ID CVE-2012-5517
Summary The online_pages function in mm/memory_hotplug.c in the Linux kernel before 3.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact in opportunistic circumstances by using memory that was hot-added by an administrator.
References
Vulnerable Configurations
  • Linux Kernel 3.4.14
    cpe:2.3:o:linux:linux_kernel:3.4.14
  • Linux Kernel 3.4.13
    cpe:2.3:o:linux:linux_kernel:3.4.13
  • Linux Kernel 3.4.12
    cpe:2.3:o:linux:linux_kernel:3.4.12
  • Linux Kernel 3.4.11
    cpe:2.3:o:linux:linux_kernel:3.4.11
  • Linux Kernel 3.4.10
    cpe:2.3:o:linux:linux_kernel:3.4.10
  • Linux Kernel 3.4.1 (x86)
    cpe:2.3:o:linux:linux_kernel:3.4.1:-:-:-:-:-:x86
  • Linux Kernel 3.4.1
    cpe:2.3:o:linux:linux_kernel:3.4.1
  • Linux Kernel 3.4
    cpe:2.3:o:linux:linux_kernel:3.4
  • Linux Kernel 3.4.2
    cpe:2.3:o:linux:linux_kernel:3.4.2
  • Linux Kernel 3.4 release candidate 3 (x86)
    cpe:2.3:o:linux:linux_kernel:3.4:rc3:-:-:-:-:x86
  • Linux Kernel 3.4 release candidate 4 (x86)
    cpe:2.3:o:linux:linux_kernel:3.4:rc4:-:-:-:-:x86
  • Linux Kernel 3.4 release candidate 1 (x86)
    cpe:2.3:o:linux:linux_kernel:3.4:rc1:-:-:-:-:x86
  • Linux Kernel 3.4 release candidate 2 (x86)
    cpe:2.3:o:linux:linux_kernel:3.4:rc2:-:-:-:-:x86
  • Linux Kernel 3.4.5
    cpe:2.3:o:linux:linux_kernel:3.4.5
  • Linux Kernel 3.4.5 (x86)
    cpe:2.3:o:linux:linux_kernel:3.4.5:-:-:-:-:-:x86
  • Linux Kernel 3.4.3
    cpe:2.3:o:linux:linux_kernel:3.4.3
  • Linux Kernel 3.4.4
    cpe:2.3:o:linux:linux_kernel:3.4.4
  • Linux Kernel 3.4 release candidate 6 (x86)
    cpe:2.3:o:linux:linux_kernel:3.4:rc6:-:-:-:-:x86
  • Linux Kernel 3.4 release candidate 5 (x86)
    cpe:2.3:o:linux:linux_kernel:3.4:rc5:-:-:-:-:x86
  • Linux Kernel 3.4 (x86)
    cpe:2.3:o:linux:linux_kernel:3.4:-:-:-:-:-:x86
  • Linux Kernel 3.4 release candidate 7 (x86)
    cpe:2.3:o:linux:linux_kernel:3.4:rc7:-:-:-:-:x86
  • Linux Kernel 3.4.2 (x86)
    cpe:2.3:o:linux:linux_kernel:3.4.2:-:-:-:-:-:x86
  • Linux Kernel 3.4.4 (x86)
    cpe:2.3:o:linux:linux_kernel:3.4.4:-:-:-:-:-:x86
  • Linux Kernel 3.4.3 (x86)
    cpe:2.3:o:linux:linux_kernel:3.4.3:-:-:-:-:-:x86
  • Linux Kernel 3.4 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.4:rc2
  • Linux Kernel 3.4 release candidate 1
    cpe:2.3:o:linux:linux_kernel:3.4:rc1
  • Linux Kernel 3.4 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.4:rc4
  • Linux Kernel 3.4 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.4:rc3
  • Linux Kernel 3.4 release candidate 6
    cpe:2.3:o:linux:linux_kernel:3.4:rc6
  • Linux Kernel 3.4 release candidate 5
    cpe:2.3:o:linux:linux_kernel:3.4:rc5
  • Linux Kernel 3.4 release candidate 7
    cpe:2.3:o:linux:linux_kernel:3.4:rc7
  • Linux Kernel 3.3.2
    cpe:2.3:o:linux:linux_kernel:3.3.2
  • Linux Kernel 3.3.4
    cpe:2.3:o:linux:linux_kernel:3.3.4
  • Linux Kernel 3.3.6
    cpe:2.3:o:linux:linux_kernel:3.3.6
  • Linux Kernel 3.3.7
    cpe:2.3:o:linux:linux_kernel:3.3.7
  • Linux Kernel 3.3
    cpe:2.3:o:linux:linux_kernel:3.3
  • Linux Kernel 3.3 release candidate 7
    cpe:2.3:o:linux:linux_kernel:3.3:rc7
  • Linux Kernel 3.3 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.3:rc4
  • Linux Kernel 3.3 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.3:rc3
  • Linux Kernel 3.3 release candidate 6
    cpe:2.3:o:linux:linux_kernel:3.3:rc6
  • Linux Kernel 3.3 release candidate 5
    cpe:2.3:o:linux:linux_kernel:3.3:rc5
  • Linux Kernel 3.3 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.3:rc2
  • Linux Kernel 3.3.8
    cpe:2.3:o:linux:linux_kernel:3.3.8
  • Linux Kernel 3.3 release candidate 1
    cpe:2.3:o:linux:linux_kernel:3.3:rc1
  • Linux Kernel 3.3.5
    cpe:2.3:o:linux:linux_kernel:3.3.5
  • Linux Kernel 3.3.3
    cpe:2.3:o:linux:linux_kernel:3.3.3
  • Linux Kernel 3.3.1
    cpe:2.3:o:linux:linux_kernel:3.3.1
  • Linux Kernel 3.2
    cpe:2.3:o:linux:linux_kernel:3.2
  • Linux Kernel 3.2.25
    cpe:2.3:o:linux:linux_kernel:3.2.25
  • Linux Kernel 3.2.1
    cpe:2.3:o:linux:linux_kernel:3.2.1
  • Linux Kernel 3.2.26
    cpe:2.3:o:linux:linux_kernel:3.2.26
  • Linux Kernel 3.2.27
    cpe:2.3:o:linux:linux_kernel:3.2.27
  • Linux Kernel 3.2.28
    cpe:2.3:o:linux:linux_kernel:3.2.28
  • Linux Kernel 3.2.5
    cpe:2.3:o:linux:linux_kernel:3.2.5
  • Linux Kernel 3.2.4
    cpe:2.3:o:linux:linux_kernel:3.2.4
  • Linux Kernel 3.2.3
    cpe:2.3:o:linux:linux_kernel:3.2.3
  • Linux Kernel 3.2.2
    cpe:2.3:o:linux:linux_kernel:3.2.2
  • Linux Kernel 3.2.24
    cpe:2.3:o:linux:linux_kernel:3.2.24
  • Linux Kernel 3.2.23
    cpe:2.3:o:linux:linux_kernel:3.2.23
  • Linux Kernel 3.2.12
    cpe:2.3:o:linux:linux_kernel:3.2.12
  • Linux Kernel 3.2.13
    cpe:2.3:o:linux:linux_kernel:3.2.13
  • Linux Kernel 3.2.14
    cpe:2.3:o:linux:linux_kernel:3.2.14
  • Linux Kernel 3.2.30
    cpe:2.3:o:linux:linux_kernel:3.2.30
  • Linux Kernel 3.2.15
    cpe:2.3:o:linux:linux_kernel:3.2.15
  • Linux Kernel 3.2.29
    cpe:2.3:o:linux:linux_kernel:3.2.29
  • Linux Kernel 3.2.16
    cpe:2.3:o:linux:linux_kernel:3.2.16
  • Linux Kernel 3.2.1 (x86)
    cpe:2.3:o:linux:linux_kernel:3.2.1:-:-:-:-:-:x86
  • Linux Kernel 3.2.22
    cpe:2.3:o:linux:linux_kernel:3.2.22
  • Linux Kernel 3.2.17
    cpe:2.3:o:linux:linux_kernel:3.2.17
  • Linux Kernel 3.2.21
    cpe:2.3:o:linux:linux_kernel:3.2.21
  • Linux Kernel 3.2.18
    cpe:2.3:o:linux:linux_kernel:3.2.18
  • Linux Kernel 3.2 release candidate 7
    cpe:2.3:o:linux:linux_kernel:3.2:rc7
  • Linux Kernel 3.2.19
    cpe:2.3:o:linux:linux_kernel:3.2.19
  • Linux Kernel 3.2 release candidate 6
    cpe:2.3:o:linux:linux_kernel:3.2:rc6
  • Linux Kernel 3.2.20
    cpe:2.3:o:linux:linux_kernel:3.2.20
  • Linux Kernel 3.2 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.2:rc3
  • Linux Kernel 3.2 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.2:rc2
  • Linux Kernel 3.2 release candidate 5
    cpe:2.3:o:linux:linux_kernel:3.2:rc5
  • Linux Kernel 3.2 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.2:rc4
  • Linux Kernel 3.2 (x86)
    cpe:2.3:o:linux:linux_kernel:3.2:-:-:-:-:-:x86
  • Linux Kernel 3.2.6
    cpe:2.3:o:linux:linux_kernel:3.2.6
  • Linux Kernel 3.2.7
    cpe:2.3:o:linux:linux_kernel:3.2.7
  • Linux Kernel 3.2.8
    cpe:2.3:o:linux:linux_kernel:3.2.8
  • Linux Kernel 3.2.9
    cpe:2.3:o:linux:linux_kernel:3.2.9
  • Linux Kernel 3.2.10
    cpe:2.3:o:linux:linux_kernel:3.2.10
  • Linux Kernel 3.2.11
    cpe:2.3:o:linux:linux_kernel:3.2.11
  • Linux Kernel 3.1 release candidate 1
    cpe:2.3:o:linux:linux_kernel:3.1:rc1
  • Linux Kernel 3.1 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.1:rc2
  • Linux Kernel 3.1 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.1:rc3
  • Linux Kernel 3.1 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.1:rc4
  • Linux Kernel 3.1
    cpe:2.3:o:linux:linux_kernel:3.1
  • Linux Kernel 3.1.10
    cpe:2.3:o:linux:linux_kernel:3.1.10
  • Linux Kernel 3.1.9
    cpe:2.3:o:linux:linux_kernel:3.1.9
  • Linux Kernel 3.1.8
    cpe:2.3:o:linux:linux_kernel:3.1.8
  • Linux Kernel 3.1.7
    cpe:2.3:o:linux:linux_kernel:3.1.7
  • Linux Kernel 3.1.6
    cpe:2.3:o:linux:linux_kernel:3.1.6
  • Linux Kernel 3.1.5
    cpe:2.3:o:linux:linux_kernel:3.1.5
  • Linux Kernel 3.1.4
    cpe:2.3:o:linux:linux_kernel:3.1.4
  • Linux Kernel 3.1.3
    cpe:2.3:o:linux:linux_kernel:3.1.3
  • Linux Kernel 3.1.2
    cpe:2.3:o:linux:linux_kernel:3.1.2
  • Linux Kernel 3.1.1
    cpe:2.3:o:linux:linux_kernel:3.1.1
  • Linux Kernel 3.0 release candidate 7
    cpe:2.3:o:linux:linux_kernel:3.0:rc7
  • Linux Kernel 3.0 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.0:rc4
  • Linux Kernel 3.0 release candidate 5
    cpe:2.3:o:linux:linux_kernel:3.0:rc5
  • Linux Kernel 3.0 release candidate 6
    cpe:2.3:o:linux:linux_kernel:3.0:rc6
  • Linux Kernel 3.0 release candidate 1
    cpe:2.3:o:linux:linux_kernel:3.0:rc1
  • Linux Kernel 3.0 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.0:rc2
  • Linux Kernel 3.0 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.0:rc3
  • Linux Kernel 3.0.43
    cpe:2.3:o:linux:linux_kernel:3.0.43
  • Linux Kernel 3.0.44
    cpe:2.3:o:linux:linux_kernel:3.0.44
  • Linux Kernel 3.0.37
    cpe:2.3:o:linux:linux_kernel:3.0.37
  • Linux Kernel 3.0.38
    cpe:2.3:o:linux:linux_kernel:3.0.38
  • Linux Kernel 3.0.35
    cpe:2.3:o:linux:linux_kernel:3.0.35
  • Linux Kernel 3.0.36
    cpe:2.3:o:linux:linux_kernel:3.0.36
  • Linux Kernel 3.0.41
    cpe:2.3:o:linux:linux_kernel:3.0.41
  • Linux Kernel 3.0.42
    cpe:2.3:o:linux:linux_kernel:3.0.42
  • Linux Kernel 3.0.39
    cpe:2.3:o:linux:linux_kernel:3.0.39
  • Linux Kernel 3.0.40
    cpe:2.3:o:linux:linux_kernel:3.0.40
  • Linux Kernel 3.0.24
    cpe:2.3:o:linux:linux_kernel:3.0.24
  • Linux Kernel 3.0.22
    cpe:2.3:o:linux:linux_kernel:3.0.22
  • Linux Kernel 3.0.23
    cpe:2.3:o:linux:linux_kernel:3.0.23
  • Linux Kernel 3.0.20
    cpe:2.3:o:linux:linux_kernel:3.0.20
  • Linux Kernel 3.0.21
    cpe:2.3:o:linux:linux_kernel:3.0.21
  • Linux Kernel 3.0.18
    cpe:2.3:o:linux:linux_kernel:3.0.18
  • Linux Kernel 3.0.19
    cpe:2.3:o:linux:linux_kernel:3.0.19
  • Linux Kernel 3.0.16
    cpe:2.3:o:linux:linux_kernel:3.0.16
  • Linux Kernel 3.0.17
    cpe:2.3:o:linux:linux_kernel:3.0.17
  • Linux Kernel 3.0.14
    cpe:2.3:o:linux:linux_kernel:3.0.14
  • Linux Kernel 3.0.15
    cpe:2.3:o:linux:linux_kernel:3.0.15
  • Linux Kernel 3.0.12
    cpe:2.3:o:linux:linux_kernel:3.0.12
  • Linux Kernel 3.0.13
    cpe:2.3:o:linux:linux_kernel:3.0.13
  • Linux Kernel 3.0.10
    cpe:2.3:o:linux:linux_kernel:3.0.10
  • Linux Kernel 3.0.11
    cpe:2.3:o:linux:linux_kernel:3.0.11
  • Linux Kernel 3.0.27
    cpe:2.3:o:linux:linux_kernel:3.0.27
  • Linux Kernel 3.0.26
    cpe:2.3:o:linux:linux_kernel:3.0.26
  • Linux Kernel 3.0.25
    cpe:2.3:o:linux:linux_kernel:3.0.25
  • Linux Kernel 3.0.4
    cpe:2.3:o:linux:linux_kernel:3.0.4
  • Linux Kernel 3.0.3
    cpe:2.3:o:linux:linux_kernel:3.0.3
  • Linux Kernel 3.0.2
    cpe:2.3:o:linux:linux_kernel:3.0.2
  • Linux Kernel 3.0.1
    cpe:2.3:o:linux:linux_kernel:3.0.1
  • Linux Kernel 3.0.34
    cpe:2.3:o:linux:linux_kernel:3.0.34
  • Linux Kernel 3.0.32
    cpe:2.3:o:linux:linux_kernel:3.0.32
  • Linux Kernel 3.0.5
    cpe:2.3:o:linux:linux_kernel:3.0.5
  • Linux Kernel 3.0.33
    cpe:2.3:o:linux:linux_kernel:3.0.33
  • Linux Kernel 3.0.30
    cpe:2.3:o:linux:linux_kernel:3.0.30
  • Linux Kernel 3.0.7
    cpe:2.3:o:linux:linux_kernel:3.0.7
  • Linux Kernel 3.0.31
    cpe:2.3:o:linux:linux_kernel:3.0.31
  • Linux Kernel 3.0.6
    cpe:2.3:o:linux:linux_kernel:3.0.6
  • Linux Kernel 3.0.28
    cpe:2.3:o:linux:linux_kernel:3.0.28
  • Linux Kernel 3.0.9
    cpe:2.3:o:linux:linux_kernel:3.0.9
  • Linux Kernel 3.0.29
    cpe:2.3:o:linux:linux_kernel:3.0.29
  • Linux Kernel 3.0.8
    cpe:2.3:o:linux:linux_kernel:3.0.8
  • Linux Kernel 3.4.15
    cpe:2.3:o:linux:linux_kernel:3.4.15
  • Linux Kernel 3.4.16
    cpe:2.3:o:linux:linux_kernel:3.4.16
  • Linux Kernel 3.4.17
    cpe:2.3:o:linux:linux_kernel:3.4.17
  • Linux Kernel 3.4.18
    cpe:2.3:o:linux:linux_kernel:3.4.18
  • Linux Kernel 3.4.19
    cpe:2.3:o:linux:linux_kernel:3.4.19
  • Linux Kernel 3.4.20
    cpe:2.3:o:linux:linux_kernel:3.4.20
  • Linux Kernel 3.4.21
    cpe:2.3:o:linux:linux_kernel:3.4.21
  • Linux Kernel 3.4.22
    cpe:2.3:o:linux:linux_kernel:3.4.22
  • Linux Kernel 3.4.23
    cpe:2.3:o:linux:linux_kernel:3.4.23
  • Linux Kernel 3.4.24
    cpe:2.3:o:linux:linux_kernel:3.4.24
  • Linux Kernel 3.5.1
    cpe:2.3:o:linux:linux_kernel:3.5.1
  • Linux Kernel 3.5.2
    cpe:2.3:o:linux:linux_kernel:3.5.2
  • Linux Kernel 3.5.3
    cpe:2.3:o:linux:linux_kernel:3.5.3
  • Linux Kernel 3.5.4
    cpe:2.3:o:linux:linux_kernel:3.5.4
  • Linux Kernel 3.5.5
    cpe:2.3:o:linux:linux_kernel:3.5.5
  • Linux Kernel 3.5.6
    cpe:2.3:o:linux:linux_kernel:3.5.6
  • Linux Kernel 3.5.7
    cpe:2.3:o:linux:linux_kernel:3.5.7
CVSS
Base: 4.0 (as of 21-12-2012 - 11:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-2520.NASL
    description Description of changes: kernel-uek [2.6.32-400.26.2.el6uek] - mm/hotplug: correctly add new zone to all other nodes' zone lists (Jiang Liu) [Orabug: 16603569] {CVE-2012-5517} - ptrace: ptrace_resume() shouldn't wake up !TASK_TRACED thread (Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871} - ptrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL (Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871} - ptrace: introduce signal_wake_up_state() and ptrace_signal_wake_up() (Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871} - Bluetooth: Fix incorrect strncpy() in hidp_setup_hid() (Anderson Lizardo) [Orabug: 16711062] {CVE-2013-0349} - dccp: check ccid before dereferencing (Mathias Krause) [Orabug: 16711040] {CVE-2013-1827} - USB: io_ti: Fix NULL dereference in chase_port() (Wolfgang Frisch) [Orabug: 16425435] {CVE-2013-1774} - keys: fix race with concurrent install_user_keyrings() (David Howells) [Orabug: 16493369] {CVE-2013-1792} - KVM: Fix bounds checking in ioapic indirect register reads (CVE-2013-1798) (Andy Honig) [Orabug: 16710937] {CVE-2013-1798} - KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (CVE-2013-1796) (Jerry Snitselaar) [Orabug: 16710794] {CVE-2013-1796} - net/tun: fix ioctl() based info leaks (Mathias Krause) [Orabug: 16675501] {CVE-2012-6547} - atm: fix info leak via getsockname() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6546} - atm: fix info leak in getsockopt(SO_ATMPVC) (Mathias Krause) [Orabug: 16675501] {CVE-2012-6546} - xfrm_user: fix info leak in copy_to_user_tmpl() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6537} - xfrm_user: fix info leak in copy_to_user_policy() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6537} - xfrm_user: fix info leak in copy_to_user_state() (Mathias Krause) [Orabug: 16675501] {CVE-2013-6537} - xfrm_user: return error pointer instead of NULL #2 (Mathias Krause) [Orabug: 16675501] {CVE-2013-1826} - xfrm_user: return error pointer instead of NULL (Mathias Krause) [Orabug: 16675501] {CVE-2013-1826}
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 68852
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68852
    title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2520)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20121218_KERNEL_ON_SL6_X.NASL
    description This update fixes the following security issues : - It was found that a previous update did not correctly fix the CVE-2011-4131 issue. A malicious Network File System version 4 (NFSv4) server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2012-2375, Moderate) - A divide-by-zero flaw was found in the TCP Illinois congestion control algorithm implementation in the Linux kernel. If the TCP Illinois congestion control algorithm were in use (the sysctl net.ipv4.tcp_congestion_control variable set to 'illinois'), a local, unprivileged user could trigger this flaw and cause a denial of service. (CVE-2012-4565, Moderate) - A NULL pointer dereference flaw was found in the way a new node's hot added memory was propagated to other nodes' zonelists. By utilizing this newly added memory from one of the remaining nodes, a local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-5517, Moderate) - It was found that the initial release of Scientific Linux 6 did not correctly fix the CVE-2009-4307 issue, a divide-by-zero flaw in the ext4 file system code. A local, unprivileged user with the ability to mount an ext4 file system could use this flaw to cause a denial of service. (CVE-2012-2100, Low) - A flaw was found in the way the Linux kernel's IPv6 implementation handled overlapping, fragmented IPv6 packets. A remote attacker could potentially use this flaw to bypass protection mechanisms (such as a firewall or intrusion detection system (IDS)) when sending network packets to a target system. (CVE-2012-4444, Low) The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 63313
    published 2012-12-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63313
    title Scientific Linux Security Update : kernel on SL6.x i386/x86_64
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1704-2.NASL
    description USN-1704-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression inotify/fanotify stopped working after upgrading. This update fixes the problem. We apologize for the inconvenience. Brad Spengler discovered a flaw in the Linux kernel's uname system call. An unprivileged user could exploit this flaw to read kernel stack memory. (CVE-2012-0957) Jon Howell reported a flaw in the Linux kernel's KVM (Kernel-based virtual machine) subsystem's handling of the XSAVE feature. On hosts, using qemu userspace, without the XSAVE feature an unprivileged local attacker could exploit this flaw to crash the system. (CVE-2012-4461) Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can expose stale data. An unprivileged user could exploit this flaw to cause an information leak. (CVE-2012-4508) A flaw was discovered in the Linux kernel's handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents. (CVE-2012-4530) Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service. (CVE-2012-4565) A flaw was discovered in the Linux kernel's handling of new hot-plugged memory. An unprivileged local user could exploit this flaw to cause a denial of service by crashing the system. (CVE-2012-5517) Florian Weimer discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating source addresses of netlink packets. An untrusted local user can cause a denial of service by causing hypervkvpd to exit. (CVE-2012-5532). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 64436
    published 2013-02-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64436
    title Ubuntu 12.04 LTS : linux-lts-quantal - Linux kernel hardware enablement from Quantal regression (USN-1704-2)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1704-1.NASL
    description Brad Spengler discovered a flaw in the Linux kernel's uname system call. An unprivileged user could exploit this flaw to read kernel stack memory. (CVE-2012-0957) Jon Howell reported a flaw in the Linux kernel's KVM (Kernel-based virtual machine) subsystem's handling of the XSAVE feature. On hosts, using qemu userspace, without the XSAVE feature an unprivileged local attacker could exploit this flaw to crash the system. (CVE-2012-4461) Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can expose stale data. An unprivileged user could exploit this flaw to cause an information leak. (CVE-2012-4508) A flaw was discovered in the Linux kernel's handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents. (CVE-2012-4530) Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service. (CVE-2012-4565) A flaw was discovered in the Linux kernel's handling of new hot-plugged memory. An unprivileged local user could exploit this flaw to cause a denial of service by crashing the system. (CVE-2012-5517) Florian Weimer discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating source addresses of netlink packets. An untrusted local user can cause a denial of service by causing hypervkvpd to exit. (CVE-2012-5532). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 63669
    published 2013-01-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63669
    title Ubuntu 12.04 LTS : linux-lts-quantal - Linux kernel hardware enablement from Quantal vulnerabilities (USN-1704-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_KERNEL-121203.NASL
    description The SUSE Linux Enterprise 11 SP2 kernel has been updated to 3.0.51 which fixes various bugs and security issues. It contains the following feature enhancements : - The cachefiles framework is now supported (FATE#312793, bnc#782369). The userland utilities were published seperately to support this feature. - The ipset netfilter modules are now supported (FATE#313309) The ipset userland utility will be published seperately to support this feature. - The tipc kernel module is now externally supported (FATE#305033). - Hyper-V KVP IP injection was implemented (FATE#314441). A seperate hyper-v package will be published to support this feature. - Intel Lynx Point PCH chipset support was added. (FATE#313409) - Enable various md/raid10 and DASD enhancements. (FATE#311379) These make it possible for RAID10 to cope with DASD devices being slow for various reasons - the affected device will be temporarily removed from the array. Also added support for reshaping of RAID10 arrays. mdadm changes will be published to support this feature. The following security issues have been fixed : - A race condition on hot adding memory could be used by local attackers to crash the system during hot adding new memory. (CVE-2012-5517) - A flaw has been found in the way Linux kernels KVM subsystem handled vcpu->arch.cr4 X86_CR4_OSXSAVE bit set upon guest enter. On hosts without the XSAVE feature and using qemu userspace an unprivileged local user could have used this flaw to crash the system. (CVE-2012-4461) - The KVM implementation in the Linux kernel allowed host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists. (CVE-2012-1601) - Attempting an rds connection from the IP address of an IPoIB interface to itself causes a kernel panic due to a BUG_ON() being triggered. Making the test less strict allows rds-ping to work without crashing the machine. A local unprivileged user could use this flaw to crash the sytem. (CVE-2012-2372) - Dimitry Monakhov, one of the ext4 developers, has discovered a race involving asynchronous I/O and fallocate which can lead to the exposure of stale data --- that is, an extent which should have had the 'uninitialized' bit set indicating that its blocks have not yet been written and thus contain data from a deleted file will get exposed to anyone with read access to the file. (CVE-2012-4508) - The rds_recvmsg function in net/rds/recv.c in the Linux kernel did not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket. (CVE-2012-3430) - The sfc (aka Solarflare Solarstorm) driver in the Linux kernel allowed remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value. (CVE-2012-3412) The following non-security issues have been fixed : BTRFS : - btrfs: fix double mntput() in mount_subvol(). - btrfs: use common work instead of delayed work - btrfs: limit fallocate extent reservation to 256MB - btrfs: fix a double free on pending snapshots in error handling - btrfs: Do not trust the superblock label and simply printk('%s') it - patches.suse/btrfs-update-message-levels.patch: Refresh. - patches.suse/btrfs-enospc-debugging-messages.patch: Minor updates. - patches.suse/btrfs-update-message-levels.patch: Minor updates. - btrfs: continue after abort during snapshot drop. (bnc#752067) - btrfs: Return EINVAL when length to trim is less than FSB. - btrfs: fix unnecessary while loop when search the free space, cache. - btrfs: Use btrfs_update_inode_fallback when creating a snapshot. - btrfs: do not bug when we fail to commit the transaction. - btrfs: fill the global reserve when unpinning space. - btrfs: do not allow degraded mount if too many devices are missing. - patches.suse/btrfs-8112-resume-balance-on-rw-re-mounts-p roperly.patch: fix mismerge. - btrfs: do not allocate chunks as agressively. - btrfs: btrfs_drop_extent_cache should never fail. - btrfs: fix full backref problem when inserting shared block reference. - btrfs: wait on async pages when shrinking delalloc. - btrfs: remove bytes argument from do_chunk_alloc. - btrfs: cleanup of error processing in btree_get_extent(). - btrfs: remove unnecessary code in btree_get_extent(). - btrfs: kill obsolete arguments in btrfs_wait_ordered_extents. - btrfs: do not do anything in our ->freeze_fs and ->unfreeze_fs. - btrfs: do not async metadata csumming in certain situations. - btrfs: do not hold the file extent leaf locked when adding extent item. - btrfs: cache extent state when writing out dirty metadata pages. - btrfs: do not lookup csums for prealloc extents. - btrfs: be smarter about dropping things from the tree log. - btrfs: confirmation of value is added before trace_btrfs_get_extent() is called. - btrfs: make filesystem read-only when submitting barrier fails. - btrfs: cleanup pages properly when ENOMEM in compression. - btrfs: do not bug on enomem in readpage. - btrfs: do not warn_on when we cannot alloc a page for an extent buffer. - btrfs: enospc debugging messages. S/390 : - smsgiucv: reestablish IUCV path after resume (bnc#786976,LTC#86245). - dasd: move wake_up call (bnc#786976,LTC#86252). - kernel: fix get_user_pages_fast() page table walk (bnc#786976,LTC#86307). - qeth: Fix IPA_CMD_QIPASSIST return code handling (bnc#785851,LTC#86101). - mm: Fix XFS oops due to dirty pages without buffers on s390. (bnc#762259) - zfcp: only access zfcp_scsi_dev for valid scsi_device (bnc#781484,LTC#85285). - dasd: check count address during online setting (bnc#781484,LTC#85346). - hugetlbfs: fix deadlock in unmap_hugepage_range() (bnc#781484,LTC#85449). - kernel: make user-access pagetable walk code huge page aware (bnc#781484,LTC#85455). - hugetlbfs: add missing TLB invalidation (bnc#781484,LTC#85463). - zfcp: fix adapter (re)open recovery while link to SAN is down (bnc#789010,LTC#86283). - qeth: set new mac even if old mac is gone (bnc#789010,LTC#86643). - qdio: fix kernel panic for zfcp 31-bit (bnc#789010,LTC#86623). - crypto: msgType50 (RSA-CRT) Fix (bnc#789010,LTC#86378). DRM : - drm/915: Update references, fixed a missing patch chunk. (bnc#725355) - drm/dp: Document DP spec versions for various DPCD registers. (bnc#780461) - drm/dp: Make sink count DP 1.2 aware. (bnc#780461) - DRM/i915: Restore sdvo_flags after dtd->mode->dtd Roundrtrip. (bnc#775577) - DRM/i915: Do not clone SDVO LVDS with analog. (bnc#766410) - DRM/radeon: For single CRTC GPUs move handling of CRTC_CRT_ON to crtc_dpms(). (bnc#725152) - DRM/Radeon: Fix TV DAC Load Detection for single CRTC chips. (bnc#725152) - DRM/Radeon: Clean up code in TV DAC load detection. (bnc#725152) - DRM/Radeon: On DVI-I use Load Detection when EDID is bogus. (bnc#725152) - DRM/Radeon: Fix primary DAC Load Detection for RV100 chips. (bnc#725152) - DRM/Radeon: Fix Load Detection on legacy primary DAC. (bnc#725152) - drm/i915: enable plain RC6 on Sandy Bridge by default (bnc#725355). Hyper-V : - Hyper-V KVP IP injection (fate#31441) : - drivers: net: Remove casts to same type. - drivers: hv: remove IRQF_SAMPLE_RANDOM which is now a no-op. - hyperv: Move wait completion msg code into rndis_filter_halt_device(). - hyperv: Add comments for the extended buffer after RNDIS message. - Drivers: hv: Cleanup the guest ID computation. - Drivers: hv: vmbus: Use the standard format string to format GUIDs. - Drivers: hv: Add KVP definitions for IP address injection. - Drivers: hv: kvp: Cleanup error handling in KVP. - Drivers: hv: kvp: Support the new IP injection messages. - Tools: hv: Prepare to expand kvp_get_ip_address() functionality. - Tools: hv: Further refactor kvp_get_ip_address(). - Tools: hv: Gather address family information. - Tools: hv: Gather subnet information. - Tools: hv: Represent the ipv6 mask using CIDR notation. - Tools: hv: Gather ipv[4,6] gateway information. - hv: fail the probing immediately when we are not in hyperv platform. - hv: vmbus_drv: detect hyperv through x86_hyper. - Tools: hv: Get rid of some unused variables. - Tools: hv: Correctly type string variables. - Tools: hv: Add an example script to retrieve DNS entries. - Tools: hv: Gather DNS information. - Drivers: hv: kvp: Copy the address family information. - Tools: hv: Add an example script to retrieve dhcp state. - Tools: hv: Gather DHCP information. - Tools: hv: Add an example script to configure an interface. - Tools: hv: Implement the KVP verb - KVP_OP_SET_IP_INFO. - Tools: hv: Rename the function kvp_get_ip_address(). - Tools: hv: Implement the KVP verb - KVP_OP_GET_IP_INFO. - tools/hv: Fix file handle leak. - tools/hv: Fix exit() error code. - tools/hv: Check for read/write errors. - tools/hv: Parse /etc/os-release. - hyperv: Fix the max_xfer_size in RNDIS initialization. - hyperv: Fix the missing return value in rndis_filter_set_packet_filter(). - hyperv: Fix page buffer handling in rndis_filter_send_request(). - hyperv: Remove extra allocated space for recv_pkt_list elements. - hyperv: Report actual status in receive completion packet. - hyperv: Add buffer for extended info after the RNDIS response message. Other : - net: prevent NULL dereference in check_peer_redir(). (bnc#776044 / bnc#784576) - patches.fixes/mm-hotplug-correctly-add-zone-to-other-nod es-list.patch: Refresh. - igb: fix recent VLAN changes that would leave VLANs disabled after reset. (bnc#787168) - md: Change goto target to avoid pointless bug messages in normal error cases. (bnc#787848) - intel_idle: IVB support (fate#313719). - x86 cpufreq: Do not complain on missing cpufreq tables on ProLiants. (bnc#787202) - hpilo: remove pci_disable_device. (bnc#752544) - ixgbe: Address fact that RSC was not setting GSO size for incoming frames. (bnc#776144) - hv: Cleanup error handling in vmbus_open(). - [SCSI] storvsc: Account for in-transit packets in the RESET path. - sg: remove sg_mutex. (bnc#785496) - perf: Do no try to schedule task events if there are none. (bnc#781574) - perf: Do not set task_ctx pointer in cpuctx if there are no events in the context. (bnc#781574) - mm: swap: Implement generic handlers for swap-related address ops fix. (bnc#778334) - hpwdt: Only BYTE reads/writes to WD Timer port 0x72. - xenbus: fix overflow check in xenbus_dev_write(). - xen/x86: do not corrupt %eip when returning from a signal handler. - Update Xen patches to 3.0.46. - Update Xen patches to 3.0.51. - mm: Check if PTE is already allocated during page fault. - rpm/kernel-binary.spec.in: Revert f266e647f to allow building with icecream again, as patches.rpmify/kbuild-fix-gcc-x-syntax.patch is a real fix now. - ipmi: decrease the IPMI message transaction time in interrupt mode. (bnc#763654) - ipmi: simplify locking. (bnc#763654) - ipmi: use a tasklet for handling received messages. (bnc#763654) - cxgb3: Set vlan_feature on net_device (bnc#776127, LTC#84260). - qlge: Add offload features to vlan interfaces (bnc#776081,LTC#84322). - mlx4_en: Added missing iounmap upon releasing a device (bnc#774964,LTC#82768). - mlx4: allow device removal by fixing dma unmap size (bnc#774964,LTC#82768). - qeth: fix deadlock between recovery and bonding driver (bnc#785100,LTC#85905). - SCSI st: add st_nowait_eof param to module. (bnc#775394) - patches.fixes/sched-fix-migration-thread-accounting-woes .patch: Update references. (bnc#773699, bnc#769251) - memcg: oom: fix totalpages calculation for swappiness==0. (bnc#783965) - fs: cachefiles: add support for large files in filesystem caching (FATE#312793, bnc#782369). - mm/mempolicy.c: use enum value MPOL_REBIND_ONCE in mpol_rebind_policy(). - mm, mempolicy: fix mbind() to do synchronous migration. - revert 'mm: mempolicy: Let vma_merge and vma_split handle vma->vm_policy linkages'. - mempolicy: fix a race in shared_policy_replace(). - mempolicy: fix refcount leak in mpol_set_shared_policy(). - mempolicy: fix a memory corruption by refcount imbalance in alloc_pages_vma(). - mempolicy: remove mempolicy sharing. Memory policy enhancements for robustness against fuzz attacks and force mbind to use synchronous migration. - Update scsi_dh_alua to mainline version (bnc#708296, bnc#784334) : - scsi_dh_alua: Enable STPG for unavailable ports - scsi_dh_alua: Re-enable STPG for unavailable ports - scsi_dh_alua: backoff alua rtpg retry linearly vs. geometrically - scsi_dh_alua: implement implied transition timeout - scsi_dh_alua: retry alua rtpg extended header for illegal request response - Revert removal of ACPI procfs entries. (bnc#777283) - x86: Clear HPET configuration registers on startup. (bnc#748896) - mlx4: Fixed build warning, update references (bnc#774500,LTC#83966). - xen/frontends: handle backend CLOSED without CLOSING. - xen/pciback: properly clean up after calling pcistub_device_find(). - xen/netfront: add netconsole support (bnc#763858 fate#313830). - netfilter: nf_conntrack_ipv6: fix tracking of ICMPv6 error messages containing fragments. (bnc#779750) - ipv6, xfrm: use conntrack-reassembled packet for policy lookup. (bnc#780216) - inetpeer: add namespace support for inetpeer. (bnc#779969) - inetpeer: add parameter net for inet_getpeer_v4,v6. (bnc#779969) - inetpeer: make unused_peers list per-netns. (bnc#779969) - kABI: use net_generic to protect struct netns_ipv{4,6}. (bnc#779969) - patches.rpmify/kbuild-fix-gcc-x-syntax.patch: kbuild: Fix gcc -x syntax. (bnc#773831) - patches.suse/supported-flag: Re-enabled warning on unsupported module loading. - nbd: clear waiting_queue on shutdown. (bnc#778630) - nohz: fix idle ticks in cpu summary line of /proc/stat (follow up fix for bnc#767469, bnc#705551). - fix TAINT_NO_SUPPORT handling on module load. - NFS: Fix Oopses in nfs_lookup_revalidate and nfs4_lookup_revalidate. (bnc#780008) - svcrpc: fix svc_xprt_enqueue/svc_recv busy-looping (bnc@779462). - net: do not disable sg for packets requiring no checksum. (bnc#774859) - sfc: prevent extreme TSO parameters from stalling TX queues. (bnc#774523 / CVE-2012-3412) - X86 MCE: Fix correct ring/severity identification in V86 case. (bnc#773267) - scsi_dh_rdac: Add a new netapp vendor/product string. (bnc#772483) - scsi_dh_rdac : Consolidate rdac strings together. (bnc#772483) - scsi_dh_rdac : minor return fix for rdac. (bnc#772483) - dh_rdac: Associate HBA and storage in rdac_controller to support partitions in storage. (bnc#772454) - scsi_dh_rdac: Fix error path. (bnc#772454) - scsi_dh_rdac: Fix for unbalanced reference count. (bnc#772454) - sd: Ensure we correctly disable devices with unknown protection type. (bnc#780876) - netfilter: ipset: timeout can be modified for already added elements. (bnc#790457) - netfilter: ipset: fix adding ranges to hash types. (bnc#790498) - workqueue: exit rescuer_thread() as TASK_RUNNING. (bnc#789993) - xhci: Add Lynx Point LP to list of Intel switchable hosts. (bnc#791853) - tg3: Introduce separate functions to allocate/free RX/TX rings. (bnc#785554) - net-next: Add netif_get_num_default_rss_queues. (bnc#785554) - tg3: set maximal number of default RSS queues. (bnc#785554) - tg3: Allow number of rx and tx rings to be set independently. (bnc#785554) - tg3: Separate coalescing setup for rx and tx. (bnc#785554) - tg3: Refactor tg3_open(). (bnc#785554) - tg3: Refactor tg3_close(). (bnc#785554) - tg3: Add support for ethtool -L|-l to get/set the number of rings. (bnc#785554) - tg3: Disable multiple TX rings by default due to hardware flaw. (bnc#785554) - x86, microcode, AMD: Add support for family 16h processors (bnc#791498,fate#314145). - scsi_remove_target: fix softlockup regression on hot remove. (bnc#789836) - autofs4: allow autofs to work outside the initial PID namespace. (bnc#779294) - autofs4: translate pids to the right namespace for the daemon. (bnc#779294) - vfs: dont chain pipe/anon/socket on superblock s_inodes list. (bnc#789703) - reiserfs: fix problems with chowning setuid file w/ xattrs. (bnc#790920) - reiserfs: fix double-lock while chowning setuid file w/ xattrs. (bnc#790920) - ALSA: hda - Fix SSYNC register value for non-Intel controllers (fate#313409,bnc#760833). - ALSA: hda: option to enable arbitrary buffer/period sizes (fate#313409,bnc#760833). - ALSA: hda - Fix buffer-alignment regression with Nvidia HDMI (fate#313409,bnc#760833). - ALSA: hda - explicitly set buffer-align flag for Nvidia controllers (fate#313409,bnc#760833). - ALSA: hda - Add Lynx Point HD Audio Controller DeviceIDs (fate#313409,bnc#760833). - ALSA: hda_intel: Add Device IDs for Intel Lynx Point-LP PCH (fate#313409,bnc#760833). - USB: OHCI: workaround for hardware bug: retired TDs not added to the Done Queue. (bnc#762158) - watchdog: iTCO_wdt: clean-up PCI device IDs (fate#313409, bnc#760833). - watchdog: iTCO_wdt: add Intel Lynx Point DeviceIDs (fate#313409, bnc#760833). - ahci: AHCI-mode SATA patch for Intel Lynx Point DeviceIDs (fate#313409, bnc#760833). - ata_piix: IDE-mode SATA patch for Intel Lynx Point DeviceIDs (fate#313409, bnc#760833). - i2c-i801: Add device IDs for Intel Lynx Point (fate#313409, bnc#760833). - jbd: Fix lock ordering bug in journal_unmap_buffer(). (bnc#790935) - usb: host: xhci: Fix Compliance Mode on SN65LVPE502CP Hardware. (bnc#788277) - usb: host: xhci: Fix NULL pointer dereferencing with 71c731a for non-x86 systems. (bnc#788277) - Do not remove fillup from the buildsystem. (bnc#781327) - ibmvfc: Fix double completion on abort timeout. (bnc#788452) - ibmvfc: Ignore fabric RSCNs when link is dead. (bnc#788452) - fs: only send IPI to invalidate LRU BH when needed. (bnc#763628 / bnc#744692) - smp: add func to IPI cpus based on parameter func. (bnc#763628 / bnc#744692) - smp: introduce a generic on_each_cpu_mask() function. (bnc#763628 / bnc#744692)
    last seen 2019-02-21
    modified 2014-08-20
    plugin id 64180
    published 2013-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64180
    title SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 7123 / 7127)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-1580.NASL
    description From Red Hat Security Advisory 2012:1580 : Updated kernel packages that fix multiple security issues, numerous bugs and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * It was found that the RHSA-2012:0862 update did not correctly fix the CVE-2011-4131 issue. A malicious Network File System version 4 (NFSv4) server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2012-2375, Moderate) * A divide-by-zero flaw was found in the TCP Illinois congestion control algorithm implementation in the Linux kernel. If the TCP Illinois congestion control algorithm were in use (the sysctl net.ipv4.tcp_congestion_control variable set to 'illinois'), a local, unprivileged user could trigger this flaw and cause a denial of service. (CVE-2012-4565, Moderate) * A NULL pointer dereference flaw was found in the way a new node's hot added memory was propagated to other nodes' zonelists. By utilizing this newly added memory from one of the remaining nodes, a local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-5517, Moderate) * It was found that the initial release of Red Hat Enterprise Linux 6 did not correctly fix the CVE-2009-4307 issue, a divide-by-zero flaw in the ext4 file system code. A local, unprivileged user with the ability to mount an ext4 file system could use this flaw to cause a denial of service. (CVE-2012-2100, Low) * A flaw was found in the way the Linux kernel's IPv6 implementation handled overlapping, fragmented IPv6 packets. A remote attacker could potentially use this flaw to bypass protection mechanisms (such as a firewall or intrusion detection system (IDS)) when sending network packets to a target system. (CVE-2012-4444, Low) Red Hat would like to thank Antonios Atlasis working with Beyond Security's SecuriTeam Secure Disclosure program and Loganaden Velvindron of AFRINIC for reporting CVE-2012-4444. The CVE-2012-2375 issue was discovered by Jian Li of Red Hat, and CVE-2012-4565 was discovered by Rodrigo Freire of Red Hat. This update also fixes numerous bugs and adds one enhancement. Space precludes documenting all of these changes in this advisory. Documentation for these changes will be available shortly from the Red Hat Enterprise Linux 6.3 Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, fix these bugs and add the enhancement noted in the Technical Notes. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-09-05
    plugin id 68666
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68666
    title Oracle Linux 6 : kernel (ELSA-2012-1580)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1670-1.NASL
    description A flaw was discovered in the Linux kernel's handling of new hot plugged memory. An unprivileged local user could exploit this flaw to cause a denial of service by crashing the system.
    last seen 2019-02-21
    modified 2016-12-01
    plugin id 63297
    published 2012-12-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63297
    title USN-1670-1 : linux-ti-omap4 vulnerability
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-1580.NASL
    description Updated kernel packages that fix multiple security issues, numerous bugs and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * It was found that the RHSA-2012:0862 update did not correctly fix the CVE-2011-4131 issue. A malicious Network File System version 4 (NFSv4) server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2012-2375, Moderate) * A divide-by-zero flaw was found in the TCP Illinois congestion control algorithm implementation in the Linux kernel. If the TCP Illinois congestion control algorithm were in use (the sysctl net.ipv4.tcp_congestion_control variable set to 'illinois'), a local, unprivileged user could trigger this flaw and cause a denial of service. (CVE-2012-4565, Moderate) * A NULL pointer dereference flaw was found in the way a new node's hot added memory was propagated to other nodes' zonelists. By utilizing this newly added memory from one of the remaining nodes, a local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-5517, Moderate) * It was found that the initial release of Red Hat Enterprise Linux 6 did not correctly fix the CVE-2009-4307 issue, a divide-by-zero flaw in the ext4 file system code. A local, unprivileged user with the ability to mount an ext4 file system could use this flaw to cause a denial of service. (CVE-2012-2100, Low) * A flaw was found in the way the Linux kernel's IPv6 implementation handled overlapping, fragmented IPv6 packets. A remote attacker could potentially use this flaw to bypass protection mechanisms (such as a firewall or intrusion detection system (IDS)) when sending network packets to a target system. (CVE-2012-4444, Low) Red Hat would like to thank Antonios Atlasis working with Beyond Security's SecuriTeam Secure Disclosure program and Loganaden Velvindron of AFRINIC for reporting CVE-2012-4444. The CVE-2012-2375 issue was discovered by Jian Li of Red Hat, and CVE-2012-4565 was discovered by Rodrigo Freire of Red Hat. This update also fixes numerous bugs and adds one enhancement. Space precludes documenting all of these changes in this advisory. Documentation for these changes will be available shortly from the Red Hat Enterprise Linux 6.3 Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, fix these bugs and add the enhancement noted in the Technical Notes. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 63305
    published 2012-12-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63305
    title CentOS 6 : kernel (CESA-2012:1580)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1673-1.NASL
    description A flaw was discovered in the Linux kernel's handling of new hot-plugged memory. An unprivileged local user could exploit this flaw to cause a denial of service by crashing the system.
    last seen 2019-02-21
    modified 2016-12-01
    plugin id 63299
    published 2012-12-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63299
    title USN-1673-1 : linux-ti-omap4 vulnerability
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1671-1.NASL
    description A flaw was discovered in the Linux kernel's handling of new hot-plugged memory. An unprivileged local user could exploit this flaw to cause a denial of service by crashing the system. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 63298
    published 2012-12-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63298
    title Ubuntu 12.10 : linux vulnerability (USN-1671-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1679-1.NASL
    description A flaw was discovered in the Linux kernel's handling of new hot-plugged memory. An unprivileged local user could exploit this flaw to cause a denial of service by crashing the system.
    last seen 2019-02-21
    modified 2016-12-01
    plugin id 63322
    published 2012-12-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63322
    title USN-1679-1 : linux-ti-omap4 vulnerability
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-2507.NASL
    description The remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 68847
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68847
    title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2507)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1678-1.NASL
    description A flaw was discovered in the Linux kernel's handling of new hot-plugged memory. An unprivileged local user could exploit this flaw to cause a denial of service by crashing the system. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 63321
    published 2012-12-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63321
    title Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerability (USN-1678-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-2047.NASL
    description Description of changes: [2.6.39-300.17.3.el6uek] - mm/hotplug: correctly add new zone to all other nodes' zone lists (Jiang Liu) [Orabug: 16020976 Bug-db: 14798] {CVE-2012-5517} - Divide by zero in TCP congestion control Algorithm. (Jesper Dangaard Brouer) [Orabug: 16020656 Bug-db: 14798] {CVE-2012-4565} - Fix length of buffer copied in __nfs4_get_acl_uncached (Sachin Prabhu) [Bug- db: 14798] {CVE-2012-2375} - Avoid reading past buffer when calling GETACL (Sachin Prabhu) [Bug-db: 14798] {CVE-2012-2375} - Avoid beyond bounds copy while caching ACL (Sachin Prabhu) [Bug-db: 14798] {CVE-2012-2375}
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 68689
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68689
    title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2047)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2013-194.NASL
    description Multiple vulnerabilities has been found and corrected in the Linux kernel : net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation. (CVE-2013-1059) The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. (CVE-2013-2147) The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c in the Linux kernel through 3.9.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a read operation on the fanotify descriptor. (CVE-2013-2148) Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name. (CVE-2013-2851) The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. (CVE-2013-2164) The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket. (CVE-2013-2237) The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket. (CVE-2013-2234) The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface. (CVE-2013-2232) The online_pages function in mm/memory_hotplug.c in the Linux kernel before 3.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact in opportunistic circumstances by using memory that was hot-added by an administrator. (CVE-2012-5517) Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message. (CVE-2013-2852) The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call. (CVE-2013-3301) The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third-party information. (CVE-2013-0231) The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter. (CVE-2013-1774) Heap-based buffer overflow in the iscsi_add_notunderstood_response function in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote attackers to cause a denial of service (memory corruption and OOPS) or possibly execute arbitrary code via a long key that is not properly handled during construction of an error-response packet. (CVE-2013-2850) The updated packages provides a solution for these security issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 67254
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67254
    title Mandriva Linux Security Advisory : kernel (MDVSA-2013:194)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2013-0003.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - bonding: fixup typo in rlb mode of bond and bridge fix (Guru Anbalagane) [Orabug: 16069448] - bonding: rlb mode of bond should not alter ARP originating via bridge (zheng.li) [Orabug: 14650975] - compilation fix oracleasm typo (Maxim Uvarov) - mm/hotplug: correctly add new zone to all other nodes' zone lists (Jiang Liu) [Orabug: 16020976 Bug-db: 14798] (CVE-2012-5517) - Divide by zero in TCP congestion control Algorithm. (Jesper Dangaard Brouer) [Orabug: 16020656 Bug-db: 14798] (CVE-2012-4565) - Fix length of buffer copied in __nfs4_get_acl_uncached (Sachin Prabhu) [Bug- db: 14798] (CVE-2012-2375) - Avoid reading past buffer when calling GETACL (Sachin Prabhu) [Bug-db: 14798] (CVE-2012-2375) - Avoid beyond bounds copy while caching ACL (Sachin Prabhu) [Bug-db: 14798] (CVE-2012-2375) - oracleasm: Introduce module parameter for block size selection (Martin K. Petersen) [Orabug: 15924773 16017829] - kernel posttrans remove all crashkernel=* (Jason Luan) [Orabug: 15882974]
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 79495
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79495
    title OracleVM 3.2 : kernel-uek (OVMSA-2013-0003)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1669-1.NASL
    description A flaw was discovered in the Linux kernel's handling of new hot-plugged memory. An unprivileged local user could exploit this flaw to cause a denial of service by crashing the system. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 63296
    published 2012-12-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63296
    title Ubuntu 12.04 LTS : linux vulnerability (USN-1669-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1677-1.NASL
    description A flaw was discovered in the Linux kernel's handling of new hot-plugged memory. An unprivileged local user could exploit this flaw to cause a denial of service by crashing the system. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 63320
    published 2012-12-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63320
    title Ubuntu 11.10 : linux vulnerability (USN-1677-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-1580.NASL
    description Updated kernel packages that fix multiple security issues, numerous bugs and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * It was found that the RHSA-2012:0862 update did not correctly fix the CVE-2011-4131 issue. A malicious Network File System version 4 (NFSv4) server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2012-2375, Moderate) * A divide-by-zero flaw was found in the TCP Illinois congestion control algorithm implementation in the Linux kernel. If the TCP Illinois congestion control algorithm were in use (the sysctl net.ipv4.tcp_congestion_control variable set to 'illinois'), a local, unprivileged user could trigger this flaw and cause a denial of service. (CVE-2012-4565, Moderate) * A NULL pointer dereference flaw was found in the way a new node's hot added memory was propagated to other nodes' zonelists. By utilizing this newly added memory from one of the remaining nodes, a local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-5517, Moderate) * It was found that the initial release of Red Hat Enterprise Linux 6 did not correctly fix the CVE-2009-4307 issue, a divide-by-zero flaw in the ext4 file system code. A local, unprivileged user with the ability to mount an ext4 file system could use this flaw to cause a denial of service. (CVE-2012-2100, Low) * A flaw was found in the way the Linux kernel's IPv6 implementation handled overlapping, fragmented IPv6 packets. A remote attacker could potentially use this flaw to bypass protection mechanisms (such as a firewall or intrusion detection system (IDS)) when sending network packets to a target system. (CVE-2012-4444, Low) Red Hat would like to thank Antonios Atlasis working with Beyond Security's SecuriTeam Secure Disclosure program and Loganaden Velvindron of AFRINIC for reporting CVE-2012-4444. The CVE-2012-2375 issue was discovered by Jian Li of Red Hat, and CVE-2012-4565 was discovered by Rodrigo Freire of Red Hat. This update also fixes numerous bugs and adds one enhancement. Space precludes documenting all of these changes in this advisory. Documentation for these changes will be available shortly from the Red Hat Enterprise Linux 6.3 Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, fix these bugs and add the enhancement noted in the Technical Notes. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 63292
    published 2012-12-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63292
    title RHEL 6 : kernel (RHSA-2012:1580)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2013-148.NASL
    description A malicious Network File System version 4 (NFSv4) server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2012-2375 , Moderate) A divide-by-zero flaw was found in the TCP Illinois congestion control algorithm implementation in the Linux kernel. If the TCP Illinois congestion control algorithm were in use (the sysctl net.ipv4.tcp_congestion_control variable set to 'illinois'), a local, unprivileged user could trigger this flaw and cause a denial of service. (CVE-2012-4565 , Moderate) A NULL pointer dereference flaw was found in the way a new node's hot added memory was propagated to other nodes' zonelists. By utilizing this newly added memory from one of the remaining nodes, a local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-5517 , Moderate) It was found that a prevoius kernel release did not correctly fix the CVE-2009-4307 issue, a divide-by-zero flaw in the ext4 file system code. A local, unprivileged user with the ability to mount an ext4 file system could use this flaw to cause a denial of service. (CVE-2012-2100 , Low) A flaw was found in the way the Linux kernel's IPv6 implementation handled overlapping, fragmented IPv6 packets. A remote attacker could potentially use this flaw to bypass protection mechanisms (such as a firewall or intrusion detection system (IDS)) when sending network packets to a target system. (CVE-2012-4444 , Low)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 69707
    published 2013-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69707
    title Amazon Linux AMI : kernel / nvidia (ALAS-2013-148)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-2534.NASL
    description Description of changes: [2.6.32-400.29.1.el6uek] - KVM: add missing void __user COPYING CREDITS Documentation Kbuild MAINTAINERS Makefile README REPORTING-BUGS arch block crypto drivers firmware fs include init ipc kernel lib mm net samples scripts security sound tools uek-rpm usr virt cast to access_ok() call (Heiko Carstens) [Orabug: 16941620] {CVE-2013-1943} - KVM: Validate userspace_addr of memslot when registered (Takuya Yoshikawa) [Orabug: 16941620] {CVE-2013-1943} [2.6.32-400.28.1.el6uek] - do_add_mount()/umount -l races (Jerry Snitselaar) [Orabug: 16311974] - tg3: fix length overflow in VPD firmware parsing (Kees Cook) [Orabug: 16837019] {CVE-2013-1929} - USB: cdc-wdm: fix buffer overflow (Oliver Neukum) [Orabug: 16837003] {CVE-2013-1860} - bonding: emit event when bonding changes MAC (Weiping Pan) [Orabug: 16579025] - sched: Fix ancient race in do_exit() (Joe Jin) - open debug in page_move_anon_rmap by default. (Xiaowei.Hu) [Orabug: 14046035] - block: default SCSI command filter does not accomodate commands overlap across device classes (Jamie Iles) [Orabug: 16387136] {CVE-2012-4542} - vma_adjust: fix the copying of anon_vma chains (Linus Torvalds) [Orabug: 14046035] - xen-netfront: delay gARP until backend switches to Connected (Laszlo Ersek) [Orabug: 16182568] - svcrpc: don't hold sv_lock over svc_xprt_put() (J. Bruce Fields) [Orabug: 16032824] - mm/hotplug: correctly add new zone to all other nodes' zone lists (Jiang Liu) [Orabug: 16603569] {CVE-2012-5517} - ptrace: ptrace_resume() shouldn't wake up !TASK_TRACED thread (Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871} - ptrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL (Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871} - ptrace: introduce signal_wake_up_state() and ptrace_signal_wake_up() (Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871} - Bluetooth: Fix incorrect strncpy() in hidp_setup_hid() (Anderson Lizardo) [Orabug: 16711062] {CVE-2013-0349} - dccp: check ccid before dereferencing (Mathias Krause) [Orabug: 16711040] {CVE-2013-1827} - USB: io_ti: Fix NULL dereference in chase_port() (Wolfgang Frisch) [Orabug: 16425435] {CVE-2013-1774} - keys: fix race with concurrent install_user_keyrings() (David Howells) [Orabug: 16493369] {CVE-2013-1792} - KVM: Fix bounds checking in ioapic indirect register reads (CVE-2013-1798) (Andy Honig) [Orabug: 16710937] {CVE-2013-1798} - KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (CVE-2013-1796) (Jerry Snitselaar) [Orabug: 16710794] {CVE-2013-1796} [2.6.32-400.27.1.el6uek] - net/tun: fix ioctl() based info leaks (Mathias Krause) [Orabug: 16675501] {CVE-2012-6547} - atm: fix info leak via getsockname() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6546} - atm: fix info leak in getsockopt(SO_ATMPVC) (Mathias Krause) [Orabug: 16675501] {CVE-2012-6546} - xfrm_user: fix info leak in copy_to_user_tmpl() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6537} - xfrm_user: fix info leak in copy_to_user_policy() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6537} - xfrm_user: fix info leak in copy_to_user_state() (Mathias Krause) [Orabug: 16675501] {CVE-2013-6537} - xfrm_user: return error pointer instead of NULL #2 (Mathias Krause) [Orabug: 16675501] {CVE-2013-1826} - xfrm_user: return error pointer instead of NULL (Mathias Krause) [Orabug: 16675501] {CVE-2013-1826} - llc: fix info leak via getsockname() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6542} - x86/mm: Check if PUD is large when validating a kernel address (Mel Gorman) [Orabug: 14251997]
    last seen 2019-02-21
    modified 2016-05-20
    plugin id 68856
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68856
    title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2534)
redhat via4
advisories
bugzilla
id 876549
title drm cherry-pick patch from upstream bug for 6.4 [rhel-6.3.z]
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhsa:tst:20100842001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhsa:tst:20100842002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20100842003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20100842004
  • OR
    • AND
      • comment kernel is earlier than 0:2.6.32-279.19.1.el6
        oval oval:com.redhat.rhsa:tst:20121580005
      • comment kernel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842006
    • AND
      • comment kernel-bootwrapper is earlier than 0:2.6.32-279.19.1.el6
        oval oval:com.redhat.rhsa:tst:20121580007
      • comment kernel-bootwrapper is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842010
    • AND
      • comment kernel-debug is earlier than 0:2.6.32-279.19.1.el6
        oval oval:com.redhat.rhsa:tst:20121580015
      • comment kernel-debug is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842012
    • AND
      • comment kernel-debug-devel is earlier than 0:2.6.32-279.19.1.el6
        oval oval:com.redhat.rhsa:tst:20121580017
      • comment kernel-debug-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842014
    • AND
      • comment kernel-devel is earlier than 0:2.6.32-279.19.1.el6
        oval oval:com.redhat.rhsa:tst:20121580011
      • comment kernel-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842016
    • AND
      • comment kernel-doc is earlier than 0:2.6.32-279.19.1.el6
        oval oval:com.redhat.rhsa:tst:20121580027
      • comment kernel-doc is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842024
    • AND
      • comment kernel-firmware is earlier than 0:2.6.32-279.19.1.el6
        oval oval:com.redhat.rhsa:tst:20121580025
      • comment kernel-firmware is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842026
    • AND
      • comment kernel-headers is earlier than 0:2.6.32-279.19.1.el6
        oval oval:com.redhat.rhsa:tst:20121580009
      • comment kernel-headers is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842008
    • AND
      • comment kernel-kdump is earlier than 0:2.6.32-279.19.1.el6
        oval oval:com.redhat.rhsa:tst:20121580023
      • comment kernel-kdump is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842018
    • AND
      • comment kernel-kdump-devel is earlier than 0:2.6.32-279.19.1.el6
        oval oval:com.redhat.rhsa:tst:20121580021
      • comment kernel-kdump-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842020
    • AND
      • comment perf is earlier than 0:2.6.32-279.19.1.el6
        oval oval:com.redhat.rhsa:tst:20121580013
      • comment perf is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842022
    • AND
      • comment python-perf is earlier than 0:2.6.32-279.19.1.el6
        oval oval:com.redhat.rhsa:tst:20121580019
      • comment python-perf is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111530020
rhsa
id RHSA-2012:1580
released 2012-12-18
severity Moderate
title RHSA-2012:1580: kernel security, bug fix and enhancement update (Moderate)
rpms
  • kernel-0:2.6.32-279.19.1.el6
  • kernel-bootwrapper-0:2.6.32-279.19.1.el6
  • kernel-debug-0:2.6.32-279.19.1.el6
  • kernel-debug-devel-0:2.6.32-279.19.1.el6
  • kernel-devel-0:2.6.32-279.19.1.el6
  • kernel-doc-0:2.6.32-279.19.1.el6
  • kernel-firmware-0:2.6.32-279.19.1.el6
  • kernel-headers-0:2.6.32-279.19.1.el6
  • kernel-kdump-0:2.6.32-279.19.1.el6
  • kernel-kdump-devel-0:2.6.32-279.19.1.el6
  • perf-0:2.6.32-279.19.1.el6
  • python-perf-0:2.6.32-279.19.1.el6
refmap via4
bid 56527
confirm
mlist [oss-security] 20121113 Re: CVE request -- Linux kernel: mm/hotplug: failure in propagating hot-added memory to other nodes
suse
  • SUSE-SU-2012:1679
  • openSUSE-SU-2013:0925
ubuntu
  • USN-1671-1
  • USN-1673-1
  • USN-1677-1
  • USN-1678-1
  • USN-1679-1
Last major update 20-06-2013 - 23:14
Published 21-12-2012 - 06:47
Back to Top