Vulnerabilities > CVE-2017-6074 - Double Free vulnerability in multiple products

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
linux
debian
CWE-415
nessus
exploit available

Summary

The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.

Vulnerable Configurations

Part Description Count
OS
Linux
2329
OS
Debian
1

Common Weakness Enumeration (CWE)

Exploit-Db

  • descriptionLinux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free Privilege Escalation. CVE-2017-6074. Local exploit for Linux platform
    fileexploits/linux/local/41458.c
    idEDB-ID:41458
    last seen2017-02-26
    modified2017-02-26
    platformlinux
    port
    published2017-02-26
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/41458/
    titleLinux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free Privilege Escalation
    typelocal
  • descriptionLinux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free PoC. CVE-2017-6074. Dos exploit for Linux platform
    fileexploits/linux/dos/41457.c
    idEDB-ID:41457
    last seen2017-02-26
    modified2017-02-26
    platformlinux
    port
    published2017-02-26
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/41457/
    titleLinux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free PoC
    typedos

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0347.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 5.6 Long Life. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A use-after-free flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id97465
    published2017-03-01
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97465
    titleRHEL 5 : kernel (RHSA-2017:0347)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2017:0347. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(97465);
      script_version("3.11");
      script_cvs_date("Date: 2019/10/24 15:35:42");
    
      script_cve_id("CVE-2017-2634", "CVE-2017-6074");
      script_xref(name:"RHSA", value:"2017:0347");
    
      script_name(english:"RHEL 5 : kernel (RHSA-2017:0347)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for kernel is now available for Red Hat Enterprise Linux 5.6
    Long Life.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    Security Fix(es) :
    
    * A use-after-free flaw was found in the way the Linux kernel's
    Datagram Congestion Control Protocol (DCCP) implementation freed SKB
    (socket buffer) resources for a DCCP_PKT_REQUEST packet when the
    IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged
    user could use this flaw to alter the kernel memory, allowing them to
    escalate their privileges on the system. (CVE-2017-6074, Important)
    
    * It was found that the Linux kernel's Datagram Congestion Control
    Protocol (DCCP) implementation used the IPv4-only
    inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP
    connections, which could result in memory corruptions. A remote
    attacker could use this flaw to crash the system. (CVE-2017-2634,
    Moderate)
    
    Important: This update disables the DCCP kernel module at load time by
    using the kernel module blacklist method. The module is disabled in an
    attempt to reduce further exposure to additional issues. (BZ#1426311)
    
    Red Hat would like to thank Andrey Konovalov (Google) for reporting
    CVE-2017-6074. The CVE-2017-2634 issue was discovered by Wade Mealing
    (Red Hat Product Security)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/vulnerabilities/2706661"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2017:0347"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-6074"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-2634"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.6");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/02/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/01");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^5\.6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.6", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2017:0347";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"i686", reference:"kernel-2.6.18-238.58.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"kernel-2.6.18-238.58.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"i686", reference:"kernel-PAE-2.6.18-238.58.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"i686", reference:"kernel-PAE-debuginfo-2.6.18-238.58.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"i686", reference:"kernel-PAE-devel-2.6.18-238.58.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"i686", reference:"kernel-debug-2.6.18-238.58.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"kernel-debug-2.6.18-238.58.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"i686", reference:"kernel-debug-debuginfo-2.6.18-238.58.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"kernel-debug-debuginfo-2.6.18-238.58.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"i686", reference:"kernel-debug-devel-2.6.18-238.58.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"kernel-debug-devel-2.6.18-238.58.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"i686", reference:"kernel-debuginfo-2.6.18-238.58.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"kernel-debuginfo-2.6.18-238.58.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"i686", reference:"kernel-debuginfo-common-2.6.18-238.58.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"kernel-debuginfo-common-2.6.18-238.58.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"i686", reference:"kernel-devel-2.6.18-238.58.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"kernel-devel-2.6.18-238.58.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", reference:"kernel-doc-2.6.18-238.58.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"kernel-headers-2.6.18-238.58.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"kernel-headers-2.6.18-238.58.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"i686", reference:"kernel-xen-2.6.18-238.58.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"kernel-xen-2.6.18-238.58.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"i686", reference:"kernel-xen-debuginfo-2.6.18-238.58.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"kernel-xen-debuginfo-2.6.18-238.58.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"i686", reference:"kernel-xen-devel-2.6.18-238.58.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"kernel-xen-devel-2.6.18-238.58.1.el5")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-debuginfo / kernel-PAE-devel / etc");
      }
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-4B9F61C68D.NASL
    descriptionThe 4.9.12 update contains a number of important fixes across the tree. This includes a fix for CVE-2017-6074 ---- The 4.9.11 update contains a number of important fixes across the tree Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-02-28
    plugin id97425
    published2017-02-28
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97425
    titleFedora 24 : kernel (2017-4b9f61c68d)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2017-4b9f61c68d.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(97425);
      script_version("3.8");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-6074");
      script_xref(name:"FEDORA", value:"2017-4b9f61c68d");
    
      script_name(english:"Fedora 24 : kernel (2017-4b9f61c68d)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The 4.9.12 update contains a number of important fixes across the
    tree. This includes a fix for CVE-2017-6074
    
    ----
    
    The 4.9.11 update contains a number of important fixes across the tree
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-4b9f61c68d"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel package."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:24");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/02/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/02/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/28");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^24([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 24", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2017-6074");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for FEDORA-2017-4b9f61c68d");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    if (rpm_check(release:"FC24", reference:"kernel-4.9.12-100.fc24")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0113_KERNEL.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has kernel packages installed that are affected by multiple vulnerabilities: - It was found that the fix for CVE-2016-9576 was incomplete: the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id127351
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127351
    titleNewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0113)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from ZTE advisory NS-SA-2019-0113. The text
    # itself is copyright (C) ZTE, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(127351);
      script_version("1.2");
      script_cvs_date("Date: 2019/09/24 11:01:33");
    
      script_cve_id(
        "CVE-2016-6136",
        "CVE-2016-7910",
        "CVE-2016-9576",
        "CVE-2016-10088",
        "CVE-2017-6074",
        "CVE-2017-1000251",
        "CVE-2017-1000253"
      );
    
      script_name(english:"NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0113)");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote machine is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote NewStart CGSL host, running version MAIN 4.05, has kernel packages installed that are affected by multiple
    vulnerabilities:
    
      - It was found that the fix for CVE-2016-9576 was
        incomplete: the Linux kernel's sg implementation did not
        properly restrict write operations in situations where
        the KERNEL_DS option is set. A local attacker to read or
        write to arbitrary kernel memory locations or cause a
        denial of service (use-after-free) by leveraging write
        access to a /dev/sg device. (CVE-2016-10088)
    
      - When creating audit records for parameters to executed
        children processes, an attacker can convince the Linux
        kernel audit subsystem can create corrupt records which
        may allow an attacker to misrepresent or evade logging
        of executing commands. (CVE-2016-6136)
    
      - A flaw was found in the Linux kernel's implementation of
        seq_file where a local attacker could manipulate memory
        in the put() function pointer. This could lead to memory
        corruption and possible privileged escalation.
        (CVE-2016-7910)
    
      - It was found that the blk_rq_map_user_iov() function in
        the Linux kernel's block device implementation did not
        properly restrict the type of iterator, which could
        allow a local attacker to read or write to arbitrary
        kernel memory locations or cause a denial of service
        (use-after-free) by leveraging write access to a /dev/sg
        device. (CVE-2016-9576)
    
      - A stack buffer overflow flaw was found in the way the
        Bluetooth subsystem of the Linux kernel processed
        pending L2CAP configuration responses from a client. On
        systems with the stack protection feature enabled in the
        kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on
        all architectures other than s390x and ppc64[le]), an
        unauthenticated attacker able to initiate a connection
        to a system via Bluetooth could use this flaw to crash
        the system. Due to the nature of the stack protection
        feature, code execution cannot be fully ruled out,
        although we believe it is unlikely. On systems without
        the stack protection feature (ppc64[le]; the Bluetooth
        modules are not built on s390x), an unauthenticated
        attacker able to initiate a connection to a system via
        Bluetooth could use this flaw to remotely execute
        arbitrary code on the system with ring 0 (kernel)
        privileges. (CVE-2017-1000251)
    
      - A flaw was found in the way the Linux kernel loaded ELF
        executables. Provided that an application was built as
        Position Independent Executable (PIE), the loader could
        allow part of that application's data segment to map
        over the memory area reserved for its stack, potentially
        resulting in memory corruption. An unprivileged local
        user with access to SUID (or otherwise privileged) PIE
        binary could use this flaw to escalate their privileges
        on the system. (CVE-2017-1000253)
    
      - A use-after-free flaw was found in the way the Linux
        kernel's Datagram Congestion Control Protocol (DCCP)
        implementation freed SKB (socket buffer) resources for a
        DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option
        is set on the socket. A local, unprivileged user could
        use this flaw to alter the kernel memory, allowing them
        to escalate their privileges on the system.
        (CVE-2017-6074)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0113");
      script_set_attribute(attribute:"solution", value:
    "Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for
    more information.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-7910");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/08/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/07/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"NewStart CGSL Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/ZTE-CGSL/release");
    if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux");
    
    if (release !~ "CGSL MAIN 4.05")
      audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.05');
    
    if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu);
    
    flag = 0;
    
    pkgs = {
      "CGSL MAIN 4.05": [
        "kernel-2.6.32-642.13.1.el6.cgsl7546",
        "kernel-abi-whitelists-2.6.32-642.13.1.el6.cgsl7442",
        "kernel-debug-2.6.32-642.13.1.el6.cgsl7442",
        "kernel-debug-devel-2.6.32-642.13.1.el6.cgsl7442",
        "kernel-devel-2.6.32-642.13.1.el6.cgsl7546",
        "kernel-doc-2.6.32-642.13.1.el6.cgsl7442",
        "kernel-firmware-2.6.32-642.13.1.el6.cgsl7546",
        "kernel-headers-2.6.32-642.13.1.el6.cgsl7546",
        "perf-2.6.32-642.13.1.el6.cgsl7546"
      ]
    };
    pkg_list = pkgs[release];
    
    foreach (pkg in pkg_list)
      if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0006.NASL
    descriptionAn update of [linux,vim] packages for PhotonOS has been released.
    last seen2019-02-08
    modified2019-02-07
    plugin id111855
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111855
    titlePhoton OS 1.0: Linux / Vim PHSA-2017-0006 (deprecated)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # @DEPRECATED@
    #
    # Disabled on 2/7/2019
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2017-0006. The text
    # itself is copyright (C) VMware, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(111855);
      script_version("1.5");
      script_cvs_date("Date: 2019/04/05 23:25:07");
    
      script_cve_id("CVE-2017-5953", "CVE-2017-5986", "CVE-2017-6074");
    
      script_name(english:"Photon OS 1.0: Linux / Vim PHSA-2017-0006 (deprecated)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "This plugin has been deprecated.");
      script_set_attribute(attribute:"description", value:
    "An update of [linux,vim] packages for PhotonOS has been released.");
      # https://github.com/vmware/photon/wiki/Security-Updates-26
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c02e8b6a");
      script_set_attribute(attribute:"solution", value:"n/a.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-5953");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/02/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/17");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:linux");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:vim");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    exit(0, "This plugin has been deprecated.");
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    pkgs = [
      "linux-4.4.51-1.ph1",
      "linux-api-headers-4.4.51-1.ph1",
      "linux-debuginfo-4.4.51-1.ph1",
      "linux-dev-4.4.51-1.ph1",
      "linux-docs-4.4.51-1.ph1",
      "linux-drivers-gpu-4.4.51-1.ph1",
      "linux-esx-4.4.51-1.ph1",
      "linux-esx-debuginfo-4.4.51-1.ph1",
      "linux-esx-devel-4.4.51-1.ph1",
      "linux-esx-docs-4.4.51-1.ph1",
      "linux-oprofile-4.4.51-1.ph1",
      "linux-sound-4.4.51-1.ph1",
      "linux-tools-4.4.51-1.ph1",
      "linux-tools-debuginfo-4.4.51-1.ph1",
      "vim-7.4-7.ph1",
      "vim-extra-7.4-7.ph1"
    ];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"PhotonOS-1.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux / vim");
    }
    
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2017-0293.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A use-after-free flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id101425
    published2017-07-13
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101425
    titleVirtuozzo 6 : kernel / kernel-abi-whitelists / kernel-debug / etc (VZLSA-2017-0293)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(101425);
      script_version("1.6");
      script_cvs_date("Date: 2018/11/20 11:04:17");
    
      script_cve_id(
        "CVE-2017-6074"
      );
    
      script_name(english:"Virtuozzo 6 : kernel / kernel-abi-whitelists / kernel-debug / etc (VZLSA-2017-0293)");
      script_summary(english:"Checks the rpm output for the updated package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Virtuozzo host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "An update for kernel is now available for Red Hat Enterprise Linux 6.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    Security Fix(es) :
    
    * A use-after-free flaw was found in the way the Linux kernel's
    Datagram Congestion Control Protocol (DCCP) implementation freed SKB
    (socket buffer) resources for a DCCP_PKT_REQUEST packet when the
    IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged
    user could use this flaw to alter the kernel memory, allowing them to
    escalate their privileges on the system. (CVE-2017-6074, Important)
    
    Note that Tenable Network Security has attempted to extract the
    preceding description block directly from the corresponding Red Hat
    security advisory. Virtuozzo provides no description for VZLSA
    advisories. Tenable has attempted to automatically clean and format
    it as much as possible without introducing additional issues.");
      # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-0293.json
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5433f03a");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2017-0293");
      script_set_attribute(attribute:"solution", value:
    "Update the affected kernel / kernel-abi-whitelists / kernel-debug / etc package.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/02/23");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:kernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:virtuozzo:virtuozzo:6");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Virtuozzo Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Virtuozzo/release", "Host/Virtuozzo/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/Virtuozzo/release");
    if (isnull(release) || "Virtuozzo" >!< release) audit(AUDIT_OS_NOT, "Virtuozzo");
    os_ver = pregmatch(pattern: "Virtuozzo Linux release ([0-9]+\.[0-9])(\D|$)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Virtuozzo");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Virtuozzo 6.x", "Virtuozzo " + os_ver);
    
    if (!get_kb_item("Host/Virtuozzo/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Virtuozzo", cpu);
    
    flag = 0;
    
    pkgs = ["kernel-2.6.32-642.13.2.vl6",
            "kernel-abi-whitelists-2.6.32-642.13.2.vl6",
            "kernel-debug-2.6.32-642.13.2.vl6",
            "kernel-debug-devel-2.6.32-642.13.2.vl6",
            "kernel-devel-2.6.32-642.13.2.vl6",
            "kernel-doc-2.6.32-642.13.2.vl6",
            "kernel-firmware-2.6.32-642.13.2.vl6",
            "kernel-headers-2.6.32-642.13.2.vl6",
            "perf-2.6.32-642.13.2.vl6",
            "python-perf-2.6.32-642.13.2.vl6"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"Virtuozzo-6", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1183-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.58 to receive various security and bugfixes. Notable new/improved features : - Improved support for Hyper-V - Support for Matrox G200eH3 - Support for tcp_westwood The following security bugs were fixed : - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel was too late in obtaining a certain lock and consequently could not ensure that disconnect function calls are safe, which allowed local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003). - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bnc#1031579). - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440). - CVE-2017-7261: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not check for a zero value of certain levels data, which allowed local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031052). - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function (bnc#1030213). - CVE-2017-7374: Use-after-free vulnerability in fs/crypto/ in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely (bnc#1032006). - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415). - CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that a certain destructor exists in required circumstances, which allowed local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls (bnc#1027190). - CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that made PACKET_FANOUT setsockopt system calls (bnc#1027189). - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986 (bnc#1027066). - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722). - CVE-2016-2117: The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly enables scatter/gather I/O, which allowed remote attackers to obtain sensitive information from kernel memory by reading packet data (bnc#968697). - CVE-2017-6347: The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel had incorrect expectations about skb data layout, which allowed local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission (bnc#1027179). - CVE-2016-9191: The cgroup offline implementation in the Linux kernel mishandled certain drain operations, which allowed local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application (bnc#1008842). - CVE-2017-2596: The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel improperly emulated the VMXON instruction, which allowed KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references (bnc#1022785). - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to obtain root privileges or cause a denial of service (double free) via an application that made an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id100023
    published2017-05-08
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100023
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:1183-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3209-1.NASL
    descriptionIt was discovered that the generic SCSI block layer in the Linux kernel did not properly restrict write operations in certain situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2016-10088) Jim Mattson discovered that the KVM implementation in the Linux kernel mismanages the #BP and #OF exceptions. A local attacker in a guest virtual machine could use this to cause a denial of service (guest OS crash). (CVE-2016-9588) Andrey Konovalov discovered a use-after-free vulnerability in the DCCP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2017-6074). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id97324
    published2017-02-22
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97324
    titleUbuntu 16.10 : linux, linux-raspi2 vulnerabilities (USN-3209-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20170224_KERNEL_ON_SL5_X.NASL
    descriptionSecurity Fix(es) : - A use-after-free flaw was found in the way the Linux kernel
    last seen2020-03-18
    modified2017-02-27
    plugin id97415
    published2017-02-27
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97415
    titleScientific Linux Security Update : kernel on SL5.x i386/x86_64 (20170224)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-286.NASL
    descriptionThe openSUSE Leap 42.2 kernel was updated to 4.4.49 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-5986: A userlevel triggerable BUG_ON on sctp_wait_for_sndbuf was fixed. (bsc#1025235) - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bnc#1024938). - CVE-2017-5897: A potential remote denial of service within the IPv6 GRE protocol was fixed. (bsc#1023762) - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to cause a denial of service (invalid free) or possibly have unspecified other impact via an application that makes an IPV6_RECVPKTINFO setsockopt system call. (bsc#1026024). The following non-security bugs were fixed : - btrfs: fix btrfs_compat_ioctl failures on non-compat ioctls (bsc#1018100). - iwlwifi: Expose the default fallback ucode API to module info (boo#1021082, boo#1023884). - kabi: protect struct tcp_fastopen_cookie (kabi). - md: ensure md devices are freed before module is unloaded (bsc#1022304). - md: Fix a regression reported by bsc#1020048 in patches.fixes/0003-md-lockless-I-O-submission-for-RAID1. patch (bsc#982783,bsc#998106,bsc#1020048). - net: ethtool: Initialize buffer when querying device channel settings (bsc#969479 FATE#320634). - net: implement netif_cond_dbg macro (bsc#1019168). - sfc: reduce severity of PIO buffer alloc failures (bsc#1019168). - sfc: refactor debug-or-warnings printks (bsc#1019168). - xfs_dmapi: fix the debug compilation of xfs_dmapi (bsc#989056). - xfs: do not allow di_size with high bit set (bsc#1024234). - xfs: exclude never-released buffers from buftarg I/O accounting (bsc#1024508). - xfs: fix broken multi-fsb buffer logging (bsc#1024081). - xfs: fix buffer overflow dm_get_dirattrs/dm_get_dirattrs2 (bsc#989056). - xfs: fix up xfs_swap_extent_forks inline extent handling (bsc#1023888). - xfs: track and serialize in-flight async buffers against unmount (bsc#1024508). - xfs: track and serialize in-flight async buffers against unmount - kABI (bsc#1024508).
    last seen2020-06-05
    modified2017-02-24
    plugin id97366
    published2017-02-24
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97366
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2017-286)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1057.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A use-after-free flaw was found in the way the Linux kernel
    last seen2020-05-06
    modified2017-05-01
    plugin id99902
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99902
    titleEulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1057)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3208-1.NASL
    descriptionIt was discovered that the generic SCSI block layer in the Linux kernel did not properly restrict write operations in certain situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2016-10088) CAI Qian discovered that the sysctl implementation in the Linux kernel did not properly perform reference counting in some situations. An unprivileged attacker could use this to cause a denial of service (system hang). (CVE-2016-9191) Jim Mattson discovered that the KVM implementation in the Linux kernel mismanages the #BP and #OF exceptions. A local attacker in a guest virtual machine could use this to cause a denial of service (guest OS crash). (CVE-2016-9588) Andy Lutomirski and Willy Tarreau discovered that the KVM implementation in the Linux kernel did not properly emulate instructions on the SS segment register. A local attacker in a guest virtual machine could use this to cause a denial of service (guest OS crash) or possibly gain administrative privileges in the guest OS. (CVE-2017-2583) Dmitry Vyukov discovered that the KVM implementation in the Linux kernel improperly emulated certain instructions. A local attacker could use this to obtain sensitive information (kernel memory). (CVE-2017-2584) It was discovered that the KLSI KL5KUSB105 serial-to-USB device driver in the Linux kernel did not properly initialize memory related to logging. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-5549) Andrey Konovalov discovered a use-after-free vulnerability in the DCCP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2017-6074). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id97322
    published2017-02-22
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97322
    titleUbuntu 16.04 LTS : linux, linux-snapdragon vulnerabilities (USN-3208-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1301-1.NASL
    descriptionThe SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Notable new features : - Toleration of newer crypto hardware for z Systems - USB 2.0 Link power management for Haswell-ULT The following security bugs were fixed : - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bnc#1031579) - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel was too late in obtaining a certain lock and consequently could not ensure that disconnect function calls are safe, which allowed local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003) - CVE-2017-7184: The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel did not validate certain size data after an XFRM_MSG_NEWAE update, which allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability (bsc#1030573). - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1024938). - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel allowed local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation (bsc#1033336). - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440) - CVE-2017-7261: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not check for a zero value of certain levels data, which allowed local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031052) - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function (bnc#1030213) - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the Linux kernel improperly managed lock dropping, which allowed local users to cause a denial of service (deadlock) via crafted operations on IrDA devices (bnc#1027178) - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel did not restrict the address calculated by a certain rounding operation, which allowed local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context (bnc#1026914) - CVE-2015-3288: mm/memory.c in the Linux kernel mishandled anonymous pages, which allowed local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero (bsc#979021). - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415) - CVE-2016-5243: The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel did not properly copy a certain string, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#983212) - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application (bnc#1027066) - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722) - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to obtain root privileges or cause a denial of service (double free) via an application that made an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024) - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bsc#1025235) - CVE-2015-8970: crypto/algif_skcipher.c in the Linux kernel did not verify that a setkey operation has been performed on an AF_ALG socket an accept system call is processed, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that does not supply a key, related to the lrw_crypt function in crypto/lrw.c (bsc#1008374). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id100214
    published2017-05-16
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100214
    titleSUSE SLES11 Security Update : kernel (SUSE-SU-2017:1301-1)
  • NASL familyMisc.
    NASL idRANCHEROS_1_1_1.NASL
    descriptionThe remote host is running a version of RancherOS that is prior to v.1.1.1, hence is vulnerable to a privilege escalation vulnerability. The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In such case, the pmd will become dirty. This scenario breaks the new can_follow_write_pmd()
    last seen2020-06-01
    modified2020-06-02
    plugin id132249
    published2019-12-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132249
    titleSecurity Updates for RancherOS Dirty COW Vulnerability
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0365.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A use-after-free flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id97491
    published2017-03-02
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97491
    titleRHEL 6 : kernel (RHSA-2017:0365)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-3567.NASL
    descriptionDescription of changes: [2.6.39-400.295.2.el6uek] - nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25986995] {CVE-2017-7895} [2.6.39-400.295.1.el6uek] - ocfs2/o2net: o2net_listen_data_ready should do nothing if socket state is not TCP_LISTEN (Tariq Saeed) [Orabug: 25510857] - IB/CORE: sync the resouce access in fmr_pool (Wengang Wang) [Orabug: 23750748] - ipv6: Skip XFRM lookup if dst_entry in socket cache is valid (Jakub Sitnicki) [Orabug: 25534688] - uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug: 25549845] - ksplice: add sysctls for determining Ksplice features. (Jamie Iles) [Orabug: 25549845] - signal: protect SIGNAL_UNKILLABLE from unintentional clearing. (Jamie Iles) [Orabug: 25549845] - KVM: x86: fix emulation of
    last seen2020-06-01
    modified2020-06-02
    plugin id100235
    published2017-05-17
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100235
    titleOracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3567)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2525-1.NASL
    descriptionThe SUSE Linux Enterprise 11 SP3 LTSS kernel was updated receive various security and bugfixes. The following security bugs were fixed : - CVE-2016-5243: The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel did not properly copy a certain string, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#983212) - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415) - CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c (bsc#1030593). - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel was too late in obtaining a certain lock and consequently could not ensure that disconnect function calls are safe, which allowed local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003) - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel did not restrict the address calculated by a certain rounding operation, which allowed local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context (bnc#1026914) - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1024938) - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bsc#1025235) - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to obtain root privileges or cause a denial of service (double free) via an application that made an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024) - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722) - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the Linux kernel improperly managed lock dropping, which allowed local users to cause a denial of service (deadlock) via crafted operations on IrDA devices (bnc#1027178) - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986 (bnc#1027066) - CVE-2017-6951: The keyring_search_aux function in security/keys/keyring.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the
    last seen2020-06-01
    modified2020-06-02
    plugin id103354
    published2017-09-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103354
    titleSUSE SLES11 Security Update : kernel (SUSE-SU-2017:2525-1) (Stack Clash)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-3534.NASL
    descriptionDescription of changes: [3.8.13-118.17.4.el7uek] - Revert
    last seen2020-06-01
    modified2020-06-02
    plugin id99160
    published2017-04-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99160
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3534)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2017-805.NASL
    descriptionA use-after-free flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id97557
    published2017-03-07
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97557
    titleAmazon Linux AMI : kernel (ALAS-2017-805)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3206-1.NASL
    descriptionIt was discovered that a use-after-free vulnerability existed in the block device layer of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2016-7910) Dmitry Vyukov discovered a use-after-free vulnerability in the sys_ioprio_get() function in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2016-7911) Andrey Konovalov discovered a use-after-free vulnerability in the DCCP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2017-6074). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id97319
    published2017-02-22
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97319
    titleUbuntu 12.04 LTS : linux, linux-ti-omap4 vulnerabilities (USN-3206-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3207-2.NASL
    descriptionUSN-3207-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. It was discovered that a use-after-free vulnerability existed in the block device layer of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2016-7910) Dmitry Vyukov discovered a use-after-free vulnerability in the sys_ioprio_get() function in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2016-7911) Andrey Konovalov discovered a use-after-free vulnerability in the DCCP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2017-6074). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id97321
    published2017-02-22
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97321
    titleUbuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-3207-2)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-1842-1.NASL
    descriptionThe remote Oracle Linux host is missing a security update for the kernel package(s).
    last seen2020-06-01
    modified2020-06-02
    plugin id102511
    published2017-08-16
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/102511
    titleOracle Linux 7 : kernel (ELSA-2017-1842-1) (Stack Clash)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-1209.NASL
    descriptionAn update for rhev-hypervisor7 is now available for RHEV 3.X Hypervisor and Agents for RHEL-6 and RHEV 3.X Hypervisor and Agents for RHEL-7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Security Fix(es) : * A use-after-free flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id100143
    published2017-05-12
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100143
    titleRHEL 6 / 7 : rhev-hypervisor (RHSA-2017:1209)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL82508682.NASL
    descriptionThe dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call. (CVE-2017-6074)
    last seen2020-03-17
    modified2017-10-25
    plugin id104135
    published2017-10-25
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104135
    titleF5 Networks BIG-IP : Linux kernel vulnerability (K82508682)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-833.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts. CVE-2014-9888 Russell King found that on ARM systems, memory allocated for DMA buffers was mapped with executable permission. This made it easier to exploit other vulnerabilities in the kernel. CVE-2014-9895 Dan Carpenter found that the MEDIA_IOC_ENUM_LINKS ioctl on media devices resulted in an information leak. CVE-2016-6786 / CVE-2016-6787 It was discovered that the performance events subsystem does not properly manage locks during certain migrations, allowing a local attacker to escalate privileges. This can be mitigated by disabling unprivileged use of performance events: sysctl kernel.perf_event_paranoid=3 CVE-2016-8405 Peter Pi of Trend Micro discovered that the frame buffer video subsystem does not properly check bounds while copying color maps to userspace, causing a heap buffer out-of-bounds read, leading to information disclosure. CVE-2017-5549 It was discovered that the KLSI KL5KUSB105 serial USB device driver could log the contents of uninitialised kernel memory, resulting in an information leak. CVE-2017-6001 Di Shen discovered a race condition between concurrent calls to the performance events subsystem, allowing a local attacker to escalate privileges. This flaw exists because of an incomplete fix of CVE-2016-6786. This can be mitigated by disabling unprivileged use of performance events: sysctl kernel.perf_event_paranoid=3 CVE-2017-6074 Andrey Konovalov discovered a use-after-free vulnerability in the DCCP networking code, which could result in denial of service or local privilege escalation. On systems that do not already have the dccp module loaded, this can be mitigated by disabling it: echo >> /etc/modprobe.d/disable-dccp.conf install dccp false For Debian 7
    last seen2020-03-17
    modified2017-02-23
    plugin id97332
    published2017-02-23
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97332
    titleDebian DLA-833-1 : linux security update
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0346.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 5.9 Long Life. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A use-after-free flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id97464
    published2017-03-01
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97464
    titleRHEL 5 : kernel (RHSA-2017:0346)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-0293.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A use-after-free flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id97330
    published2017-02-23
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97330
    titleCentOS 6 : kernel (CESA-2017:0293)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-0294.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A use-after-free flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id97331
    published2017-02-23
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97331
    titleCentOS 7 : kernel (CESA-2017:0294)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0295.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * A use-after-free flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id97350
    published2017-02-23
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97350
    titleRHEL 7 : kernel-rt (RHSA-2017:0295)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3208-2.NASL
    descriptionUSN-3208-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the generic SCSI block layer in the Linux kernel did not properly restrict write operations in certain situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2016-10088) CAI Qian discovered that the sysctl implementation in the Linux kernel did not properly perform reference counting in some situations. An unprivileged attacker could use this to cause a denial of service (system hang). (CVE-2016-9191) Jim Mattson discovered that the KVM implementation in the Linux kernel mismanages the #BP and #OF exceptions. A local attacker in a guest virtual machine could use this to cause a denial of service (guest OS crash). (CVE-2016-9588) Andy Lutomirski and Willy Tarreau discovered that the KVM implementation in the Linux kernel did not properly emulate instructions on the SS segment register. A local attacker in a guest virtual machine could use this to cause a denial of service (guest OS crash) or possibly gain administrative privileges in the guest OS. (CVE-2017-2583) Dmitry Vyukov discovered that the KVM implementation in the Linux kernel improperly emulated certain instructions. A local attacker could use this to obtain sensitive information (kernel memory). (CVE-2017-2584) It was discovered that the KLSI KL5KUSB105 serial-to-USB device driver in the Linux kernel did not properly initialize memory related to logging. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-5549) Andrey Konovalov discovered a use-after-free vulnerability in the DCCP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2017-6074). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id97323
    published2017-02-22
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97323
    titleUbuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3208-2)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1056.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A use-after-free flaw was found in the way the Linux kernel
    last seen2020-05-06
    modified2017-05-01
    plugin id99901
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99901
    titleEulerOS 2.0 SP2 : kernel (EulerOS-SA-2017-1056)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0323.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A use-after-free flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id97413
    published2017-02-27
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97413
    titleRHEL 5 : kernel (RHSA-2017:0323)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZA-2017-017.NASL
    descriptionAccording to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - A use-after-free flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id97984
    published2017-03-27
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97984
    titleVirtuozzo 7 : readykernel-patch (VZA-2017-017)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0293.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A use-after-free flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id97348
    published2017-02-23
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97348
    titleRHEL 6 : kernel (RHSA-2017:0293)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0294.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A use-after-free flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id97349
    published2017-02-23
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97349
    titleRHEL 7 : kernel (RHSA-2017:0294)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1247-1.NASL
    descriptionThe SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2015-1350: The VFS subsystem in the Linux kernel provided an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939). - CVE-2016-2117: The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly enabled scatter/gather I/O, which allowed remote attackers to obtain sensitive information from kernel memory by reading packet data (bnc#968697). - CVE-2016-3070: The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel improperly interacted with mm/migrate.c, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move (bnc#979215). - CVE-2016-5243: The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel did not properly copy a certain string, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#983212). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077). - CVE-2016-9588: arch/x86/kvm/vmx.c in the Linux kernel mismanages the #BP and #OF exceptions, which allowed guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest (bnc#1015703). - CVE-2016-10044: The aio_mount function in fs/aio.c in the Linux kernel did not properly restrict execute access, which made it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call (bnc#1023992). - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415). - CVE-2016-10208: The ext4_fill_super function in fs/ext4/super.c in the Linux kernel did not properly validate meta block groups, which allowed physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image (bnc#1023377). - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allowed local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003). - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel did not restrict the address calculated by a certain rounding operation, which allowed local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context (bnc#1026914). - CVE-2017-5897: The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allowed remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access (bnc#1023762). - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bnc#1024938). - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bnc#1025235). - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to obtain root privileges or cause a denial of service (double free) via an application that made an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024). - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722). - CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that a certain destructor exists in required circumstances, which allowed local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls (bnc#1027190). - CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that made PACKET_FANOUT setsockopt system calls (bnc#1027189). - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the Linux kernel improperly managed lock dropping, which allowed local users to cause a denial of service (deadlock) via crafted operations on IrDA devices (bnc#1027178). - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986 (bnc#1027066). - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function (bnc#1030213). - CVE-2017-7261: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not check for a zero value of certain levels data, which allowed local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031052). - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440). - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bnc#1031579). - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel allowed local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation (bnc#1033336). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id100150
    published2017-05-12
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100150
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:1247-1)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0057.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0057 for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id99163
    published2017-04-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99163
    titleOracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0006_LINUX.NASL
    descriptionAn update of the linux package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id121672
    published2019-02-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121672
    titlePhoton OS 1.0: Linux PHSA-2017-0006
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-3521.NASL
    descriptionDescription of changes: kernel-uek [3.8.13-118.16.4.el7uek] - dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Andrey Konovalov) {CVE-2017-6074}
    last seen2020-06-01
    modified2020-06-02
    plugin id97407
    published2017-02-27
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97407
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3521)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0366.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support and Red Hat Enterprise Linux 6.5 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A use-after-free flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id97492
    published2017-03-02
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97492
    titleRHEL 6 : kernel (RHSA-2017:0366)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0403.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A use-after-free flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id97514
    published2017-03-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97514
    titleRHEL 7 : kernel (RHSA-2017:0403)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-0294.NASL
    descriptionFrom Red Hat Security Advisory 2017:0294 : An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A use-after-free flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id97347
    published2017-02-23
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97347
    titleOracle Linux 7 : kernel (ELSA-2017-0294)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-287.NASL
    descriptionThe openSUSE Leap 42.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to cause a denial of service (invalid free) or possibly have unspecified other impact via an application that made an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024). - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bnc#1025235). - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bnc#1024938). - CVE-2017-5897: A potential remote denial of service within the IPv6 GRE protocol was fixed. (bsc#1023762) The following non-security bugs were fixed : - btrfs: support NFSv2 export (bnc#929871). - btrfs: Direct I/O: Fix space accounting (bsc#1025058). - btrfs: add RAID 5/6 BTRFS_RBIO_REBUILD_MISSING operation (bsc#1025069). - btrfs: bail out if block group has different mixed flag (bsc#1025072). - btrfs: be more precise on errors when getting an inode from disk (bsc#981038). - btrfs: check pending chunks when shrinking fs to avoid corruption (bnc#936445). - btrfs: check prepare_uptodate_page() error code earlier (bnc#966910). - btrfs: do not BUG() during drop snapshot (bsc#1025076). - btrfs: do not collect ordered extents when logging that inode exists (bsc#977685). - btrfs: do not initialize a space info as full to prevent ENOSPC (bnc#944001). - btrfs: do not leak reloc root nodes on error (bsc#1025074). - btrfs: fix block group ->space_info NULL pointer dereference (bnc#935088). - btrfs: fix chunk allocation regression leading to transaction abort (bnc#938550). - btrfs: fix crash on close_ctree() if cleaner starts new transaction (bnc#938891). - btrfs: fix deadlock between direct IO reads and buffered writes (bsc#973855). - btrfs: fix deadlock between direct IO write and defrag/readpages (bnc#965344). - btrfs: fix device replace of a missing RAID 5/6 device (bsc#1025057). - btrfs: fix empty symlink after creating symlink and fsync parent dir (bsc#977685). - btrfs: fix extent accounting for partial direct IO writes (bsc#1025062). - btrfs: fix file corruption after cloning inline extents (bnc#942512). - btrfs: fix file loss on log replay after renaming a file and fsync (bsc#977685). - btrfs: fix file read corruption after extent cloning and fsync (bnc#946902). - btrfs: fix fitrim discarding device area reserved for boot loader
    last seen2020-06-05
    modified2017-02-24
    plugin id97367
    published2017-02-24
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97367
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2017-287)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1527.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The Linux kernel, before version 4.14.3, is vulnerable to a denial of service in drivers/md/dm.c:dm_get_from_kobject() which can be caused by local users leveraging a race condition with __dm_destroy() during creation and removal of DM devices. Only privileged local users (with CAP_SYS_ADMIN capability) can directly perform the ioctl operations for dm device creation and removal and this would typically be outside the direct control of the unprivileged attacker.(CVE-2017-18203i1/4%0 - The batadv_frag_merge_packets function in net/batman-adv/fragmentation.c in the B.A.T.M.A.N. implementation in the Linux kernel through 3.18.1 uses an incorrect length field during a calculation of an amount of memory, which allows remote attackers to cause a denial of service (mesh-node system crash) via fragmented packets.(CVE-2014-9428i1/4%0 - The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application.(CVE-2014-9940i1/4%0 - The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c.(CVE-2013-4470i1/4%0 - A use-after-free flaw was found in the way the Linux kernel
    last seen2020-03-19
    modified2019-05-14
    plugin id124980
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124980
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1527)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1502.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation.(CVE-2017-18255) - In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service.(CVE-2017-18270) - The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel doesn
    last seen2020-03-19
    modified2019-05-13
    plugin id124825
    published2019-05-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124825
    titleEulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1502)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0046.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Andrey Konovalov) [Orabug: 25598277] (CVE-2017-6074)
    last seen2020-06-01
    modified2020-06-02
    plugin id97412
    published2017-02-27
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97412
    titleOracleVM 3.2 : Unbreakable / etc (OVMSA-2017-0046)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20170222_KERNEL_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - A use-after-free flaw was found in the way the Linux kernel
    last seen2020-03-18
    modified2017-02-24
    plugin id97376
    published2017-02-24
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97376
    titleScientific Linux Security Update : kernel on SL6.x i386/x86_64 (20170222)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-F519EBB3C4.NASL
    descriptionThe 4.9.12 update contains a number of important fixesa cross the tree. This includes a fix for CVE-2017-6074 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-03-01
    plugin id97456
    published2017-03-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97456
    titleFedora 25 : kernel (2017-f519ebb3c4)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2017-0294.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A use-after-free flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id101426
    published2017-07-13
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101426
    titleVirtuozzo 7 : kernel / kernel-abi-whitelists / kernel-debug / etc (VZLSA-2017-0294)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0106.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25986995] (CVE-2017-7895) - ocfs2/o2net: o2net_listen_data_ready should do nothing if socket state is not TCP_LISTEN (Tariq Saeed) [Orabug: 25510857] - IB/CORE: sync the resouce access in fmr_pool (Wengang Wang) [Orabug: 23750748] - ipv6: Skip XFRM lookup if dst_entry in socket cache is valid (Jakub Sitnicki) [Orabug: 25534688] - uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug: 25549845] - ksplice: add sysctls for determining Ksplice features. (Jamie Iles) - signal: protect SIGNAL_UNKILLABLE from unintentional clearing. (Jamie Iles) [Orabug: 25549845] - KVM: x86: fix emulation of
    last seen2020-06-01
    modified2020-06-02
    plugin id100238
    published2017-05-17
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100238
    titleOracleVM 3.2 : Unbreakable / etc (OVMSA-2017-0106)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-3520.NASL
    descriptionDescription of changes: kernel-uek [4.1.12-61.1.28.el7uek] - dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Andrey Konovalov) [Orabug: 25598257] {CVE-2017-6074}
    last seen2020-06-01
    modified2020-06-02
    plugin id97406
    published2017-02-27
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97406
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3520)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0345.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A use-after-free flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id97463
    published2017-03-01
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97463
    titleRHEL 6 : kernel (RHSA-2017:0345)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0501.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A use-after-free flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id97750
    published2017-03-15
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97750
    titleRHEL 7 : kernel (RHSA-2017:0501)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0932.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system. (CVE-2017-2636, Important) * A use-after-free flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id99345
    published2017-04-13
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99345
    titleRHEL 6 : MRG (RHSA-2017:0932)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-0323.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A use-after-free flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id97391
    published2017-02-27
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97391
    titleCentOS 5 : kernel (CESA-2017:0323)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3791.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts. - CVE-2016-6786 / CVE-2016-6787 It was discovered that the performance events subsystem does not properly manage locks during certain migrations, allowing a local attacker to escalate privileges. This can be mitigated by disabling unprivileged use of performance events:sysctl kernel.perf_event_paranoid=3 - CVE-2016-8405 Peter Pi of Trend Micro discovered that the frame buffer video subsystem does not properly check bounds while copying color maps to userspace, causing a heap buffer out-of-bounds read, leading to information disclosure. - CVE-2016-9191 CAI Qian discovered that reference counting is not properly handled within proc_sys_readdir in the sysctl implementation, allowing a local denial of service (system hang) or possibly privilege escalation. - CVE-2017-2583 Xiaohan Zhang reported that KVM for amd64 does not correctly emulate loading of a null stack selector. This can be used by a user in a guest VM for denial of service (on an Intel CPU) or to escalate privileges within the VM (on an AMD CPU). - CVE-2017-2584 Dmitry Vyukov reported that KVM for x86 does not correctly emulate memory access by the SGDT and SIDT instructions, which can result in a use-after-free and information leak. - CVE-2017-2596 Dmitry Vyukov reported that KVM leaks page references when emulating a VMON for a nested hypervisor. This can be used by a privileged user in a guest VM for denial of service or possibly to gain privileges in the host. - CVE-2017-2618 It was discovered that an off-by-one in the handling of SELinux attributes in /proc/pid/attr could result in local denial of service. - CVE-2017-5549 It was discovered that the KLSI KL5KUSB105 serial USB device driver could log the contents of uninitialised kernel memory, resulting in an information leak. - CVE-2017-5551 Jan Kara found that changing the POSIX ACL of a file on tmpfs never cleared its set-group-ID flag, which should be done if the user changing it is not a member of the group-owner. In some cases, this would allow the user-owner of an executable to gain the privileges of the group-owner. - CVE-2017-5897 Andrey Konovalov discovered an out-of-bounds read flaw in the ip6gre_err function in the IPv6 networking code. - CVE-2017-5970 Andrey Konovalov discovered a denial-of-service flaw in the IPv4 networking code. This can be triggered by a local or remote attacker if a local UDP or raw socket has the IP_RETOPTS option enabled. - CVE-2017-6001 Di Shen discovered a race condition between concurrent calls to the performance events subsystem, allowing a local attacker to escalate privileges. This flaw exists because of an incomplete fix of CVE-2016-6786. This can be mitigated by disabling unprivileged use of performance events: sysctl kernel.perf_event_paranoid=3 - CVE-2017-6074 Andrey Konovalov discovered a use-after-free vulnerability in the DCCP networking code, which could result in denial of service or local privilege escalation. On systems that do not already have the dccp module loaded, this can be mitigated by disabling it:echo >> /etc/modprobe.d/disable-dccp.conf install dccp false
    last seen2020-06-01
    modified2020-06-02
    plugin id97357
    published2017-02-24
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97357
    titleDebian DSA-3791-1 : linux - security update
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-3522.NASL
    descriptionDescription of changes: [2.6.39-400.294.3.el6uek] - dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Andrey Konovalov) [Orabug: 25598277] {CVE-2017-6074}
    last seen2020-06-01
    modified2020-06-02
    plugin id97408
    published2017-02-27
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97408
    titleOracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3522)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0324.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A use-after-free flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id97414
    published2017-02-27
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97414
    titleRHEL 6 : kernel (RHSA-2017:0324)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0045.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Andrey Konovalov) (CVE-2017-6074)
    last seen2020-06-01
    modified2020-06-02
    plugin id97411
    published2017-02-27
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97411
    titleOracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0045)
  • NASL familyMisc.
    NASL idRANCHEROS_0_8_1.NASL
    descriptionThe remote host is running a version of RancherOS that is prior to v0.8.1, hence is vulnerable a to local privilege-escalation vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.
    last seen2020-06-01
    modified2020-06-02
    plugin id132247
    published2019-12-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132247
    titleSecurity Updates for RancherOS Local privilege-escalation
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2017-0323.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A use-after-free flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id101429
    published2017-07-13
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101429
    titleVirtuozzo 7 : kernel / kernel-PAE / kernel-PAE-devel / etc (VZLSA-2017-0323)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3207-1.NASL
    descriptionIt was discovered that a use-after-free vulnerability existed in the block device layer of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2016-7910) Dmitry Vyukov discovered a use-after-free vulnerability in the sys_ioprio_get() function in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2016-7911) Andrey Konovalov discovered a use-after-free vulnerability in the DCCP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2017-6074). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id97320
    published2017-02-22
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97320
    titleUbuntu 14.04 LTS : linux vulnerabilities (USN-3207-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-0323.NASL
    descriptionFrom Red Hat Security Advisory 2017:0323 : An update for kernel is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A use-after-free flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id97405
    published2017-02-27
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97405
    titleOracle Linux 5 : kernel (ELSA-2017-0323)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0316.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A use-after-free flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id97375
    published2017-02-24
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97375
    titleRHEL 6 : kernel (RHSA-2017:0316)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-0293.NASL
    descriptionFrom Red Hat Security Advisory 2017:0293 : An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A use-after-free flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id97345
    published2017-02-23
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97345
    titleOracle Linux 6 : kernel (ELSA-2017-0293)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1360-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.74 to receive various security and bugfixes. Notable new/improved features : - Improved support for Hyper-V - Support for the tcp_westwood TCP scheduling algorithm The following security bugs were fixed : - CVE-2017-8106: The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel allowed privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a single-context INVEPT instruction with a NULL EPT pointer (bsc#1035877). - CVE-2017-6951: The keyring_search_aux function in security/keys/keyring.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the
    last seen2020-06-01
    modified2020-06-02
    plugin id100320
    published2017-05-22
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100320
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:1360-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20170222_KERNEL_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - A use-after-free flaw was found in the way the Linux kernel
    last seen2020-03-18
    modified2017-02-24
    plugin id97377
    published2017-02-24
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97377
    titleScientific Linux Security Update : kernel on SL7.x x86_64 (20170222)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0044.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Andrey Konovalov) [Orabug: 25598257] (CVE-2017-6074)
    last seen2020-06-01
    modified2020-06-02
    plugin id97410
    published2017-02-27
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97410
    titleOracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0044)

Packetstorm

Redhat

advisories
  • bugzilla
    id1423071
    titleCVE-2017-6074 kernel: use after free in dccp protocol
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • commentkernel earlier than 0:2.6.32-642.13.2.el6 is currently running
          ovaloval:com.redhat.rhsa:tst:20170293027
        • commentkernel earlier than 0:2.6.32-642.13.2.el6 is set to boot up on next boot
          ovaloval:com.redhat.rhsa:tst:20170293028
      • OR
        • AND
          • commentkernel-debug-devel is earlier than 0:2.6.32-642.13.2.el6
            ovaloval:com.redhat.rhsa:tst:20170293001
          • commentkernel-debug-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842008
        • AND
          • commentkernel is earlier than 0:2.6.32-642.13.2.el6
            ovaloval:com.redhat.rhsa:tst:20170293003
          • commentkernel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842012
        • AND
          • commentperf is earlier than 0:2.6.32-642.13.2.el6
            ovaloval:com.redhat.rhsa:tst:20170293005
          • commentperf is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842006
        • AND
          • commentkernel-debug is earlier than 0:2.6.32-642.13.2.el6
            ovaloval:com.redhat.rhsa:tst:20170293007
          • commentkernel-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842014
        • AND
          • commentkernel-headers is earlier than 0:2.6.32-642.13.2.el6
            ovaloval:com.redhat.rhsa:tst:20170293009
          • commentkernel-headers is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842010
        • AND
          • commentkernel-devel is earlier than 0:2.6.32-642.13.2.el6
            ovaloval:com.redhat.rhsa:tst:20170293011
          • commentkernel-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842016
        • AND
          • commentkernel-doc is earlier than 0:2.6.32-642.13.2.el6
            ovaloval:com.redhat.rhsa:tst:20170293013
          • commentkernel-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842002
        • AND
          • commentkernel-firmware is earlier than 0:2.6.32-642.13.2.el6
            ovaloval:com.redhat.rhsa:tst:20170293015
          • commentkernel-firmware is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842004
        • AND
          • commentkernel-abi-whitelists is earlier than 0:2.6.32-642.13.2.el6
            ovaloval:com.redhat.rhsa:tst:20170293017
          • commentkernel-abi-whitelists is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20131645022
        • AND
          • commentkernel-bootwrapper is earlier than 0:2.6.32-642.13.2.el6
            ovaloval:com.redhat.rhsa:tst:20170293019
          • commentkernel-bootwrapper is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842018
        • AND
          • commentkernel-kdump-devel is earlier than 0:2.6.32-642.13.2.el6
            ovaloval:com.redhat.rhsa:tst:20170293021
          • commentkernel-kdump-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842022
        • AND
          • commentkernel-kdump is earlier than 0:2.6.32-642.13.2.el6
            ovaloval:com.redhat.rhsa:tst:20170293023
          • commentkernel-kdump is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842020
        • AND
          • commentpython-perf is earlier than 0:2.6.32-642.13.2.el6
            ovaloval:com.redhat.rhsa:tst:20170293025
          • commentpython-perf is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111530024
    rhsa
    idRHSA-2017:0293
    released2017-02-22
    severityImportant
    titleRHSA-2017:0293: kernel security update (Important)
  • bugzilla
    id1423071
    titleCVE-2017-6074 kernel: use after free in dccp protocol
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • commentkernel earlier than 0:3.10.0-514.6.2.el7 is currently running
          ovaloval:com.redhat.rhsa:tst:20170294031
        • commentkernel earlier than 0:3.10.0-514.6.2.el7 is set to boot up on next boot
          ovaloval:com.redhat.rhsa:tst:20170294032
      • OR
        • AND
          • commentkernel-tools-libs-devel is earlier than 0:3.10.0-514.6.2.el7
            ovaloval:com.redhat.rhsa:tst:20170294001
          • commentkernel-tools-libs-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140678022
        • AND
          • commentkernel-doc is earlier than 0:3.10.0-514.6.2.el7
            ovaloval:com.redhat.rhsa:tst:20170294003
          • commentkernel-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842002
        • AND
          • commentkernel-abi-whitelists is earlier than 0:3.10.0-514.6.2.el7
            ovaloval:com.redhat.rhsa:tst:20170294005
          • commentkernel-abi-whitelists is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20131645022
        • AND
          • commentkernel-debug is earlier than 0:3.10.0-514.6.2.el7
            ovaloval:com.redhat.rhsa:tst:20170294007
          • commentkernel-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842014
        • AND
          • commentperf is earlier than 0:3.10.0-514.6.2.el7
            ovaloval:com.redhat.rhsa:tst:20170294009
          • commentperf is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842006
        • AND
          • commentkernel-headers is earlier than 0:3.10.0-514.6.2.el7
            ovaloval:com.redhat.rhsa:tst:20170294011
          • commentkernel-headers is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842010
        • AND
          • commentkernel is earlier than 0:3.10.0-514.6.2.el7
            ovaloval:com.redhat.rhsa:tst:20170294013
          • commentkernel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842012
        • AND
          • commentpython-perf is earlier than 0:3.10.0-514.6.2.el7
            ovaloval:com.redhat.rhsa:tst:20170294015
          • commentpython-perf is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111530024
        • AND
          • commentkernel-debug-devel is earlier than 0:3.10.0-514.6.2.el7
            ovaloval:com.redhat.rhsa:tst:20170294017
          • commentkernel-debug-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842008
        • AND
          • commentkernel-devel is earlier than 0:3.10.0-514.6.2.el7
            ovaloval:com.redhat.rhsa:tst:20170294019
          • commentkernel-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842016
        • AND
          • commentkernel-tools is earlier than 0:3.10.0-514.6.2.el7
            ovaloval:com.redhat.rhsa:tst:20170294021
          • commentkernel-tools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140678012
        • AND
          • commentkernel-tools-libs is earlier than 0:3.10.0-514.6.2.el7
            ovaloval:com.redhat.rhsa:tst:20170294023
          • commentkernel-tools-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140678016
        • AND
          • commentkernel-bootwrapper is earlier than 0:3.10.0-514.6.2.el7
            ovaloval:com.redhat.rhsa:tst:20170294025
          • commentkernel-bootwrapper is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842018
        • AND
          • commentkernel-kdump is earlier than 0:3.10.0-514.6.2.el7
            ovaloval:com.redhat.rhsa:tst:20170294027
          • commentkernel-kdump is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842020
        • AND
          • commentkernel-kdump-devel is earlier than 0:3.10.0-514.6.2.el7
            ovaloval:com.redhat.rhsa:tst:20170294029
          • commentkernel-kdump-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842022
    rhsa
    idRHSA-2017:0294
    released2017-02-22
    severityImportant
    titleRHSA-2017:0294: kernel security update (Important)
  • bugzilla
    id1423071
    titleCVE-2017-6074 kernel: use after free in dccp protocol
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentkernel-rt-doc is earlier than 0:3.10.0-514.6.1.rt56.430.el7
            ovaloval:com.redhat.rhsa:tst:20170295001
          • commentkernel-rt-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727002
        • AND
          • commentkernel-rt-trace-devel is earlier than 0:3.10.0-514.6.1.rt56.430.el7
            ovaloval:com.redhat.rhsa:tst:20170295003
          • commentkernel-rt-trace-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727004
        • AND
          • commentkernel-rt-debug is earlier than 0:3.10.0-514.6.1.rt56.430.el7
            ovaloval:com.redhat.rhsa:tst:20170295005
          • commentkernel-rt-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727014
        • AND
          • commentkernel-rt is earlier than 0:3.10.0-514.6.1.rt56.430.el7
            ovaloval:com.redhat.rhsa:tst:20170295007
          • commentkernel-rt is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727006
        • AND
          • commentkernel-rt-devel is earlier than 0:3.10.0-514.6.1.rt56.430.el7
            ovaloval:com.redhat.rhsa:tst:20170295009
          • commentkernel-rt-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727012
        • AND
          • commentkernel-rt-debug-devel is earlier than 0:3.10.0-514.6.1.rt56.430.el7
            ovaloval:com.redhat.rhsa:tst:20170295011
          • commentkernel-rt-debug-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727010
        • AND
          • commentkernel-rt-trace is earlier than 0:3.10.0-514.6.1.rt56.430.el7
            ovaloval:com.redhat.rhsa:tst:20170295013
          • commentkernel-rt-trace is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727008
        • AND
          • commentkernel-rt-debug-kvm is earlier than 0:3.10.0-514.6.1.rt56.430.el7
            ovaloval:com.redhat.rhsa:tst:20170295015
          • commentkernel-rt-debug-kvm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20160212020
        • AND
          • commentkernel-rt-trace-kvm is earlier than 0:3.10.0-514.6.1.rt56.430.el7
            ovaloval:com.redhat.rhsa:tst:20170295017
          • commentkernel-rt-trace-kvm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20160212016
        • AND
          • commentkernel-rt-kvm is earlier than 0:3.10.0-514.6.1.rt56.430.el7
            ovaloval:com.redhat.rhsa:tst:20170295019
          • commentkernel-rt-kvm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20160212018
    rhsa
    idRHSA-2017:0295
    released2017-02-22
    severityImportant
    titleRHSA-2017:0295: kernel-rt security update (Important)
  • bugzilla
    id1424751
    titleCVE-2017-2634 kernel: dccp: crash while sending ipv6 reset packet
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • commentkernel earlier than 0:2.6.18-419.el5 is currently running
          ovaloval:com.redhat.rhsa:tst:20170323025
        • commentkernel earlier than 0:2.6.18-419.el5 is set to boot up on next boot
          ovaloval:com.redhat.rhsa:tst:20170323026
      • OR
        • AND
          • commentkernel-doc is earlier than 0:2.6.18-419.el5
            ovaloval:com.redhat.rhsa:tst:20170323001
          • commentkernel-doc is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314002
        • AND
          • commentkernel-headers is earlier than 0:2.6.18-419.el5
            ovaloval:com.redhat.rhsa:tst:20170323003
          • commentkernel-headers is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314006
        • AND
          • commentkernel-PAE-devel is earlier than 0:2.6.18-419.el5
            ovaloval:com.redhat.rhsa:tst:20170323005
          • commentkernel-PAE-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314022
        • AND
          • commentkernel-devel is earlier than 0:2.6.18-419.el5
            ovaloval:com.redhat.rhsa:tst:20170323007
          • commentkernel-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314016
        • AND
          • commentkernel-xen is earlier than 0:2.6.18-419.el5
            ovaloval:com.redhat.rhsa:tst:20170323009
          • commentkernel-xen is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314018
        • AND
          • commentkernel-xen-devel is earlier than 0:2.6.18-419.el5
            ovaloval:com.redhat.rhsa:tst:20170323011
          • commentkernel-xen-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314020
        • AND
          • commentkernel is earlier than 0:2.6.18-419.el5
            ovaloval:com.redhat.rhsa:tst:20170323013
          • commentkernel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314008
        • AND
          • commentkernel-debug is earlier than 0:2.6.18-419.el5
            ovaloval:com.redhat.rhsa:tst:20170323015
          • commentkernel-debug is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314014
        • AND
          • commentkernel-PAE is earlier than 0:2.6.18-419.el5
            ovaloval:com.redhat.rhsa:tst:20170323017
          • commentkernel-PAE is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314024
        • AND
          • commentkernel-debug-devel is earlier than 0:2.6.18-419.el5
            ovaloval:com.redhat.rhsa:tst:20170323019
          • commentkernel-debug-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314004
        • AND
          • commentkernel-kdump-devel is earlier than 0:2.6.18-419.el5
            ovaloval:com.redhat.rhsa:tst:20170323021
          • commentkernel-kdump-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314012
        • AND
          • commentkernel-kdump is earlier than 0:2.6.18-419.el5
            ovaloval:com.redhat.rhsa:tst:20170323023
          • commentkernel-kdump is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314010
    rhsa
    idRHSA-2017:0323
    released2017-02-24
    severityImportant
    titleRHSA-2017:0323: kernel security update (Important)
  • rhsa
    idRHSA-2017:0316
  • rhsa
    idRHSA-2017:0324
  • rhsa
    idRHSA-2017:0345
  • rhsa
    idRHSA-2017:0346
  • rhsa
    idRHSA-2017:0347
  • rhsa
    idRHSA-2017:0365
  • rhsa
    idRHSA-2017:0366
  • rhsa
    idRHSA-2017:0403
  • rhsa
    idRHSA-2017:0501
  • rhsa
    idRHSA-2017:0932
  • rhsa
    idRHSA-2017:1209
rpms
  • kernel-0:2.6.32-642.13.2.el6
  • kernel-abi-whitelists-0:2.6.32-642.13.2.el6
  • kernel-bootwrapper-0:2.6.32-642.13.2.el6
  • kernel-debug-0:2.6.32-642.13.2.el6
  • kernel-debug-debuginfo-0:2.6.32-642.13.2.el6
  • kernel-debug-devel-0:2.6.32-642.13.2.el6
  • kernel-debuginfo-0:2.6.32-642.13.2.el6
  • kernel-debuginfo-common-i686-0:2.6.32-642.13.2.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-642.13.2.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-642.13.2.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-642.13.2.el6
  • kernel-devel-0:2.6.32-642.13.2.el6
  • kernel-doc-0:2.6.32-642.13.2.el6
  • kernel-firmware-0:2.6.32-642.13.2.el6
  • kernel-headers-0:2.6.32-642.13.2.el6
  • kernel-kdump-0:2.6.32-642.13.2.el6
  • kernel-kdump-debuginfo-0:2.6.32-642.13.2.el6
  • kernel-kdump-devel-0:2.6.32-642.13.2.el6
  • perf-0:2.6.32-642.13.2.el6
  • perf-debuginfo-0:2.6.32-642.13.2.el6
  • python-perf-0:2.6.32-642.13.2.el6
  • python-perf-debuginfo-0:2.6.32-642.13.2.el6
  • kernel-0:3.10.0-514.6.2.el7
  • kernel-abi-whitelists-0:3.10.0-514.6.2.el7
  • kernel-bootwrapper-0:3.10.0-514.6.2.el7
  • kernel-debug-0:3.10.0-514.6.2.el7
  • kernel-debug-debuginfo-0:3.10.0-514.6.2.el7
  • kernel-debug-devel-0:3.10.0-514.6.2.el7
  • kernel-debuginfo-0:3.10.0-514.6.2.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-514.6.2.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-514.6.2.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-514.6.2.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-514.6.2.el7
  • kernel-devel-0:3.10.0-514.6.2.el7
  • kernel-doc-0:3.10.0-514.6.2.el7
  • kernel-headers-0:3.10.0-514.6.2.el7
  • kernel-kdump-0:3.10.0-514.6.2.el7
  • kernel-kdump-debuginfo-0:3.10.0-514.6.2.el7
  • kernel-kdump-devel-0:3.10.0-514.6.2.el7
  • kernel-tools-0:3.10.0-514.6.2.el7
  • kernel-tools-debuginfo-0:3.10.0-514.6.2.el7
  • kernel-tools-libs-0:3.10.0-514.6.2.el7
  • kernel-tools-libs-devel-0:3.10.0-514.6.2.el7
  • perf-0:3.10.0-514.6.2.el7
  • perf-debuginfo-0:3.10.0-514.6.2.el7
  • python-perf-0:3.10.0-514.6.2.el7
  • python-perf-debuginfo-0:3.10.0-514.6.2.el7
  • kernel-rt-0:3.10.0-514.6.1.rt56.430.el7
  • kernel-rt-debug-0:3.10.0-514.6.1.rt56.430.el7
  • kernel-rt-debug-debuginfo-0:3.10.0-514.6.1.rt56.430.el7
  • kernel-rt-debug-devel-0:3.10.0-514.6.1.rt56.430.el7
  • kernel-rt-debug-kvm-0:3.10.0-514.6.1.rt56.430.el7
  • kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.6.1.rt56.430.el7
  • kernel-rt-debuginfo-0:3.10.0-514.6.1.rt56.430.el7
  • kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.6.1.rt56.430.el7
  • kernel-rt-devel-0:3.10.0-514.6.1.rt56.430.el7
  • kernel-rt-doc-0:3.10.0-514.6.1.rt56.430.el7
  • kernel-rt-kvm-0:3.10.0-514.6.1.rt56.430.el7
  • kernel-rt-kvm-debuginfo-0:3.10.0-514.6.1.rt56.430.el7
  • kernel-rt-trace-0:3.10.0-514.6.1.rt56.430.el7
  • kernel-rt-trace-debuginfo-0:3.10.0-514.6.1.rt56.430.el7
  • kernel-rt-trace-devel-0:3.10.0-514.6.1.rt56.430.el7
  • kernel-rt-trace-kvm-0:3.10.0-514.6.1.rt56.430.el7
  • kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.6.1.rt56.430.el7
  • kernel-0:2.6.32-573.40.1.el6
  • kernel-abi-whitelists-0:2.6.32-573.40.1.el6
  • kernel-bootwrapper-0:2.6.32-573.40.1.el6
  • kernel-debug-0:2.6.32-573.40.1.el6
  • kernel-debug-debuginfo-0:2.6.32-573.40.1.el6
  • kernel-debug-devel-0:2.6.32-573.40.1.el6
  • kernel-debuginfo-0:2.6.32-573.40.1.el6
  • kernel-debuginfo-common-i686-0:2.6.32-573.40.1.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-573.40.1.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-573.40.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-573.40.1.el6
  • kernel-devel-0:2.6.32-573.40.1.el6
  • kernel-doc-0:2.6.32-573.40.1.el6
  • kernel-firmware-0:2.6.32-573.40.1.el6
  • kernel-headers-0:2.6.32-573.40.1.el6
  • kernel-kdump-0:2.6.32-573.40.1.el6
  • kernel-kdump-debuginfo-0:2.6.32-573.40.1.el6
  • kernel-kdump-devel-0:2.6.32-573.40.1.el6
  • perf-0:2.6.32-573.40.1.el6
  • perf-debuginfo-0:2.6.32-573.40.1.el6
  • python-perf-0:2.6.32-573.40.1.el6
  • python-perf-debuginfo-0:2.6.32-573.40.1.el6
  • kernel-0:2.6.18-419.el5
  • kernel-PAE-0:2.6.18-419.el5
  • kernel-PAE-debuginfo-0:2.6.18-419.el5
  • kernel-PAE-devel-0:2.6.18-419.el5
  • kernel-debug-0:2.6.18-419.el5
  • kernel-debug-debuginfo-0:2.6.18-419.el5
  • kernel-debug-devel-0:2.6.18-419.el5
  • kernel-debuginfo-0:2.6.18-419.el5
  • kernel-debuginfo-common-0:2.6.18-419.el5
  • kernel-devel-0:2.6.18-419.el5
  • kernel-doc-0:2.6.18-419.el5
  • kernel-headers-0:2.6.18-419.el5
  • kernel-kdump-0:2.6.18-419.el5
  • kernel-kdump-debuginfo-0:2.6.18-419.el5
  • kernel-kdump-devel-0:2.6.18-419.el5
  • kernel-xen-0:2.6.18-419.el5
  • kernel-xen-debuginfo-0:2.6.18-419.el5
  • kernel-xen-devel-0:2.6.18-419.el5
  • kernel-0:2.6.32-504.57.1.el6
  • kernel-abi-whitelists-0:2.6.32-504.57.1.el6
  • kernel-debug-0:2.6.32-504.57.1.el6
  • kernel-debug-debuginfo-0:2.6.32-504.57.1.el6
  • kernel-debug-devel-0:2.6.32-504.57.1.el6
  • kernel-debuginfo-0:2.6.32-504.57.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-504.57.1.el6
  • kernel-devel-0:2.6.32-504.57.1.el6
  • kernel-doc-0:2.6.32-504.57.1.el6
  • kernel-firmware-0:2.6.32-504.57.1.el6
  • kernel-headers-0:2.6.32-504.57.1.el6
  • perf-0:2.6.32-504.57.1.el6
  • perf-debuginfo-0:2.6.32-504.57.1.el6
  • python-perf-0:2.6.32-504.57.1.el6
  • python-perf-debuginfo-0:2.6.32-504.57.1.el6
  • kernel-0:2.6.32-358.77.1.el6
  • kernel-debug-0:2.6.32-358.77.1.el6
  • kernel-debug-debuginfo-0:2.6.32-358.77.1.el6
  • kernel-debug-devel-0:2.6.32-358.77.1.el6
  • kernel-debuginfo-0:2.6.32-358.77.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-358.77.1.el6
  • kernel-devel-0:2.6.32-358.77.1.el6
  • kernel-doc-0:2.6.32-358.77.1.el6
  • kernel-firmware-0:2.6.32-358.77.1.el6
  • kernel-headers-0:2.6.32-358.77.1.el6
  • perf-0:2.6.32-358.77.1.el6
  • perf-debuginfo-0:2.6.32-358.77.1.el6
  • python-perf-0:2.6.32-358.77.1.el6
  • python-perf-debuginfo-0:2.6.32-358.77.1.el6
  • kernel-0:2.6.18-348.33.1.el5
  • kernel-PAE-0:2.6.18-348.33.1.el5
  • kernel-PAE-debuginfo-0:2.6.18-348.33.1.el5
  • kernel-PAE-devel-0:2.6.18-348.33.1.el5
  • kernel-debug-0:2.6.18-348.33.1.el5
  • kernel-debug-debuginfo-0:2.6.18-348.33.1.el5
  • kernel-debug-devel-0:2.6.18-348.33.1.el5
  • kernel-debuginfo-0:2.6.18-348.33.1.el5
  • kernel-debuginfo-common-0:2.6.18-348.33.1.el5
  • kernel-devel-0:2.6.18-348.33.1.el5
  • kernel-doc-0:2.6.18-348.33.1.el5
  • kernel-headers-0:2.6.18-348.33.1.el5
  • kernel-xen-0:2.6.18-348.33.1.el5
  • kernel-xen-debuginfo-0:2.6.18-348.33.1.el5
  • kernel-xen-devel-0:2.6.18-348.33.1.el5
  • kernel-0:2.6.18-238.58.1.el5
  • kernel-PAE-0:2.6.18-238.58.1.el5
  • kernel-PAE-debuginfo-0:2.6.18-238.58.1.el5
  • kernel-PAE-devel-0:2.6.18-238.58.1.el5
  • kernel-debug-0:2.6.18-238.58.1.el5
  • kernel-debug-debuginfo-0:2.6.18-238.58.1.el5
  • kernel-debug-devel-0:2.6.18-238.58.1.el5
  • kernel-debuginfo-0:2.6.18-238.58.1.el5
  • kernel-debuginfo-common-0:2.6.18-238.58.1.el5
  • kernel-devel-0:2.6.18-238.58.1.el5
  • kernel-doc-0:2.6.18-238.58.1.el5
  • kernel-headers-0:2.6.18-238.58.1.el5
  • kernel-xen-0:2.6.18-238.58.1.el5
  • kernel-xen-debuginfo-0:2.6.18-238.58.1.el5
  • kernel-xen-devel-0:2.6.18-238.58.1.el5
  • kernel-0:2.6.32-220.70.1.el6
  • kernel-debug-0:2.6.32-220.70.1.el6
  • kernel-debug-debuginfo-0:2.6.32-220.70.1.el6
  • kernel-debug-devel-0:2.6.32-220.70.1.el6
  • kernel-debuginfo-0:2.6.32-220.70.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-220.70.1.el6
  • kernel-devel-0:2.6.32-220.70.1.el6
  • kernel-doc-0:2.6.32-220.70.1.el6
  • kernel-firmware-0:2.6.32-220.70.1.el6
  • kernel-headers-0:2.6.32-220.70.1.el6
  • perf-0:2.6.32-220.70.1.el6
  • perf-debuginfo-0:2.6.32-220.70.1.el6
  • python-perf-0:2.6.32-220.70.1.el6
  • python-perf-debuginfo-0:2.6.32-220.70.1.el6
  • kernel-0:2.6.32-431.78.1.el6
  • kernel-abi-whitelists-0:2.6.32-431.78.1.el6
  • kernel-debug-0:2.6.32-431.78.1.el6
  • kernel-debug-debuginfo-0:2.6.32-431.78.1.el6
  • kernel-debug-devel-0:2.6.32-431.78.1.el6
  • kernel-debuginfo-0:2.6.32-431.78.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-431.78.1.el6
  • kernel-devel-0:2.6.32-431.78.1.el6
  • kernel-doc-0:2.6.32-431.78.1.el6
  • kernel-firmware-0:2.6.32-431.78.1.el6
  • kernel-headers-0:2.6.32-431.78.1.el6
  • perf-0:2.6.32-431.78.1.el6
  • perf-debuginfo-0:2.6.32-431.78.1.el6
  • python-perf-0:2.6.32-431.78.1.el6
  • python-perf-debuginfo-0:2.6.32-431.78.1.el6
  • kernel-0:3.10.0-229.49.1.ael7b
  • kernel-0:3.10.0-229.49.1.el7
  • kernel-abi-whitelists-0:3.10.0-229.49.1.ael7b
  • kernel-abi-whitelists-0:3.10.0-229.49.1.el7
  • kernel-bootwrapper-0:3.10.0-229.49.1.ael7b
  • kernel-bootwrapper-0:3.10.0-229.49.1.el7
  • kernel-debug-0:3.10.0-229.49.1.ael7b
  • kernel-debug-0:3.10.0-229.49.1.el7
  • kernel-debug-debuginfo-0:3.10.0-229.49.1.ael7b
  • kernel-debug-debuginfo-0:3.10.0-229.49.1.el7
  • kernel-debug-devel-0:3.10.0-229.49.1.ael7b
  • kernel-debug-devel-0:3.10.0-229.49.1.el7
  • kernel-debuginfo-0:3.10.0-229.49.1.ael7b
  • kernel-debuginfo-0:3.10.0-229.49.1.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-229.49.1.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-229.49.1.ael7b
  • kernel-debuginfo-common-s390x-0:3.10.0-229.49.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-229.49.1.el7
  • kernel-devel-0:3.10.0-229.49.1.ael7b
  • kernel-devel-0:3.10.0-229.49.1.el7
  • kernel-doc-0:3.10.0-229.49.1.ael7b
  • kernel-doc-0:3.10.0-229.49.1.el7
  • kernel-headers-0:3.10.0-229.49.1.ael7b
  • kernel-headers-0:3.10.0-229.49.1.el7
  • kernel-kdump-0:3.10.0-229.49.1.el7
  • kernel-kdump-debuginfo-0:3.10.0-229.49.1.el7
  • kernel-kdump-devel-0:3.10.0-229.49.1.el7
  • kernel-tools-0:3.10.0-229.49.1.ael7b
  • kernel-tools-0:3.10.0-229.49.1.el7
  • kernel-tools-debuginfo-0:3.10.0-229.49.1.ael7b
  • kernel-tools-debuginfo-0:3.10.0-229.49.1.el7
  • kernel-tools-libs-0:3.10.0-229.49.1.ael7b
  • kernel-tools-libs-0:3.10.0-229.49.1.el7
  • kernel-tools-libs-devel-0:3.10.0-229.49.1.ael7b
  • kernel-tools-libs-devel-0:3.10.0-229.49.1.el7
  • perf-0:3.10.0-229.49.1.ael7b
  • perf-0:3.10.0-229.49.1.el7
  • perf-debuginfo-0:3.10.0-229.49.1.ael7b
  • perf-debuginfo-0:3.10.0-229.49.1.el7
  • python-perf-0:3.10.0-229.49.1.ael7b
  • python-perf-0:3.10.0-229.49.1.el7
  • python-perf-debuginfo-0:3.10.0-229.49.1.ael7b
  • python-perf-debuginfo-0:3.10.0-229.49.1.el7
  • kernel-0:3.10.0-327.49.2.el7
  • kernel-abi-whitelists-0:3.10.0-327.49.2.el7
  • kernel-bootwrapper-0:3.10.0-327.49.2.el7
  • kernel-debug-0:3.10.0-327.49.2.el7
  • kernel-debug-debuginfo-0:3.10.0-327.49.2.el7
  • kernel-debug-devel-0:3.10.0-327.49.2.el7
  • kernel-debuginfo-0:3.10.0-327.49.2.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-327.49.2.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-327.49.2.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-327.49.2.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-327.49.2.el7
  • kernel-devel-0:3.10.0-327.49.2.el7
  • kernel-doc-0:3.10.0-327.49.2.el7
  • kernel-headers-0:3.10.0-327.49.2.el7
  • kernel-kdump-0:3.10.0-327.49.2.el7
  • kernel-kdump-debuginfo-0:3.10.0-327.49.2.el7
  • kernel-kdump-devel-0:3.10.0-327.49.2.el7
  • kernel-tools-0:3.10.0-327.49.2.el7
  • kernel-tools-debuginfo-0:3.10.0-327.49.2.el7
  • kernel-tools-libs-0:3.10.0-327.49.2.el7
  • kernel-tools-libs-devel-0:3.10.0-327.49.2.el7
  • perf-0:3.10.0-327.49.2.el7
  • perf-debuginfo-0:3.10.0-327.49.2.el7
  • python-perf-0:3.10.0-327.49.2.el7
  • python-perf-debuginfo-0:3.10.0-327.49.2.el7
  • kernel-rt-1:3.10.0-514.rt56.219.el6rt
  • kernel-rt-debug-1:3.10.0-514.rt56.219.el6rt
  • kernel-rt-debug-debuginfo-1:3.10.0-514.rt56.219.el6rt
  • kernel-rt-debug-devel-1:3.10.0-514.rt56.219.el6rt
  • kernel-rt-debuginfo-1:3.10.0-514.rt56.219.el6rt
  • kernel-rt-debuginfo-common-x86_64-1:3.10.0-514.rt56.219.el6rt
  • kernel-rt-devel-1:3.10.0-514.rt56.219.el6rt
  • kernel-rt-doc-1:3.10.0-514.rt56.219.el6rt
  • kernel-rt-firmware-1:3.10.0-514.rt56.219.el6rt
  • kernel-rt-trace-1:3.10.0-514.rt56.219.el6rt
  • kernel-rt-trace-debuginfo-1:3.10.0-514.rt56.219.el6rt
  • kernel-rt-trace-devel-1:3.10.0-514.rt56.219.el6rt
  • kernel-rt-vanilla-1:3.10.0-514.rt56.219.el6rt
  • kernel-rt-vanilla-debuginfo-1:3.10.0-514.rt56.219.el6rt
  • kernel-rt-vanilla-devel-1:3.10.0-514.rt56.219.el6rt
  • rhev-hypervisor7-0:7.3-20170425.0.el6ev
  • rhev-hypervisor7-0:7.3-20170425.0.el7ev

Seebug

bulletinFamilyexploit
descriptionThis is an announcement about CVE-2017-6074 [1] which is a double-free vulnerability I found in the Linux kernel. It can be exploited to gain kernel code execution from an unprivileged processes. Fixed on Feb 17, 2017: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4 The oldest version that was checked is 2.6.18 (Sep 2006), which is vulnerable. However, the bug was introduced before that, probably in the first release with DCCP support (2.6.14, Oct 2005). The kernel needs to be built with CONFIG_IP_DCCP for the vulnerability to be present. A lot of modern distributions enable this option by default. The bug was found with syzkaller [2]. ### Bug details In the current DCCP implementation an skb for a DCCP_PKT_REQUEST packet is forcibly freed via __kfree_skb in dccp_rcv_state_process if dccp_v6_conn_request successfully returns [3]. However, if IPV6_RECVPKTINFO is set on a socket, the address of the skb is saved to ireq->pktopts and the ref count for skb is incremented in dccp_v6_conn_request [4], so skb is still in use. Nevertheless, it still gets freed in dccp_rcv_state_process. The fix is to call consume_skb, which accounts for skb->users, instead of doing goto discard and therefore calling __kfree_skb. To exploit this double-free, it can be turned into a use-after-free: // The first free: kfree(dccp_skb) // Another object allocated on the same place as dccp_skb: some_object = kmalloc() // The second free, effectively frees some_object kfree(dccp_skb) As this point we have a use-after-free on some_object. An attacker can control what object that would be and overwrite it's content with arbitrary data by using some of the kernel heap spraying techniques. If the overwritten object has any triggerable function pointers, an attacker gets to execute arbitrary code within the kernel. I'll publish an exploit in a few days, giving people time to update. New Ubuntu kernels are out so please update as soon as possible. ### Timeline 2017-02-15: Bug reported to security () kernel org 2017-02-16: Patch submitted to netdev 2017-02-17: Patch committed to mainline kernel 2017-02-18: Notification sent to linux-distros 2017-02-22: Public announcement
idSSV:92700
last seen2017-11-19
modified2017-02-23
published2017-02-23
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-92700
titleLinux kernel DCCP double-free vulnerability(CVE-2017-6074)

The Hacker News

idTHN:11E7CC33794D9968747131F3F0AE8716
last seen2018-01-27
modified2017-02-22
published2017-02-22
reporterSwati Khandelwal
sourcehttps://thehackernews.com/2017/02/linux-kernel-local-root.html
title11-Year Old Linux Kernel Local Privilege Escalation Flaw Discovered