:0494)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20160323_KERNEL_ON_SL6_X.NASL
    description - It was found that the fix for CVE-2015-1805 incorrectly kept buffer offset and buffer length in sync on a failed atomic read, potentially resulting in a pipe buffer state corruption. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space. (CVE-2016-0774, Moderate) This update also fixes the following bugs : - In the anon_vma structure, the degree counts number of child anon_vmas and of VMAs which points to this anon_vma. Failure to decrement the parent
    last seen2020-03-18
    modified2016-03-24
    plugin id90144
    published2016-03-24
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90144
    titleScientific Linux Security Update : kernel on SL6.x i386/x86_64 (20160323)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-439.NASL
    descriptionThis update fixes the CVEs described below. CVE-2015-8812 A flaw was found in the iw_cxgb3 Infiniband driver. Whenever it could not send a packet because the network was congested, it would free the packet buffer but later attempt to send the packet again. This use-after-free could result in a denial of service (crash or hang), data loss or privilege escalation. CVE-2016-0774 It was found that the fix for CVE-2015-1805 in kernel versions older than Linux 3.16 did not correctly handle the case of a partially failed atomic read. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space. CVE-2016-2384 Andrey Konovalov found that a USB MIDI device with an invalid USB descriptor could trigger a double-free. This may be used by a physically present user for privilege escalation. Additionally, it fixes some old security issues with no CVE ID : Several kernel APIs permitted reading or writing 2 GiB of data or more in a single chunk, which could lead to an integer overflow when applied to certain filesystems, socket or device types. The full security impact has not been evaluated. Finally, it fixes a regression in 2.6.32-48squeeze17 that would cause Samba to hang in some situations. For the oldoldstable distribution (squeeze), these problems have been fixed in version 2.6.32-48squeeze20. This is *really* the final update to the linux-2.6 package for squeeze. For the oldstable distribution (wheezy), the kernel was not affected by the integer overflow issues and the remaining problems will be fixed in version 3.2.73-2+deb7u3. For the stable distribution (jessie), the kernel was not affected by the integer overflow issues or CVE-2016-0774, and the remaining problems will be fixed in version 3.16.7-ckt20-1+deb8u4. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2016-03-01
    plugin id89040
    published2016-03-01
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89040
    titleDebian DLA-439-1 : linux-2.6 security update
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-2152.NASL
    descriptionUpdated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 7. This is the second regular update. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id86972
    published2015-11-20
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86972
    titleRHEL 7 : kernel (RHSA-2015:2152)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-2152.NASL
    descriptionUpdated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 7. This is the second regular update. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id87135
    published2015-12-02
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87135
    titleCentOS 7 : kernel (CESA-2015:2152)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-0617.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * It was found that the fix for CVE-2015-1805 incorrectly kept buffer offset and buffer length in sync on a failed atomic read, potentially resulting in a pipe buffer state corruption. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space. (CVE-2016-0774, Moderate) The security impact of this issue was discovered by Red Hat. Bug Fix(es) : * Due to prematurely decremented calc_load_task, the calculated load average was off by up to the number of CPUs in the machine. As a consequence, job scheduling worked improperly causing a drop in the system performance. This update keeps the delta of the CPU going into NO_HZ idle separately, and folds the pending idle delta into the global active count while correctly aging the averages for the idle-duration when leaving NO_HZ mode. Now, job scheduling works correctly, ensuring balanced CPU load. (BZ#1308968) * Previously, the Stream Control Transmission Protocol (SCTP) retransmission path selection was not fully RFC compliant when Partial Failover had been enabled. The provided patch provides SCTP path selection updates, thus fixing this bug. (BZ#1306565)
    last seen2020-06-01
    modified2020-06-02
    plugin id90494
    published2016-04-13
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90494
    titleRHEL 6 : kernel (RHSA-2016:0617)

Redhat

advisories
  • bugzilla
    id1272472
    titleCVE-2015-7837 kernel: securelevel disabled after kexec
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • commentkernel earlier than 0:3.10.0-327.el7 is currently running
          ovaloval:com.redhat.rhsa:tst:20152152031
        • commentkernel earlier than 0:3.10.0-327.el7 is set to boot up on next boot
          ovaloval:com.redhat.rhsa:tst:20152152032
      • OR
        • AND
          • commentkernel-tools-libs-devel is earlier than 0:3.10.0-327.el7
            ovaloval:com.redhat.rhsa:tst:20152152001
          • commentkernel-tools-libs-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140678022
        • AND
          • commentkernel-doc is earlier than 0:3.10.0-327.el7
            ovaloval:com.redhat.rhsa:tst:20152152003
          • commentkernel-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842002
        • AND
          • commentkernel-abi-whitelists is earlier than 0:3.10.0-327.el7
            ovaloval:com.redhat.rhsa:tst:20152152005
          • commentkernel-abi-whitelists is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20131645022
        • AND
          • commentkernel is earlier than 0:3.10.0-327.el7
            ovaloval:com.redhat.rhsa:tst:20152152007
          • commentkernel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842012
        • AND
          • commentkernel-debug is earlier than 0:3.10.0-327.el7
            ovaloval:com.redhat.rhsa:tst:20152152009
          • commentkernel-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842014
        • AND
          • commentkernel-debug-devel is earlier than 0:3.10.0-327.el7
            ovaloval:com.redhat.rhsa:tst:20152152011
          • commentkernel-debug-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842008
        • AND
          • commentkernel-tools-libs is earlier than 0:3.10.0-327.el7
            ovaloval:com.redhat.rhsa:tst:20152152013
          • commentkernel-tools-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140678016
        • AND
          • commentpython-perf is earlier than 0:3.10.0-327.el7
            ovaloval:com.redhat.rhsa:tst:20152152015
          • commentpython-perf is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111530024
        • AND
          • commentkernel-tools is earlier than 0:3.10.0-327.el7
            ovaloval:com.redhat.rhsa:tst:20152152017
          • commentkernel-tools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140678012
        • AND
          • commentkernel-devel is earlier than 0:3.10.0-327.el7
            ovaloval:com.redhat.rhsa:tst:20152152019
          • commentkernel-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842016
        • AND
          • commentkernel-headers is earlier than 0:3.10.0-327.el7
            ovaloval:com.redhat.rhsa:tst:20152152021
          • commentkernel-headers is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842010
        • AND
          • commentperf is earlier than 0:3.10.0-327.el7
            ovaloval:com.redhat.rhsa:tst:20152152023
          • commentperf is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842006
        • AND
          • commentkernel-bootwrapper is earlier than 0:3.10.0-327.el7
            ovaloval:com.redhat.rhsa:tst:20152152025
          • commentkernel-bootwrapper is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842018
        • AND
          • commentkernel-kdump-devel is earlier than 0:3.10.0-327.el7
            ovaloval:com.redhat.rhsa:tst:20152152027
          • commentkernel-kdump-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842022
        • AND
          • commentkernel-kdump is earlier than 0:3.10.0-327.el7
            ovaloval:com.redhat.rhsa:tst:20152152029
          • commentkernel-kdump is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842020
    rhsa
    idRHSA-2015:2152
    released2015-11-19
    severityImportant
    titleRHSA-2015:2152: kernel security, bug fix, and enhancement update (Important)
  • bugzilla
    id1303961
    titleCVE-2016-0774 kernel: pipe buffer state corruption after unsuccessful atomic read from pipe
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • commentkernel earlier than 0:2.6.32-573.22.1.el6 is currently running
          ovaloval:com.redhat.rhsa:tst:20160494027
        • commentkernel earlier than 0:2.6.32-573.22.1.el6 is set to boot up on next boot
          ovaloval:com.redhat.rhsa:tst:20160494028
      • OR
        • AND
          • commentpython-perf is earlier than 0:2.6.32-573.22.1.el6
            ovaloval:com.redhat.rhsa:tst:20160494001
          • commentpython-perf is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111530024
        • AND
          • commentkernel-abi-whitelists is earlier than 0:2.6.32-573.22.1.el6
            ovaloval:com.redhat.rhsa:tst:20160494003
          • commentkernel-abi-whitelists is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20131645022
        • AND
          • commentkernel-doc is earlier than 0:2.6.32-573.22.1.el6
            ovaloval:com.redhat.rhsa:tst:20160494005
          • commentkernel-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842002
        • AND
          • commentkernel-firmware is earlier than 0:2.6.32-573.22.1.el6
            ovaloval:com.redhat.rhsa:tst:20160494007
          • commentkernel-firmware is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842004
        • AND
          • commentkernel-debug-devel is earlier than 0:2.6.32-573.22.1.el6
            ovaloval:com.redhat.rhsa:tst:20160494009
          • commentkernel-debug-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842008
        • AND
          • commentperf is earlier than 0:2.6.32-573.22.1.el6
            ovaloval:com.redhat.rhsa:tst:20160494011
          • commentperf is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842006
        • AND
          • commentkernel-debug is earlier than 0:2.6.32-573.22.1.el6
            ovaloval:com.redhat.rhsa:tst:20160494013
          • commentkernel-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842014
        • AND
          • commentkernel is earlier than 0:2.6.32-573.22.1.el6
            ovaloval:com.redhat.rhsa:tst:20160494015
          • commentkernel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842012
        • AND
          • commentkernel-headers is earlier than 0:2.6.32-573.22.1.el6
            ovaloval:com.redhat.rhsa:tst:20160494017
          • commentkernel-headers is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842010
        • AND
          • commentkernel-devel is earlier than 0:2.6.32-573.22.1.el6
            ovaloval:com.redhat.rhsa:tst:20160494019
          • commentkernel-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842016
        • AND
          • commentkernel-kdump is earlier than 0:2.6.32-573.22.1.el6
            ovaloval:com.redhat.rhsa:tst:20160494021
          • commentkernel-kdump is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842020
        • AND
          • commentkernel-kdump-devel is earlier than 0:2.6.32-573.22.1.el6
            ovaloval:com.redhat.rhsa:tst:20160494023
          • commentkernel-kdump-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842022
        • AND
          • commentkernel-bootwrapper is earlier than 0:2.6.32-573.22.1.el6
            ovaloval:com.redhat.rhsa:tst:20160494025
          • commentkernel-bootwrapper is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842018
    rhsa
    idRHSA-2016:0494
    released2016-03-22
    severityModerate
    titleRHSA-2016:0494: kernel security, bug fix, and enhancement update (Moderate)
  • rhsa
    idRHSA-2016:0617
rpms
  • kernel-0:3.10.0-327.el7
  • kernel-abi-whitelists-0:3.10.0-327.el7
  • kernel-bootwrapper-0:3.10.0-327.el7
  • kernel-debug-0:3.10.0-327.el7
  • kernel-debug-debuginfo-0:3.10.0-327.el7
  • kernel-debug-devel-0:3.10.0-327.el7
  • kernel-debuginfo-0:3.10.0-327.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-327.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-327.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-327.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-327.el7
  • kernel-devel-0:3.10.0-327.el7
  • kernel-doc-0:3.10.0-327.el7
  • kernel-headers-0:3.10.0-327.el7
  • kernel-kdump-0:3.10.0-327.el7
  • kernel-kdump-debuginfo-0:3.10.0-327.el7
  • kernel-kdump-devel-0:3.10.0-327.el7
  • kernel-tools-0:3.10.0-327.el7
  • kernel-tools-debuginfo-0:3.10.0-327.el7
  • kernel-tools-libs-0:3.10.0-327.el7
  • kernel-tools-libs-devel-0:3.10.0-327.el7
  • perf-0:3.10.0-327.el7
  • perf-debuginfo-0:3.10.0-327.el7
  • python-perf-0:3.10.0-327.el7
  • python-perf-debuginfo-0:3.10.0-327.el7
  • kernel-0:3.10.0-229.26.2.ael7b
  • kernel-0:3.10.0-229.26.2.el7
  • kernel-abi-whitelists-0:3.10.0-229.26.2.ael7b
  • kernel-abi-whitelists-0:3.10.0-229.26.2.el7
  • kernel-bootwrapper-0:3.10.0-229.26.2.ael7b
  • kernel-bootwrapper-0:3.10.0-229.26.2.el7
  • kernel-debug-0:3.10.0-229.26.2.ael7b
  • kernel-debug-0:3.10.0-229.26.2.el7
  • kernel-debug-debuginfo-0:3.10.0-229.26.2.ael7b
  • kernel-debug-debuginfo-0:3.10.0-229.26.2.el7
  • kernel-debug-devel-0:3.10.0-229.26.2.ael7b
  • kernel-debug-devel-0:3.10.0-229.26.2.el7
  • kernel-debuginfo-0:3.10.0-229.26.2.ael7b
  • kernel-debuginfo-0:3.10.0-229.26.2.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-229.26.2.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-229.26.2.ael7b
  • kernel-debuginfo-common-s390x-0:3.10.0-229.26.2.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-229.26.2.el7
  • kernel-devel-0:3.10.0-229.26.2.ael7b
  • kernel-devel-0:3.10.0-229.26.2.el7
  • kernel-doc-0:3.10.0-229.26.2.ael7b
  • kernel-doc-0:3.10.0-229.26.2.el7
  • kernel-headers-0:3.10.0-229.26.2.ael7b
  • kernel-headers-0:3.10.0-229.26.2.el7
  • kernel-kdump-0:3.10.0-229.26.2.el7
  • kernel-kdump-debuginfo-0:3.10.0-229.26.2.el7
  • kernel-kdump-devel-0:3.10.0-229.26.2.el7
  • kernel-tools-0:3.10.0-229.26.2.ael7b
  • kernel-tools-0:3.10.0-229.26.2.el7
  • kernel-tools-debuginfo-0:3.10.0-229.26.2.ael7b
  • kernel-tools-debuginfo-0:3.10.0-229.26.2.el7
  • kernel-tools-libs-0:3.10.0-229.26.2.ael7b
  • kernel-tools-libs-0:3.10.0-229.26.2.el7
  • kernel-tools-libs-devel-0:3.10.0-229.26.2.ael7b
  • kernel-tools-libs-devel-0:3.10.0-229.26.2.el7
  • perf-0:3.10.0-229.26.2.ael7b
  • perf-0:3.10.0-229.26.2.el7
  • perf-debuginfo-0:3.10.0-229.26.2.ael7b
  • perf-debuginfo-0:3.10.0-229.26.2.el7
  • python-perf-0:3.10.0-229.26.2.ael7b
  • python-perf-0:3.10.0-229.26.2.el7
  • python-perf-debuginfo-0:3.10.0-229.26.2.ael7b
  • python-perf-debuginfo-0:3.10.0-229.26.2.el7
  • kernel-0:2.6.32-573.22.1.el6
  • kernel-abi-whitelists-0:2.6.32-573.22.1.el6
  • kernel-bootwrapper-0:2.6.32-573.22.1.el6
  • kernel-debug-0:2.6.32-573.22.1.el6
  • kernel-debug-debuginfo-0:2.6.32-573.22.1.el6
  • kernel-debug-devel-0:2.6.32-573.22.1.el6
  • kernel-debuginfo-0:2.6.32-573.22.1.el6
  • kernel-debuginfo-common-i686-0:2.6.32-573.22.1.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-573.22.1.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-573.22.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-573.22.1.el6
  • kernel-devel-0:2.6.32-573.22.1.el6
  • kernel-doc-0:2.6.32-573.22.1.el6
  • kernel-firmware-0:2.6.32-573.22.1.el6
  • kernel-headers-0:2.6.32-573.22.1.el6
  • kernel-kdump-0:2.6.32-573.22.1.el6
  • kernel-kdump-debuginfo-0:2.6.32-573.22.1.el6
  • kernel-kdump-devel-0:2.6.32-573.22.1.el6
  • perf-0:2.6.32-573.22.1.el6
  • perf-debuginfo-0:2.6.32-573.22.1.el6
  • python-perf-0:2.6.32-573.22.1.el6
  • python-perf-debuginfo-0:2.6.32-573.22.1.el6
  • kernel-0:2.6.32-504.46.1.el6
  • kernel-abi-whitelists-0:2.6.32-504.46.1.el6
  • kernel-bootwrapper-0:2.6.32-504.46.1.el6
  • kernel-debug-0:2.6.32-504.46.1.el6
  • kernel-debug-debuginfo-0:2.6.32-504.46.1.el6
  • kernel-debug-devel-0:2.6.32-504.46.1.el6
  • kernel-debuginfo-0:2.6.32-504.46.1.el6
  • kernel-debuginfo-common-i686-0:2.6.32-504.46.1.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-504.46.1.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-504.46.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-504.46.1.el6
  • kernel-devel-0:2.6.32-504.46.1.el6
  • kernel-doc-0:2.6.32-504.46.1.el6
  • kernel-firmware-0:2.6.32-504.46.1.el6
  • kernel-headers-0:2.6.32-504.46.1.el6
  • kernel-kdump-0:2.6.32-504.46.1.el6
  • kernel-kdump-debuginfo-0:2.6.32-504.46.1.el6
  • kernel-kdump-devel-0:2.6.32-504.46.1.el6
  • perf-0:2.6.32-504.46.1.el6
  • perf-debuginfo-0:2.6.32-504.46.1.el6
  • python-perf-0:2.6.32-504.46.1.el6
  • python-perf-debuginfo-0:2.6.32-504.46.1.el6