ID CVE-2013-4162
Summary The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function call for pending data, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call.
References
Vulnerable Configurations
  • Linux Kernel 3.9.10
    cpe:2.3:o:linux:linux_kernel:3.9.10
  • Linux Kernel 3.9.6
    cpe:2.3:o:linux:linux_kernel:3.9.6
  • Linux Kernel 3.9.7
    cpe:2.3:o:linux:linux_kernel:3.9.7
  • Linux Kernel 3.9.8
    cpe:2.3:o:linux:linux_kernel:3.9.8
  • Linux Kernel 3.9.9
    cpe:2.3:o:linux:linux_kernel:3.9.9
  • Linux Kernel 3.9.5
    cpe:2.3:o:linux:linux_kernel:3.9.5
  • Linux Kernel 3.9.1
    cpe:2.3:o:linux:linux_kernel:3.9.1
  • Linux Kernel 3.9.2
    cpe:2.3:o:linux:linux_kernel:3.9.2
  • Linux Kernel 3.9.3
    cpe:2.3:o:linux:linux_kernel:3.9.3
  • Linux Kernel 3.9.4
    cpe:2.3:o:linux:linux_kernel:3.9.4
  • Linux Kernel 3.9 release candidate 1
    cpe:2.3:o:linux:linux_kernel:3.9:rc1
  • Linux Kernel 3.9 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.9:rc2
  • Linux Kernel 3.9.0
    cpe:2.3:o:linux:linux_kernel:3.9.0
  • Linux Kernel 3.9 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.9:rc4
  • Linux Kernel 3.9 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.9:rc3
  • Linux Kernel 3.9 release candidate 6
    cpe:2.3:o:linux:linux_kernel:3.9:rc6
  • Linux Kernel 3.9 release candidate 5
    cpe:2.3:o:linux:linux_kernel:3.9:rc5
  • Linux Kernel 3.9 release candidate 7
    cpe:2.3:o:linux:linux_kernel:3.9:rc7
  • Linux Kernel 3.8.1
    cpe:2.3:o:linux:linux_kernel:3.8.1
  • Linux Kernel 3.8.2
    cpe:2.3:o:linux:linux_kernel:3.8.2
  • Linux Kernel 3.8.8
    cpe:2.3:o:linux:linux_kernel:3.8.8
  • Linux Kernel 3.8.5
    cpe:2.3:o:linux:linux_kernel:3.8.5
  • Linux Kernel 3.8.7
    cpe:2.3:o:linux:linux_kernel:3.8.7
  • Linux Kernel 3.8.3
    cpe:2.3:o:linux:linux_kernel:3.8.3
  • Linux Kernel 3.8.6
    cpe:2.3:o:linux:linux_kernel:3.8.6
  • Linux Kernel 3.8.4
    cpe:2.3:o:linux:linux_kernel:3.8.4
  • Linux Kernel 3.8.0
    cpe:2.3:o:linux:linux_kernel:3.8.0
  • Linux Kernel 3.8.13
    cpe:2.3:o:linux:linux_kernel:3.8.13
  • Linux Kernel 3.8.12
    cpe:2.3:o:linux:linux_kernel:3.8.12
  • Linux Kernel 3.8.10
    cpe:2.3:o:linux:linux_kernel:3.8.10
  • Linux Kernel 3.8.9
    cpe:2.3:o:linux:linux_kernel:3.8.9
  • Linux Kernel 3.8.11
    cpe:2.3:o:linux:linux_kernel:3.8.11
  • Linux Kernel 3.7.3
    cpe:2.3:o:linux:linux_kernel:3.7.3
  • Linux Kernel 3.7.2
    cpe:2.3:o:linux:linux_kernel:3.7.2
  • Linux Kernel 3.7.10
    cpe:2.3:o:linux:linux_kernel:3.7.10
  • Linux Kernel 3.7.7
    cpe:2.3:o:linux:linux_kernel:3.7.7
  • Linux Kernel 3.7.8
    cpe:2.3:o:linux:linux_kernel:3.7.8
  • Linux Kernel 3.7.9
    cpe:2.3:o:linux:linux_kernel:3.7.9
  • Linux Kernel 3.7.5
    cpe:2.3:o:linux:linux_kernel:3.7.5
  • Linux Kernel 3.7.6
    cpe:2.3:o:linux:linux_kernel:3.7.6
  • Linux Kernel 3.7.4
    cpe:2.3:o:linux:linux_kernel:3.7.4
  • Linux Kernel 3.7
    cpe:2.3:o:linux:linux_kernel:3.7
  • Linux Kernel 3.7.1
    cpe:2.3:o:linux:linux_kernel:3.7.1
  • Linux Kernel 3.6
    cpe:2.3:o:linux:linux_kernel:3.6
  • Linux Kernel 3.6.11
    cpe:2.3:o:linux:linux_kernel:3.6.11
  • Linux Kernel 3.6.10
    cpe:2.3:o:linux:linux_kernel:3.6.10
  • Linux Kernel 3.6.5
    cpe:2.3:o:linux:linux_kernel:3.6.5
  • Linux Kernel 3.6.4
    cpe:2.3:o:linux:linux_kernel:3.6.4
  • Linux Kernel 3.6.3
    cpe:2.3:o:linux:linux_kernel:3.6.3
  • Linux Kernel 3.6.2
    cpe:2.3:o:linux:linux_kernel:3.6.2
  • Linux Kernel 3.6.9
    cpe:2.3:o:linux:linux_kernel:3.6.9
  • Linux Kernel 3.6.8
    cpe:2.3:o:linux:linux_kernel:3.6.8
  • Linux Kernel 3.6.7
    cpe:2.3:o:linux:linux_kernel:3.6.7
  • Linux Kernel 3.6.6
    cpe:2.3:o:linux:linux_kernel:3.6.6
  • Linux Kernel 3.6.1
    cpe:2.3:o:linux:linux_kernel:3.6.1
  • Linux Kernel 3.5.6
    cpe:2.3:o:linux:linux_kernel:3.5.6
  • Linux Kernel 3.5.4
    cpe:2.3:o:linux:linux_kernel:3.5.4
  • Linux Kernel 3.5.5
    cpe:2.3:o:linux:linux_kernel:3.5.5
  • Linux Kernel 3.5.1
    cpe:2.3:o:linux:linux_kernel:3.5.1
  • Linux Kernel 3.5.2
    cpe:2.3:o:linux:linux_kernel:3.5.2
  • Linux Kernel 3.5.7
    cpe:2.3:o:linux:linux_kernel:3.5.7
  • Linux Kernel 3.5.3
    cpe:2.3:o:linux:linux_kernel:3.5.3
  • Linux Kernel 3.4.13
    cpe:2.3:o:linux:linux_kernel:3.4.13
  • Linux Kernel 3.4.9
    cpe:2.3:o:linux:linux_kernel:3.4.9
  • Linux Kernel 3.4.10
    cpe:2.3:o:linux:linux_kernel:3.4.10
  • Linux Kernel 3.4.11
    cpe:2.3:o:linux:linux_kernel:3.4.11
  • Linux Kernel 3.4.12
    cpe:2.3:o:linux:linux_kernel:3.4.12
  • Linux Kernel 3.4.6
    cpe:2.3:o:linux:linux_kernel:3.4.6
  • Linux Kernel 3.4.7
    cpe:2.3:o:linux:linux_kernel:3.4.7
  • Linux Kernel 3.4.8
    cpe:2.3:o:linux:linux_kernel:3.4.8
  • Linux Kernel 3.4.32
    cpe:2.3:o:linux:linux_kernel:3.4.32
  • Linux Kernel 3.4.5
    cpe:2.3:o:linux:linux_kernel:3.4.5
  • Linux Kernel 3.4.31
    cpe:2.3:o:linux:linux_kernel:3.4.31
  • Linux Kernel 3.4.3
    cpe:2.3:o:linux:linux_kernel:3.4.3
  • Linux Kernel 3.4.30
    cpe:2.3:o:linux:linux_kernel:3.4.30
  • Linux Kernel 3.4.29
    cpe:2.3:o:linux:linux_kernel:3.4.29
  • Linux Kernel 3.4.4
    cpe:2.3:o:linux:linux_kernel:3.4.4
  • Linux Kernel 3.4 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.4:rc2
  • Linux Kernel 3.4 release candidate 1
    cpe:2.3:o:linux:linux_kernel:3.4:rc1
  • Linux Kernel 3.4 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.4:rc4
  • Linux Kernel 3.4 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.4:rc3
  • Linux Kernel 3.4 release candidate 6
    cpe:2.3:o:linux:linux_kernel:3.4:rc6
  • Linux Kernel 3.4 release candidate 5
    cpe:2.3:o:linux:linux_kernel:3.4:rc5
  • Linux Kernel 3.4
    cpe:2.3:o:linux:linux_kernel:3.4
  • Linux Kernel 3.4 release candidate 7
    cpe:2.3:o:linux:linux_kernel:3.4:rc7
  • Linux Kernel 3.4.27
    cpe:2.3:o:linux:linux_kernel:3.4.27
  • Linux Kernel 3.4.28
    cpe:2.3:o:linux:linux_kernel:3.4.28
  • Linux Kernel 3.4.25
    cpe:2.3:o:linux:linux_kernel:3.4.25
  • Linux Kernel 3.4.26
    cpe:2.3:o:linux:linux_kernel:3.4.26
  • Linux Kernel 3.4.2
    cpe:2.3:o:linux:linux_kernel:3.4.2
  • Linux Kernel 3.4.1
    cpe:2.3:o:linux:linux_kernel:3.4.1
  • Linux Kernel 3.4.16
    cpe:2.3:o:linux:linux_kernel:3.4.16
  • Linux Kernel 3.4.17
    cpe:2.3:o:linux:linux_kernel:3.4.17
  • Linux Kernel 3.4.14
    cpe:2.3:o:linux:linux_kernel:3.4.14
  • Linux Kernel 3.4.15
    cpe:2.3:o:linux:linux_kernel:3.4.15
  • Linux Kernel 3.4.20
    cpe:2.3:o:linux:linux_kernel:3.4.20
  • Linux Kernel 3.4.21
    cpe:2.3:o:linux:linux_kernel:3.4.21
  • Linux Kernel 3.4.18
    cpe:2.3:o:linux:linux_kernel:3.4.18
  • Linux Kernel 3.4.19
    cpe:2.3:o:linux:linux_kernel:3.4.19
  • Linux Kernel 3.4.24
    cpe:2.3:o:linux:linux_kernel:3.4.24
  • Linux Kernel 3.4.23
    cpe:2.3:o:linux:linux_kernel:3.4.23
  • Linux Kernel 3.4.22
    cpe:2.3:o:linux:linux_kernel:3.4.22
  • Linux Kernel 3.3 release candidate 7
    cpe:2.3:o:linux:linux_kernel:3.3:rc7
  • Linux Kernel 3.3 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.3:rc4
  • Linux Kernel 3.3 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.3:rc3
  • Linux Kernel 3.3 release candidate 6
    cpe:2.3:o:linux:linux_kernel:3.3:rc6
  • Linux Kernel 3.3 release candidate 5
    cpe:2.3:o:linux:linux_kernel:3.3:rc5
  • Linux Kernel 3.3 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.3:rc2
  • Linux Kernel 3.3 release candidate 1
    cpe:2.3:o:linux:linux_kernel:3.3:rc1
  • Linux Kernel 3.3.5
    cpe:2.3:o:linux:linux_kernel:3.3.5
  • Linux Kernel 3.3.3
    cpe:2.3:o:linux:linux_kernel:3.3.3
  • Linux Kernel 3.3.1
    cpe:2.3:o:linux:linux_kernel:3.3.1
  • Linux Kernel 3.3.2
    cpe:2.3:o:linux:linux_kernel:3.3.2
  • Linux Kernel 3.3.4
    cpe:2.3:o:linux:linux_kernel:3.3.4
  • Linux Kernel 3.3.6
    cpe:2.3:o:linux:linux_kernel:3.3.6
  • Linux Kernel 3.3.7
    cpe:2.3:o:linux:linux_kernel:3.3.7
  • Linux Kernel 3.3
    cpe:2.3:o:linux:linux_kernel:3.3
  • Linux Kernel 3.3.8
    cpe:2.3:o:linux:linux_kernel:3.3.8
  • Linux Kernel 3.2.25
    cpe:2.3:o:linux:linux_kernel:3.2.25
  • Linux Kernel 3.2.1
    cpe:2.3:o:linux:linux_kernel:3.2.1
  • Linux Kernel 3.2.26
    cpe:2.3:o:linux:linux_kernel:3.2.26
  • Linux Kernel 3.2.27
    cpe:2.3:o:linux:linux_kernel:3.2.27
  • Linux Kernel 3.2.28
    cpe:2.3:o:linux:linux_kernel:3.2.28
  • Linux Kernel 3.2.5
    cpe:2.3:o:linux:linux_kernel:3.2.5
  • Linux Kernel 3.2.4
    cpe:2.3:o:linux:linux_kernel:3.2.4
  • Linux Kernel 3.2.3
    cpe:2.3:o:linux:linux_kernel:3.2.3
  • Linux Kernel 3.2.2
    cpe:2.3:o:linux:linux_kernel:3.2.2
  • Linux Kernel 3.2.24
    cpe:2.3:o:linux:linux_kernel:3.2.24
  • Linux Kernel 3.2.23
    cpe:2.3:o:linux:linux_kernel:3.2.23
  • Linux Kernel 3.2.30
    cpe:2.3:o:linux:linux_kernel:3.2.30
  • Linux Kernel 3.2.29
    cpe:2.3:o:linux:linux_kernel:3.2.29
  • Linux Kernel 3.2.22
    cpe:2.3:o:linux:linux_kernel:3.2.22
  • Linux Kernel 3.2.21
    cpe:2.3:o:linux:linux_kernel:3.2.21
  • Linux Kernel 3.2 release candidate 7
    cpe:2.3:o:linux:linux_kernel:3.2:rc7
  • Linux Kernel 3.2 release candidate 6
    cpe:2.3:o:linux:linux_kernel:3.2:rc6
  • Linux Kernel 3.2 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.2:rc3
  • Linux Kernel 3.2 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.2:rc2
  • Linux Kernel 3.2 release candidate 5
    cpe:2.3:o:linux:linux_kernel:3.2:rc5
  • Linux Kernel 3.2 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.2:rc4
  • Linux Kernel 3.2.6
    cpe:2.3:o:linux:linux_kernel:3.2.6
  • Linux Kernel 3.2.7
    cpe:2.3:o:linux:linux_kernel:3.2.7
  • Linux Kernel 3.2.8
    cpe:2.3:o:linux:linux_kernel:3.2.8
  • Linux Kernel 3.2.9
    cpe:2.3:o:linux:linux_kernel:3.2.9
  • Linux Kernel 3.2.10
    cpe:2.3:o:linux:linux_kernel:3.2.10
  • Linux Kernel 3.2.11
    cpe:2.3:o:linux:linux_kernel:3.2.11
  • Linux Kernel 3.2
    cpe:2.3:o:linux:linux_kernel:3.2
  • Linux Kernel 3.2.12
    cpe:2.3:o:linux:linux_kernel:3.2.12
  • Linux Kernel 3.2.13
    cpe:2.3:o:linux:linux_kernel:3.2.13
  • Linux Kernel 3.2.14
    cpe:2.3:o:linux:linux_kernel:3.2.14
  • Linux Kernel 3.2.15
    cpe:2.3:o:linux:linux_kernel:3.2.15
  • Linux Kernel 3.2.16
    cpe:2.3:o:linux:linux_kernel:3.2.16
  • Linux Kernel 3.2.17
    cpe:2.3:o:linux:linux_kernel:3.2.17
  • Linux Kernel 3.2.18
    cpe:2.3:o:linux:linux_kernel:3.2.18
  • Linux Kernel 3.2.19
    cpe:2.3:o:linux:linux_kernel:3.2.19
  • Linux Kernel 3.2.20
    cpe:2.3:o:linux:linux_kernel:3.2.20
  • Linux Kernel 3.1 release candidate 1
    cpe:2.3:o:linux:linux_kernel:3.1:rc1
  • Linux Kernel 3.1 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.1:rc2
  • Linux Kernel 3.1 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.1:rc3
  • Linux Kernel 3.1 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.1:rc4
  • Linux Kernel 3.1
    cpe:2.3:o:linux:linux_kernel:3.1
  • Linux Kernel 3.1.10
    cpe:2.3:o:linux:linux_kernel:3.1.10
  • Linux Kernel 3.1.9
    cpe:2.3:o:linux:linux_kernel:3.1.9
  • Linux Kernel 3.1.8
    cpe:2.3:o:linux:linux_kernel:3.1.8
  • Linux Kernel 3.1.7
    cpe:2.3:o:linux:linux_kernel:3.1.7
  • Linux Kernel 3.1.6
    cpe:2.3:o:linux:linux_kernel:3.1.6
  • Linux Kernel 3.1.5
    cpe:2.3:o:linux:linux_kernel:3.1.5
  • Linux Kernel 3.1.4
    cpe:2.3:o:linux:linux_kernel:3.1.4
  • Linux Kernel 3.1.3
    cpe:2.3:o:linux:linux_kernel:3.1.3
  • Linux Kernel 3.1.2
    cpe:2.3:o:linux:linux_kernel:3.1.2
  • Linux Kernel 3.1.1
    cpe:2.3:o:linux:linux_kernel:3.1.1
  • Linux Kernel 3.0.58
    cpe:2.3:o:linux:linux_kernel:3.0.58
  • Linux Kernel 3.0.59
    cpe:2.3:o:linux:linux_kernel:3.0.59
  • Linux Kernel 3.0.60
    cpe:2.3:o:linux:linux_kernel:3.0.60
  • Linux Kernel 3.0.61
    cpe:2.3:o:linux:linux_kernel:3.0.61
  • Linux Kernel 3.0 release candidate 7
    cpe:2.3:o:linux:linux_kernel:3.0:rc7
  • Linux Kernel 3.0.62
    cpe:2.3:o:linux:linux_kernel:3.0.62
  • Linux Kernel 3.0 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.0:rc4
  • Linux Kernel 3.0.63
    cpe:2.3:o:linux:linux_kernel:3.0.63
  • Linux Kernel 3.0 release candidate 5
    cpe:2.3:o:linux:linux_kernel:3.0:rc5
  • Linux Kernel 3.0.64
    cpe:2.3:o:linux:linux_kernel:3.0.64
  • Linux Kernel 3.0 release candidate 6
    cpe:2.3:o:linux:linux_kernel:3.0:rc6
  • Linux Kernel 3.0.65
    cpe:2.3:o:linux:linux_kernel:3.0.65
  • Linux Kernel 3.0.50
    cpe:2.3:o:linux:linux_kernel:3.0.50
  • Linux Kernel 3.0 release candidate 1
    cpe:2.3:o:linux:linux_kernel:3.0:rc1
  • Linux Kernel 3.0.51
    cpe:2.3:o:linux:linux_kernel:3.0.51
  • Linux Kernel 3.0 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.0:rc2
  • Linux Kernel 3.0.52
    cpe:2.3:o:linux:linux_kernel:3.0.52
  • Linux Kernel 3.0 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.0:rc3
  • Linux Kernel 3.0.53
    cpe:2.3:o:linux:linux_kernel:3.0.53
  • Linux Kernel 3.0.54
    cpe:2.3:o:linux:linux_kernel:3.0.54
  • Linux Kernel 3.0.55
    cpe:2.3:o:linux:linux_kernel:3.0.55
  • Linux Kernel 3.0.56
    cpe:2.3:o:linux:linux_kernel:3.0.56
  • Linux Kernel 3.0.57
    cpe:2.3:o:linux:linux_kernel:3.0.57
  • Linux Kernel 3.0.45
    cpe:2.3:o:linux:linux_kernel:3.0.45
  • Linux Kernel 3.0.43
    cpe:2.3:o:linux:linux_kernel:3.0.43
  • Linux Kernel 3.0.44
    cpe:2.3:o:linux:linux_kernel:3.0.44
  • Linux Kernel 3.0.47
    cpe:2.3:o:linux:linux_kernel:3.0.47
  • Linux Kernel 3.0.46
    cpe:2.3:o:linux:linux_kernel:3.0.46
  • Linux Kernel 3.0.49
    cpe:2.3:o:linux:linux_kernel:3.0.49
  • Linux Kernel 3.0.48
    cpe:2.3:o:linux:linux_kernel:3.0.48
  • Linux Kernel 3.0.37
    cpe:2.3:o:linux:linux_kernel:3.0.37
  • Linux Kernel 3.0.38
    cpe:2.3:o:linux:linux_kernel:3.0.38
  • Linux Kernel 3.0.35
    cpe:2.3:o:linux:linux_kernel:3.0.35
  • Linux Kernel 3.0.36
    cpe:2.3:o:linux:linux_kernel:3.0.36
  • Linux Kernel 3.0.41
    cpe:2.3:o:linux:linux_kernel:3.0.41
  • Linux Kernel 3.0.42
    cpe:2.3:o:linux:linux_kernel:3.0.42
  • Linux Kernel 3.0.39
    cpe:2.3:o:linux:linux_kernel:3.0.39
  • Linux Kernel 3.0.40
    cpe:2.3:o:linux:linux_kernel:3.0.40
  • Linux Kernel 3.0.24
    cpe:2.3:o:linux:linux_kernel:3.0.24
  • Linux Kernel 3.0.22
    cpe:2.3:o:linux:linux_kernel:3.0.22
  • Linux Kernel 3.0.23
    cpe:2.3:o:linux:linux_kernel:3.0.23
  • Linux Kernel 3.0.20
    cpe:2.3:o:linux:linux_kernel:3.0.20
  • Linux Kernel 3.0.21
    cpe:2.3:o:linux:linux_kernel:3.0.21
  • Linux Kernel 3.0.18
    cpe:2.3:o:linux:linux_kernel:3.0.18
  • Linux Kernel 3.0.19
    cpe:2.3:o:linux:linux_kernel:3.0.19
  • Linux Kernel 3.0.16
    cpe:2.3:o:linux:linux_kernel:3.0.16
  • Linux Kernel 3.0.17
    cpe:2.3:o:linux:linux_kernel:3.0.17
  • Linux Kernel 3.0.14
    cpe:2.3:o:linux:linux_kernel:3.0.14
  • Linux Kernel 3.0.15
    cpe:2.3:o:linux:linux_kernel:3.0.15
  • Linux Kernel 3.0.12
    cpe:2.3:o:linux:linux_kernel:3.0.12
  • Linux Kernel 3.0.13
    cpe:2.3:o:linux:linux_kernel:3.0.13
  • Linux Kernel 3.0.10
    cpe:2.3:o:linux:linux_kernel:3.0.10
  • Linux Kernel 3.0.11
    cpe:2.3:o:linux:linux_kernel:3.0.11
  • Linux Kernel 3.0.27
    cpe:2.3:o:linux:linux_kernel:3.0.27
  • Linux Kernel 3.0.26
    cpe:2.3:o:linux:linux_kernel:3.0.26
  • Linux Kernel 3.0.25
    cpe:2.3:o:linux:linux_kernel:3.0.25
  • Linux Kernel 3.0.4
    cpe:2.3:o:linux:linux_kernel:3.0.4
  • Linux Kernel 3.0.3
    cpe:2.3:o:linux:linux_kernel:3.0.3
  • Linux Kernel 3.0.2
    cpe:2.3:o:linux:linux_kernel:3.0.2
  • Linux Kernel 3.0.1
    cpe:2.3:o:linux:linux_kernel:3.0.1
  • Linux Kernel 3.0.34
    cpe:2.3:o:linux:linux_kernel:3.0.34
  • Linux Kernel 3.0.5
    cpe:2.3:o:linux:linux_kernel:3.0.5
  • Linux Kernel 3.0.32
    cpe:2.3:o:linux:linux_kernel:3.0.32
  • Linux Kernel 3.0.33
    cpe:2.3:o:linux:linux_kernel:3.0.33
  • Linux Kernel 3.0.7
    cpe:2.3:o:linux:linux_kernel:3.0.7
  • Linux Kernel 3.0.30
    cpe:2.3:o:linux:linux_kernel:3.0.30
  • Linux Kernel 3.0.6
    cpe:2.3:o:linux:linux_kernel:3.0.6
  • Linux Kernel 3.0.31
    cpe:2.3:o:linux:linux_kernel:3.0.31
  • Linux Kernel 3.0.9
    cpe:2.3:o:linux:linux_kernel:3.0.9
  • Linux Kernel 3.0.28
    cpe:2.3:o:linux:linux_kernel:3.0.28
  • Linux Kernel 3.0.8
    cpe:2.3:o:linux:linux_kernel:3.0.8
  • Linux Kernel 3.0.29
    cpe:2.3:o:linux:linux_kernel:3.0.29
  • Linux Kernel 3.0.68
    cpe:2.3:o:linux:linux_kernel:3.0.68
  • Linux Kernel 3.0.67
    cpe:2.3:o:linux:linux_kernel:3.0.67
  • Linux Kernel 3.0.66
    cpe:2.3:o:linux:linux_kernel:3.0.66
  • Linux Kernel 3.10.1
    cpe:2.3:o:linux:linux_kernel:3.10.1
  • Linux Kernel 3.10.2
    cpe:2.3:o:linux:linux_kernel:3.10.2
  • Linux Kernel 3.10.3
    cpe:2.3:o:linux:linux_kernel:3.10.3
CVSS
Base: 4.7 (as of 29-07-2013 - 13:08)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1460.NASL
    description An updated rhev-hypervisor6 package that fixes one security issue and various bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization Hypervisor through the 3.2 Manager administration portal, the Host may appear with the status of 'Install Failed'. If this happens, place the host into maintenance mode, then activate it again to get the host back to an 'Up' state A stack-based buffer overflow flaw was found in the way the reds_handle_ticket() function in the spice-server library handled decryption of ticket data provided by the client. A remote attacker able to initiate a SPICE connection to the guest could use this flaw to crash the guest. (CVE-2013-4282) This issue was discovered by Tomas Jamrisko of Red Hat. This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2013-4162 and CVE-2013-4299 (kernel issues) CVE-2013-4296 and CVE-2013-4311 (libvirt issues) CVE-2013-4288 (polkit issue) This update also contains the fixes from the following advisories : * vdsm: https://rhn.redhat.com/errata/RHBA-2013-1462.html * ovirt-node: https://rhn.redhat.com/errata/RHBA-2013-1461.html Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which corrects these issues.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 78977
    published 2014-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78977
    title RHEL 6 : rhev-hypervisor6 (RHSA-2013:1460)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2906.NASL
    description Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-0343 George Kargiotakis reported an issue in the temporary address handling of the IPv6 privacy extensions. Users on the same LAN can cause a denial of service or obtain access to sensitive information by sending router advertisement messages that cause temporary address generation to be disabled. - CVE-2013-2147 Dan Carpenter reported issues in the cpqarray driver for Compaq Smart2 Controllers and the cciss driver for HP Smart Array controllers allowing users to gain access to sensitive kernel memory. - CVE-2013-2889 Kees Cook discovered missing input sanitization in the HID driver for Zeroplus game pads that could lead to a local denial of service. - CVE-2013-2893 Kees Cook discovered that missing input sanitization in the HID driver for various Logitech force feedback devices could lead to a local denial of service. - CVE-2013-2929 Vasily Kulikov discovered that a flaw in the get_dumpable() function of the ptrace subsytsem could lead to information disclosure. Only systems with the fs.suid_dumpable sysctl set to a non-default value of '2' are vulnerable. - CVE-2013-4162 Hannes Frederic Sowa discovered that incorrect handling of IPv6 sockets using the UDP_CORK option could result in denial of service. - CVE-2013-4299 Fujitsu reported an issue in the device-mapper subsystem. Local users could gain access to sensitive kernel memory. - CVE-2013-4345 Stephan Mueller found in bug in the ANSI pseudo random number generator which could lead to the use of less entropy than expected. - CVE-2013-4512 Nico Golde and Fabian Yamaguchi reported an issue in the user mode linux port. A buffer overflow condition exists in the write method for the /proc/exitcode file. Local users with sufficient privileges allowing them to write to this file could gain further elevated privileges. - CVE-2013-4587 Andrew Honig of Google reported an issue in the KVM virtualization subsystem. A local user could gain elevated privileges by passing a large vcpu_id parameter. - CVE-2013-6367 Andrew Honig of Google reported an issue in the KVM virtualization subsystem. A divide-by-zero condition could allow a guest user to cause a denial of service on the host (crash). - CVE-2013-6380 Mahesh Rajashekhara reported an issue in the aacraid driver for storage products from various vendors. Local users with CAP_SYS_ADMIN privileges could gain further elevated privileges. - CVE-2013-6381 Nico Golde and Fabian Yamaguchi reported an issue in the Gigabit Ethernet device support for s390 systems. Local users could cause a denial of service or gain elevated privileges via the SIOC_QETH_ADP_SET_SNMP_CONTROL ioctl. - CVE-2013-6382 Nico Golde and Fabian Yamaguchi reported an issue in the XFS filesystem. Local users with CAP_SYS_ADMIN privileges could gain further elevated privileges. - CVE-2013-6383 Dan Carpenter reported an issue in the aacraid driver for storage devices from various vendors. A local user could gain elevated privileges due to a missing privilege level check in the aac_compat_ioctl function. - CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 mpb reported an information leak in the recvfrom, recvmmsg and recvmsg system calls. A local user could obtain access to sensitive kernel memory. - CVE-2013-7339 Sasha Levin reported an issue in the RDS network protocol over Infiniband. A local user could cause a denial of service condition. - CVE-2014-0101 Nokia Siemens Networks reported an issue in the SCTP network protocol subsystem. Remote users could cause a denial of service (NULL pointer dereference). - CVE-2014-1444 Salva Peiro reported an issue in the FarSync WAN driver. Local users with the CAP_NET_ADMIN capability could gain access to sensitive kernel memory. - CVE-2014-1445 Salva Peiro reported an issue in the wanXL serial card driver. Local users could gain access to sensitive kernel memory. - CVE-2014-1446 Salva Peiro reported an issue in the YAM radio modem driver. Local users with the CAP_NET_ADMIN capability could gain access to sensitive kernel memory. - CVE-2014-1874 Matthew Thode reported an issue in the SELinux subsystem. A local user with CAP_MAC_ADMIN privileges could cause a denial of service by setting an empty security context on a file. - CVE-2014-2039 Martin Schwidefsky reported an issue on s390 systems. A local user could cause a denial of service (kernel oops) by executing an application with a linkage stack instruction. - CVE-2014-2523 Daniel Borkmann provided a fix for an issue in the nf_conntrack_dccp module. Remote users could cause a denial of service (system crash) or potentially gain elevated privileges.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 73713
    published 2014-04-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73713
    title Debian DSA-2906-1 : linux-2.6 - privilege escalation/denial of service/information leak
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-1292-1.NASL
    description From Red Hat Security Advisory 2013:1292 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A use-after-free flaw was found in the madvise() system call implementation in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2012-3511, Moderate) * A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled IPv6 sockets that used the UDP_CORK option. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2013-4162, Moderate) * An information leak flaw in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space. (CVE-2013-2141, Low) Red Hat would like to thank Hannes Frederic Sowa for reporting CVE-2013-4162. This update also fixes the following bugs : * A bug in the be2net driver prevented communication between NICs using be2net. This update applies a patch addressing this problem along with several other upstream patches that fix various other problems. Traffic between NICs using the be2net driver now proceeds as expected. (BZ#983864) * A recent patch fixing a problem that prevented communication between NICs using the be2net driver caused the firmware of NICs to become unresponsive, and thus triggered a kernel panic. The problem was caused by unnecessary usage of a hardware workaround that allows skipping VLAN tag insertion. A patch has been applied and the workaround is now used only when the multi-channel configuration is enabled on the NIC. Note that the bug only affected the NICs with firmware version 4.2.xxxx. (BZ#999819) * A bug in the autofs4 mount expiration code could cause the autofs4 module to falsely report a busy tree of NFS mounts as 'not in use'. Consequently, automount attempted to unmount the tree and failed with a 'failed to umount offset' error, leaving the mount tree to appear as empty directories. A patch has been applied to remove an incorrectly used autofs dentry mount check and the aforementioned problem no longer occurs. (BZ#1001488) * A race condition in the be_open function in the be2net driver could trigger the BUG_ON() macro, which resulted in a kernel panic. A patch addressing this problem has been applied and the race condition is now avoided by enabling polling before enabling interrupts globally. The kernel no longer panics in this situation. (BZ#1005239) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 70186
    published 2013-09-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70186
    title Oracle Linux 5 : kernel (ELSA-2013-1292-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2014-0536-1.NASL
    description The SUSE Linux Enterprise Server 10 Service Pack 4 LTSS kernel has been updated to fix various security issues and several bugs. The following security issues have been addressed : CVE-2011-2492: The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c. (bnc#702014) CVE-2011-2494: kernel/taskstats.c in the Linux kernel before 3.1 allows local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another user's password. (bnc#703156) CVE-2012-6537: net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. (bnc#809889) CVE-2012-6539: The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809891) CVE-2012-6540: The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 3.6 does not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809892) CVE-2012-6541: The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809893) CVE-2012-6542: The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument. (bnc#809894) CVE-2012-6544: The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation. (bnc#809898) CVE-2012-6545: The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application. (bnc#809899) CVE-2012-6546: The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809900) CVE-2012-6547: The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809901) CVE-2012-6549: The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. (bnc#809903) CVE-2013-0343: The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information, via ICMPv6 Router Advertisement (RA) messages. (bnc#805226) CVE-2013-0914: The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call. (bnc#808827) CVE-2013-1827: net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsockopt call. (bnc#811354) CVE-2013-2141: The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call. (bnc#823267) CVE-2013-2164: The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. (bnc#824295) CVE-2013-2206: The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic. (bnc#826102) CVE-2013-2232: The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface. (bnc#827750) CVE-2013-2234: The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket. (bnc#827749) CVE-2013-2237: The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket. (bnc#828119) CVE-2013-2888: Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID. (bnc#835839) CVE-2013-2893: The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c. (bnc#835839) CVE-2013-2897: Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device. (bnc#835839) CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3223: The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3224: The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3228: The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3229: The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3231: The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3232: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3234: The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3235: net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-4162: The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function call for pending data, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call. (bnc#831058) CVE-2013-4387: net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not properly determine the need for UDP Fragmentation Offload (UFO) processing of small packets after the UFO queueing of a large packet, which allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via network traffic that triggers a large response packet. (bnc#843430) CVE-2013-4470: The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c. (bnc#847672) CVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321) CVE-2013-4588: Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2.6.33, when CONFIG_IP_VS is used, allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability for (1) a getsockopt system call, related to the do_ip_vs_get_ctl function, or (2) a setsockopt system call, related to the do_ip_vs_set_ctl function. (bnc#851095) CVE-2013-6383: The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558) CVE-2014-1444: The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call. (bnc#858869) CVE-2014-1445: The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call. (bnc#858870) CVE-2014-1446: The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call. (bnc#858872) Also the following non-security bugs have been fixed : - kernel: Remove newline from execve audit log (bnc#827855). - kernel: sclp console hangs (bnc#830344, LTC#95711). - kernel: fix flush_tlb_kernel_range (bnc#825052, LTC#94745). kernel: lost IPIs on CPU hotplug (bnc#825052, LTC#94784). sctp: deal with multiple COOKIE_ECHO chunks (bnc#826102). - net: Uninline kfree_skb and allow NULL argument (bnc#853501). - netback: don't disconnect frontend when seeing oversize packet. netfront: reduce gso_max_size to account for max TCP header. fs/dcache: Avoid race in d_splice_alias and vfs_rmdir (bnc#845028). - fs/proc: proc_task_lookup() fix memory pinning (bnc#827362 bnc#849765). - blkdev_max_block: make private to fs/buffer.c (bnc#820338). - vfs: avoid 'attempt to access beyond end of device' warnings (bnc#820338). - vfs: fix O_DIRECT read past end of block device (bnc#820338). - cifs: don't use CIFSGetSrvInodeNumber in is_path_accessible (bnc#832603). - xfs: Fix kABI breakage caused by AIL list transformation (bnc#806219). - xfs: Replace custom AIL linked-list code with struct list_head (bnc#806219). - reiserfs: fix problems with chowning setuid file w/ xattrs (bnc#790920). - reiserfs: fix spurious multiple-fill in reiserfs_readdir_dentry (bnc#822722). jbd: Fix forever sleeping process in do_get_write_access() (bnc#827983). HID: check for NULL field when setting values (bnc#835839). - HID: provide a helper for validating hid reports (bnc#835839). - bcm43xx: netlink deadlock fix (bnc#850241). - bnx2: Close device if tx_timeout reset fails (bnc#857597). - xfrm: invalidate dst on policy insertion/deletion (bnc#842239). - xfrm: prevent ipcomp scratch buffer race condition (bnc#842239). - lpfc: Update to 8.2.0.106 (bnc#798050). - Make lpfc task management timeout configurable (bnc#798050). - dpt_i2o: Remove DPTI_STATE_IOCTL (bnc#798050). - dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset (bnc#798050). - advansys: Remove 'last_reset' references (bnc#798050). - tmscsim: Move 'last_reset' into host structure (bnc#798050). dc395: Move 'last_reset' into internal host structure (bnc#798050). scsi: remove check for 'resetting' (bnc#798050). - scsi: Allow error handling timeout to be specified (bnc#798050). - scsi: Eliminate error handler overload of the SCSI serial number (bnc#798050). - scsi: Reduce sequential pointer derefs in scsi_error.c and reduce size as well (bnc#798050). - scsi: Reduce error recovery time by reducing use of TURs (bnc#798050). - scsi: fix eh wakeup (scsi_schedule_eh vs scsi_restart_operations) - scsi: cleanup setting task state in scsi_error_handler() (bnc#798050). - scsi: Add 'eh_deadline' to limit SCSI EH runtime (bnc#798050). - scsi: Fixup compilation warning (bnc#798050). - scsi: fc class: fix scanning when devs are offline (bnc#798050). - scsi: Warn on invalid command completion (bnc#798050). - scsi: Retry failfast commands after EH (bnc#798050). - scsi: kABI fixes (bnc#798050). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-03
    plugin id 83618
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83618
    title SUSE SLES10 Security Update : kernel (SUSE-SU-2014:0536-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-1292.NASL
    description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A use-after-free flaw was found in the madvise() system call implementation in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2012-3511, Moderate) * A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled IPv6 sockets that used the UDP_CORK option. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2013-4162, Moderate) * An information leak flaw in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space. (CVE-2013-2141, Low) Red Hat would like to thank Hannes Frederic Sowa for reporting CVE-2013-4162. This update also fixes the following bugs : * A bug in the be2net driver prevented communication between NICs using be2net. This update applies a patch addressing this problem along with several other upstream patches that fix various other problems. Traffic between NICs using the be2net driver now proceeds as expected. (BZ#983864) * A recent patch fixing a problem that prevented communication between NICs using the be2net driver caused the firmware of NICs to become unresponsive, and thus triggered a kernel panic. The problem was caused by unnecessary usage of a hardware workaround that allows skipping VLAN tag insertion. A patch has been applied and the workaround is now used only when the multi-channel configuration is enabled on the NIC. Note that the bug only affected the NICs with firmware version 4.2.xxxx. (BZ#999819) * A bug in the autofs4 mount expiration code could cause the autofs4 module to falsely report a busy tree of NFS mounts as 'not in use'. Consequently, automount attempted to unmount the tree and failed with a 'failed to umount offset' error, leaving the mount tree to appear as empty directories. A patch has been applied to remove an incorrectly used autofs dentry mount check and the aforementioned problem no longer occurs. (BZ#1001488) * A race condition in the be_open function in the be2net driver could trigger the BUG_ON() macro, which resulted in a kernel panic. A patch addressing this problem has been applied and the race condition is now avoided by enabling polling before enabling interrupts globally. The kernel no longer panics in this situation. (BZ#1005239) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 70179
    published 2013-09-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70179
    title CentOS 5 : kernel (CESA-2013:1292)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1939-1.NASL
    description Vasily Kulikov discovered a flaw in the Linux Kernel's perf tool that allows for privilege escalation. A local user could exploit this flaw to run commands as root when using the perf tool. (CVE-2013-1060) Michael S. Tsirkin discovered a flaw in how the Linux kernel's KVM subsystem allocates memory slots for the guest's address space. A local user could exploit this flaw to gain system privileges or obtain sensitive information from kernel memory. (CVE-2013-1943) A flaw was discovered in the SCTP (stream control transfer protocol) network protocol's handling of duplicate cookies in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (system crash) on another remote user querying the SCTP connection. (CVE-2013-2206) Hannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option in the Linux kernel's IPv6 stack. A local user could exploit this flaw to cause a denial of service (system crash). (CVE-2013-4162). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 69807
    published 2013-09-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69807
    title Ubuntu 10.04 LTS : linux vulnerabilities (USN-1939-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-1034.NASL
    description The Linux Kernel was updated to fix various security issues and bugs. - sctp: Use correct sideffect command in duplicate cookie handling (bnc#826102, CVE-2013-2206). - Drivers: hv: util: Fix a bug in util version negotiation code (bnc#838346). - vmxnet3: prevent div-by-zero panic when ring resizing uninitialized dev (bnc#833321). - md/raid1,5,10: Disable WRITE SAME until a recovery strategy is in place (bnc#813889). - netback: don't disconnect frontend when seeing oversize packet (bnc#823342). - netfront: reduce gso_max_size to account for max TCP header. - netfront: fix kABI after 'reduce gso_max_size to account for max TCP header'. - backends: Check for insane amounts of requests on the ring. - Refresh other Xen patches (bnc#804198, bnc#814211, bnc#826374). - Fix TLB gather virtual address range invalidation corner cases (TLB gather memory corruption). - mm: fix the TLB range flushed when __tlb_remove_page() runs out of slots (TLB gather memory corruption). - bnx2x: protect different statistics flows (bnc#814336). - Drivers: hv: util: Fix a bug in version negotiation code for util services (bnc#828714). - kabi/severities: Ignore changes in drivers/hv - e1000e: workaround DMA unit hang on I218 (bnc#834647). - e1000e: unexpected 'Reset adapter' message when cable pulled (bnc#834647). - e1000e: 82577: workaround for link drop issue (bnc#834647). - e1000e: helper functions for accessing EMI registers (bnc#834647). - atl1c: Fix misuse of netdev_alloc_skb in refilling rx ring (bnc#812116). - reiserfs: Fixed double unlock in reiserfs_setattr failure path. - reiserfs: locking, release lock around quota operations (bnc#815320). - reiserfs: locking, handle nested locks properly (bnc#815320). - reiserfs: locking, push write lock out of xattr code (bnc#815320). - af_key: fix info leaks in notify messages (bnc#827749 CVE-2013-2234). - af_key: initialize satype in key_notify_policy_flush() (bnc#828119 CVE-2013-2237). - kernel/signal.c: stop info leak via the tkill and the tgkill syscalls (bnc#823267 CVE-2013-2141). - b43: stop format string leaking into error msgs (bnc#822579 CVE-2013-2852). - net: fix incorrect credentials passing (bnc#816708 CVE-2013-1979). - tipc: fix info leaks via msg_name in recv_msg/recv_stream (bnc#816668 CVE-2013-3235). - rose: fix info leak via msg_name in rose_recvmsg() (bnc#816668 CVE-2013-3234). - NFC: llcp: fix info leaks via msg_name in llcp_sock_recvmsg() (bnc#816668 CVE-2013-3233). - netrom: fix info leak via msg_name in nr_recvmsg() (bnc#816668 CVE-2013-3232). - llc: Fix missing msg_namelen update in llc_ui_recvmsg() (bnc#816668 CVE-2013-3231). - l2tp: fix info leak in l2tp_ip6_recvmsg() (bnc#816668 CVE-2013-3230). - iucv: Fix missing msg_namelen update in iucv_sock_recvmsg() (bnc#816668 CVE-2013-3229). - irda: Fix missing msg_namelen update in irda_recvmsg_dgram() (bnc#816668 CVE-2013-3228). - caif: Fix missing msg_namelen update in caif_seqpkt_recvmsg() (bnc#816668 CVE-2013-3227). - Bluetooth: RFCOMM - Fix missing msg_namelen update in rfcomm_sock_recvmsg() (bnc#816668 CVE-2013-3226). - Bluetooth: fix possible info leak in bt_sock_recvmsg() (bnc#816668 CVE-2013-3224). - ax25: fix info leak via msg_name in ax25_recvmsg() (bnc#816668 CVE-2013-3223). - atm: update msg_namelen in vcc_recvmsg() (bnc#816668 CVE-2013-3222). - ipv6: call udp_push_pending_frames when uncorking a socket with (bnc#831058, CVE-2013-4162). - tracing: Fix possible NULL pointer dereferences (bnc#815256 CVE-2013-3301). - tg3: fix length overflow in VPD firmware parsing (bnc#813733 CVE-2013-1929). - dcbnl: fix various netlink info leaks (bnc#810473 CVE-2013-2634). - rtnl: fix info leak on RTM_GETLINK request for VF devices (bnc#810473 CVE-2013-2635). - crypto: user - fix info leaks in report API (bnc#809906 CVE-2013-2546 CVE-2013-2547 CVE-2013-2548). - kernel/signal.c: use __ARCH_HAS_SA_RESTORER instead of SA_RESTORER (bnc#808827 CVE-2013-0914). - signal: always clear sa_restorer on execve (bnc#808827 CVE-2013-0914). - signal: Define __ARCH_HAS_SA_RESTORER so we know whether to clear sa_restorer (bnc#808827 CVE-2013-0914). - ipv6: ip6_sk_dst_check() must not assume ipv6 dst (bnc#827750, CVE-2013-2232). - xfs: fix _xfs_buf_find oops on blocks beyond the filesystem end (CVE-2013-1819 bnc#807471). - blk: avoid divide-by-zero with zero discard granularity (bnc#832615). - dlm: check the write size from user (bnc#831956). - drm/i915: Serialize almost all register access (bnc#823633). - drm/i915: initialize gt_lock early with other spin locks (bnc#801341). - drm/i915: fix up gt init sequence fallout (bnc#801341). - drm/nouveau/hwmon: s/fan0/fan1/. - Drivers: hv: balloon: Do not post pressure status if interrupted (bnc#829539). - drm/i915: Clear FORCEWAKE when taking over from BIOS (bnc#801341). - drm/i915: Apply alignment restrictions on scanout surfaces for VT-d (bnc#818561). - fs/notify/inode_mark.c: make fsnotify_find_inode_mark_locked() static (bnc#807188). - fsnotify: change locking order (bnc#807188). - fsnotify: dont put marks on temporary list when clearing marks by group (bnc#807188). - fsnotify: introduce locked versions of fsnotify_add_mark() and fsnotify_remove_mark() (bnc#807188). - fsnotify: pass group to fsnotify_destroy_mark() (bnc#807188). - fsnotify: use a mutex instead of a spinlock to protect a groups mark list (bnc#807188). - fanotify: add an extra flag to mark_remove_from_mask that indicates wheather a mark should be destroyed (bnc#807188). - fsnotify: take groups mark_lock before mark lock (bnc#807188). - fsnotify: use reference counting for groups (bnc#807188). - fsnotify: introduce fsnotify_get_group() (bnc#807188). - inotify, fanotify: replace fsnotify_put_group() with fsnotify_destroy_group() (bnc#807188). - drm/i915: fix long-standing SNB regression in power consumption after resume v2 (bnc#801341). - drm/nouveau: use vmalloc for pgt allocation (bnc#802347). - USB: xhci: correctly enable interrupts (bnc#828191). - drm/i915: Resurrect ring kicking for semaphores, selectively (bnc#823633,bnc#799516). - ALSA: usb-audio: Fix invalid volume resolution for Logitech HD Webcam c310 (bnc#821735). - ALSA: usb-audio - Fix invalid volume resolution on Logitech HD webcam c270 (bnc#821735). - config: sync up config options added with btrfs update - xfs: xfs: fallback to vmalloc for large buffers in xfs_compat_attrlist_by_handle (bnc#818053 bnc#807153). - xfs: fallback to vmalloc for large buffers in xfs_attrlist_by_handle (bnc#818053 bnc#807153). - btrfs: update to v3.10. - block: Add bio_end_sector(). - block: Use bio_sectors() more consistently. - btrfs: handle lookup errors after subvol/snapshot creation. - btrfs: add new ioctl to determine size of compressed file (FATE#306586). - btrfs: reduce btrfs_path size (FATE#306586). - btrfs: simplify move_pages and copy_pages (FATE#306586). - Prefix mount messages with btrfs: for clarity (FATE#306586). - Btrfs: forced readonly when free_log_tree fails (FATE#306586). - Btrfs: forced readonly when orphan_del fails (FATE#306586). - btrfs: abort unlink trans in missed error case. - btrfs: access superblock via pagecache in scan_one_device. - Btrfs: account for orphan inodes properly during cleanup. - Btrfs: add a comment for fs_info->max_inline. - Btrfs: add a incompatible format change for smaller metadata extent refs. - Btrfs: Add a new ioctl to get the label of a mounted file system. - Btrfs: add a plugging callback to raid56 writes. - Btrfs: add a rb_tree to improve performance of ulist search. - Btrfs: Add a stripe cache to raid56. - Btrfs: Add ACCESS_ONCE() to transaction->abort accesses. - Btrfs: add all ioctl checks before user change for quota operations. - Btrfs: add btrfs_scratch_superblock() function. - btrfs: add cancellation points to defrag. - Btrfs: add code to scrub to copy read data to another disk. - btrfs: add debug check for extent_io range alignment. - Btrfs: add fiemap's flag check. - Btrfs: add ioctl to wait for qgroup rescan completion. - btrfs: add missing break in btrfs_print_leaf(). - Btrfs: add new sources for device replace code. - btrfs: add 'no file data' flag to btrfs send ioctl. - Btrfs: add orphan before truncating pagecache. - Btrfs: add path->really_keep_locks. - btrfs: add prefix to sanity tests messages. - Btrfs: add rw argument to merge_bio_hook(). - Btrfs: add some free space cache tests. - Btrfs: add some missing iput()'s in btrfs_orphan_cleanup. - Btrfs: add support for device replace ioctls. - Btrfs: add tree block level sanity check. - Btrfs: add two more find_device() methods. - Btrfs: allocate new chunks if the space is not enough for global rsv. - Btrfs: allow file data clone within a file. - Btrfs: allow for selecting only completely empty chunks. - Btrfs: allow omitting stream header and end-cmd for btrfs send. - Btrfs: allow repair code to include target disk when searching mirrors. - Btrfs: allow running defrag in parallel to administrative tasks. - Btrfs: allow superblock mismatch from older mkfs. - btrfs: annotate intentional switch case fallthroughs. - btrfs: annotate quota tree for lockdep. - Btrfs: automatic rescan after 'quota enable' command. - Btrfs: avoid deadlock on transaction waiting list. - Btrfs: avoid double free of fs_info->qgroup_ulist. - Btrfs: avoid risk of a deadlock in btrfs_handle_error. - Btrfs: bring back balance pause/resume logic. - Btrfs: build up error handling for merge_reloc_roots. - Btrfs: change core code of btrfs to support the device replace operations. - Btrfs: changes to live filesystem are also written to replacement disk. - Btrfs: Check CAP_DAC_READ_SEARCH for BTRFS_IOC_INO_PATHS. - Btrfs: check for actual acls rather than just xattrs when caching no acl. - Btrfs: check for NULL pointer in updating reloc roots. - Btrfs: check if leaf's parent exists before pushing items around. - Btrfs: check if we can nocow if we don't have data space. - Btrfs: check return value of commit when recovering log. - Btrfs: check the return value of btrfs_run_ordered_operations(). - Btrfs: check the return value of btrfs_start_delalloc_inodes(). - btrfs: clean snapshots one by one. - btrfs: clean up transaction abort messages. - Btrfs: cleanup backref search commit root flag stuff. - Btrfs: cleanup, btrfs_read_fs_root_no_name() doesn't return NULL. - Btrfs: cleanup destroy_marked_extents. - Btrfs: cleanup: don't check the same thing twice. - Btrfs: cleanup duplicated division functions. - Btrfs: cleanup for btrfs_btree_balance_dirty. - Btrfs: cleanup for btrfs_wait_order_range. - btrfs: cleanup for open-coded alignment. - Btrfs: cleanup fs roots if we fail to mount. - Btrfs: cleanup of function where btrfs_extend_item() is called. - Btrfs: cleanup of function where fixup_low_keys() is called. - Btrfs: cleanup orphan reservation if truncate fails. - Btrfs: cleanup orphaned root orphan item. - Btrfs: cleanup redundant code in btrfs_submit_direct(). - Btrfs: cleanup scrub bio and worker wait code. - Btrfs: cleanup similar code in delayed inode. - btrfs: Cleanup some redundant codes in btrfs_log_inode(). - btrfs: Cleanup some redundant codes in btrfs_lookup_csums_range(). - Btrfs: cleanup the code of copy_nocow_pages_for_inode(). - Btrfs: cleanup the similar code of the fs root read. - Btrfs: cleanup to make the function btrfs_delalloc_reserve_metadata more logic. - Btrfs: cleanup to remove reduplicate code in transaction.c. - Btrfs: cleanup unnecessary assignment when cleaning up all the residual transaction. - Btrfs: cleanup unnecessary clear when freeing a transaction or a trans handle. - Btrfs: cleanup unused arguments. - Btrfs: cleanup unused arguments in send.c. - Btrfs: cleanup unused arguments of btrfs_csum_data. - Btrfs: cleanup unused function. - Btrfs: clear received_uuid field for new writable snapshots. - Btrfs: Cocci spatch 'memdup.spatch'. - Btrfs: Cocci spatch 'ptr_ret.spatch'. - Btrfs: compare relevant parts of delayed tree refs. - Btrfs: copy everything if we've created an inline extent. - btrfs: cover more error codes in btrfs_decode_error. - Btrfs: creating the subvolume qgroup automatically when enabling quota. - Btrfs: deal with bad mappings in btrfs_map_block. - Btrfs: deal with errors in write_dev_supers. - Btrfs: deal with free space cache errors while replaying log. - btrfs: define BTRFS_MAGIC as a u64 value. - Btrfs: delete inline extents when we find them during logging. - Btrfs: delete unused function. - Btrfs: delete unused parameter to btrfs_read_root_item(). - btrfs: deprecate subvolrootid mount option. - btrfs: device delete to get errors from the kernel. - Btrfs: disable qgroup id 0. - Btrfs: disallow mutually exclusive admin operations from user mode. - Btrfs: disallow some operations on the device replace target device. - btrfs: do away with non-whole_page extent I/O. - Btrfs: do delay iput in sync_fs. - Btrfs: do not allow logged extents to be merged or removed. - Btrfs: do not BUG_ON in prepare_to_reloc. - Btrfs: do not BUG_ON on aborted situation. - Btrfs: do not call file_update_time in aio_write. - Btrfs: do not change inode flags in rename. - Btrfs: do not continue if out of memory happens. - Btrfs: do not delete a subvolume which is in a R/O subvolume. - Btrfs: do not log extents when we only log new names. - Btrfs: do not mark ems as prealloc if we are writing to them. - Btrfs: do not merge logged extents if we've removed them from the tree. - Btrfs: do not overcommit if we don't have enough space for global rsv. - Btrfs: do not pin while under spin lock. - Btrfs: do not warn_on io_ctl->cur in io_ctl_map_page. - Btrfs: don't abort the current transaction if there is no enough space for inode cache. - Btrfs: don't add a NULL extended attribute. - Btrfs: don't allow degraded mount if too many devices are missing. - Btrfs: don't allow device replace on RAID5/RAID6. - Btrfs: don't auto defrag a file when doing directIO. - Btrfs: don't bother copying if we're only logging the inode. - Btrfs: don't BUG_ON() in btrfs_num_copies. - Btrfs: don't call btrfs_qgroup_free if just btrfs_qgroup_reserve fails. - Btrfs: don't call readahead hook until we have read the entire eb. - Btrfs: don't delete fs_roots until after we cleanup the transaction. - Btrfs: don't drop path when printing out tree errors in scrub. - Btrfs: don't flush the delalloc inodes in the while loop if flushoncommit is set. - Btrfs: don't force pages under writeback to finish when aborting. - Btrfs: don't invoke btrfs_invalidate_inodes() in the spin lock context. - Btrfs: don't memset new tokens. - Btrfs: don't NULL pointer deref on abort. - Btrfs: don't panic if we're trying to drop too many refs. - Btrfs: don't re-enter when allocating a chunk. - Btrfs: don't start a new transaction when starting sync. - Btrfs: don't steal the reserved space from the global reserve if their space type is different. - btrfs: don't stop searching after encountering the wrong item. - Btrfs: don't take inode delalloc mutex if we're a free space inode. - Btrfs: don't traverse the ordered operation list repeatedly. - Btrfs: Don't trust the superblock label and simply printk('%s') it. - Btrfs: don't try and free ebs twice in log replay. - btrfs: don't try to notify udev about missing devices. - Btrfs: don't use global block reservation for inode cache truncation. - Btrfs: don't wait for all the writers circularly during the transaction commit. - Btrfs: don't wait on ordered extents if we have a trans open. - Btrfs: dont do log_removal in insert_new_root. - btrfs: Drop inode if inode root is NULL. - Btrfs: eliminate a use-after-free in btrfs_balance(). - Btrfs: enforce min_bytes parameter during extent allocation. - Btrfs: enhance btrfs structures for device replace support. - btrfs: enhance superblock checks. - btrfs: ensure we don't overrun devices_info in __btrfs_alloc_chunk. - Btrfs: exclude logged extents before replying when we are mixed. - Btrfs: explicitly use global_block_rsv for quota_tree. - Btrfs: extend the checksum item as much as possible. - btrfs: fall back to global reservation when removing subvolumes. - Btrfs: fill the global reserve when unpinning space. - Btrfs: fix a bug of per-file nocow. - Btrfs: fix a bug when llseek for delalloc bytes behind prealloc extents. - Btrfs: fix a build warning for an unused label. - Btrfs: fix a deadlock in aborting transaction due to ENOSPC. - Btrfs: fix a double free on pending snapshots in error handling. - Btrfs: fix a mismerge in btrfs_balance(). - Btrfs: fix a regression in balance usage filter. - Btrfs: fix a scrub regression in case of write errors. - Btrfs: fix a warning when disabling quota. - Btrfs: fix a warning when updating qgroup limit. - Btrfs: fix accessing a freed tree root. - Btrfs: fix accessing the root pointer in tree mod log functions. - Btrfs: fix all callers of read_tree_block. - Btrfs: fix an while-loop of listxattr. - Btrfs: fix autodefrag and umount lockup. - Btrfs: fix backref walking race with tree deletions. - Btrfs: fix bad extent logging. - Btrfs: fix broken nocow after balance. - btrfs: fix btrfs_cont_expand() freeing IS_ERR em. - btrfs: fix btrfs_extend_item() comment. - Btrfs: fix BUG() in scrub when first superblock reading gives EIO. - Btrfs: fix check on same raid type flag twice. - Btrfs: fix chunk allocation error handling. - Btrfs: fix cleaner thread not working with inode cache option. - Btrfs: fix cluster alignment for mount -o ssd. - btrfs: fix comment typos. - Btrfs: fix confusing edquot happening case. - Btrfs: fix crash in log replay with qgroups enabled. - Btrfs: fix crash regarding to ulist_add_merge. - Btrfs: fix deadlock due to unsubmitted. - Btrfs: fix double free in the btrfs_qgroup_account_ref(). - Btrfs: fix double free in the iterate_extent_inodes(). - Btrfs: fix EDQUOT handling in btrfs_delalloc_reserve_metadata. - Btrfs: fix EIO from btrfs send in is_extent_unchanged for punched holes. - Btrfs: fix error handling in btrfs_ioctl_send(). - Btrfs: fix error handling in make/read block group. - Btrfs: fix estale with btrfs send. - Btrfs: fix extent logging with O_DIRECT into prealloc. - Btrfs: fix freeing delayed ref head while still holding its mutex. - Btrfs: fix freeze vs auto defrag. - Btrfs: fix hash overflow handling. - Btrfs: fix how we discard outstanding ordered extents on abort. - Btrfs: fix infinite loop when we abort on mount. - Btrfs: fix joining the same transaction handler more than 2 times. - Btrfs: fix lockdep warning. - Btrfs: fix locking on ROOT_REPLACE operations in tree mod log. - Btrfs: fix lots of orphan inodes when the space is not enough. - Btrfs: fix max chunk size on raid5/6. - Btrfs: fix memory leak in btrfs_create_tree(). - Btrfs: fix memory leak in name_cache_insert(). - Btrfs: fix memory leak of log roots. - Btrfs: fix memory leak of pending_snapshot->inherit. - Btrfs: fix memory patcher through fs_info->qgroup_ulist. - btrfs: fix minor typo in comment. - btrfs: fix misleading variable name for flags. - Btrfs: fix missed transaction->aborted check. - Btrfs: fix missing check about ulist_add() in qgroup.c. - Btrfs: fix missing check before creating a qgroup relation. - Btrfs: fix missing check before disabling quota. - Btrfs: fix missing check in the btrfs_qgroup_inherit(). - Btrfs: fix missing deleted items in btrfs_clean_quota_tree. - Btrfs: fix missing flush when committing a transaction. - Btrfs: fix missing i_size update. - Btrfs: fix missing log when BTRFS_INODE_NEEDS_FULL_SYNC is set. - Btrfs: fix missing qgroup reservation before fallocating. - Btrfs: fix missing release of qgroup reservation in commit_transaction(). - Btrfs: fix missing release of the space/qgroup reservation in start_transaction(). - Btrfs: fix missing reserved space release in error path of delalloc reservation. - Btrfs: fix missing write access release in btrfs_ioctl_resize(). - Btrfs: fix 'mutually exclusive op is running' error code. - Btrfs: fix not being able to find skinny extents during relocate. - Btrfs: fix NULL pointer after aborting a transaction. - Btrfs: fix off-by-one error of the reserved size of btrfs_allocate(). - Btrfs: fix off-by-one error of the same page check in btrfs_punch_hole(). - Btrfs: fix off-by-one in fiemap. - Btrfs: fix off-by-one in lseek. - Btrfs: fix oops when recovering the file data by scrub function. - Btrfs: fix panic when recovering tree log. - Btrfs: fix permissions of empty files not affected by umask. - Btrfs: fix permissions of empty files not affected by umask. - Btrfs: fix possible infinite loop in slow caching. - Btrfs: fix possible memory leak in replace_path(). - Btrfs: fix possible memory leak in the find_parent_nodes(). - Btrfs: fix possible stale data exposure. - Btrfs: Fix printk and variable name. - Btrfs: fix qgroup rescan resume on mount. - Btrfs: fix race between mmap writes and compression. - Btrfs: fix race between snapshot deletion and getting inode. - Btrfs: fix race in check-integrity caused by usage of bitfield. - Btrfs: fix reada debug code compilation. - Btrfs: fix remount vs autodefrag. - Btrfs: fix repeated delalloc work allocation. - Btrfs: fix resize a readonly device. - Btrfs: fix several potential problems in copy_nocow_pages_for_inode. - Btrfs: fix space accounting for unlink and rename. - Btrfs: fix space leak when we fail to reserve metadata space. - btrfs: fix the code comments for LZO compression workspace. - Btrfs: fix the comment typo for btrfs_attach_transaction_barrier. - Btrfs: fix the deadlock between the transaction start/attach and commit. - Btrfs: fix the page that is beyond EOF. - Btrfs: fix the qgroup reserved space is released prematurely. - Btrfs: fix the race between bio and btrfs_stop_workers. - Btrfs: fix transaction throttling for delayed refs. - Btrfs: fix tree mod log regression on root split operations. - Btrfs: fix trivial error in btrfs_ioctl_resize(). - Btrfs: Fix typo in fs/btrfs. - Btrfs: fix unblocked autodefraggers when remount. - Btrfs: fix unclosed transaction handler when the async transaction commitment fails. - Btrfs: fix uncompleted transaction. - Btrfs: fix unlock after free on rewinded tree blocks. - Btrfs: fix unlock order in btrfs_ioctl_resize. - Btrfs: fix unlock order in btrfs_ioctl_rm_dev. - Btrfs: fix unnecessary while loop when search the free space, cache. - Btrfs: fix unprotected defragable inode insertion. - Btrfs: fix unprotected extent map operation when logging file extents. - Btrfs: fix unprotected root node of the subvolume's inode rb-tree. - Btrfs: fix use-after-free bug during umount. - btrfs: fix varargs in __btrfs_std_error. - Btrfs: fix warning of free_extent_map. - Btrfs: fix warning when creating snapshots. - Btrfs: fix wrong comment in can_overcommit(). - Btrfs: fix wrong file extent length. - Btrfs: fix wrong handle at error path of create_snapshot() when the commit fails. - Btrfs: fix wrong max device number for single profile. - Btrfs: fix wrong mirror number tuning. - Btrfs: fix wrong outstanding_extents when doing DIO write. - Btrfs: fix wrong reservation of csums. - Btrfs: fix wrong reserved space in qgroup during snap/subv creation. - Btrfs: fix wrong reserved space when deleting a snapshot/subvolume. - Btrfs: fix wrong return value of btrfs_lookup_csum(). - Btrfs: fix wrong return value of btrfs_truncate_page(). - Btrfs: fix wrong return value of btrfs_wait_for_commit(). - Btrfs: fix wrong sync_writers decrement in btrfs_file_aio_write(). - btrfs: fixup/remove module.h usage as required. - Btrfs: flush all dirty inodes if writeback can not start. - Btrfs: free all recorded tree blocks on error. - Btrfs: free csums when we're done scrubbing an extent. - Btrfs: get better concurrency for snapshot-aware defrag work. - Btrfs: get right arguments for btrfs_wait_ordered_range. - btrfs: get the device in write mode when deleting it. - Btrfs: get write access for qgroup operations. - Btrfs: get write access for scrub. - Btrfs: get write access when doing resize fs. - Btrfs: get write access when removing a device. - Btrfs: get write access when setting the default subvolume. - Btrfs: handle a bogus chunk tree nicely. - Btrfs: handle errors from btrfs_map_bio() everywhere. - Btrfs: handle errors in compression submission path. - btrfs: handle errors returned from get_tree_block_key. - btrfs: handle null fs_info in btrfs_panic(). - Btrfs: handle running extent ops with skinny metadata. - Btrfs: hold the ordered operations mutex when waiting on ordered extents. - Btrfs: hold the tree mod lock in __tree_mod_log_rewind. - Btrfs: if we aren't committing just end the transaction if we error out. - btrfs: ignore device open failures in __btrfs_open_devices. - Btrfs: ignore orphan qgroup relations. - Btrfs: implement unlocked dio write. - Btrfs: improve the delayed inode throttling. - Btrfs: improve the loop of scrub_stripe. - Btrfs: improve the noflush reservation. - Btrfs: improve the performance of the csums lookup. - Btrfs: in scrub repair code, optimize the reading of mirrors. - Btrfs: in scrub repair code, simplify alloc error handling. - Btrfs: Include the device in most error printk()s. - Btrfs: increase BTRFS_MAX_MIRRORS by one for dev replace. - btrfs: Init io_lock after cloning btrfs device struct. - Btrfs: init relocate extent_io_tree with a mapping. - Btrfs: inline csums if we're fsyncing. - Btrfs: introduce a btrfs_dev_replace_item type. - Btrfs: introduce a mutex lock for btrfs quota operations. - Btrfs: introduce GET_READ_MIRRORS functionality for btrfs_map_block(). - Btrfs: introduce grab/put functions for the root of the fs/file tree. - Btrfs: introduce per-subvolume delalloc inode list. - Btrfs: introduce per-subvolume ordered extent list. - Btrfs: introduce qgroup_ulist to avoid frequently allocating/freeing ulist. - Btrfs: just flush the delalloc inodes in the source tree before snapshot creation. - Btrfs: keep track of the extents original block length. - Btrfs: kill replicate code in replay_one_buffer. - Btrfs: kill some BUG_ONs() in the find_parent_nodes(). - Btrfs: kill unnecessary arguments in del_ptr. - Btrfs: kill unused argument of btrfs_pin_extent_for_log_replay. - Btrfs: kill unused argument of update_block_group. - Btrfs: kill unused arguments of cache_block_group. - Btrfs: let allocation start from the right raid type. - btrfs: limit fallocate extent reservation to 256MB. - Btrfs: limit the global reserve to 512mb. - btrfs: list_entry can't return NULL. - Btrfs: log changed inodes based on the extent map tree. - Btrfs: log ram bytes properly. - Btrfs: make __merge_refs() return type be void. - Btrfs: make backref walking code handle skinny metadata. - Btrfs: make delalloc inodes be flushed by multi-task. - Btrfs: make delayed ref lock logic more readable. - Btrfs: make ordered extent be flushed by multi-task. - Btrfs: make ordered operations be handled by multi-task. - btrfs: make orphan cleanup less verbose. - Btrfs: make raid attr array more readable. - btrfs: make static code static & remove dead code. - btrfs: make subvol creation/deletion killable in the early stages. - Btrfs: make sure nbytes are right after log replay. - Btrfs: make sure NODATACOW also gets NODATASUM set. - Btrfs: make sure roots are assigned before freeing their nodes. - Btrfs: make the chunk allocator completely tree lockless. - Btrfs: make the cleaner complete early when the fs is going to be umounted. - Btrfs: make the scrub page array dynamically allocated. - Btrfs: make the snap/subv deletion end more early when the fs is R/O. - Btrfs: make the state of the transaction more readable. - Btrfs: merge inode_list in __merge_refs. - Btrfs: merge pending IO for tree log write back. - btrfs: merge save_error_info helpers into one. - Btrfs: MOD_LOG_KEY_REMOVE_WHILE_MOVING never change node's nritems. - btrfs: more open-coded file_inode(). - Btrfs: move btrfs_truncate_page to btrfs_cont_expand instead of btrfs_truncate. - Btrfs: move checks in set_page_dirty under DEBUG. - Btrfs: move d_instantiate outside the transaction during mksubvol. - Btrfs: move fs/btrfs/ioctl.h to include/uapi/linux/btrfs.h. - btrfs: move ifdef around sanity checks out of init_btrfs_fs. - btrfs: move leak debug code to functions. - Btrfs: move some common code into a subfunction. - Btrfs: move the R/O check out of btrfs_clean_one_deleted_snapshot(). - btrfs: Notify udev when removing device. - Btrfs: only clear dirty on the buffer if it is marked as dirty. - Btrfs: only do the tree_mod_log_free_eb if this is our last ref. - Btrfs: only exclude supers in the range of our block group. - Btrfs: only log the inode item if we can get away with it. - Btrfs: only unlock and relock if we have to. - Btrfs: optimize leaf_space_used. - Btrfs: optimize read_block_for_search. - Btrfs: optimize reada_for_balance. - Btrfs: optimize the error handle of use_block_rsv(). - Btrfs: optionally avoid reads from device replace source drive. - Btrfs: pass fs_info instead of root. - Btrfs: pass fs_info to btrfs_map_block() instead of mapping_tree. - Btrfs: Pass fs_info to btrfs_num_copies() instead of mapping_tree. - Btrfs: pass NULL instead of 0. - Btrfs: pass root object into btrfs_ioctl_{start, wait}_sync(). - Btrfs: pause the space balance when remounting to R/O. - Btrfs: place ordered operations on a per transaction list. - Btrfs: prevent qgroup destroy when there are still relations. - Btrfs: protect devices list with its mutex. - Btrfs: protect fs_info->alloc_start. - Btrfs: punch hole past the end of the file. - Btrfs: put csums on the right ordered extent. - Btrfs: put our inode if orphan cleanup fails. - Btrfs: put raid properties into global table. - btrfs: put some enospc messages under enospc_debug. - Btrfs: RAID5 and RAID6. - btrfs/raid56: Add missing #include . - btrfs: read entire device info under lock. - Btrfs: recheck bio against block device when we map the bio. - Btrfs: record first logical byte in memory. - Btrfs: reduce CPU contention while waiting for delayed extent operations. - Btrfs: reduce lock contention on extent buffer locks. - Btrfs: refactor error handling to drop inode in btrfs_create(). - Btrfs: relax the block group size limit for bitmaps. - btrfs: remove a printk from scan_one_device. - Btrfs: remove almost all of the BUG()'s from tree-log.c. - Btrfs: remove btrfs_sector_sum structure. - Btrfs: remove btrfs_try_spin_lock. - Btrfs: remove BUG_ON() in btrfs_read_fs_tree_no_radix(). - btrfs: remove cache only arguments from defrag path. - Btrfs: remove conflicting check for minimum number of devices in raid56. - Btrfs: remove deprecated comments. - Btrfs: remove extent mapping if we fail to add chunk. - Btrfs: remove reduplicate check about root in the function btrfs_clean_quota_tree. - Btrfs: remove some BUG_ONs() when walking backref tree. - Btrfs: remove some unnecessary spin_lock usages. - Btrfs: remove the block device pointer from the scrub context struct. - Btrfs: remove the code for the impossible case in cleanup_transaction(). - Btrfs: Remove the invalid shrink size check up from btrfs_shrink_dev(). - Btrfs: remove the time check in btrfs_commit_transaction(). - btrfs: remove unnecessary cur_trans set before goto loop in join_transaction. - btrfs: remove unnecessary DEFINE_WAIT() declarations. - Btrfs: remove unnecessary dget_parent/dput when creating the pending snapshot. - Btrfs: remove unnecessary ->s_umount in cleaner_kthread(). - Btrfs: remove unnecessary varient ->num_joined in btrfs_transaction structure. - Btrfs: remove unused argument of btrfs_extend_item(). - Btrfs: remove unused argument of fixup_low_keys(). - Btrfs: remove unused code in btrfs_del_root. - Btrfs: remove unused extent io tree ops V2. - btrfs: remove unused fd in btrfs_ioctl_send(). - btrfs: remove unused fs_info from btrfs_decode_error(). - btrfs: remove unused gfp mask parameter from release_extent_buffer callchain. - btrfs: remove unused 'item' in btrfs_insert_delayed_item(). - Btrfs: remove unused variable in __process_changed_new_xattr(). - Btrfs: remove unused variable in the iterate_extent_inodes(). - Btrfs: remove useless copy in quota_ctl. - Btrfs: remove warn on in free space cache writeout. - Btrfs: rename root_times_lock to root_item_lock. - Btrfs: rename the scrub context structure. - Btrfs: reorder locks and sanity checks in btrfs_ioctl_defrag. - Btrfs: reorder tree mod log operations in deleting a pointer. - Btrfs: rescan for qgroups. - Btrfs: reset path lock state to zero. - Btrfs: restructure btrfs_run_defrag_inodes(). - Btrfs: return as soon as possible when edquot happens. - Btrfs: return EIO if we have extent tree corruption. - Btrfs: return ENOMEM rather than use BUG_ON when btrfs_alloc_path fails. - Btrfs: return errno if possible when we fail to allocate memory. - Btrfs: return error code in btrfs_check_trunc_cache_free_space(). - Btrfs: return error when we specify wrong start to defrag. - Btrfs: return free space in cow error path. - Btrfs: rework the overcommit logic to be based on the total size. - Btrfs: save us a read_lock. - Btrfs: select XOR_BLOCKS in Kconfig. - Btrfs: separate sequence numbers for delayed ref tracking and tree mod log. - Btrfs: serialize unlocked dio reads with truncate. - Btrfs: set/change the label of a mounted file system. - Btrfs: set flushing if we're limited flushing. - Btrfs: set hole punching time properly. - Btrfs: set UUID in root_item for created trees. - Btrfs: share stop worker code. - btrfs: show compiled-in config features at module load time. - Btrfs: simplify unlink reservations. - Btrfs: skip adding an acl attribute if we don't have to. - Btrfs: snapshot-aware defrag. - Btrfs: split btrfs_qgroup_account_ref into four functions. - Btrfs: steal from global reserve if we are cleaning up orphans. - Btrfs: stop all workers before cleaning up roots. - Btrfs: stop using try_to_writeback_inodes_sb_nr to flush delalloc. - Btrfs: stop waiting on current trans if we aborted. - Btrfs: traverse and flush the delalloc inodes once. - btrfs: try harder to allocate raid56 stripe cache. - Btrfs: unlock extent range on enospc in compressed submit. - btrfs: unpin_extent_cache: fix the typo and unnecessary arguements. - Btrfs: unreserve space if our ordered extent fails to work. - btrfs: update kconfig title. - Btrfs: update the global reserve if it is empty. - btrfs: update timestamps on truncate(). - Btrfs: update to use fs_state bit. - Btrfs: use a btrfs bioset instead of abusing bio internals. - Btrfs: use a lock to protect incompat/compat flag of the super block. - Btrfs: use a percpu to keep track of possibly pinned bytes. - Btrfs: use bit operation for ->fs_state. - Btrfs: use common work instead of delayed work. - Btrfs: use ctl->unit for free space calculation instead of block_group->sectorsize. - Btrfs: use existing align macros in btrfs_allocate(). - Btrfs: use helper to cleanup tree roots. - btrfs: use only inline_pages from extent buffer. - Btrfs: use percpu counter for dirty metadata count. - Btrfs: use percpu counter for fs_info->delalloc_bytes. - btrfs: use rcu_barrier() to wait for bdev puts at unmount. - Btrfs: use REQ_META for all metadata IO. - Btrfs: use reserved space for creating a snapshot. - Btrfs: use right range to find checksum for compressed extents. - Btrfs: use seqlock to protect fs_info->avail_{data, metadata, system}_alloc_bits. - Btrfs: use set_nlink if our i_nlink is 0. - Btrfs: use slabs for auto defrag allocation. - Btrfs: use slabs for delayed reference allocation. - Btrfs: use the inode own lock to protect its delalloc_bytes. - Btrfs: use token to avoid times mapping extent buffer. - Btrfs: use tokens where we can in the tree log. - Btrfs: use tree_root to avoid edquot when disabling quota. - btrfs: use unsigned long type for extent state bits. - Btrfs: use wrapper page_offset. - Btrfs: various abort cleanups. - Btrfs: wait on ordered extents at the last possible moment. - Btrfs: wait ordered range before doing direct io. - Btrfs: wake up delayed ref flushing waiters on abort. - clear chunk_alloc flag on retryable failure. - Correct allowed raid levels on balance. - Fix misspellings of 'whether' in comments. - fs/btrfs: drop if around WARN_ON. - fs/btrfs: remove depends on CONFIG_EXPERIMENTAL. - fs/btrfs: use WARN. - Minor format cleanup. - new helper: file_inode(file). - Revert 'Btrfs: fix permissions of empty files not affected by umask'. - Revert 'Btrfs: MOD_LOG_KEY_REMOVE_WHILE_MOVING never change node's nritems'. - Revert 'Btrfs: reorder tree mod log operations in deleting a pointer'. - treewide: Fix typo in printk. - writeback: remove nr_pages_dirtied arg from balance_dirty_pages_ratelimited_nr(). - drivers/cdrom/cdrom.c: use kzalloc() for failing hardware (bnc#824295, CVE-2013-2164). - fanotify: info leak in copy_event_to_user() (CVE-2013-2148 bnc#823517). - block: do not pass disk names as format strings (bnc#822575 CVE-2013-2851). - libceph: Fix NULL pointer dereference in auth client code. (CVE-2013-1059, bnc#826350) - Update patches.drivers/media-rtl28xxu-01-add-NOXON-DAB-DAB-USB- dongle-rev-2.patch (bnc#811882). - Update patches.drivers/media-rtl28xxu-02-1b80-d3a8-ASUS-My-Cine ma-U3100Mini-Pl.patch (bnc#811882). - Update patches.drivers/media-rtl28xxu-03-add-Gigabyte-U7300-DVB -T-Dongle.patch (bnc#811882). - Update patches.drivers/media-rtl28xxu-04-correct-some-device-na mes.patch (bnc#811882). - Update patches.drivers/media-rtl28xxu-05-Support-Digivox-Mini-H D.patch (bnc#811882). - Update patches.drivers/media-rtl28xxu-06-Add-USB-IDs-for-Compro -VideoMate-U620.patch (bnc#811882). - Update patches.drivers/media-rtl28xxu-07-Add-USB-ID-for-MaxMedi a-HU394-T.patch (bnc#811882). Correct the bnc reference. - Update patches.fixes/block-discard-granularity-might-not-be-pow er-of-2.patch (bnc#823797). - block: discard granularity might not be power of 2. - USB: reset resume quirk needed by a hub (bnc#810144). - NFS: Fix keytabless mounts (bnc#817651). - ipv4: fix redirect handling for TCP packets (bnc#814510). - Always include the git commit in KOTD builds This allows us not to set it explicitly in builds submitted to the official distribution (bnc#821612, bnc#824171). - Btrfs: relocate csums properly with prealloc extents. - gcc4: disable __compiletime_object_size for GCC 4.6+ (bnc#837258). - ALSA: hda - Add Toshiba Satellite C870 to MSI blacklist (bnc#833585).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74878
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74878
    title openSUSE Security Update : kernel (openSUSE-SU-2013:1971-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2014-1138-1.NASL
    description The SUSE Linux Enterprise Server 11 SP1 LTSS received a roll up update to fix several security and non-security issues. The following security issues have been fixed : - CVE-2013-1860: Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted cdc-wdm USB device. (bnc#806431) - CVE-2013-4162: The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function call for pending data, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call. (bnc#831058) - CVE-2014-0203: The __do_follow_link function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the last pathname component during use of certain filesystems, which allows local users to cause a denial of service (incorrect free operations and system crash) via an open system call. (bnc#883526) - CVE-2014-3144: The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced. (bnc#877257) - CVE-2014-3145: The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced. (bnc#877257) - CVE-2014-3917: kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number. (bnc#880484) - CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. (bnc#883724) - CVE-2014-4652: Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. (bnc#883795) - CVE-2014-4653: sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. (bnc#883795) - CVE-2014-4654: The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call. (bnc#883795) - CVE-2014-4655: The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls. (bnc#883795) - CVE-2014-4656: Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function. (bnc#883795) - CVE-2014-4667: The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet. (bnc#885422) - CVE-2014-4699: The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls. (bnc#885725) - CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. (bnc#887082) - CVE-2014-5077: The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction. (bnc#889173) - CVE-2013-7266: The mISDN_sock_recvmsg function in drivers/isdn/mISDN/socket.c in the Linux kernel before 3.12.4 does not ensure that a certain length value is consistent with the size of an associated data structure, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (bnc#854722) - CVE-2013-7267: The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (bnc#854722) - CVE-2013-7268: The ipx_recvmsg function in net/ipx/af_ipx.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (bnc#854722) - CVE-2013-7269: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (bnc#854722) - CVE-2013-7270: The packet_recvmsg function in net/packet/af_packet.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (bnc#854722) - CVE-2013-7271: The x25_recvmsg function in net/x25/af_x25.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (bnc#854722) The following bugs have been fixed : - mac80211: Fix AP powersave TX vs. wakeup race (bnc#871797). - tcp: Allow to disable cwnd moderation in TCP_CA_Loss state (bnc#879921). - tcp: Adapt selected parts of RFC 5682 and PRR logic (bnc#879921). - flock: Fix allocation and BKL (bnc#882809). - sunrpc: Close a rare race in xs_tcp_setup_socket (bnc#794824, bnc#884530). - isofs: Fix unbounded recursion when processing relocated directories (bnc#892490). - bonding: Fix a race condition on cleanup in bond_send_unsolicited_na() (bnc#856756). - block: Fix race between request completion and timeout handling (bnc#881051). - Fix kABI breakage due to addition of user_ctl_lock (bnc#883795). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 83640
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83640
    title SUSE SLES11 Security Update : kernel (SUSE-SU-2014:1138-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1264.NASL
    description Updated kernel-rt packages that fix several security issues and multiple bugs are now available for Red Hat Enterprise MRG 2.3. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A heap-based buffer overflow flaw was found in the Linux kernel's iSCSI target subsystem. A remote attacker could use a specially crafted iSCSI request to cause a denial of service on a system or, potentially, escalate their privileges on that system. (CVE-2013-2850, Important) * A flaw was found in the Linux kernel's Performance Events implementation. On systems with certain Intel processors, a local, unprivileged user could use this flaw to cause a denial of service by leveraging the perf subsystem to write into the reserved bits of the OFFCORE_RSP_0 and OFFCORE_RSP_1 model-specific registers. (CVE-2013-2146, Moderate) * An invalid pointer dereference flaw was found in the Linux kernel's TCP/IP protocol suite implementation. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system by using sendmsg() with an IPv6 socket connected to an IPv4 destination. (CVE-2013-2232, Moderate) * Two flaws were found in the way the Linux kernel's TCP/IP protocol suite implementation handled IPv6 sockets that used the UDP_CORK option. A local, unprivileged user could use these flaws to cause a denial of service. (CVE-2013-4162, CVE-2013-4163, Moderate) * A flaw was found in the Linux kernel's Chipidea USB driver. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2013-2058, Low) * Information leak flaws in the Linux kernel could allow a privileged, local user to leak kernel memory to user-space. (CVE-2013-2147, CVE-2013-2164, CVE-2013-2234, CVE-2013-2237, Low) * Information leak flaws in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space. (CVE-2013-2141, CVE-2013-2148, Low) * A format string flaw was found in the Linux kernel's block layer. A privileged, local user could potentially use this flaw to escalate their privileges to kernel level (ring0). (CVE-2013-2851, Low) * A format string flaw was found in the b43_do_request_fw() function in the Linux kernel's b43 driver implementation. A local user who is able to specify the 'fwpostfix' b43 module parameter could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-2852, Low) * A NULL pointer dereference flaw was found in the Linux kernel's ftrace and function tracer implementations. A local user who has the CAP_SYS_ADMIN capability could use this flaw to cause a denial of service. (CVE-2013-3301, Low) Red Hat would like to thank Kees Cook for reporting CVE-2013-2850, CVE-2013-2851, and CVE-2013-2852; and Hannes Frederic Sowa for reporting CVE-2013-4162 and CVE-2013-4163. This update also fixes the following bugs : * The following drivers have been updated, fixing a number of bugs: myri10ge, bna, enic, mlx4, bgmac, bcma, cxgb3, cxgb4, qlcnic, r8169, be2net, e100, e1000, e1000e, igb, ixgbe, brcm80211, cpsw, pch_gbe, bfin_mac, bnx2x, bnx2, cnic, tg3, and sfc. (BZ#974138) * The realtime kernel was not built with the CONFIG_NET_DROP_WATCH kernel configuration option enabled. As such, attempting to run the dropwatch command resulted in the following error : Unable to find NET_DM family, dropwatch can't work Cleaning up on socket creation error With this update, the realtime kernel is built with the CONFIG_NET_DROP_WATCH option, allowing dropwatch to work as expected. (BZ#979417) Users should upgrade to these updated packages, which upgrade the kernel-rt kernel to version kernel-rt-3.6.11.5-rt37, and correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 76665
    published 2014-07-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76665
    title RHEL 6 : MRG (RHSA-2013:1264)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20130926_KERNEL_ON_SL5_X.NASL
    description This update fixes the following security issues : - A use-after-free flaw was found in the madvise() system call implementation in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2012-3511, Moderate) - A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled IPv6 sockets that used the UDP_CORK option. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2013-4162, Moderate) - An information leak flaw in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space. (CVE-2013-2141, Low) This update also fixes the following bugs : - A bug in the be2net driver prevented communication between NICs using be2net. This update applies a patch addressing this problem along with several other upstream patches that fix various other problems. Traffic between NICs using the be2net driver now proceeds as expected. - A recent patch fixing a problem that prevented communication between NICs using the be2net driver caused the firmware of NICs to become unresponsive, and thus triggered a kernel panic. The problem was caused by unnecessary usage of a hardware workaround that allows skipping VLAN tag insertion. A patch has been applied and the workaround is now used only when the multi-channel configuration is enabled on the NIC. Note that the bug only affected the NICs with firmware version 4.2.xxxx. - A bug in the autofs4 mount expiration code could cause the autofs4 module to falsely report a busy tree of NFS mounts as 'not in use'. Consequently, automount attempted to unmount the tree and failed with a 'failed to umount offset' error, leaving the mount tree to appear as empty directories. A patch has been applied to remove an incorrectly used autofs dentry mount check and the aforementioned problem no longer occurs. - A race condition in the be_open function in the be2net driver could trigger the BUG_ON() macro, which resulted in a kernel panic. A patch addressing this problem has been applied and the race condition is now avoided by enabling polling before enabling interrupts globally. The kernel no longer panics in this situation. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 70188
    published 2013-09-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70188
    title Scientific Linux Security Update : kernel on SL5.x i386/x86_64
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1938-1.NASL
    description Vasily Kulikov discovered a flaw in the Linux Kernel's perf tool that allows specified to be run as root. A local could exploit this flaw to run commands as root when using the perf tool. user could exploit this (CVE-2013-1060) A flaw was discovered in the Xen subsystem of the Linux kernel when it provides read-only access to a disk that supports TRIM or SCSI UNMAP to a guest OS. A privileged user in the guest OS could exploit this flaw to destroy data on the disk, even though the guest OS should not be able to write to the disk. (CVE-2013-2140) A flaw was discovered in the Linux kernel when an IPv6 socket is used to connect to an IPv4 destination. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2013-2232) An information leak was discovered in the IPSec key_socket implementation in the Linux kernel. An local user could exploit this flaw to examine potentially sensitive information in kernel memory. (CVE-2013-2234) Hannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option in the Linux kernel's IPv6 stack. A local user could exploit this flaw to cause a denial of service (system crash). (CVE-2013-4162) Hannes Frederic Sowa discovered a flaw in the IPv6 subsystem of the Linux kernel when the IPV6_MTU setsockopt option has been specified in combination with the UDP_CORK option. A local user could exploit this flaw to cause a denial of service (system crash). (CVE-2013-4163). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 69798
    published 2013-09-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69798
    title Ubuntu 13.04 : linux vulnerabilities (USN-1938-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1941-1.NASL
    description Chanam Park reported a NULL pointer flaw in the Linux kernel's Ceph client. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2013-1059) Vasily Kulikov discovered a flaw in the Linux Kernel's perf tool that allows for privilege escalation. A local user could exploit this flaw to run commands as root when using the perf tool. (CVE-2013-1060) Jonathan Salwan discovered an information leak in the Linux kernel's cdrom driver. A local user can exploit this leak to obtain sensitive information from kernel memory if the CD-ROM drive is malfunctioning. (CVE-2013-2164) A flaw was discovered in the Linux kernel when an IPv6 socket is used to connect to an IPv4 destination. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2013-2232) An information leak was discovered in the IPSec key_socket implementation in the Linux kernel. An local user could exploit this flaw to examine potentially sensitive information in kernel memory. (CVE-2013-2234) Kees Cook discovered a format string vulnerability in the Linux kernel's disk block layer. A local user with administrator privileges could exploit this flaw to gain kernel privileges. (CVE-2013-2851) Hannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option in the Linux kernel's IPv6 stack. A local user could exploit this flaw to cause a denial of service (system crash). (CVE-2013-4162) Hannes Frederic Sowa discovered a flaw in the IPv6 subsystem of the Linux kernel when the IPV6_MTU setsockopt option has been specified in combination with the UDP_CORK option. A local user could exploit this flaw to cause a denial of service (system crash). (CVE-2013-4163). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 69809
    published 2013-09-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69809
    title Ubuntu 12.04 LTS : linux vulnerabilities (USN-1941-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2013-242.NASL
    description Multiple vulnerabilities has been found and corrected in the Linux kernel : Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID (CVE-2013-2888). drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device (CVE-2013-2889). drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device (CVE-2013-2892). The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c (CVE-2013-2893). drivers/hid/hid-logitech-dj.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LOGITECH_DJ is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or obtain sensitive information from kernel memory via a crafted device (CVE-2013-2895). drivers/hid/hid-ntrig.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_NTRIG is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device (CVE-2013-2896). Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device (CVE-2013-2897). drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device (CVE-2013-2899). The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function call for pending data, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call (CVE-2013-4162). The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 implementation in the Linux kernel through 3.10.3 does not properly maintain information about whether the IPV6_MTU setsockopt option had been specified, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call (CVE-2013-4163). The validate_event function in arch/arm/kernel/perf_event.c in the Linux kernel before 3.10.8 on the ARM platform allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by adding a hardware event to an event group led by a software event (CVE-2013-4254 The updated packages provides a solution for these security issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 70162
    published 2013-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70162
    title Mandriva Linux Security Advisory : kernel (MDVSA-2013:242)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-2575.NASL
    description Description of changes: kernel-uek [2.6.32-400.33.2.el6uek] - dm snapshot: fix data corruption (Mikulas Patocka) [Orabug: 17618900] {CVE-2013-4299} - ipv6: call udp_push_pending_frames when uncorking a socket with AF_INET pending data (Hannes Frederic Sowa) [Orabug: 17618897] {CVE-2013-4162}
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 70525
    published 2013-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70525
    title Oracle Linux 5 / 6 : unbreakable enterprise kernel (ELSA-2013-2575)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-1292.NASL
    description From Red Hat Security Advisory 2013:1292 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A use-after-free flaw was found in the madvise() system call implementation in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2012-3511, Moderate) * A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled IPv6 sockets that used the UDP_CORK option. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2013-4162, Moderate) * An information leak flaw in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space. (CVE-2013-2141, Low) Red Hat would like to thank Hannes Frederic Sowa for reporting CVE-2013-4162. This update also fixes the following bugs : * A bug in the be2net driver prevented communication between NICs using be2net. This update applies a patch addressing this problem along with several other upstream patches that fix various other problems. Traffic between NICs using the be2net driver now proceeds as expected. (BZ#983864) * A recent patch fixing a problem that prevented communication between NICs using the be2net driver caused the firmware of NICs to become unresponsive, and thus triggered a kernel panic. The problem was caused by unnecessary usage of a hardware workaround that allows skipping VLAN tag insertion. A patch has been applied and the workaround is now used only when the multi-channel configuration is enabled on the NIC. Note that the bug only affected the NICs with firmware version 4.2.xxxx. (BZ#999819) * A bug in the autofs4 mount expiration code could cause the autofs4 module to falsely report a busy tree of NFS mounts as 'not in use'. Consequently, automount attempted to unmount the tree and failed with a 'failed to umount offset' error, leaving the mount tree to appear as empty directories. A patch has been applied to remove an incorrectly used autofs dentry mount check and the aforementioned problem no longer occurs. (BZ#1001488) * A race condition in the be_open function in the be2net driver could trigger the BUG_ON() macro, which resulted in a kernel panic. A patch addressing this problem has been applied and the race condition is now avoided by enabling polling before enabling interrupts globally. The kernel no longer panics in this situation. (BZ#1005239) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 70187
    published 2013-09-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70187
    title Oracle Linux 5 : kernel (ELSA-2013-1292)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2013-233.NASL
    description The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call. The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function call for pending data, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call. net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not properly determine the need for UDP Fragmentation Offload (UFO) processing of small packets after the UFO queueing of a large packet, which allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via network traffic that triggers a large response packet. The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 does not set a certain killable attribute, which allows local users to cause a denial of service (memory consumption) via a crafted application. Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device.
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 70569
    published 2013-10-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70569
    title Amazon Linux AMI : kernel (ALAS-2013-233)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1940-1.NASL
    description Vasily Kulikov discovered a flaw in the Linux Kernel's perf tool that allows for privilege escalation. A local user could exploit this flaw to run commands as root when using the perf tool. (CVE-2013-1060) Michael S. Tsirkin discovered a flaw in how the Linux kernel's KVM subsystem allocates memory slots for the guest's address space. A local user could exploit this flaw to gain system privileges or obtain sensitive information from kernel memory. (CVE-2013-1943) A flaw was discovered in the SCTP (stream control transfer protocol) network protocol's handling of duplicate cookies in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (system crash) on another remote user querying the SCTP connection. (CVE-2013-2206) Hannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option in the Linux kernel's IPv6 stack. A local user could exploit this flaw to cause a denial of service (system crash). (CVE-2013-4162). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 69808
    published 2013-09-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69808
    title Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1940-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1944-1.NASL
    description A denial of service flaw was discovered in the Btrfs file system in the Linux kernel. A local user could cause a denial of service by creating a large number of files with names that have the same CRC32 hash value. (CVE-2012-5374) A denial of service flaw was discovered in the Btrfs file system in the Linux kernel. A local user could cause a denial of service (prevent file creation) for a victim, by creating a file with a specific CRC32C hash value in a directory important to the victim. (CVE-2012-5375) Vasily Kulikov discovered a flaw in the Linux Kernel's perf tool that allows for privilege escalation. A local user could exploit this flaw to run commands as root when using the perf tool. (CVE-2013-1060) A flaw was discovered in the Xen subsystem of the Linux kernel when it provides read-only access to a disk that supports TRIM or SCSI UNMAP to a guest OS. A privileged user in the guest OS could exploit this flaw to destroy data on the disk, even though the guest OS should not be able to write to the disk. (CVE-2013-2140) A flaw was discovered in the Linux kernel when an IPv6 socket is used to connect to an IPv4 destination. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2013-2232) An information leak was discovered in the IPSec key_socket implementation in the Linux kernel. An local user could exploit this flaw to examine potentially sensitive information in kernel memory. (CVE-2013-2234) Hannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option in the Linux kernel's IPv6 stack. A local user could exploit this flaw to cause a denial of service (system crash). (CVE-2013-4162) Hannes Frederic Sowa discovered a flaw in the IPv6 subsystem of the Linux kernel when the IPV6_MTU setsockopt option has been specified in combination with the UDP_CORK option. A local user could exploit this flaw to cause a denial of service (system crash). (CVE-2013-4163). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 69811
    published 2013-09-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69811
    title Ubuntu 12.10 : linux vulnerabilities (USN-1944-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-813.NASL
    description The Linux kernel was updated to 3.4.63, fixing various bugs and security issues. - Linux 3.4.59 (CVE-2013-2237 bnc#828119). - Linux 3.4.57 (CVE-2013-2148 bnc#823517). - Linux 3.4.55 (CVE-2013-2232 CVE-2013-2234 CVE-2013-4162 CVE-2013-4163 bnc#827749 bnc#827750 bnc#831055 bnc#831058). - Drivers: hv: util: Fix a bug in util version negotiation code (bnc#838346). - vmxnet3: prevent div-by-zero panic when ring resizing uninitialized dev (bnc#833321). - bnx2x: protect different statistics flows (bnc#814336). - bnx2x: Avoid sending multiple statistics queries (bnc#814336). - Drivers: hv: util: Fix a bug in version negotiation code for util services (bnc#828714). - Update Xen patches to 3.4.53. - netfront: fix kABI after 'reduce gso_max_size to account for max TCP header'. - netback: don't disconnect frontend when seeing oversize packet (bnc#823342). - netfront: reduce gso_max_size to account for max TCP header. - backends: Check for insane amounts of requests on the ring. - reiserfs: Fixed double unlock in reiserfs_setattr failure path. - reiserfs: locking, release lock around quota operations (bnc#815320). - reiserfs: locking, handle nested locks properly (bnc#815320). - reiserfs: locking, push write lock out of xattr code (bnc#815320). - ipv6: ip6_append_data_mtu did not care about pmtudisc and frag_size (bnc#831055, CVE-2013-4163). - af_key: fix info leaks in notify messages (bnc#827749 CVE-2013-2234). - af_key: initialize satype in key_notify_policy_flush() (bnc#828119 CVE-2013-2237). - ipv6: call udp_push_pending_frames when uncorking a socket with (bnc#831058, CVE-2013-4162). - ipv6: ip6_sk_dst_check() must not assume ipv6 dst. - xfs: fix _xfs_buf_find oops on blocks beyond the filesystem end (CVE-2013-1819 bnc#807471). - brcmsmac: don't start device when RfKill is engaged (bnc#787649). - CIFS: Protect i_nlink from being negative (bnc#785542 bnc#789598). - cifs: don't compare uniqueids in cifs_prime_dcache unless server inode numbers are in use (bnc#794988). - xfs: xfs: fallback to vmalloc for large buffers in xfs_compat_attrlist_by_handle (bnc#818053 bnc#807153). - xfs: fallback to vmalloc for large buffers in xfs_attrlist_by_handle (bnc#818053 bnc#807153). - Linux 3.4.53 (CVE-2013-2164 CVE-2013-2851 bnc#822575 bnc#824295). - drivers/cdrom/cdrom.c: use kzalloc() for failing hardware (bnc#824295, CVE-2013-2164). - fanotify: info leak in copy_event_to_user() (CVE-2013-2148 bnc#823517). - block: do not pass disk names as format strings (bnc#822575 CVE-2013-2851). - ext4: avoid hang when mounting non-journal filesystems with orphan list (bnc#817377). - Linux 3.4.49 (CVE-2013-0231 XSA-43 bnc#801178). - Linux 3.4.48 (CVE-2013-1774 CVE-2013-2850 bnc#806976 bnc#821560). - Always include the git commit in KOTD builds This allows us not to set it explicitly in builds submitted to the official distribution (bnc#821612, bnc#824171). - Bluetooth: Really fix registering hci with duplicate name (bnc#783858). - Bluetooth: Fix registering hci with duplicate name (bnc#783858).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75184
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75184
    title openSUSE Security Update : kernel (openSUSE-SU-2013:1619-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_KERNEL-130827.NASL
    description The SUSE Linux Enterprise 11 Service Pack 2 kernel has been updated to version 3.0.93 and includes various bug and security fixes. The following security bugs have been fixed : - The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel memory via a read operation on the fanotify descriptor. (CVE-2013-2148) - The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket. (CVE-2013-2237) - The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel allowed local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface. (CVE-2013-2232) - The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel did not initialize certain structure members, which allowed local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket. (CVE-2013-2234) - The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel made an incorrect function call for pending data, which allowed local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call. (CVE-2013-4162) - net/ceph/auth_none.c in the Linux kernel allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation. (CVE-2013-1059) - The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. (CVE-2013-2164) - Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name. (CVE-2013-2851) - The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 implementation in the Linux kernel did not properly maintain information about whether the IPV6_MTU setsockopt option had been specified, which allowed local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call. (CVE-2013-4163) - Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure. (CVE-2013-1929) - The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel did not validate block numbers, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the ability to mount an XFS filesystem containing a metadata inode with an invalid extent map. (CVE-2013-1819) - The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter. (CVE-2013-1774) Also the following bugs have been fixed : BTRFS : - btrfs: merge contiguous regions when loading free space cache - btrfs: fix how we deal with the orphan block rsv - btrfs: fix wrong check during log recovery - btrfs: change how we indicate we are adding csums - btrfs: flush delayed inodes if we are short on space. (bnc#801427) - btrfs: rework shrink_delalloc. (bnc#801427) - btrfs: fix our overcommit math. (bnc#801427) - btrfs: delay block group item insertion. (bnc#801427) - btrfs: remove bytes argument from do_chunk_alloc. (bnc#801427) - btrfs: run delayed refs first when out of space. (bnc#801427) - btrfs: do not commit instead of overcommitting. (bnc#801427) - btrfs: do not take inode delalloc mutex if we are a free space inode. (bnc#801427) - btrfs: fix chunk allocation error handling. (bnc#801427) - btrfs: remove extent mapping if we fail to add chunk. (bnc#801427) - btrfs: do not overcommit if we do not have enough space for global rsv. (bnc#801427) - btrfs: rework the overcommit logic to be based on the total size. (bnc#801427) - btrfs: steal from global reserve if we are cleaning up orphans. (bnc#801427) - btrfs: clear chunk_alloc flag on retryable failure. (bnc#801427) - btrfs: use reserved space for creating a snapshot. (bnc#801427) - btrfs: cleanup to make the function btrfs_delalloc_reserve_metadata more logic. (bnc#801427) - btrfs: fix space leak when we fail to reserve metadata space. (bnc#801427) - btrfs: fix space accounting for unlink and rename. (bnc#801427) - btrfs: allocate new chunks if the space is not enough for global rsv. (bnc#801427) - btrfs: various abort cleanups. (bnc#812526 / bnc#801427) - btrfs: simplify unlink reservations (bnc#801427). OTHER : - x86: Add workaround to NMI iret woes. (bnc#831949) - x86: Do not schedule while still in NMI context. (bnc#831949) - bnx2x: Avoid sending multiple statistics queries. (bnc#814336) - bnx2x: protect different statistics flows. (bnc#814336) - futex: Take hugepages into account when generating futex_key. - drivers/hv: util: Fix a bug in version negotiation code for util services. (bnc#828714) - printk: Add NMI ringbuffer. (bnc#831949) - printk: extract ringbuffer handling from vprintk. (bnc#831949) - printk: NMI safe printk. (bnc#831949) - printk: Make NMI ringbuffer size independent on log_buf_len. (bnc#831949) - printk: Do not call console_unlock from nmi context. (bnc#831949) - printk: Do not use printk_cpu from finish_printk. (bnc#831949) - mlx4_en: Adding 40gb speed report for ethtool. (bnc#831410) - reiserfs: Fixed double unlock in reiserfs_setattr failure path. - reiserfs: delay reiserfs lock until journal initialization. (bnc#815320) - reiserfs: do not lock journal_init(). (bnc#815320) - reiserfs: locking, handle nested locks properly. (bnc#815320) - reiserfs: locking, push write lock out of xattr code. (bnc#815320) - reiserfs: locking, release lock around quota operations. (bnc#815320) - NFS: support 'nosharetransport' option (bnc#807502, bnc#828192, FATE#315593). - dm mpath: add retain_attached_hw_handler feature. (bnc#760407) - scsi_dh: add scsi_dh_attached_handler_name. (bnc#760407) - bonding: disallow change of MAC if fail_over_mac enabled. (bnc#827376) - bonding: propagate unicast lists down to slaves. (bnc#773255 / bnc#827372) - bonding: emit address change event also in bond_release. (bnc#773255 / bnc#827372) - bonding: emit event when bonding changes MAC. (bnc#773255 / bnc#827372) - SUNRPC: Ensure we release the socket write lock if the rpc_task exits early. (bnc#830901) - ext4: force read-only unless rw=1 module option is used (fate#314864). - HID: fix unused rsize usage. (bnc#783475) - HID: fix data access in implement(). (bnc#783475) - xfs: fix deadlock in xfs_rtfree_extent with kernel v3.x. (bnc#829622) - r8169: allow multicast packets on sub-8168f chipset. (bnc#805371) - r8169: support new chips of RTL8111F. (bnc#805371) - r8169: define the early size for 8111evl. (bnc#805371) - r8169: fix the reset setting for 8111evl. (bnc#805371) - r8169: add MODULE_FIRMWARE for the firmware of 8111evl. (bnc#805371) - r8169: fix sticky accepts packet bits in RxConfig. (bnc#805371) - r8169: adjust the RxConfig settings. (bnc#805371) - r8169: support RTL8111E-VL. (bnc#805371) - r8169: add ERI functions. (bnc#805371) - r8169: modify the flow of the hw reset. (bnc#805371) - r8169: adjust some registers. (bnc#805371) - r8169: check firmware content sooner. (bnc#805371) - r8169: support new firmware format. (bnc#805371) - r8169: explicit firmware format check. (bnc#805371) - r8169: move the firmware down into the device private data. (bnc#805371) - mm: link_mem_sections make sure nmi watchdog does not trigger while linking memory sections. (bnc#820434) - kernel: lost IPIs on CPU hotplug (bnc#825048, LTC#94784). - iwlwifi: use correct supported firmware for 6035 and 6000g2. (bnc#825887) - watchdog: Update watchdog_thresh atomically. (bnc#829357) - watchdog: update watchdog_tresh properly. (bnc#829357) - watchdog: watchdog-make-disable-enable-hotplug-and-preempt-save.pa tch. (bnc#829357) - include/1/smp.h: define __smp_call_function_single for !CONFIG_SMP. (bnc#829357) - lpfc: Return correct error code on bsg_timeout. (bnc#816043) - dm-multipath: Drop table when retrying ioctl. (bnc#808940) - scsi: Do not retry invalid function error. (bnc#809122) - scsi: Always retry internal target error. (bnc#745640, bnc#825227) - ibmvfc: Driver version 1.0.1. (bnc#825142) - ibmvfc: Fix for offlining devices during error recovery. (bnc#825142) - ibmvfc: Properly set cancel flags when cancelling abort. (bnc#825142) - ibmvfc: Send cancel when link is down. (bnc#825142) - ibmvfc: Support FAST_IO_FAIL in EH handlers. (bnc#825142) - ibmvfc: Suppress ABTS if target gone. (bnc#825142) - fs/dcache.c: add cond_resched() to shrink_dcache_parent(). (bnc#829082) - kmsg_dump: do not run on non-error paths by default. (bnc#820172) - mm: honor min_free_kbytes set by user. (bnc#826960) - hyperv: Fix a kernel warning from netvsc_linkstatus_callback(). (bnc#828574) - RT: Fix up hardening patch to not gripe when avg > available, which lockless access makes possible and happens in -rt kernels running a cpubound ltp realtime testcase. Just keep the output sane in that case. - md/raid10: Fix two bug affecting RAID10 reshape (-). - Allow NFSv4 to run execute-only files. (bnc#765523) - fs/ocfs2/namei.c: remove unnecessary ERROR when removing non-empty directory. (bnc#819363) - block: Reserve only one queue tag for sync IO if only 3 tags are available. (bnc#806396) - drm/i915: Add wait_for in init_ring_common. (bnc#813604) - drm/i915: Mark the ringbuffers as being in the GTT domain. (bnc#813604) - ext4: avoid hang when mounting non-journal filesystems with orphan list. (bnc#817377) - autofs4 - fix get_next_positive_subdir(). (bnc#819523) - ocfs2: Add bits_wanted while calculating credits in ocfs2_calc_extend_credits. (bnc#822077) - re-enable io tracing. (bnc#785901) - SUNRPC: Prevent an rpc_task wakeup race. (bnc#825591) - tg3: Prevent system hang during repeated EEH errors. (bnc#822066) - backends: Check for insane amounts of requests on the ring. - Update Xen patches to 3.0.82. - netiucv: Hold rtnl between name allocation and device registration. (bnc#824159) - drm/edid: Do not print messages regarding stereo or csync by default. (bnc#821235) - net/sunrpc: xpt_auth_cache should be ignored when expired. (bnc#803320) - sunrpc/cache: ensure items removed from cache do not have pending upcalls. (bnc#803320) - sunrpc/cache: remove races with queuing an upcall. (bnc#803320) - sunrpc/cache: use cache_fresh_unlocked consistently and correctly. (bnc#803320) - md/raid10 'enough' fixes. (bnc#773837) - Update config files: disable IP_PNP. (bnc#822825) - Disable efi pstore by default. (bnc#804482 / bnc#820172) - md: Fix problem with GET_BITMAP_FILE returning wrong status. (bnc#812974 / bnc#823497) - USB: xHCI: override bogus bulk wMaxPacketSize values. (bnc#823082) - ALSA: hda - Fix system panic when DMA > 40 bits for Nvidia audio controllers. (bnc#818465) - USB: UHCI: fix for suspend of virtual HP controller. (bnc#817035) - mm: mmu_notifier: re-fix freed page still mapped in secondary MMU. (bnc#821052)
    last seen 2019-02-21
    modified 2015-09-10
    plugin id 70039
    published 2013-09-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70039
    title SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 8263 / 8265 / 8273)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1436.NASL
    description Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled IPv6 sockets that used the UDP_CORK option. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2013-4162, Moderate) * An information leak flaw was found in the way Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible. (CVE-2013-4299, Moderate) Red Hat would like to thank Hannes Frederic Sowa for reporting CVE-2013-4162; and Fujitsu for reporting CVE-2013-4299. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 70466
    published 2013-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70466
    title RHEL 6 : kernel (RHSA-2013:1436)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-1436.NASL
    description Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled IPv6 sockets that used the UDP_CORK option. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2013-4162, Moderate) * An information leak flaw was found in the way Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible. (CVE-2013-4299, Moderate) Red Hat would like to thank Hannes Frederic Sowa for reporting CVE-2013-4162; and Fujitsu for reporting CVE-2013-4299. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 70483
    published 2013-10-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70483
    title CentOS 6 : kernel (CESA-2013:1436)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1943-1.NASL
    description Vasily Kulikov discovered a flaw in the Linux Kernel's perf tool that allows for privilege escalation. A local user could exploit this flaw to run commands as root when using the perf tool. (CVE-2013-1060) A flaw was discovered in the Xen subsystem of the Linux kernel when it provides read-only access to a disk that supports TRIM or SCSI UNMAP to a guest OS. A privileged user in the guest OS could exploit this flaw to destroy data on the disk, even though the guest OS should not be able to write to the disk. (CVE-2013-2140) A flaw was discovered in the Linux kernel when an IPv6 socket is used to connect to an IPv4 destination. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2013-2232) An information leak was discovered in the IPSec key_socket implementation in the Linux kernel. An local user could exploit this flaw to examine potentially sensitive information in kernel memory. (CVE-2013-2234) Hannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option in the Linux kernel's IPv6 stack. A local user could exploit this flaw to cause a denial of service (system crash). (CVE-2013-4162) Hannes Frederic Sowa discovered a flaw in the IPv6 subsystem of the Linux kernel when the IPV6_MTU setsockopt option has been specified in combination with the UDP_CORK option. A local user could exploit this flaw to cause a denial of service (system crash). (CVE-2013-4163). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 69810
    published 2013-09-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69810
    title Ubuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-1943-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1947-1.NASL
    description A denial of service flaw was discovered in the Btrfs file system in the Linux kernel. A local user could cause a denial of service by creating a large number of files with names that have the same CRC32 hash value. (CVE-2012-5374) A denial of service flaw was discovered in the Btrfs file system in the Linux kernel. A local user could cause a denial of service (prevent file creation) for a victim, by creating a file with a specific CRC32C hash value in a directory important to the victim. (CVE-2012-5375) Vasily Kulikov discovered a flaw in the Linux Kernel's perf tool that allows specified to be run as root. A local could exploit this flaw to run commands as root when using the perf tool. user could exploit this (CVE-2013-1060) A flaw was discovered in the Xen subsystem of the Linux kernel when it provides read-only access to a disk that supports TRIM or SCSI UNMAP to a guest OS. A privileged user in the guest OS could exploit this flaw to destroy data on the disk, even though the guest OS should not be able to write to the disk. (CVE-2013-2140) A flaw was discovered in the Linux kernel when an IPv6 socket is used to connect to an IPv4 destination. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2013-2232) An information leak was discovered in the IPSec key_socket implementation in the Linux kernel. An local user could exploit this flaw to examine potentially sensitive information in kernel memory. (CVE-2013-2234) Hannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option in the Linux kernel's IPv6 stack. A local user could exploit this flaw to cause a denial of service (system crash). (CVE-2013-4162) Hannes Frederic Sowa discovered a flaw in the IPv6 subsystem of the Linux kernel when the IPV6_MTU setsockopt option has been specified in combination with the UDP_CORK option. A local user could exploit this flaw to cause a denial of service (system crash). (CVE-2013-4163). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 69812
    published 2013-09-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69812
    title Ubuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-1947-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-1436.NASL
    description From Red Hat Security Advisory 2013:1436 : Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled IPv6 sockets that used the UDP_CORK option. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2013-4162, Moderate) * An information leak flaw was found in the way Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible. (CVE-2013-4299, Moderate) Red Hat would like to thank Hannes Frederic Sowa for reporting CVE-2013-4162; and Fujitsu for reporting CVE-2013-4299. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 70465
    published 2013-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70465
    title Oracle Linux 6 : kernel (ELSA-2013-1436)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1292.NASL
    description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A use-after-free flaw was found in the madvise() system call implementation in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2012-3511, Moderate) * A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled IPv6 sockets that used the UDP_CORK option. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2013-4162, Moderate) * An information leak flaw in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space. (CVE-2013-2141, Low) Red Hat would like to thank Hannes Frederic Sowa for reporting CVE-2013-4162. This update also fixes the following bugs : * A bug in the be2net driver prevented communication between NICs using be2net. This update applies a patch addressing this problem along with several other upstream patches that fix various other problems. Traffic between NICs using the be2net driver now proceeds as expected. (BZ#983864) * A recent patch fixing a problem that prevented communication between NICs using the be2net driver caused the firmware of NICs to become unresponsive, and thus triggered a kernel panic. The problem was caused by unnecessary usage of a hardware workaround that allows skipping VLAN tag insertion. A patch has been applied and the workaround is now used only when the multi-channel configuration is enabled on the NIC. Note that the bug only affected the NICs with firmware version 4.2.xxxx. (BZ#999819) * A bug in the autofs4 mount expiration code could cause the autofs4 module to falsely report a busy tree of NFS mounts as 'not in use'. Consequently, automount attempted to unmount the tree and failed with a 'failed to umount offset' error, leaving the mount tree to appear as empty directories. A patch has been applied to remove an incorrectly used autofs dentry mount check and the aforementioned problem no longer occurs. (BZ#1001488) * A race condition in the be_open function in the be2net driver could trigger the BUG_ON() macro, which resulted in a kernel panic. A patch addressing this problem has been applied and the race condition is now avoided by enabling polling before enabling interrupts globally. The kernel no longer panics in this situation. (BZ#1005239) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 70163
    published 2013-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70163
    title RHEL 5 : kernel (RHSA-2013:1292)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2017-0057.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0057 for details.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 99163
    published 2017-04-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99163
    title OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2745.NASL
    description Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-1059 Chanam Park reported an issue in the Ceph distributed storage system. Remote users can cause a denial of service by sending a specially crafted auth_reply message. - CVE-2013-2148 Dan Carpenter reported an information leak in the filesystem wide access notification subsystem (fanotify). Local users could gain access to sensitive kernel memory. - CVE-2013-2164 Jonathan Salwan reported an information leak in the CD-ROM driver. A local user on a system with a malfunctioning CD-ROM drive could gain access to sensitive memory. - CVE-2013-2232 Dave Jones and Hannes Frederic Sowa resolved an issue in the IPv6 subsystem. Local users could cause a denial of service by using an AF_INET6 socket to connect to an IPv4 destination. - CVE-2013-2234 Mathias Krause reported a memory leak in the implementation of PF_KEYv2 sockets. Local users could gain access to sensitive kernel memory. - CVE-2013-2237 Nicolas Dichtel reported a memory leak in the implementation of PF_KEYv2 sockets. Local users could gain access to sensitive kernel memory. - CVE-2013-2851 Kees Cook reported an issue in the block subsystem. Local users with uid 0 could gain elevated ring 0 privileges. This is only a security issue for certain specially configured systems. - CVE-2013-2852 Kees Cook reported an issue in the b43 network driver for certain Broadcom wireless devices. Local users with uid 0 could gain elevated ring 0 privileges. This is only a security issue for certain specially configured systems. - CVE-2013-4162 Hannes Frederic Sowa reported an issue in the IPv6 networking subsystem. Local users can cause a denial of service (system crash). - CVE-2013-4163 Dave Jones reported an issue in the IPv6 networking subsystem. Local users can cause a denial of service (system crash). This update also includes a fix for a regression in the Xen subsystem.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 69505
    published 2013-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69505
    title Debian DSA-2745-1 : linux - privilege escalation/denial of service/information leak
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_KERNEL-130828.NASL
    description The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to version 3.0.93 and to fix various bugs and security issues. The following features have been added : - NFS: Now supports a 'nosharetransport' option (bnc#807502, bnc#828192, FATE#315593). - ALSA: virtuoso: Xonar DSX support was added (FATE#316016). The following security issues have been fixed : - The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel memory via a read operation on the fanotify descriptor. (CVE-2013-2148) - The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket. (CVE-2013-2237) - The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel allowed local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface. (CVE-2013-2232) - The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel did not initialize certain structure members, which allowed local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket. CVE-2013-4162: The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel made an incorrect function call for pending data, which allowed local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call. (CVE-2013-2234) - net/ceph/auth_none.c in the Linux kernel allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation. (CVE-2013-1059) - The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. (CVE-2013-2164) - Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name. (CVE-2013-2851) - The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 implementation in the Linux kernel did not properly maintain information about whether the IPV6_MTU setsockopt option had been specified, which allowed local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call. (CVE-2013-4163) - Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure. (CVE-2013-1929) - The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel did not validate block numbers, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the ability to mount an XFS filesystem containing a metadata inode with an invalid extent map. (CVE-2013-1819) Also the following non-security bugs have been fixed : - ACPI / APEI: Force fatal AER severity when component has been reset. (bnc#828886 / bnc#824568) - PCI/AER: Move AER severity defines to aer.h. (bnc#828886 / bnc#824568) - PCI/AER: Set dev->__aer_firmware_first only for matching devices. (bnc#828886 / bnc#824568) - PCI/AER: Factor out HEST device type matching. (bnc#828886 / bnc#824568) - PCI/AER: Do not parse HEST table for non-PCIe devices. (bnc#828886 / bnc#824568) - PCI/AER: Reset link for devices below Root Port or Downstream Port. (bnc#828886 / bnc#824568) - zfcp: fix lock imbalance by reworking request queue locking (bnc#835175, LTC#96825). - qeth: Fix crash on initial MTU size change (bnc#835175, LTC#96809). - qeth: change default standard blkt settings for OSA Express (bnc#835175, LTC#96808). - x86: Add workaround to NMI iret woes. (bnc#831949) - x86: Do not schedule while still in NMI context. (bnc#831949) - drm/i915: no longer call drm_helper_resume_force_mode. (bnc#831424,bnc#800875) - bnx2x: protect different statistics flows. (bnc#814336) - bnx2x: Avoid sending multiple statistics queries. (bnc#814336) - bnx2x: protect different statistics flows. (bnc#814336) - ALSA: hda - Fix unbalanced runtime pm refount. (bnc#834742) - xhci: directly calling _PS3 on suspend. (bnc#833148) - futex: Take hugepages into account when generating futex_key. - e1000e: workaround DMA unit hang on I218. (bnc#834647) - e1000e: unexpected 'Reset adapter' message when cable pulled. (bnc#834647) - e1000e: 82577: workaround for link drop issue. (bnc#834647) - e1000e: helper functions for accessing EMI registers. (bnc#834647) - e1000e: workaround DMA unit hang on I218. (bnc#834647) - e1000e: unexpected 'Reset adapter' message when cable pulled. (bnc#834647) - e1000e: 82577: workaround for link drop issue. (bnc#834647) - e1000e: helper functions for accessing EMI registers. (bnc#834647) - Drivers: hv: util: Fix a bug in version negotiation code for util services. (bnc#828714) - printk: Add NMI ringbuffer. (bnc#831949) - printk: extract ringbuffer handling from vprintk. (bnc#831949) - printk: NMI safe printk. (bnc#831949) - printk: Make NMI ringbuffer size independent on log_buf_len. (bnc#831949) - printk: Do not call console_unlock from nmi context. (bnc#831949) - printk: Do not use printk_cpu from finish_printk. (bnc#831949) - zfcp: fix schedule-inside-lock in scsi_device list loops (bnc#833073, LTC#94937). - uvc: increase number of buffers. (bnc#822164, bnc#805804) - drm/i915: Adding more reserved PCI IDs for Haswell. (bnc#834116) - Refresh patches.xen/xen-netback-generalize. (bnc#827378) - Update Xen patches to 3.0.87. - mlx4_en: Adding 40gb speed report for ethtool. (bnc#831410) - drm/i915: Retry DP aux_ch communications with a different clock after failure. (bnc#831422) - drm/i915: split aux_clock_divider logic in a separated function for reuse. (bnc#831422) - drm/i915: dp: increase probe retries. (bnc#831422) - drm/i915: Only clear write-domains after a successful wait-seqno. (bnc#831422) - drm/i915: Fix write-read race with multiple rings. (bnc#831422) - drm/i915: Retry DP aux_ch communications with a different clock after failure. (bnc#831422) - drm/i915: split aux_clock_divider logic in a separated function for reuse. (bnc#831422) - drm/i915: dp: increase probe retries. (bnc#831422) - drm/i915: Only clear write-domains after a successful wait-seqno. (bnc#831422) - drm/i915: Fix write-read race with multiple rings. (bnc#831422) - xhci: Add xhci_disable_ports boot option. (bnc#822164) - xhci: set device to D3Cold on shutdown. (bnc#833097) - reiserfs: Fixed double unlock in reiserfs_setattr failure path. - reiserfs: locking, release lock around quota operations. (bnc#815320) - reiserfs: locking, push write lock out of xattr code. (bnc#815320) - reiserfs: locking, handle nested locks properly. (bnc#815320) - reiserfs: do not lock journal_init(). (bnc#815320) - reiserfs: delay reiserfs lock until journal initialization. (bnc#815320) - NFS: support 'nosharetransport' option (bnc#807502, bnc#828192, FATE#315593). - HID: hyperv: convert alloc+memcpy to memdup. - Drivers: hv: vmbus: Implement multi-channel support (fate#316098). - Drivers: hv: Add the GUID fot synthetic fibre channel device (fate#316098). - tools: hv: Check return value of setsockopt call. - tools: hv: Check return value of poll call. - tools: hv: Check return value of strchr call. - tools: hv: Fix file descriptor leaks. - tools: hv: Improve error logging in KVP daemon. - drivers: hv: switch to use mb() instead of smp_mb(). - drivers: hv: check interrupt mask before read_index. - drivers: hv: allocate synic structures before hv_synic_init(). - storvsc: Increase the value of scsi timeout for storvsc devices (fate#316098). - storvsc: Update the storage protocol to win8 level (fate#316098). - storvsc: Implement multi-channel support (fate#316098). - storvsc: Support FC devices (fate#316098). - storvsc: Increase the value of STORVSC_MAX_IO_REQUESTS (fate#316098). - hyperv: Fix the NETIF_F_SG flag setting in netvsc. - Drivers: hv: vmbus: incorrect device name is printed when child device is unregistered. - Tools: hv: KVP: Fix a bug in IPV6 subnet enumeration. (bnc#828714) - ipv6: ip6_append_data_mtu did not care about pmtudisc and frag_size. (bnc#831055, CVE-2013-4163) - ipv6: ip6_append_data_mtu did not care about pmtudisc and frag_size. (bnc#831055, CVE-2013-4163) - dm mpath: add retain_attached_hw_handler feature. (bnc#760407) - scsi_dh: add scsi_dh_attached_handler_name. (bnc#760407) - af_key: fix info leaks in notify messages. (bnc#827749 / CVE-2013-2234) - af_key: initialize satype in key_notify_policy_flush(). (bnc#828119 / CVE-2013-2237) - ipv6: call udp_push_pending_frames when uncorking a socket with. (bnc#831058, CVE-2013-4162) - tg3: fix length overflow in VPD firmware parsing. (bnc#813733 / CVE-2013-1929) - xfs: fix _xfs_buf_find oops on blocks beyond the filesystem end. (CVE-2013-1819 / bnc#807471) - ipv6: ip6_sk_dst_check() must not assume ipv6 dst. (bnc#827750, CVE-2013-2232) - dasd: fix hanging devices after path events (bnc#831623, LTC#96336). - kernel: z90crypt module load crash (bnc#831623, LTC#96214). - ata: Fix DVD not detected at some platform with Wellsburg PCH. (bnc#822225) - drm/i915: edp: add standard modes. (bnc#832318) - Do not switch camera on yet more HP machines. (bnc#822164) - Do not switch camera on HP EB 820 G1. (bnc#822164) - xhci: Avoid NULL pointer deref when host dies. (bnc#827271) - bonding: disallow change of MAC if fail_over_mac enabled. (bnc#827376) - bonding: propagate unicast lists down to slaves. (bnc#773255 / bnc#827372) - net/bonding: emit address change event also in bond_release. (bnc#773255 / bnc#827372) - bonding: emit event when bonding changes MAC. (bnc#773255 / bnc#827372) - usb: host: xhci: Enable XHCI_SPURIOUS_SUCCESS for all controllers with xhci 1.0. (bnc#797909) - xhci: fix NULL pointer dereference on ring_doorbell_for_active_rings. (bnc#827271) - updated reference for security issue fixed inside. (CVE-2013-3301 / bnc#815256) - qla2xxx: Clear the MBX_INTR_WAIT flag when the mailbox time-out happens. (bnc#830478) - drm/i915: initialize gt_lock early with other spin locks. (bnc#801341) - drm/i915: fix up gt init sequence fallout. (bnc#801341) - drm/i915: initialize gt_lock early with other spin locks. (bnc#801341) - drm/i915: fix up gt init sequence fallout. (bnc#801341) - timer_list: Correct the iterator for timer_list. (bnc#818047) - firmware: do not spew errors in normal boot (bnc#831438, fate#314574). - ALSA: virtuoso: Xonar DSX support (FATE#316016). - SUNRPC: Ensure we release the socket write lock if the rpc_task exits early. (bnc#830901) - ext4: Re-add config option Building ext4 as the ext4-writeable KMP uses CONFIG_EXT4_FS_RW=y to denote that read-write module should be enabled. This update just defaults allow_rw to true if it is set. - e1000: fix vlan processing regression. (bnc#830766) - ext4: force read-only unless rw=1 module option is used (fate#314864). - dm mpath: fix ioctl deadlock when no paths. (bnc#808940) - HID: fix unused rsize usage. (bnc#783475) - add reference for b43 format string flaw. (bnc#822579 / CVE-2013-2852) - HID: fix data access in implement(). (bnc#783475) - xfs: fix deadlock in xfs_rtfree_extent with kernel v3.x. (bnc#829622) - kernel: sclp console hangs (bnc#830346, LTC#95711). - Refresh patches.fixes/rtc-add-an-alarm-disable-quirk.patch. - Delete patches.drm/1209-nvc0-fb-shut-up-pmfb-interrupt-after-th e-first-occurrence. It was removed from series.conf in 063ed686e5a3cda01a7ddbc49db1499da917fef5 but the file was not deleted. - Drivers: hv: balloon: Do not post pressure status if interrupted. (bnc#829539) - Drivers: hv: balloon: Fix a bug in the hot-add code. (bnc#829539) - drm/i915: Fix incoherence with fence updates on Sandybridge+. (bnc#809463) - drm/i915: merge {i965, sandybridge}_write_fence_reg(). (bnc#809463) - drm/i915: Fix incoherence with fence updates on Sandybridge+. (bnc#809463) - drm/i915: merge {i965, sandybridge}_write_fence_reg(). (bnc#809463) - Refresh patches.fixes/rtc-add-an-alarm-disable-quirk.patch. - r8169: allow multicast packets on sub-8168f chipset. (bnc#805371) - r8169: support new chips of RTL8111F. (bnc#805371) - r8169: define the early size for 8111evl. (bnc#805371) - r8169: fix the reset setting for 8111evl. (bnc#805371) - r8169: add MODULE_FIRMWARE for the firmware of 8111evl. (bnc#805371) - r8169: fix sticky accepts packet bits in RxConfig. (bnc#805371) - r8169: adjust the RxConfig settings. (bnc#805371) - r8169: support RTL8111E-VL. (bnc#805371) - r8169: add ERI functions. (bnc#805371) - r8169: modify the flow of the hw reset. (bnc#805371) - r8169: adjust some registers. (bnc#805371) - r8169: check firmware content sooner. (bnc#805371) - r8169: support new firmware format. (bnc#805371) - r8169: explicit firmware format check. (bnc#805371) - r8169: move the firmware down into the device private data. (bnc#805371) - r8169: allow multicast packets on sub-8168f chipset. (bnc#805371) - r8169: support new chips of RTL8111F. (bnc#805371) - r8169: define the early size for 8111evl. (bnc#805371) - r8169: fix the reset setting for 8111evl. (bnc#805371) - r8169: add MODULE_FIRMWARE for the firmware of 8111evl. (bnc#805371) - r8169: fix sticky accepts packet bits in RxConfig. (bnc#805371) - r8169: adjust the RxConfig settings. (bnc#805371) - r8169: support RTL8111E-VL. (bnc#805371) - r8169: add ERI functions. (bnc#805371) - r8169: modify the flow of the hw reset. (bnc#805371) - r8169: adjust some registers. (bnc#805371) - r8169: check firmware content sooner. (bnc#805371) - r8169: support new firmware format. (bnc#805371) - r8169: explicit firmware format check. (bnc#805371) - r8169: move the firmware down into the device private data. (bnc#805371) - patches.fixes/mm-link_mem_sections-touch-nmi-watchdog.pa tch: mm: link_mem_sections make sure nmi watchdog does not trigger while linking memory sections. (bnc#820434) - drm/i915: fix long-standing SNB regression in power consumption after resume v2. (bnc#801341) - RTC: Add an alarm disable quirk. (bnc#805740) - drm/i915: Fix bogus hotplug warnings at resume. (bnc#828087) - drm/i915: Serialize all register access. (bnc#809463,bnc#812274,bnc#822878,bnc#828914) - drm/i915: Resurrect ring kicking for semaphores, selectively. (bnc#828087) - drm/i915: Fix bogus hotplug warnings at resume. (bnc#828087) - drm/i915: Serialize all register access. (bnc#809463,bnc#812274,bnc#822878,bnc#828914) - drm/i915: Resurrect ring kicking for semaphores, selectively. (bnc#828087) - drm/i915: use lower aux clock divider on non-ULT HSW. (bnc#800875) - drm/i915: preserve the PBC bits of TRANS_CHICKEN2. (bnc#828087) - drm/i915: set CPT FDI RX polarity bits based on VBT. (bnc#828087) - drm/i915: hsw: fix link training for eDP on port-A. (bnc#800875) - drm/i915: use lower aux clock divider on non-ULT HSW. (bnc#800875) - drm/i915: preserve the PBC bits of TRANS_CHICKEN2. (bnc#828087) - drm/i915: set CPT FDI RX polarity bits based on VBT. (bnc#828087) - drm/i915: hsw: fix link training for eDP on port-A. (bnc#800875) - patches.arch/s390-66-02-smp-ipi.patch: kernel: lost IPIs on CPU hotplug (bnc#825048, LTC#94784). - patches.fixes/iwlwifi-use-correct-supported-firmware-for -6035-and-.patch: iwlwifi: use correct supported firmware for 6035 and 6000g2. (bnc#825887) - patches.fixes/watchdog-update-watchdog_thresh-atomically .patch: watchdog: Update watchdog_thresh atomically. (bnc#829357) - patches.fixes/watchdog-update-watchdog_tresh-properly.pa tch: watchdog: update watchdog_tresh properly. (bnc#829357) - patches.fixes/watchdog-make-disable-enable-hotplug-and-p reempt-save.patch: watchdog-make-disable-enable-hotplug-and-preempt-save.pa tch. (bnc#829357) - kabi/severities: Ignore changes in drivers/hv - patches.drivers/lpfc-return-correct-error-code-on-bsg_ti meout.patch: lpfc: Return correct error code on bsg_timeout. (bnc#816043) - patches.fixes/dm-drop-table-reference-on-ioctl-retry.pat ch: dm-multipath: Drop table when retrying ioctl. (bnc#808940) - scsi: Do not retry invalid function error. (bnc#809122) - patches.suse/scsi-do-not-retry-invalid-function-error.pa tch: scsi: Do not retry invalid function error. (bnc#809122) - scsi: Always retry internal target error. (bnc#745640, bnc#825227) - patches.suse/scsi-always-retry-internal-target-error.pat ch: scsi: Always retry internal target error. (bnc#745640, bnc#825227) - patches.drivers/drm-edid-Don-t-print-messages-regarding- stereo-or-csync-by-default.patch: Refresh: add upstream commit ID. - patches.suse/acpiphp-match-to-Bochs-dmi-data.patch: Refresh. . (bnc#824915) - Refresh patches.suse/acpiphp-match-to-Bochs-dmi-data.patch. (bnc#824915) - Update kabi files. - ACPI:remove panic in case hardware has changed after S4. (bnc#829001) - ibmvfc: Driver version 1.0.1. (bnc#825142) - ibmvfc: Fix for offlining devices during error recovery. (bnc#825142) - ibmvfc: Properly set cancel flags when cancelling abort. (bnc#825142) - ibmvfc: Send cancel when link is down. (bnc#825142) - ibmvfc: Support FAST_IO_FAIL in EH handlers. (bnc#825142) - ibmvfc: Suppress ABTS if target gone. (bnc#825142) - fs/dcache.c: add cond_resched() to shrink_dcache_parent(). (bnc#829082) - drivers/cdrom/cdrom.c: use kzalloc() for failing hardware. (bnc#824295, CVE-2013-2164) - kmsg_dump: do not run on non-error paths by default. (bnc#820172) - supported.conf: mark tcm_qla2xxx as supported - mm: honor min_free_kbytes set by user. (bnc#826960) - Drivers: hv: util: Fix a bug in version negotiation code for util services. (bnc#828714) - hyperv: Fix a kernel warning from netvsc_linkstatus_callback(). (bnc#828574) - RT: Fix up hardening patch to not gripe when avg > available, which lockless access makes possible and happens in -rt kernels running a cpubound ltp realtime testcase. Just keep the output sane in that case. - kabi/severities: Add exception for aer_recover_queue() There should not be any user besides ghes.ko. - Fix rpm changelog - PCI / PM: restore the original behavior of pci_set_power_state(). (bnc#827930) - fanotify: info leak in copy_event_to_user(). (CVE-2013-2148 / bnc#823517) - usb: xhci: check usb2 port capabilities before adding hw link PM support. (bnc#828265) - aerdrv: Move cper_print_aer() call out of interrupt context. (bnc#822052, bnc#824568) - PCI/AER: pci_get_domain_bus_and_slot() call missing required pci_dev_put(). (bnc#822052, bnc#824568) - patches.fixes/block-do-not-pass-disk-names-as-format-str ings.patch: block: do not pass disk names as format strings. (bnc#822575 / CVE-2013-2851) - powerpc: POWER8 cputable entries. (bnc#824256) - libceph: Fix NULL pointer dereference in auth client code. (CVE-2013-1059, bnc#826350) - md/raid10: Fix two bug affecting RAID10 reshape. - Allow NFSv4 to run execute-only files. (bnc#765523) - fs/ocfs2/namei.c: remove unnecessary ERROR when removing non-empty directory. (bnc#819363) - block: Reserve only one queue tag for sync IO if only 3 tags are available. (bnc#806396) - btrfs: merge contiguous regions when loading free space cache - btrfs: fix how we deal with the orphan block rsv. - btrfs: fix wrong check during log recovery. - btrfs: change how we indicate we are adding csums.
    last seen 2019-02-21
    modified 2015-09-10
    plugin id 70040
    published 2013-09-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70040
    title SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 8269 / 8270 / 8283)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20131016_KERNEL_ON_SL6_X.NASL
    description * A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled IPv6 sockets that used the UDP_CORK option. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2013-4162, Moderate) * An information leak flaw was found in the way Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible. (CVE-2013-4299, Moderate) The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 70490
    published 2013-10-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70490
    title Scientific Linux Security Update : kernel on SL6.x i386/srpm/x86_64
redhat via4
advisories
  • bugzilla
    id 987627
    title CVE-2013-4162 Kernel: net: panic while pushing pending data out of a IPv6 socket with UDP_CORK enabled
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment kernel is earlier than 0:2.6.18-348.18.1.el5
          oval oval:com.redhat.rhsa:tst:20131292002
        • comment kernel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20080314003
      • AND
        • comment kernel-PAE is earlier than 0:2.6.18-348.18.1.el5
          oval oval:com.redhat.rhsa:tst:20131292022
        • comment kernel-PAE is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20080314021
      • AND
        • comment kernel-PAE-devel is earlier than 0:2.6.18-348.18.1.el5
          oval oval:com.redhat.rhsa:tst:20131292020
        • comment kernel-PAE-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20080314023
      • AND
        • comment kernel-debug is earlier than 0:2.6.18-348.18.1.el5
          oval oval:com.redhat.rhsa:tst:20131292012
        • comment kernel-debug is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20080314015
      • AND
        • comment kernel-debug-devel is earlier than 0:2.6.18-348.18.1.el5
          oval oval:com.redhat.rhsa:tst:20131292014
        • comment kernel-debug-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20080314009
      • AND
        • comment kernel-devel is earlier than 0:2.6.18-348.18.1.el5
          oval oval:com.redhat.rhsa:tst:20131292008
        • comment kernel-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20080314007
      • AND
        • comment kernel-doc is earlier than 0:2.6.18-348.18.1.el5
          oval oval:com.redhat.rhsa:tst:20131292024
        • comment kernel-doc is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20080314025
      • AND
        • comment kernel-headers is earlier than 0:2.6.18-348.18.1.el5
          oval oval:com.redhat.rhsa:tst:20131292004
        • comment kernel-headers is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20080314005
      • AND
        • comment kernel-kdump is earlier than 0:2.6.18-348.18.1.el5
          oval oval:com.redhat.rhsa:tst:20131292018
        • comment kernel-kdump is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20080314017
      • AND
        • comment kernel-kdump-devel is earlier than 0:2.6.18-348.18.1.el5
          oval oval:com.redhat.rhsa:tst:20131292016
        • comment kernel-kdump-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20080314019
      • AND
        • comment kernel-xen is earlier than 0:2.6.18-348.18.1.el5
          oval oval:com.redhat.rhsa:tst:20131292010
        • comment kernel-xen is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20080314011
      • AND
        • comment kernel-xen-devel is earlier than 0:2.6.18-348.18.1.el5
          oval oval:com.redhat.rhsa:tst:20131292006
        • comment kernel-xen-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20080314013
    rhsa
    id RHSA-2013:1292
    released 2013-09-26
    severity Moderate
    title RHSA-2013:1292: kernel security and bug fix update (Moderate)
  • rhsa
    id RHSA-2013:1436
  • rhsa
    id RHSA-2013:1460
  • rhsa
    id RHSA-2013:1520
rpms
  • kernel-0:2.6.18-348.18.1.el5
  • kernel-PAE-0:2.6.18-348.18.1.el5
  • kernel-PAE-devel-0:2.6.18-348.18.1.el5
  • kernel-debug-0:2.6.18-348.18.1.el5
  • kernel-debug-devel-0:2.6.18-348.18.1.el5
  • kernel-devel-0:2.6.18-348.18.1.el5
  • kernel-doc-0:2.6.18-348.18.1.el5
  • kernel-headers-0:2.6.18-348.18.1.el5
  • kernel-kdump-0:2.6.18-348.18.1.el5
  • kernel-kdump-devel-0:2.6.18-348.18.1.el5
  • kernel-xen-0:2.6.18-348.18.1.el5
  • kernel-xen-devel-0:2.6.18-348.18.1.el5
  • kernel-0:2.6.32-358.23.2.el6
  • kernel-bootwrapper-0:2.6.32-358.23.2.el6
  • kernel-debug-0:2.6.32-358.23.2.el6
  • kernel-debug-devel-0:2.6.32-358.23.2.el6
  • kernel-devel-0:2.6.32-358.23.2.el6
  • kernel-doc-0:2.6.32-358.23.2.el6
  • kernel-firmware-0:2.6.32-358.23.2.el6
  • kernel-headers-0:2.6.32-358.23.2.el6
  • kernel-kdump-0:2.6.32-358.23.2.el6
  • kernel-kdump-devel-0:2.6.32-358.23.2.el6
  • perf-0:2.6.32-358.23.2.el6
  • python-perf-0:2.6.32-358.23.2.el6
refmap via4
bid 61411
confirm
mlist [oss-security] 20130723 Re: CVE Request: Linux kernel: panic while pushing pending data out of an IPv6 socket with UDP_CORK enabled.
secunia
  • 54148
  • 55055
suse
  • SUSE-SU-2013:1473
  • SUSE-SU-2013:1474
  • openSUSE-SU-2013:1971
ubuntu
  • USN-1938-1
  • USN-1939-1
  • USN-1941-1
  • USN-1942-1
  • USN-1943-1
  • USN-1944-1
  • USN-1945-1
  • USN-1946-1
  • USN-1947-1
Last major update 03-01-2014 - 23:48
Published 29-07-2013 - 09:59
Back to Top