ID CVE-2015-5364
Summary The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood.
References
Vulnerable Configurations
  • Linux Kernel 4.0.5
    cpe:2.3:o:linux:linux_kernel:4.0.5
  • Red Hat Enterprise Linux Server Advanced mission critical Update Support (AUS) 6.5
    cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5
CVSS
Base: 7.8 (as of 20-07-2016 - 11:06)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-124.NASL
    description The openSUSE 13.1 kernel was updated to receive various security and bugfixes. Following security bugs were fixed : - CVE-2016-0728: A reference leak in keyring handling with join_session_keyring() could lead to local attackers gain root privileges. (bsc#962075). - CVE-2015-7550: A local user could have triggered a race between read and revoke in keyctl (bnc#958951). - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190). - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886). - CVE-2014-8989: The Linux kernel did not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allowed local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a 'negative groups' issue, related to kernel/groups.c, kernel/uid16.c, and kernel/user_namespace.c (bnc#906545). - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI (bnc#937969). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-8104: The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c (bnc#954404). - CVE-2015-5307: The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c (bnc#953527). - CVE-2014-9529: Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key (bnc#912202). - CVE-2015-7990: Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6937 (bnc#952384 953052). - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bnc#945825). - CVE-2015-7885: The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel memory via a crafted application (bnc#951627). - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product (bnc#955354). - CVE-2015-8767: A case can occur when sctp_accept() is called by the user during a heartbeat timeout event after the 4-way handshake. Since sctp_assoc_migrate() changes both assoc->base.sk and assoc->ep, the bh_sock_lock in sctp_generate_heartbeat_event() will be taken with the listening socket but released with the new association socket. The result is a deadlock on any future attempts to take the listening socket lock. (bsc#961509) - CVE-2015-8575: Validate socket address length in sco_sock_bind() to prevent information leak (bsc#959399). - CVE-2015-8551, CVE-2015-8552: xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled (bsc#957990). - CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers could have lead to double fetch vulnerabilities, causing denial of service or arbitrary code execution (depending on the configuration) (bsc#957988). The following non-security bugs were fixed : - ALSA: hda - Disable 64bit address for Creative HDA controllers (bnc#814440). - ALSA: hda - Fix noise problems on Thinkpad T440s (boo#958504). - Input: aiptek - fix crash on detecting device without endpoints (bnc#956708). - KEYS: Make /proc/keys unconditional if CONFIG_KEYS=y (boo#956934). - KVM: x86: update masterclock values on TSC writes (bsc#961739). - NFS: Fix a NULL pointer dereference of migration recovery ops for v4.2 client (bsc#960839). - apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another task (bsc#921949). - blktap: also call blkif_disconnect() when frontend switched to closed (bsc#952976). - blktap: refine mm tracking (bsc#952976). - cdrom: Random writing support for BD-RE media (bnc#959568). - genksyms: Handle string literals with spaces in reference files (bsc#958510). - ipv4: Do not increase PMTU with Datagram Too Big message (bsc#955224). - ipv6: distinguish frag queues by device for multicast and link-local packets (bsc#955422). - ipv6: fix tunnel error handling (bsc#952579). - route: Use ipv4_mtu instead of raw rt_pmtu (bsc#955224). - uas: Add response iu handling (bnc#954138). - usbvision fix overflow of interfaces array (bnc#950998). - x86/evtchn: make use of PHYSDEVOP_map_pirq. - xen/pciback: Do not allow MSI-X ops if PCI_COMMAND_MEMORY is not set (bsc#957990 XSA-157).
    last seen 2019-02-21
    modified 2016-12-07
    plugin id 88545
    published 2016-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88545
    title openSUSE Security Update : the Linux Kernel (openSUSE-2016-124)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL17307.NASL
    description The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood. (CVE-2015-5364)
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 97307
    published 2017-02-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97307
    title F5 Networks BIG-IP : Linux kernel vulnerability (K17307)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2682-1.NASL
    description A flaw was discovered in the kvm (kernel virtual machine) subsystem's kvm_apic_has_events function. A unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2015-4692) A flaw was discovered in how the Linux kernel handles invalid UDP checksums. A remote attacker could exploit this flaw to cause a denial of service using a flood of UDP packets with invalid checksums. (CVE-2015-5364) A flaw was discovered in how the Linux kernel handles invalid UDP checksums. A remote attacker can cause a denial of service against applications that use epoll by injecting a single packet with an invalid checksum. (CVE-2015-5366). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 84983
    published 2015-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84983
    title Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2682-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2685-1.NASL
    description A flaw was discovered in the kvm (kernel virtual machine) subsystem's kvm_apic_has_events function. A unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2015-4692) A flaw was discovered in how the Linux kernel handles invalid UDP checksums. A remote attacker could exploit this flaw to cause a denial of service using a flood of UDP packets with invalid checksums. (CVE-2015-5364) A flaw was discovered in how the Linux kernel handles invalid UDP checksums. A remote attacker can cause a denial of service against applications that use epoll by injecting a single packet with an invalid checksum. (CVE-2015-5366). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 84986
    published 2015-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84986
    title Ubuntu 14.10 : linux vulnerabilities (USN-2685-1)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2016-0037.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2016-0037 for details.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 90019
    published 2016-03-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90019
    title OracleVM 3.2 : kernel-uek (OVMSA-2016-0037)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1787.NASL
    description Updated kernel-rt packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. * Two flaws were found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality. (CVE-2015-5364, CVE-2015-5366, Important) * A flaw was found in the way the Linux kernel's ext4 file system handled the 'page size > block size' condition when the fallocate zero range functionality was used. A local attacker could use this flaw to crash the system. (CVE-2015-0275, Moderate) * It was found that the Linux kernel's keyring implementation would leak memory when adding a key to a keyring via the add_key() function. A local attacker could use this flaw to exhaust all available memory on the system. (CVE-2015-1333, Moderate) * A race condition flaw was found in the way the Linux kernel's SCTP implementation handled Address Configuration lists when performing Address Configuration Change (ASCONF). A local attacker could use this flaw to crash the system via a race condition triggered by setting certain ASCONF options on a socket. (CVE-2015-3212, Moderate) * An information leak flaw was found in the way the Linux kernel's Virtual Dynamic Shared Object (vDSO) implementation performed address randomization. A local, unprivileged user could use this flaw to leak kernel memory addresses to user-space. (CVE-2014-9585, Low) Red Hat would like to thank Canonical for reporting the CVE-2015-1333 issue. The CVE-2015-0275 issue was discovered by Xiong Zhou of Red Hat, and the CVE-2015-3212 issue was discovered by Ji Jianwen of Red Hat Engineering. This update provides a build of the kernel-rt package for Red Hat Enterprise MRG 2.5 that is layered on Red Hat Enterprise Linux 6, and fixes the following issues : * Fix regression in scsi_send_eh_cmnd() * boot hangs at 'Console: switching to colour dummy device 80x25' * Update tcp stack to 3.17 kernel * ksoftirqd high CPU usage due to stray tasklet from ioatdma driver (BZ#1245345) This update also fixes the following bugs : * The configuration option CONFIG_RTC_HCTOSYS was disabled on the realtime kernel causing the RTC clock to be adjusted with the UTC time even if the system is configured to set the RTC to the local time. By enabling the CONFIG_RTC_HCTOSYS configuration option, when the system is configured to use local time, RTC will correctly update with the local time and not try to use another timezone. (BZ#1248047) * In the realtime kernel, if a rt_mutex was taken while in interrupt context the normal priority inheritance protocol would falsely identify a deadlock and trigger a kernel crash. The patch that added the rt_mutex in this interrupt context was reverted. (BZ#1250649) All kernel-rt users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 85979
    published 2015-09-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85979
    title RHEL 6 : kernel-rt (RHSA-2015:1787)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2713-1.NASL
    description Marcelo Ricardo Leitner discovered a race condition in the Linux kernel's SCTP address configuration lists when using Address Configuration Change (ASCONF) options on a socket. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2015-3212) A flaw was discovered in how the Linux kernel handles invalid UDP checksums. A remote attacker could exploit this flaw to cause a denial of service using a flood of UDP packets with invalid checksums. (CVE-2015-5364) A flaw was discovered in how the Linux kernel handles invalid UDP checksums. A remote attacker can cause a denial of service against applications that use epoll by injecting a single packet with an invalid checksum. (CVE-2015-5366). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 85507
    published 2015-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85507
    title Ubuntu 12.04 LTS : linux vulnerabilities (USN-2713-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-310.NASL
    description This update fixes the CVEs described below. CVE-2015-0272 It was discovered that NetworkManager would set IPv6 MTUs based on the values received in IPv6 RAs (Router Advertisements), without sufficiently validating these values. A remote attacker could exploit this attack to disable IPv6 connectivity. This has been mitigated by adding validation in the kernel. CVE-2015-5156 Jason Wang discovered that when a virtio_net device is connected to a bridge in the same VM, a series of TCP packets forwarded through the bridge may cause a heap buffer overflow. A remote attacker could use this to cause a denial of service (crash) or possibly for privilege escalation. CVE-2015-5364 It was discovered that the Linux kernel does not properly handle invalid UDP checksums. A remote attacker could exploit this flaw to cause a denial of service using a flood of UDP packets with invalid checksums. CVE-2015-5366 It was discovered that the Linux kernel does not properly handle invalid UDP checksums. A remote attacker can cause a denial of service against applications that use epoll by injecting a single packet with an invalid checksum. CVE-2015-5697 A flaw was discovered in the md driver in the Linux kernel leading to an information leak. CVE-2015-5707 An integer overflow in the SCSI generic driver in the Linux kernel was discovered. A local user with write permission on a SCSI generic device could potentially exploit this flaw for privilege escalation. CVE-2015-6937 It was found that the Reliable Datagram Sockets (RDS) protocol implementation did not verify that an underlying transport exists when creating a connection. Depending on how a local RDS application initialised its sockets, a remote attacker might be able to cause a denial of service (crash) by sending a crafted packet. For the oldoldstable distribution (squeeze), these problems have been fixed in version 2.6.32-48squeeze14. For the oldstable distribution (wheezy), these problems have been fixed in version 3.2.68-1+deb7u4 or earlier. For the stable distribution (jessie), these problems have been fixed in version 3.16.7-ckt11-1+deb8u4 or earlier. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 86049
    published 2015-09-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86049
    title Debian DLA-310-1 : linux-2.6 security update
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2683-1.NASL
    description A flaw was discovered in the kvm (kernel virtual machine) subsystem's kvm_apic_has_events function. A unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2015-4692) Daniel Borkmann reported a kernel crash in the Linux kernel's BPF filter JIT optimization. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2015-4700) A flaw was discovered in how the Linux kernel handles invalid UDP checksums. A remote attacker could exploit this flaw to cause a denial of service using a flood of UDP packets with invalid checksums. (CVE-2015-5364) A flaw was discovered in how the Linux kernel handles invalid UDP checksums. A remote attacker can cause a denial of service against applications that use epoll by injecting a single packet with an invalid checksum. (CVE-2015-5366). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 84984
    published 2015-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84984
    title Ubuntu 14.04 LTS : linux-lts-vivid vulnerabilities (USN-2683-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2684-1.NASL
    description A flaw was discovered in the kvm (kernel virtual machine) subsystem's kvm_apic_has_events function. A unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2015-4692) Daniel Borkmann reported a kernel crash in the Linux kernel's BPF filter JIT optimization. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2015-4700) A flaw was discovered in how the Linux kernel handles invalid UDP checksums. A remote attacker could exploit this flaw to cause a denial of service using a flood of UDP packets with invalid checksums. (CVE-2015-5364) A flaw was discovered in how the Linux kernel handles invalid UDP checksums. A remote attacker can cause a denial of service against applications that use epoll by injecting a single packet with an invalid checksum. (CVE-2015-5366). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 84985
    published 2015-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84985
    title Ubuntu 15.04 : linux vulnerabilities (USN-2684-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-543.NASL
    description The openSUSE 13.2 kernel was updated to receive various security and bugfixes. Following security bugs were fixed : - CVE-2015-3290: A flaw was found in the way the Linux kernels nested NMI handler and espfix64 functionalities interacted during NMI processing. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. - CVE-2015-3212: A race condition flaw was found in the way the Linux kernels SCTP implementation handled Address Configuration lists when performing Address Configuration Change (ASCONF). A local attacker could use this flaw to crash the system via a race condition triggered by setting certain ASCONF options on a socket. - CVE-2015-5364: A remote denial of service (hang) via UDP flood with incorrect package checksums was fixed. (bsc#936831). - CVE-2015-5366: A remote denial of service (unexpected error returns) via UDP flood with incorrect package checksums was fixed. (bsc#936831). - CVE-2015-4700: A local user could have created a bad instruction in the JIT processed BPF code, leading to a kernel crash (bnc#935705). - CVE-2015-1420: Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel allowed local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function (bnc#915517). - CVE-2015-4692: The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call (bnc#935542). - CVE-2015-4167 CVE-2014-9728 CVE-2014-9730 CVE-2014-9729 CVE-2014-9731: Various problems in the UDF filesystem were fixed that could lead to crashes when mounting prepared udf filesystems. - CVE-2015-4002: drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel did not ensure that certain length values are sufficiently large, which allowed remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions (bnc#933934). - CVE-2015-4003: The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel allowed remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet (bnc#933934). - CVE-2015-4001: Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel allowed remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet (bnc#933934). - CVE-2015-4036: A potential memory corruption in vhost/scsi was fixed. - CVE-2015-2922: The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel allowed remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message (bnc#922583). - CVE-2015-3636: It was found that the Linux kernels ping socket implementation did not properly handle socket unhashing during spurious disconnects, which could lead to a use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On non-x86-64 architecture systems, a local user able to create ping sockets could use this flaw to escalate their privileges on the system. - CVE-2015-2041: net/llc/sysctl_net_llc.c in the Linux kernel used an incorrect data type in a sysctl table, which allowed local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry (bnc#919007). - CVE-2015-3339: Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel allowed local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped. - CVE-2015-1465: The IPv4 implementation in the Linux kernel did not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allowed remote attackers to cause a denial of service (memory consumption or system crash) via a flood of packets (bnc#916225). The following non-security bugs were fixed : - ALSA: ak411x: Fix stall in work callback (boo#934755). - ALSA: emu10k1: Emu10k2 32 bit DMA mode (boo#934755). - ALSA: emu10k1: Fix card shortname string buffer overflow (boo#934755). - ALSA: emu10k1: do not deadlock in proc-functions (boo#934755). - ALSA: emux: Fix mutex deadlock at unloading (boo#934755). - ALSA: emux: Fix mutex deadlock in OSS emulation (boo#934755). - ALSA: hda - Add AZX_DCAPS_SNOOP_OFF (and refactor snoop setup) (boo#934755). - ALSA: hda - Add Conexant codecs CX20721, CX20722, CX20723 and CX20724 (boo#934755). - ALSA: hda - Add common pin macros for ALC269 family (boo#934755). - ALSA: hda - Add dock support for ThinkPad X250 (17aa:2226) (boo#934755). - ALSA: hda - Add dock support for Thinkpad T450s (17aa:5036) (boo#934755). - ALSA: hda - Add headphone quirk for Lifebook E752 (boo#934755). - ALSA: hda - Add headset mic quirk for Dell Inspiron 5548 (boo#934755). - ALSA: hda - Add mute-LED mode control to Thinkpad (boo#934755). - ALSA: hda - Add one more node in the EAPD supporting candidate list (boo#934755). - ALSA: hda - Add pin configs for ASUS mobo with IDT 92HD73XX codec (boo#934755). - ALSA: hda - Add ultra dock support for Thinkpad X240 (boo#934755). - ALSA: hda - Add workaround for CMI8888 snoop behavior (boo#934755). - ALSA: hda - Add workaround for MacBook Air 5,2 built-in mic (boo#934755). - ALSA: hda - Disable runtime PM for Panther Point again (boo#934755). - ALSA: hda - Do not access stereo amps for mono channel widgets (boo#934755). - ALSA: hda - Fix Dock Headphone on Thinkpad X250 seen as a Line Out (boo#934755). - ALSA: hda - Fix headphone pin config for Lifebook T731 (boo#934755). - ALSA: hda - Fix noise on AMD radeon 290x controller (boo#934755). - ALSA: hda - Fix probing and stuttering on CMI8888 HD-audio controller (boo#934755). - ALSA: hda - One more Dell macine needs DELL1_MIC_NO_PRESENCE quirk (boo#934755). - ALSA: hda - One more HP machine needs to change mute led quirk (boo#934755). - ALSA: hda - Set GPIO 4 low for a few HP machines (boo#934755). - ALSA: hda - Set single_adc_amp flag for CS420x codecs (boo#934755). - ALSA: hda - Treat stereo-to-mono mix properly (boo#934755). - ALSA: hda - change three SSID quirks to one pin quirk (boo#934755). - ALSA: hda - fix 'num_steps = 0' error on ALC256 (boo#934755). - ALSA: hda - fix a typo by changing mute_led_nid to cap_mute_led_nid (boo#934755). - ALSA: hda - fix headset mic detection problem for one more machine (boo#934755). - ALSA: hda - fix mute led problem for three HP laptops (boo#934755). - ALSA: hda - set proper caps for newer AMD hda audio in KB/KV (boo#934755). - ALSA: hda/realtek - ALC292 dock fix for Thinkpad L450 (boo#934755). - ALSA: hda/realtek - Add a fixup for another Acer Aspire 9420 (boo#934755). - ALSA: hda/realtek - Enable the ALC292 dock fixup on the Thinkpad T450 (boo#934755). - ALSA: hda/realtek - Fix Headphone Mic does not recording for ALC256 (boo#934755). - ALSA: hda/realtek - Make more stable to get pin sense for ALC283 (boo#934755). - ALSA: hda/realtek - Support Dell headset mode for ALC256 (boo#934755). - ALSA: hda/realtek - Support HP mute led for output and input (boo#934755). - ALSA: hda/realtek - move HP_LINE1_MIC1_LED quirk for alc282 (boo#934755). - ALSA: hda/realtek - move HP_MUTE_LED_MIC1 quirk for alc282 (boo#934755). - ALSA: hdspm - Constrain periods to 2 on older cards (boo#934755). - ALSA: pcm: Do not leave PREPARED state after draining (boo#934755). - ALSA: snd-usb: add quirks for Roland UA-22 (boo#934755). - ALSA: usb - Creative USB X-Fi Pro SB1095 volume knob support (boo#934755). - ALSA: usb-audio: Add mic volume fix quirk for Logitech Quickcam Fusion (boo#934755). - ALSA: usb-audio: Add quirk for MS LifeCam HD-3000 (boo#934755). - ALSA: usb-audio: Add quirk for MS LifeCam Studio (boo#934755). - ALSA: usb-audio: Do not attempt to get Lifecam HD-5000 sample rate (boo#934755). - ALSA: usb-audio: Do not attempt to get Microsoft Lifecam Cinema sample rate (boo#934755). - ALSA: usb-audio: add MAYA44 USB+ mixer control names (boo#934755). - ALSA: usb-audio: do not try to get Benchmark DAC1 sample rate (boo#934755). - ALSA: usb-audio: do not try to get Outlaw RR2150 sample rate (boo#934755). - ALSA: usb-audio: fix missing input volume controls in MAYA44 USB(+) (boo#934755). - Automatically Provide/Obsolete all subpackages of old flavors (bnc#925567) - Fix kABI for ak411x structs (boo#934755). - Fix kABI for snd_emu10k1 struct (boo#934755). - HID: add ALWAYS_POLL quirk for a Logitech 0xc007 (bnc#929624). - HID: add HP OEM mouse to quirk ALWAYS_POLL (bnc#929624). - HID: add quirk for PIXART OEM mouse used by HP (bnc#929624). - HID: usbhid: add always-poll quirk (bnc#929624). - HID: usbhid: add another mouse that needs QUIRK_ALWAYS_POLL (bnc#929624). - HID: usbhid: enable always-poll quirk for Elan Touchscreen (bnc#929624). - HID: usbhid: enable always-poll quirk for Elan Touchscreen 009b (bnc#929624). - HID: usbhid: enable always-poll quirk for Elan Touchscreen 0103 (bnc#929624). - HID: usbhid: enable always-poll quirk for Elan Touchscreen 016f (bnc#929624). - HID: usbhid: fix PIXART optical mouse (bnc#929624). - HID: usbhid: more mice with ALWAYS_POLL (bnc#929624). - HID: usbhid: yet another mouse with ALWAYS_POLL (bnc#929624). - HID: yet another buggy ELAN touchscreen (bnc#929624). - Input: synaptics - handle spurious release of trackstick buttons (bnc#928693). - Input: synaptics - re-route tracksticks buttons on the Lenovo 2015 series (bnc#928693). - Input: synaptics - remove TOPBUTTONPAD property for Lenovos 2015 (bnc#928693). - Input: synaptics - retrieve the extended capabilities in query $10 (bnc#928693). - NFSv4: When returning a delegation, do not reclaim an incompatible open mode (bnc#934202). - Refresh patches.xen/xen-blkfront-indirect (bsc#922235). - Update config files: extend CONFIG_DPM_WATCHDOG_TIMEOUT to 60 (bnc#934397) - arm64: mm: Remove hack in mmap randomized layout Fix commit id and mainlined information - bnx2x: Fix kdump when iommu=on (bug#921769). - client MUST ignore EncryptionKeyLength if CAP_EXTENDED_SECURITY is set (bnc#932348). - config/armv7hl: Disable AMD_XGBE_PHY The AMD XGBE ethernet chip is only used on ARM64 systems. - config: disable XGBE on non-ARM hardware It is documented as being present only on AMD SoCs. - cpufreq: fix a NULL pointer dereference in __cpufreq_governor() (bsc#924664). - drm/i915/bdw: PCI IDs ending in 0xb are ULT (boo#935913). - drm/i915/chv: Remove Wait for a previous gfx force-off (boo#935913). - drm/i915/dp: only use training pattern 3 on platforms that support it (boo#935913). - drm/i915/dp: there is no audio on port A (boo#935913). - drm/i915/hsw: Fix workaround for server AUX channel clock divisor (boo#935913). - drm/i915/vlv: remove wait for previous GFX clk disable request (boo#935913). - drm/i915/vlv: save/restore the power context base reg (boo#935913). - drm/i915: Add missing MacBook Pro models with dual channel LVDS (boo#935913). - drm/i915: BDW Fix Halo PCI IDs marked as ULT (boo#935913). - drm/i915: Ban Haswell from using RCS flips (boo#935913). - drm/i915: Check obj->vma_list under the struct_mutex (boo#935913). - drm/i915: Correct the IOSF Dev_FN field for IOSF transfers (boo#935913). - drm/i915: Dell Chromebook 11 has PWM backlight (boo#935913). - drm/i915: Disable caches for Global GTT (boo#935913). - drm/i915: Do a dummy DPCD read before the actual read (bnc#907714). - drm/i915: Do not complain about stolen conflicts on gen3 (boo#935913). - drm/i915: Do not leak pages when freeing userptr objects (boo#935913). - drm/i915: Dont enable CS_PARSER_ERROR interrupts at all (boo#935913). - drm/i915: Evict CS TLBs between batches (boo#935913). - drm/i915: Fix DDC probe for passive adapters (boo#935913). - drm/i915: Fix and clean BDW PCH identification (boo#935913). - drm/i915: Force the CS stall for invalidate flushes (boo#935913). - drm/i915: Handle failure to kick out a conflicting fb driver (boo#935913). - drm/i915: Ignore SURFLIVE and flip counter when the GPU gets reset (boo#935913). - drm/i915: Ignore VBT backlight check on Macbook 2, 1 (boo#935913). - drm/i915: Invalidate media caches on gen7 (boo#935913). - drm/i915: Kick fbdev before vgacon (boo#935913). - drm/i915: Only fence tiled region of object (boo#935913). - drm/i915: Only warn the first time we attempt to mmio whilst suspended (boo#935913). - drm/i915: Unlock panel even when LVDS is disabled (boo#935913). - drm/i915: Use IS_HSW_ULT() in a HSW specific code path (boo#935913). - drm/i915: cope with large i2c transfers (boo#935913). - drm/i915: do not warn if backlight unexpectedly enabled (boo#935913). - drm/i915: drop WaSetupGtModeTdRowDispatch:snb (boo#935913). - drm/i915: save/restore GMBUS freq across suspend/resume on gen4 (boo#935913). - drm/i915: vlv: fix IRQ masking when uninstalling interrupts (boo#935913). - drm/i915: vlv: fix save/restore of GFX_MAX_REQ_COUNT reg (boo#935913). - drm/radeon: retry dcpd fetch (bnc#931580). - ftrace/x86/xen: use kernel identity mapping only when really needed (bsc#873195, bsc#886272, bsc#903727, bsc#927725) - guards: Add support for an external filelist in --check mode This will allow us to run --check without a kernel-source.git work tree. - guards: Include the file name also in the 'Not found' error - guards: Simplify help text - hyperv: Add processing of MTU reduced by the host (bnc#919596). - ideapad_laptop: Lenovo G50-30 fix rfkill reports wireless blocked (boo#939394). - ipv6: do not delete previously existing ECMP routes if add fails (bsc#930399). - ipv6: fix ECMP route replacement (bsc#930399). - ipv6: replacing a rt6_info needs to purge possible propagated rt6_infos too (bsc#930399). - kABI: protect linux/slab.h include in of/address. - kabi/severities: ignore already-broken but acceptable kABI changes - SYSTEM_TRUSTED_KEYRING=n change removed system_trusted_keyring - Commits 3688875f852 and ea5ed8c70e9 changed iov_iter_get_pages prototype - KVM changes are intermodule dependencies - kabi: Fix CRC for dma_get_required_mask. - kabi: add kABI reference files - libata: Blacklist queued TRIM on Samsung SSD 850 Pro (bsc#926156). - libata: Blacklist queued TRIM on all Samsung 800-series (bnc#930599). - net: ppp: Do not call bpf_prog_create() in ppp_lock (bnc#930488). - rpm/kernel-obs-qa.spec.in: Do not fail if the kernel versions do not match - rt2x00: do not align payload on modern H/W (bnc#932844). - rtlwifi: rtl8192cu: Fix kernel deadlock (bnc#927786). - thermal: step_wise: Revert optimization (boo#925961). - tty: Fix pty master poll() after slave closes v2 (bsc#937138). arm64: mm: Remove hack in mmap randomize layout (bsc#937033) - udf: Remove repeated loads blocksize (bsc#933907). - usb: core: Fix USB 3.0 devices lost in NOTATTACHED state after a hub port reset (bnc#937226). - x86, apic: Handle a bad TSC more gracefully (boo#935530). - x86/PCI: Use host bridge _CRS info on Foxconn K8M890-8237A (bnc#907092). - x86/PCI: Use host bridge _CRS info on systems with >32 bit addressing (bnc#907092). - x86/microcode/amd: Do not overwrite final patch levels (bsc#913996). - x86/microcode/amd: Extract current patch level read to a function (bsc#913996). - x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032). - xenbus: add proper handling of XS_ERROR from Xenbus for transactions. - xhci: Calculate old endpoints correctly on device reset (bnc#938976).
    last seen 2019-02-21
    modified 2015-08-17
    plugin id 85432
    published 2015-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85432
    title openSUSE Security Update : the Linux Kernel (openSUSE-2015-543)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1788.NASL
    description Updated kernel-rt packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the kernel's implementation of the Berkeley Packet Filter (BPF). A local attacker could craft BPF code to crash the system by creating a situation in which the JIT compiler would fail to correctly optimize the JIT image on the last pass. This would lead to the CPU executing instructions that were not part of the JIT code. (CVE-2015-4700, Important) * Two flaws were found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality. (CVE-2015-5364, CVE-2015-5366, Important) * A flaw was found in the way the Linux kernel's ext4 file system handled the 'page size > block size' condition when the fallocate zero range functionality was used. A local attacker could use this flaw to crash the system. (CVE-2015-0275, Moderate) * It was found that the Linux kernel's keyring implementation would leak memory when adding a key to a keyring via the add_key() function. A local attacker could use this flaw to exhaust all available memory on the system. (CVE-2015-1333, Moderate) * A race condition flaw was found in the way the Linux kernel's SCTP implementation handled Address Configuration lists when performing Address Configuration Change (ASCONF). A local attacker could use this flaw to crash the system via a race condition triggered by setting certain ASCONF options on a socket. (CVE-2015-3212, Moderate) * An information leak flaw was found in the way the Linux kernel's Virtual Dynamic Shared Object (vDSO) implementation performed address randomization. A local, unprivileged user could use this flaw to leak kernel memory addresses to user-space. (CVE-2014-9585, Low) Red Hat would like to thank Daniel Borkmann for reporting CVE-2015-4700, and Canonical for reporting the CVE-2015-1333 issue. The CVE-2015-0275 issue was discovered by Xiong Zhou of Red Hat, and the CVE-2015-3212 issue was discovered by Ji Jianwen of Red Hat Engineering. The kernel-rt packages have been upgraded to version 3.10.0-229.13.1, which provides a number of bug fixes and enhancements over the previous version, including : * Fix regression in scsi_send_eh_cmnd() * boot hangs at 'Console: switching to colour dummy device 80x25' * Update tcp stack to 3.17 kernel * Missing some code from patch '(...) Fix VGA switcheroo problem related to hotplug' * ksoftirqd high CPU usage due to stray tasklet from ioatdma driver * During Live Partition Mobility (LPM) testing, RHEL 7.1 LPARs will crash in kmem_cache_alloc (BZ#1253809) This update also fixes the following bug : * The hwlat_detector.ko module samples the clock and records any intervals between reads that exceed a specified threshold. However, the module previously tracked the maximum interval seen for the 'inner' interval but did not record when the 'outer' interval was greater. A patch has been applied to fix this bug, and hwlat_detector.ko now correctly records if the outer interval is the maximal interval encountered during the run. (BZ#1252365) All kernel-rt users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 85980
    published 2015-09-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85980
    title RHEL 7 : kernel-rt (RHSA-2015:1788)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL17309.NASL
    description The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364. (CVE-2015-5366)
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 97308
    published 2017-02-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97308
    title F5 Networks BIG-IP : Linux kernel vulnerability (K17309)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150813_KERNEL_ON_SL6_X.NASL
    description Two flaws were found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality. (CVE-2015-5364, CVE-2015-5366, Important) This update also fixes the following bugs : - When removing a directory, and a reference was held to that directory by a reference to a negative child dentry, the directory dentry was previously not killed. In addition, once the negative child dentry was killed, an unlinked and unused dentry was present in the cache. As a consequence, deadlock could be caused by forcing the dentry eviction while the file system in question was frozen. With this update, all unused dentries are unhashed and evicted just after a successful directory removal, which avoids the deadlock, and the system no longer hangs in the aforementioned scenario. - Due to the broken s_umount lock ordering, a race condition occurred when an unlinked file was closed and the sync (or syncfs) utility was run at the same time. As a consequence, deadlock occurred on a frozen file system between sync and a process trying to unfreeze the file system. With this update, sync (or syncfs) is skipped on a frozen file system, and deadlock no longer occurs in the aforementioned situation. - Previously, in the scenario when a file was opened by file handle (fhandle) with its dentry not present in dcache ('cold dcache') and then making use of the unlink() and close() functions, the inode was not freed upon the close() system call. As a consequence, the iput() final was delayed indefinitely. A patch has been provided to fix this bug, and the inode is now freed as expected. - Due to a corrupted Executable and Linkable Format (ELF) header in the /proc/vmcore file, the kdump utility failed to provide any information. The underlying source code has been patched, and kdump now provides debuging information for kernel crashes as intended. - Previously, running the multipath request queue caused regressions in cases where paths failed regularly under I/O load. This regression manifested as I/O stalls that exceeded 300 seconds. This update reverts the changes aimed to reduce running the multipath request queue resulting in I/O stalls completing in a timely manner. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 85397
    published 2015-08-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85397
    title Scientific Linux Security Update : kernel on SL6.x i386/x86_64
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150915_KERNEL_ON_SL7_X.NASL
    description * A flaw was found in the kernel's implementation of the Berkeley Packet Filter (BPF). A local attacker could craft BPF code to crash the system by creating a situation in which the JIT compiler would fail to correctly optimize the JIT image on the last pass. This would lead to the CPU executing instructions that were not part of the JIT code. (CVE-2015-4700, Important) * Two flaws were found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality. (CVE-2015-5364, CVE-2015-5366, Important) * A flaw was found in the way the Linux kernel's ext4 file system handled the 'page size > block size' condition when the fallocate zero range functionality was used. A local attacker could use this flaw to crash the system. (CVE-2015-0275, Moderate) * It was found that the Linux kernel's keyring implementation would leak memory when adding a key to a keyring via the add_key() function. A local attacker could use this flaw to exhaust all available memory on the system. (CVE-2015-1333, Moderate) * A race condition flaw was found in the way the Linux kernel's SCTP implementation handled Address Configuration lists when performing Address Configuration Change (ASCONF). A local attacker could use this flaw to crash the system via a race condition triggered by setting certain ASCONF options on a socket. (CVE-2015-3212, Moderate) * An information leak flaw was found in the way the Linux kernel's Virtual Dynamic Shared Object (vDSO) implementation performed address randomization. A local, unprivileged user could use this flaw to leak kernel memory addresses to user-space. (CVE-2014-9585, Low) This update also fixes several bugs. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 85960
    published 2015-09-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85960
    title Scientific Linux Security Update : kernel on SL7.x x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-1623.NASL
    description Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. [Updated 3 September 2015] This advisory has been updated to push packages into the Red Hat Enterprise Linux 6 Client channels. The packages included in this revised update have not been changed in any way from the packages included in the original advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Two flaws were found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality. (CVE-2015-5364, CVE-2015-5366, Important) This update also fixes the following bugs : * When removing a directory, and a reference was held to that directory by a reference to a negative child dentry, the directory dentry was previously not killed. In addition, once the negative child dentry was killed, an unlinked and unused dentry was present in the cache. As a consequence, deadlock could be caused by forcing the dentry eviction while the file system in question was frozen. With this update, all unused dentries are unhashed and evicted just after a successful directory removal, which avoids the deadlock, and the system no longer hangs in the aforementioned scenario. (BZ#1243400) * Due to the broken s_umount lock ordering, a race condition occurred when an unlinked file was closed and the sync (or syncfs) utility was run at the same time. As a consequence, deadlock occurred on a frozen file system between sync and a process trying to unfreeze the file system. With this update, sync (or syncfs) is skipped on a frozen file system, and deadlock no longer occurs in the aforementioned situation. (BZ#1243404) * Previously, in the scenario when a file was opened by file handle (fhandle) with its dentry not present in dcache ('cold dcache') and then making use of the unlink() and close() functions, the inode was not freed upon the close() system call. As a consequence, the iput() final was delayed indefinitely. A patch has been provided to fix this bug, and the inode is now freed as expected. (BZ#1243406) * Due to a corrupted Executable and Linkable Format (ELF) header in the /proc/vmcore file, the kdump utility failed to provide any information. The underlying source code has been patched, and kdump now provides debuging information for kernel crashes as intended. (BZ#1245195) * Previously, running the multipath request queue caused regressions in cases where paths failed regularly under I/O load. This regression manifested as I/O stalls that exceeded 300 seconds. This update reverts the changes aimed to reduce running the multipath request queue resulting in I/O completing in a timely manner. (BZ#1246095) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 85387
    published 2015-08-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85387
    title CentOS 6 : kernel (CESA-2015:1623)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-1778.NASL
    description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the kernel's implementation of the Berkeley Packet Filter (BPF). A local attacker could craft BPF code to crash the system by creating a situation in which the JIT compiler would fail to correctly optimize the JIT image on the last pass. This would lead to the CPU executing instructions that were not part of the JIT code. (CVE-2015-4700, Important) * Two flaws were found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality. (CVE-2015-5364, CVE-2015-5366, Important) * A flaw was found in the way the Linux kernel's ext4 file system handled the 'page size > block size' condition when the fallocate zero range functionality was used. A local attacker could use this flaw to crash the system. (CVE-2015-0275, Moderate) * It was found that the Linux kernel's keyring implementation would leak memory when adding a key to a keyring via the add_key() function. A local attacker could use this flaw to exhaust all available memory on the system. (CVE-2015-1333, Moderate) * A race condition flaw was found in the way the Linux kernel's SCTP implementation handled Address Configuration lists when performing Address Configuration Change (ASCONF). A local attacker could use this flaw to crash the system via a race condition triggered by setting certain ASCONF options on a socket. (CVE-2015-3212, Moderate) * An information leak flaw was found in the way the Linux kernel's Virtual Dynamic Shared Object (vDSO) implementation performed address randomization. A local, unprivileged user could use this flaw to leak kernel memory addresses to user-space. (CVE-2014-9585, Low) Red Hat would like to thank Daniel Borkmann for reporting CVE-2015-4700, and Canonical for reporting the CVE-2015-1333 issue. The CVE-2015-0275 issue was discovered by Xiong Zhou of Red Hat, and the CVE-2015-3212 issue was discovered by Ji Jianwen of Red Hat Engineering. This update also fixes several bugs. Refer to the following Knowledgebase article for further information : https://access.redhat.com/articles/1614563 All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 86511
    published 2015-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86511
    title CentOS 7 : kernel (CESA-2015:1778)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2680-1.NASL
    description A flaw was discovered in the user space memory copying for the pipe iovecs in the Linux kernel. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. (CVE-2015-1805) A flaw was discovered in the kvm (kernel virtual machine) subsystem's kvm_apic_has_events function. A unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2015-4692) Daniel Borkmann reported a kernel crash in the Linux kernel's BPF filter JIT optimization. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2015-4700) A flaw was discovered in how the Linux kernel handles invalid UDP checksums. A remote attacker could exploit this flaw to cause a denial of service using a flood of UDP packets with invalid checksums. (CVE-2015-5364) A flaw was discovered in how the Linux kernel handles invalid UDP checksums. A remote attacker can cause a denial of service against applications that use epoll by injecting a single packet with an invalid checksum. (CVE-2015-5366). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 84981
    published 2015-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84981
    title Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2680-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-1778.NASL
    description From Red Hat Security Advisory 2015:1778 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the kernel's implementation of the Berkeley Packet Filter (BPF). A local attacker could craft BPF code to crash the system by creating a situation in which the JIT compiler would fail to correctly optimize the JIT image on the last pass. This would lead to the CPU executing instructions that were not part of the JIT code. (CVE-2015-4700, Important) * Two flaws were found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality. (CVE-2015-5364, CVE-2015-5366, Important) * A flaw was found in the way the Linux kernel's ext4 file system handled the 'page size > block size' condition when the fallocate zero range functionality was used. A local attacker could use this flaw to crash the system. (CVE-2015-0275, Moderate) * It was found that the Linux kernel's keyring implementation would leak memory when adding a key to a keyring via the add_key() function. A local attacker could use this flaw to exhaust all available memory on the system. (CVE-2015-1333, Moderate) * A race condition flaw was found in the way the Linux kernel's SCTP implementation handled Address Configuration lists when performing Address Configuration Change (ASCONF). A local attacker could use this flaw to crash the system via a race condition triggered by setting certain ASCONF options on a socket. (CVE-2015-3212, Moderate) * An information leak flaw was found in the way the Linux kernel's Virtual Dynamic Shared Object (vDSO) implementation performed address randomization. A local, unprivileged user could use this flaw to leak kernel memory addresses to user-space. (CVE-2014-9585, Low) Red Hat would like to thank Daniel Borkmann for reporting CVE-2015-4700, and Canonical for reporting the CVE-2015-1333 issue. The CVE-2015-0275 issue was discovered by Xiong Zhou of Red Hat, and the CVE-2015-3212 issue was discovered by Ji Jianwen of Red Hat Engineering. This update also fixes several bugs. Refer to the following Knowledgebase article for further information : https://access.redhat.com/articles/1614563 All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 85958
    published 2015-09-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85958
    title Oracle Linux 7 : kernel (ELSA-2015-1778)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-3071.NASL
    description Description of changes: kernel-uek [3.8.13-98.1.2.el7uek] - udp: fix behavior of wrong checksums (Eric Dumazet) [Orabug: 21628850] {CVE-2015-5364} {CVE-2015-5366}
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 85438
    published 2015-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85438
    title Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3071)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-1100.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 6.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * Two flaws were found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality. (CVE-2015-5364, CVE-2015-5366, Important) Bug Fix(es) : * In anon_vma data structure, the degree counts number of child anon_vmas and of VMAs that point to this anon_vma. In the unlink_anon_vma() function, when its list is empty, anon_vma is going to be freed whether the external refcount is zero or not, so the parent's degree should be decremented. However, failure to decrement the degree triggered a BUG_ON() signal in unlink_anon_vma(). The provided patch fixes this bug, and the degree is now decremented as expected. (BZ#1326027) Enhancement(s) : * The ixgbe NIC driver has been upgraded to upstream version 4.2.1, which provides a number of bug fixes and enhancements over the previous version. Notably : NULL pointer crashes related to VLAN support have been fixed Two more devices from the Intel X550 Ethernet controller family are now supported: IDs 15AC and 15AD Several PHY-related problems have been addressed: link disruptions and link flapping Added PHY-related support for Intel X550 System performance has been improved (BZ#1315702)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 91317
    published 2016-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91317
    title RHEL 6 : kernel (RHSA-2016:1100)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1611-1.NASL
    description The SUSE Linux Enterprise 11 SP3 kernel was updated to receive various security and bugfixes. Following security bugs were fixed : - CVE-2015-5707: An integer overflow in the SCSI generic driver could be potentially used by local attackers to crash the kernel or execute code (bsc#940338). - CVE-2015-5364: A remote denial of service (hang) via UDP flood with incorrect package checksums was fixed. (bsc#936831). - CVE-2015-5366: A remote denial of service (unexpected error returns) via UDP flood with incorrect package checksums was fixed. (bsc#936831). - CVE-2015-1420: A race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel allowed local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function (bnc#915517). - CVE-2015-4700: A local user could have created a bad instruction in the JIT processed BPF code, leading to a kernel crash (bnc#935705). - CVE-2015-4167: The UDF filesystem in the Linux kernel was vulnerable to a crash which could occur while fetching inode information from a corrupted/malicious udf file system image. (bsc#933907). - CVE-2014-9728 CVE-2014-9729 CVE-2014-9730 CVE-2014-9731: Various issues in handling UDF filesystems in the Linux kernel allowed the corruption of kernel memory and other issues. An attacker able to mount a corrupted/malicious UDF file system image could cause the kernel to crash. (bsc#933904 bsc#933896) - CVE-2015-2150: The Linux kernel did not properly restrict access to PCI command registers, which might have allowed local guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response (bsc#919463). - CVE-2015-0777: drivers/xen/usbback/usbback.c as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allowed guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors (bnc#917830). - CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux kernel did not prevent the TS_COMPAT flag from reaching a user-mode task, which might have allowed local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16 (bnc#926240). - CVE-2015-1805: The Linux kernels implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (bsc#933429). Also The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 86121
    published 2015-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86121
    title SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2015:1611-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-1225.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * Two flaws were found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality. (CVE-2015-5364, CVE-2015-5366, Important) Bug Fix(es) : * At a process or thread exit, when the Linux kernel undoes any SysV semaphore operations done previously (ones done using semop with the SEM_UNDO flag), there was a possible race condition with another process or thread removing the same semaphore set where the operations occurred, leading to a possible use of in-kernel-freed memory and then to possible unpredictable behavior. This bug could be noticed with software which uses IPC SysV semaphores, such as IBM DB2, which could in certain cases have some of its processes or utilities get incorrectly stalled in an IPC semaphore operation or system call after the race condition happened. A patch has been provided to fix this bug, and the kernel now behaves as expected in the aforementioned scenario. (BZ#1326343)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 91621
    published 2016-06-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91621
    title RHEL 6 : kernel (RHSA-2016:1225)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1678-1.NASL
    description The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Following security bugs were fixed : - CVE-2015-6252: Possible file descriptor leak for each VHOST_SET_LOG_FDcommand issued, this could eventually wasting available system resources and creating a denial of service (bsc#942367). - CVE-2015-5707: Possible integer overflow in the calculation of total number of pages in bio_map_user_iov() (bsc#940338). - CVE-2015-5364: The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allowed remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood (bsc#936831). - CVE-2015-5366: The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allowed remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364 (bsc#936831). - CVE-2015-1420: Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allowed local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function (bsc#915517). - CVE-2015-1805: The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an 'I/O' vector array overrun. (bsc#933429) - CVE-2015-2150: Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. (bsc#919463) - CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16. (bsc#926240) - CVE-2015-4700: The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allowed local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler (bsc#935705). - CVE-2015-4167: The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 did not validate certain length values, which allowed local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted UDF filesystem (bsc#933907). - CVE-2015-0777: drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors. (bsc#917830) - CVE-2014-9728: The UDF filesystem implementation in the Linux kernel before 3.18.2 did not validate certain lengths, which allowed local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c (bsc#933904). - CVE-2014-9730: The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allowed local users to cause a denial of service (system crash) via a crafted UDF filesystem image (bsc#933904). - CVE-2014-9729: The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.18.2 did not ensure a certain data-structure size consistency, which allowed local users to cause a denial of service (system crash) via a crafted UDF filesystem image (bsc#933904). - CVE-2014-9731: The UDF filesystem implementation in the Linux kernel before 3.18.2 did not ensure that space is available for storing a symlink target's name along with a trailing \0 character, which allowed local users to obtain sensitive information via a crafted filesystem image, related to fs/udf/symlink.c and fs/udf/unicode.c (bsc#933896). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 86290
    published 2015-10-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86290
    title SUSE SLED11 / SLES11 Security Update : kernel-source (SUSE-SU-2015:1678-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3329.NASL
    description Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. - CVE-2015-1333 Colin Ian King discovered a flaw in the add_key function of the Linux kernel's keyring subsystem. A local user can exploit this flaw to cause a denial of service due to memory exhaustion. - CVE-2015-3212 Ji Jianwen of Red Hat Engineering discovered a flaw in the handling of the SCTPs automatic handling of dynamic multi-homed connections. A local attacker could use this flaw to cause a crash or potentially for privilege escalation. - CVE-2015-4692 A NULL pointer dereference flaw was found in the kvm_apic_has_events function in the KVM subsystem. A unprivileged local user could exploit this flaw to crash the system kernel resulting in denial of service. - CVE-2015-4700 Daniel Borkmann discovered a flaw in the Linux kernel implementation of the Berkeley Packet Filter which can be used by a local user to crash the system. - CVE-2015-5364 It was discovered that the Linux kernel does not properly handle invalid UDP checksums. A remote attacker could exploit this flaw to cause a denial of service using a flood of UDP packets with invalid checksums. - CVE-2015-5366 It was discovered that the Linux kernel does not properly handle invalid UDP checksums. A remote attacker can cause a denial of service against applications that use epoll by injecting a single packet with an invalid checksum. - CVE-2015-5697 A flaw was discovered in the md driver in the Linux kernel leading to an information leak. - CVE-2015-5706 An user triggerable use-after-free vulnerability in path lookup in the Linux kernel could potentially lead to privilege escalation. - CVE-2015-5707 An integer overflow in the SCSI generic driver in the Linux kernel was discovered. A local user with write permission on a SCSI generic device could potentially exploit this flaw for privilege escalation.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 85281
    published 2015-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85281
    title Debian DSA-3329-1 : linux - security update
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-0045.NASL
    description Updated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * Two flaws were found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality. (CVE-2015-5364, CVE-2015-5366, Important) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 87992
    published 2016-01-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87992
    title CentOS 5 : kernel (CESA-2016:0045)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2015-0147.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2015-0147 for details.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 86882
    published 2015-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86882
    title OracleVM 3.3 : kernel-uek (OVMSA-2015-0147)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3313.NASL
    description Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service. - CVE-2015-3290 Andy Lutomirski discovered that the Linux kernel does not properly handle nested NMIs. A local, unprivileged user could use this flaw for privilege escalation. - CVE-2015-3291 Andy Lutomirski discovered that under certain conditions a malicious userspace program can cause the kernel to skip NMIs leading to a denial of service. - CVE-2015-4167 Carl Henrik Lunde discovered that the UDF implementation is missing a necessary length check. A local user that can mount devices could use this flaw to crash the system. - CVE-2015-5157 Petr Matousek and Andy Lutomirski discovered that an NMI that interrupts userspace and encounters an IRET fault is incorrectly handled. A local, unprivileged user could use this flaw for denial of service or possibly for privilege escalation. - CVE-2015-5364 It was discovered that the Linux kernel does not properly handle invalid UDP checksums. A remote attacker could exploit this flaw to cause a denial of service using a flood of UDP packets with invalid checksums. - CVE-2015-5366 It was discovered that the Linux kernel does not properly handle invalid UDP checksums. A remote attacker can cause a denial of service against applications that use epoll by injecting a single packet with an invalid checksum.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 84965
    published 2015-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84965
    title Debian DSA-3313-1 : linux - security update
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1478-1.NASL
    description The SUSE Linux Enterprise Server 11 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2015-5707: An integer overflow in the SCSI generic driver could be potentially used by local attackers to crash the kernel or execute code. - CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux kernel did not prevent the TS_COMPAT flag from reaching a user-mode task, which might have allowed local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16 (bnc#926240). - CVE-2015-0777: drivers/xen/usbback/usbback.c in the Linux kernel allowed guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors (bnc#917830). - CVE-2015-2150: Xen and the Linux kernel did not properly restrict access to PCI command registers, which might have allowed local guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response (bnc#919463). - CVE-2015-5364: A remote denial of service (hang) via UDP flood with incorrect package checksums was fixed. (bsc#936831). - CVE-2015-5366: A remote denial of service (unexpected error returns) via UDP flood with incorrect package checksums was fixed. (bsc#936831). - CVE-2015-1420: CVE-2015-1420: Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel allowed local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function (bnc#915517). - CVE-2015-4700: A local user could have created a bad instruction in the JIT processed BPF code, leading to a kernel crash (bnc#935705). - CVE-2015-1805: The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel did not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allowed local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an 'I/O vector array overrun' (bnc#933429). - CVE-2015-3331: The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel did not properly determine the memory locations used for encrypted data, which allowed context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket (bnc#927257). - CVE-2015-2922: The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel allowed remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message (bnc#922583). - CVE-2015-2041: net/llc/sysctl_net_llc.c in the Linux kernel used an incorrect data type in a sysctl table, which allowed local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry (bnc#919007). - CVE-2015-3636: The ping_unhash function in net/ipv4/ping.c in the Linux kernel did not initialize a certain list data structure during an unhash operation, which allowed local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect (bnc#929525). - CVE-2014-8086: Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel allowed local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag (bnc#900881). - CVE-2014-8159: The InfiniBand (IB) implementation in the Linux kernel did not properly restrict use of User Verbs for registration of memory regions, which allowed local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/ (bnc#914742). - CVE-2014-9683: Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel allowed local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename (bnc#918333). - CVE-2015-2042: net/rds/sysctl.c in the Linux kernel used an incorrect data type in a sysctl table, which allowed local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry (bnc#919018). - CVE-2015-1421: Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel allowed remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data (bnc#915577). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 85764
    published 2015-09-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85764
    title SUSE SLES11 Security Update : kernel (SUSE-SU-2015:1478-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-0045.NASL
    description From Red Hat Security Advisory 2016:0045 : Updated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * Two flaws were found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality. (CVE-2015-5364, CVE-2015-5366, Important) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 88030
    published 2016-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88030
    title Oracle Linux 5 : kernel (ELSA-2016-0045)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-3098.NASL
    description The remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
    last seen 2019-02-21
    modified 2016-11-14
    plugin id 86881
    published 2015-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86881
    title Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3098)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0045.NASL
    description Updated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * Two flaws were found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality. (CVE-2015-5364, CVE-2015-5366, Important) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 87998
    published 2016-01-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87998
    title RHEL 5 : kernel (RHSA-2016:0045)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2681-1.NASL
    description A flaw was discovered in the user space memory copying for the pipe iovecs in the Linux kernel. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. (CVE-2015-1805) A flaw was discovered in the kvm (kernel virtual machine) subsystem's kvm_apic_has_events function. A unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2015-4692) Daniel Borkmann reported a kernel crash in the Linux kernel's BPF filter JIT optimization. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2015-4700) A flaw was discovered in how the Linux kernel handles invalid UDP checksums. A remote attacker could exploit this flaw to cause a denial of service using a flood of UDP packets with invalid checksums. (CVE-2015-5364) A flaw was discovered in how the Linux kernel handles invalid UDP checksums. A remote attacker can cause a denial of service against applications that use epoll by injecting a single packet with an invalid checksum. (CVE-2015-5366). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 84982
    published 2015-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84982
    title Ubuntu 14.04 LTS : linux vulnerabilities (USN-2681-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1623.NASL
    description Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. [Updated 3 September 2015] This advisory has been updated to push packages into the Red Hat Enterprise Linux 6 Client channels. The packages included in this revised update have not been changed in any way from the packages included in the original advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Two flaws were found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality. (CVE-2015-5364, CVE-2015-5366, Important) This update also fixes the following bugs : * When removing a directory, and a reference was held to that directory by a reference to a negative child dentry, the directory dentry was previously not killed. In addition, once the negative child dentry was killed, an unlinked and unused dentry was present in the cache. As a consequence, deadlock could be caused by forcing the dentry eviction while the file system in question was frozen. With this update, all unused dentries are unhashed and evicted just after a successful directory removal, which avoids the deadlock, and the system no longer hangs in the aforementioned scenario. (BZ#1243400) * Due to the broken s_umount lock ordering, a race condition occurred when an unlinked file was closed and the sync (or syncfs) utility was run at the same time. As a consequence, deadlock occurred on a frozen file system between sync and a process trying to unfreeze the file system. With this update, sync (or syncfs) is skipped on a frozen file system, and deadlock no longer occurs in the aforementioned situation. (BZ#1243404) * Previously, in the scenario when a file was opened by file handle (fhandle) with its dentry not present in dcache ('cold dcache') and then making use of the unlink() and close() functions, the inode was not freed upon the close() system call. As a consequence, the iput() final was delayed indefinitely. A patch has been provided to fix this bug, and the inode is now freed as expected. (BZ#1243406) * Due to a corrupted Executable and Linkable Format (ELF) header in the /proc/vmcore file, the kdump utility failed to provide any information. The underlying source code has been patched, and kdump now provides debuging information for kernel crashes as intended. (BZ#1245195) * Previously, running the multipath request queue caused regressions in cases where paths failed regularly under I/O load. This regression manifested as I/O stalls that exceeded 300 seconds. This update reverts the changes aimed to reduce running the multipath request queue resulting in I/O completing in a timely manner. (BZ#1246095) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 85396
    published 2015-08-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85396
    title RHEL 6 : kernel (RHSA-2015:1623)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2017-0057.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0057 for details.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 99163
    published 2017-04-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99163
    title OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1778.NASL
    description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the kernel's implementation of the Berkeley Packet Filter (BPF). A local attacker could craft BPF code to crash the system by creating a situation in which the JIT compiler would fail to correctly optimize the JIT image on the last pass. This would lead to the CPU executing instructions that were not part of the JIT code. (CVE-2015-4700, Important) * Two flaws were found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality. (CVE-2015-5364, CVE-2015-5366, Important) * A flaw was found in the way the Linux kernel's ext4 file system handled the 'page size > block size' condition when the fallocate zero range functionality was used. A local attacker could use this flaw to crash the system. (CVE-2015-0275, Moderate) * It was found that the Linux kernel's keyring implementation would leak memory when adding a key to a keyring via the add_key() function. A local attacker could use this flaw to exhaust all available memory on the system. (CVE-2015-1333, Moderate) * A race condition flaw was found in the way the Linux kernel's SCTP implementation handled Address Configuration lists when performing Address Configuration Change (ASCONF). A local attacker could use this flaw to crash the system via a race condition triggered by setting certain ASCONF options on a socket. (CVE-2015-3212, Moderate) * An information leak flaw was found in the way the Linux kernel's Virtual Dynamic Shared Object (vDSO) implementation performed address randomization. A local, unprivileged user could use this flaw to leak kernel memory addresses to user-space. (CVE-2014-9585, Low) Red Hat would like to thank Daniel Borkmann for reporting CVE-2015-4700, and Canonical for reporting the CVE-2015-1333 issue. The CVE-2015-0275 issue was discovered by Xiong Zhou of Red Hat, and the CVE-2015-3212 issue was discovered by Ji Jianwen of Red Hat Engineering. This update also fixes several bugs. Refer to the following Knowledgebase article for further information : https://access.redhat.com/articles/1614563 All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 86702
    published 2015-11-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86702
    title RHEL 7 : kernel (RHSA-2015:1778)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20160119_KERNEL_ON_SL5_X.NASL
    description * Two flaws were found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality. (CVE-2015-5364, CVE-2015-5366, Important) The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 88000
    published 2016-01-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88000
    title Scientific Linux Security Update : kernel on SL5.x i386/x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-3073.NASL
    description Description of changes: kernel-uek [2.6.32-400.37.11.el6uek] - udp: fix behavior of wrong checksums (Eric Dumazet) [Orabug: 21628852] {CVE-2015-5364} {CVE-2015-5366}
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 85440
    published 2015-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85440
    title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3073)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-1096.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * Two flaws were found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality. (CVE-2015-5364, CVE-2015-5366, Important) Bug Fix(es) : * Prior to this update, if processes that generate interrupts were active during the guest shutdown sequence, the virtio driver in some cases did not correctly clear the interrupts. As a consequence, the guest kernel became unresponsive, which prevented the shutdown from completing. With this update, the virtio driver processes interrupts more effectively, and guests now shut down reliably in the described scenario. (BZ#1323568) * At a process or thread exit, when the Linux kernel undoes any SysV semaphore operations done previously (the ones done using semop with the SEM_UNDO flag), there was a possible flaw and race with another process or thread removing the same semaphore set where the operations occurred, leading to possible use of in-kernel-freed memory and then to possible unpredictable behavior. This bug could be noticed with software which uses IPC SysV semaphores, such as IBM DB2, which for example in certain cases could lead to some of its processes or utilities to get incorrectly stalled in some IPC semaphore operation or syscall after the race or problem happened. A patch has been provided to fix this bug, and the kernel now behaves as expected in the aforementioned scenario. (BZ#1326341)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 91307
    published 2016-05-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91307
    title RHEL 6 : kernel (RHSA-2016:1096)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-3072.NASL
    description Description of changes: [2.6.39-400.250.11.el6uek] - udp: fix behavior of wrong checksums (Eric Dumazet) [Orabug: 21628851] {CVE-2015-5364} {CVE-2015-5366}
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 85439
    published 2015-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85439
    title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3072)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2015-0114.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - udp: fix behavior of wrong checksums (Eric Dumazet) [Orabug: 21628850] (CVE-2015-5364) (CVE-2015-5366)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 85493
    published 2015-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85493
    title OracleVM 3.3 : kernel-uek (OVMSA-2015-0114)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-1623.NASL
    description From Red Hat Security Advisory 2015:1623 : Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. [Updated 3 September 2015] This advisory has been updated to push packages into the Red Hat Enterprise Linux 6 Client channels. The packages included in this revised update have not been changed in any way from the packages included in the original advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Two flaws were found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality. (CVE-2015-5364, CVE-2015-5366, Important) This update also fixes the following bugs : * When removing a directory, and a reference was held to that directory by a reference to a negative child dentry, the directory dentry was previously not killed. In addition, once the negative child dentry was killed, an unlinked and unused dentry was present in the cache. As a consequence, deadlock could be caused by forcing the dentry eviction while the file system in question was frozen. With this update, all unused dentries are unhashed and evicted just after a successful directory removal, which avoids the deadlock, and the system no longer hangs in the aforementioned scenario. (BZ#1243400) * Due to the broken s_umount lock ordering, a race condition occurred when an unlinked file was closed and the sync (or syncfs) utility was run at the same time. As a consequence, deadlock occurred on a frozen file system between sync and a process trying to unfreeze the file system. With this update, sync (or syncfs) is skipped on a frozen file system, and deadlock no longer occurs in the aforementioned situation. (BZ#1243404) * Previously, in the scenario when a file was opened by file handle (fhandle) with its dentry not present in dcache ('cold dcache') and then making use of the unlink() and close() functions, the inode was not freed upon the close() system call. As a consequence, the iput() final was delayed indefinitely. A patch has been provided to fix this bug, and the inode is now freed as expected. (BZ#1243406) * Due to a corrupted Executable and Linkable Format (ELF) header in the /proc/vmcore file, the kdump utility failed to provide any information. The underlying source code has been patched, and kdump now provides debuging information for kernel crashes as intended. (BZ#1245195) * Previously, running the multipath request queue caused regressions in cases where paths failed regularly under I/O load. This regression manifested as I/O stalls that exceeded 300 seconds. This update reverts the changes aimed to reduce running the multipath request queue resulting in I/O completing in a timely manner. (BZ#1246095) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 85395
    published 2015-08-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85395
    title Oracle Linux 6 : kernel (ELSA-2015-1623)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1324-1.NASL
    description The SUSE Linux Enterprise 12 kernel was updated to 3.12.44 to receive various security and bugfixes. These features were added : - mpt2sas: Added Reply Descriptor Post Queue (RDPQ) Array support (bsc#854824). - mpt3sas: Bump mpt3sas driver version to 04.100.00.00 (bsc#854817). Following security bugs were fixed : - CVE-2015-1805: iov overrun for failed atomic copy could have lead to DoS or privilege escalation (bsc#933429). - CVE-2015-3212: A race condition in the way the Linux kernel handled lists of associations in SCTP sockets could have lead to list corruption and kernel panics (bsc#936502). - CVE-2015-4036: DoS via memory corruption in vhost/scsi driver (bsc#931988). - CVE-2015-4167: Linux kernel built with the UDF file system(CONFIG_UDF_FS) support was vulnerable to a crash. It occurred while fetching inode information from a corrupted/malicious udf file system image (bsc#933907). - CVE-2015-4692: DoS via NULL pointer dereference in kvm_apic_has_events function (bsc#935542). - CVE-2015-5364: Remote DoS via flood of UDP packets with invalid checksums (bsc#936831). - CVE-2015-5366: Remote DoS of EPOLLET epoll applications via flood of UDP packets with invalid checksums (bsc#936831). Security issues already fixed in the previous update but not referenced by CVE : - CVE-2014-9728: Kernel built with the UDF file system(CONFIG_UDF_FS) support were vulnerable to a crash (bsc#933904). - CVE-2014-9729: Kernel built with the UDF file system(CONFIG_UDF_FS) support were vulnerable to a crash (bsc#933904). - CVE-2014-9730: Kernel built with the UDF file system(CONFIG_UDF_FS) support were vulnerable to a crash (bsc#933904). - CVE-2014-9731: Kernel built with the UDF file system(CONFIG_UDF_FS) support were vulnerable to information leakage (bsc#933896). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 85180
    published 2015-08-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85180
    title SUSE SLED12 / SLES12 Security Update : SUSE Linux Enterprise 12 kernel (SUSE-SU-2015:1324-1)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2015-565.NASL
    description It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2015-1805) A flaw was found in the Linux kernels handling of the SCTPs automatic handling of dynamic multi-homed connections. A race condition in the way the Linux kernel handles lists of associations in SCTP sockets using Address Configuration Change messages, leading to list corruption and panics. (CVE-2015-3212) A flaw was found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality. (CVE-2015-5364) A flaw was found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality. (CVE-2015-5366)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 84925
    published 2015-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84925
    title Amazon Linux AMI : kernel (ALAS-2015-565)
redhat via4
advisories
  • rhsa
    id RHSA-2015:1623
  • rhsa
    id RHSA-2015:1778
  • rhsa
    id RHSA-2015:1787
  • rhsa
    id RHSA-2016:0045
  • rhsa
    id RHSA-2016:1096
  • rhsa
    id RHSA-2016:1100
  • rhsa
    id RHSA-2016:1225
rpms
  • kernel-0:2.6.32-573.3.1.el6
  • kernel-abi-whitelists-0:2.6.32-573.3.1.el6
  • kernel-bootwrapper-0:2.6.32-573.3.1.el6
  • kernel-debug-0:2.6.32-573.3.1.el6
  • kernel-debug-devel-0:2.6.32-573.3.1.el6
  • kernel-devel-0:2.6.32-573.3.1.el6
  • kernel-doc-0:2.6.32-573.3.1.el6
  • kernel-firmware-0:2.6.32-573.3.1.el6
  • kernel-headers-0:2.6.32-573.3.1.el6
  • kernel-kdump-0:2.6.32-573.3.1.el6
  • kernel-kdump-devel-0:2.6.32-573.3.1.el6
  • perf-0:2.6.32-573.3.1.el6
  • python-perf-0:2.6.32-573.3.1.el6
  • kernel-0:3.10.0-229.14.1.el7
  • kernel-abi-whitelists-0:3.10.0-229.14.1.el7
  • kernel-bootwrapper-0:3.10.0-229.14.1.el7
  • kernel-debug-0:3.10.0-229.14.1.el7
  • kernel-debug-devel-0:3.10.0-229.14.1.el7
  • kernel-devel-0:3.10.0-229.14.1.el7
  • kernel-doc-0:3.10.0-229.14.1.el7
  • kernel-headers-0:3.10.0-229.14.1.el7
  • kernel-kdump-0:3.10.0-229.14.1.el7
  • kernel-kdump-devel-0:3.10.0-229.14.1.el7
  • kernel-tools-0:3.10.0-229.14.1.el7
  • kernel-tools-libs-0:3.10.0-229.14.1.el7
  • kernel-tools-libs-devel-0:3.10.0-229.14.1.el7
  • perf-0:3.10.0-229.14.1.el7
  • python-perf-0:3.10.0-229.14.1.el7
  • kernel-rt-0:3.10.0-229.14.1.rt56.141.13.el7_1
  • kernel-rt-debug-0:3.10.0-229.14.1.rt56.141.13.el7_1
  • kernel-rt-debug-devel-0:3.10.0-229.14.1.rt56.141.13.el7_1
  • kernel-rt-devel-0:3.10.0-229.14.1.rt56.141.13.el7_1
  • kernel-rt-doc-0:3.10.0-229.14.1.rt56.141.13.el7_1
  • kernel-rt-trace-0:3.10.0-229.14.1.rt56.141.13.el7_1
  • kernel-rt-trace-devel-0:3.10.0-229.14.1.rt56.141.13.el7_1
  • kernel-0:2.6.18-408.el5
  • kernel-PAE-0:2.6.18-408.el5
  • kernel-PAE-devel-0:2.6.18-408.el5
  • kernel-debug-0:2.6.18-408.el5
  • kernel-debug-devel-0:2.6.18-408.el5
  • kernel-devel-0:2.6.18-408.el5
  • kernel-doc-0:2.6.18-408.el5
  • kernel-headers-0:2.6.18-408.el5
  • kernel-kdump-0:2.6.18-408.el5
  • kernel-kdump-devel-0:2.6.18-408.el5
  • kernel-xen-0:2.6.18-408.el5
  • kernel-xen-devel-0:2.6.18-408.el5
refmap via4
bid 75510
confirm
debian
  • DSA-3313
  • DSA-3329
misc https://twitter.com/grsecurity/status/605854034260426753
mlist [oss-security] 20150630 CVE Request: UDP checksum DoS
sectrack 1032794
suse
  • SUSE-SU-2015:1224
  • SUSE-SU-2015:1324
  • SUSE-SU-2015:1478
  • SUSE-SU-2015:1487
  • SUSE-SU-2015:1488
  • SUSE-SU-2015:1489
  • SUSE-SU-2015:1490
  • SUSE-SU-2015:1491
  • SUSE-SU-2015:1592
  • SUSE-SU-2015:1611
  • openSUSE-SU-2015:1382
ubuntu
  • USN-2680-1
  • USN-2681-1
  • USN-2682-1
  • USN-2683-1
  • USN-2684-1
  • USN-2713-1
  • USN-2714-1
Last major update 30-12-2016 - 21:59
Published 31-08-2015 - 06:59
Last modified 04-01-2018 - 21:30
Back to Top