ID CVE-2016-3070
Summary The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move.
References
Vulnerable Configurations
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Linux Kernel 4.3.6
    cpe:2.3:o:linux:linux_kernel:4.3.6
CVSS
Base: 4.6 (as of 10-08-2016 - 14:00)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3035-3.NASL
    description USN-3035-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 15.10 for Ubuntu 14.04 LTS. Jan Stancek discovered that the Linux kernel's memory manager did not properly handle moving pages mapped by the asynchronous I/O (AIO) ring buffer to the other nodes. A local attacker could use this to cause a denial of service (system crash). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 92317
    published 2016-07-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92317
    title Ubuntu 14.04 LTS : linux-lts-wily vulnerability (USN-3035-3)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3036-1.NASL
    description Jan Stancek discovered that the Linux kernel's memory manager did not properly handle moving pages mapped by the asynchronous I/O (AIO) ring buffer to the other nodes. A local attacker could use this to cause a denial of service (system crash). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 92318
    published 2016-07-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92318
    title Ubuntu 14.04 LTS : linux-lts-utopic vulnerability (USN-3036-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3035-1.NASL
    description Jan Stancek discovered that the Linux kernel's memory manager did not properly handle moving pages mapped by the asynchronous I/O (AIO) ring buffer to the other nodes. A local attacker could use this to cause a denial of service (system crash). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 92315
    published 2016-07-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92315
    title Ubuntu 15.10 : linux vulnerability (USN-3035-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3037-1.NASL
    description Jan Stancek discovered that the Linux kernel's memory manager did not properly handle moving pages mapped by the asynchronous I/O (AIO) ring buffer to the other nodes. A local attacker could use this to cause a denial of service (system crash). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 92319
    published 2016-07-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92319
    title Ubuntu 14.04 LTS : linux-lts-vivid vulnerability (USN-3037-1)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2016-0162.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - acpi: Disable ACPI table override if securelevel is set (Linn Crosetto) [Orabug: 25058966] (CVE-2016-3699) - aacraid: Check size values after double-fetch from user (Dave Carroll) [Orabug: 25060060] (CVE-2016-6480) (CVE-2016-6480) - audit: fix a double fetch in audit_log_single_execve_arg (Paul Moore) [Orabug: 25059969] (CVE-2016-6136) - ecryptfs: don't allow mmap when the lower fs doesn't support it (Jeff Mahoney) [Orabug: 25023269] (CVE-2016-1583) (CVE-2016-1583) - Revert 'ecryptfs: forbid opening files without mmap handler' (Chuck Anderson) [Orabug: 24971921] (CVE-2016-1583) - percpu: fix synchronization between synchronous map extension and chunk destruction (Tejun Heo) [Orabug: 25060084] (CVE-2016-4794) - percpu: fix synchronization between chunk->map_extend_work and chunk destruction (Tejun Heo) [Orabug: 25060084] (CVE-2016-4794) - ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt (Kangjie Lu) [Orabug: 25059898] (CVE-2016-4578) - ALSA: timer: Fix leak in events via snd_timer_user_ccallback (Kangjie Lu) [Orabug: 25059898] (CVE-2016-4578) - ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS (Kangjie Lu) [Orabug: 25059752] (CVE-2016-4569) - Bluetooth: Fix potential NULL dereference in RFCOMM bind callback (Jaganath Kanakkassery) [Orabug: 25058894] (CVE-2015-8956) - ASN.1: Fix non-match detection failure on data overrun (David Howells) [Orabug: 25059037] (CVE-2016-2053) - mm: migrate dirty page without clear_page_dirty_for_io etc (Hugh Dickins) [Orabug: 25059188] (CVE-2016-3070) - uek-rpm ol7: change uek-rpm/ol7/update-el release value from 7.1 to 7.3 (Chuck Anderson) [Orabug: 25050614]
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 95045
    published 2016-11-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95045
    title OracleVM 3.4 : Unbreakable / etc (OVMSA-2016-0162)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3034-2.NASL
    description USN-3034-1 fixed a vulnerability in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Jan Stancek discovered that the Linux kernel's memory manager did not properly handle moving pages mapped by the asynchronous I/O (AIO) ring buffer to the other nodes. A local attacker could use this to cause a denial of service (system crash). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 92314
    published 2016-07-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92314
    title Ubuntu 12.04 LTS : linux-lts-trusty vulnerability (USN-3034-2)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3035-2.NASL
    description Jan Stancek discovered that the Linux kernel's memory manager did not properly handle moving pages mapped by the asynchronous I/O (AIO) ring buffer to the other nodes. A local attacker could use this to cause a denial of service (system crash). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 92316
    published 2016-07-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92316
    title Ubuntu 15.10 : linux-raspi2 vulnerability (USN-3035-2)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3034-1.NASL
    description Jan Stancek discovered that the Linux kernel's memory manager did not properly handle moving pages mapped by the asynchronous I/O (AIO) ring buffer to the other nodes. A local attacker could use this to cause a denial of service (system crash). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 92313
    published 2016-07-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92313
    title Ubuntu 14.04 LTS : linux vulnerability (USN-3034-1)
  • NASL family Virtuozzo Local Security Checks
    NASL id VIRTUOZZO_VZA-2017-007.NASL
    description According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - A double free vulnerability was found in netlink_dump, which could cause a denial of service or possibly other unspecified impact. - It was discovered that the Linux kernel since 3.6-rc1 with 'net.ipv4.tcp_fastopen' set to 1 can hit BUG() statement in tcp_collapse() function after making a number of certain syscalls leading to a possible system crash. - A flaw was found in the way nfnetlink validated length of batch messages that could allow a user logged in to a container as root to cause a general protection fault and crash the host. - A flaw was found in the way nfnetlink handled errors while processing batch messages that could allow a user logged in to a container as root to trigger use after free and crash the host. - A security flaw was found in the Linux kernel that an attempt to move page mapped by AIO ring buffer to the other node triggers NULL pointer dereference at trace_writeback_dirty_page(), because aio_fs_backing_dev_info.dev is 0. Note that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-14
    plugin id 97979
    published 2017-03-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97979
    title Virtuozzo 7 : readykernel-patch (VZA-2017-007)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3607.NASL
    description Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2015-7515, CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2187, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3140 Ralf Spenneberg of OpenSource Security reported that various USB drivers do not sufficiently validate USB descriptors. This allowed a physically present user with a specially designed USB device to cause a denial of service (crash). - CVE-2016-0821 Solar Designer noted that the list 'poisoning' feature, intended to mitigate the effects of bugs in list manipulation in the kernel, used poison values within the range of virtual addresses that can be allocated by user processes. - CVE-2016-1237 David Sinquin discovered that nfsd does not check permissions when setting ACLs, allowing users to grant themselves permissions to a file by setting the ACL. - CVE-2016-1583 Jann Horn of Google Project Zero reported that the eCryptfs filesystem could be used together with the proc filesystem to cause a kernel stack overflow. If the ecryptfs-utils package is installed, local users could exploit this, via the mount.ecryptfs_private program, for denial of service (crash) or possibly for privilege escalation. - CVE-2016-2117 Justin Yackoski of Cryptonite discovered that the Atheros L2 ethernet driver incorrectly enables scatter/gather I/O. A remote attacker could take advantage of this flaw to obtain potentially sensitive information from kernel memory. - CVE-2016-2143 Marcin Koscielnicki discovered that the fork implementation in the Linux kernel on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash). - CVE-2016-3070 Jan Stancek of Red Hat discovered a local denial of service vulnerability in AIO handling. - CVE-2016-3134 The Google Project Zero team found that the netfilter subsystem does not sufficiently validate filter table entries. A user with the CAP_NET_ADMIN capability could use this for denial of service (crash) or possibly for privilege escalation. Debian disables unprivileged user namespaces by default, if locally enabled with the kernel.unprivileged_userns_clone sysctl, this allows privilege escalation. - CVE-2016-3156 Solar Designer discovered that the IPv4 implementation in the Linux kernel did not perform the destruction of inet device objects properly. An attacker in a guest OS could use this to cause a denial of service (networking outage) in the host OS. - CVE-2016-3157 / XSA-171 Andy Lutomirski discovered that the x86_64 (amd64) task switching implementation did not correctly update the I/O permission level when running as a Xen paravirtual (PV) guest. In some configurations this would allow local users to cause a denial of service (crash) or to escalate their privileges within the guest. - CVE-2016-3672 Hector Marco and Ismael Ripoll noted that it was possible to disable Address Space Layout Randomisation (ASLR) for x86_32 (i386) programs by removing the stack resource limit. This made it easier for local users to exploit security flaws in programs that have the setuid or setgid flag set. - CVE-2016-3951 It was discovered that the cdc_ncm driver would free memory prematurely if certain errors occurred during its initialisation. This allowed a physically present user with a specially designed USB device to cause a denial of service (crash) or possibly to escalate their privileges. - CVE-2016-3955 Ignat Korchagin reported that the usbip subsystem did not check the length of data received for a USB buffer. This allowed denial of service (crash) or privilege escalation on a system configured as a usbip client, by the usbip server or by an attacker able to impersonate it over the network. A system configured as a usbip server might be similarly vulnerable to physically present users. - CVE-2016-3961 / XSA-174 Vitaly Kuznetsov of Red Hat discovered that Linux allowed the use of hugetlbfs on x86 (i386 and amd64) systems even when running as a Xen paravirtualised (PV) guest, although Xen does not support huge pages. This allowed users with access to /dev/hugepages to cause a denial of service (crash) in the guest. - CVE-2016-4470 David Howells of Red Hat discovered that a local user can trigger a flaw in the Linux kernel's handling of key lookups in the keychain subsystem, leading to a denial of service (crash) or possibly to privilege escalation. - CVE-2016-4482, CVE-2016-4485, CVE-2016-4486, CVE-2016-4569, CVE-2016-4578, CVE-2016-4580, CVE-2016-5243, CVE-2016-5244 Kangjie Lu reported that the USB devio, llc, rtnetlink, ALSA timer, x25, tipc, and rds facilities leaked information from the kernel stack. - CVE-2016-4565 Jann Horn of Google Project Zero reported that various components in the InfiniBand stack implemented unusual semantics for the write() operation. On a system with InfiniBand drivers loaded, local users could use this for denial of service or privilege escalation. - CVE-2016-4581 Tycho Andersen discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local user can take advantage of this flaw to cause a denial of service (system crash). - CVE-2016-4805 Baozeng Ding discovered a use-after-free in the generic PPP layer in the Linux kernel. A local user can take advantage of this flaw to cause a denial of service (system crash), or potentially escalate their privileges. - CVE-2016-4913 Al Viro found that the ISO9660 filesystem implementation did not correctly count the length of certain invalid name entries. Reading a directory containing such name entries would leak information from kernel memory. Users permitted to mount disks or disk images could use this to obtain sensitive information. - CVE-2016-4997 / CVE-2016-4998 Jesse Hertz and Tim Newsham discovered that missing input sanitising in Netfilter socket handling may result in denial of service. Debian disables unprivileged user namespaces by default, if locally enabled with the kernel.unprivileged_userns_clone sysctl, this also allows privilege escalation.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 91886
    published 2016-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91886
    title Debian DSA-3607-1 : linux - security update
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2016-0163.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - aacraid: Check size values after double-fetch from user (Dave Carroll) [Orabug: 25060050] (CVE-2016-6480) (CVE-2016-6480) - IB/srpt: Simplify srpt_handle_tsk_mgmt (Bart Van Assche) [Orabug: 25060011] (CVE-2016-6327) - audit: fix a double fetch in audit_log_single_execve_arg (Paul Moore) [Orabug: 25059945] (CVE-2016-6136) - ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt (Kangjie Lu) [Orabug: 25059899] (CVE-2016-4578) - ALSA: timer: Fix leak in events via snd_timer_user_ccallback (Kangjie Lu) [Orabug: 25059899] (CVE-2016-4578) - ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS (Kangjie Lu) [Orabug: 25059753] (CVE-2016-4569) - acpi: Disable ACPI table override if securelevel is set (Linn Crosetto) [Orabug: 25058991] (CVE-2016-3699) - Bluetooth: Fix potential NULL dereference in RFCOMM bind callback (Jaganath Kanakkassery) [Orabug: 25058903] (CVE-2015-8956) - ASN.1: Fix non-match detection failure on data overrun (David Howells) [Orabug: 25059046] (CVE-2016-2053) - mm: migrate dirty page without clear_page_dirty_for_io etc (Hugh Dickins) [Orabug: 25059194] (CVE-2016-3070)
    last seen 2019-02-21
    modified 2018-09-05
    plugin id 95046
    published 2016-11-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95046
    title OracleVM 3.3 : Unbreakable / etc (OVMSA-2016-0163)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-3645.NASL
    description Description of changes: kernel-uek [3.8.13-118.14.2.el7uek] - aacraid: Check size values after double-fetch from user (Dave Carroll) [Orabug: 25060050] {CVE-2016-6480} {CVE-2016-6480} - IB/srpt: Simplify srpt_handle_tsk_mgmt() (Bart Van Assche) [Orabug: 25060011] {CVE-2016-6327} - audit: fix a double fetch in audit_log_single_execve_arg() (Paul Moore) [Orabug: 25059945] {CVE-2016-6136} - ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt (Kangjie Lu) [Orabug: 25059899] {CVE-2016-4578} - ALSA: timer: Fix leak in events via snd_timer_user_ccallback (Kangjie Lu) [Orabug: 25059899] {CVE-2016-4578} - ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS (Kangjie Lu) [Orabug: 25059753] {CVE-2016-4569} - acpi: Disable ACPI table override if securelevel is set (Linn Crosetto) [Orabug: 25058991] {CVE-2016-3699} - Bluetooth: Fix potential NULL dereference in RFCOMM bind callback (Jaganath Kanakkassery) [Orabug: 25058903] {CVE-2015-8956} - ASN.1: Fix non-match detection failure on data overrun (David Howells) [Orabug: 25059046] {CVE-2016-2053} - mm: migrate dirty page without clear_page_dirty_for_io etc (Hugh Dickins) [Orabug: 25059194] {CVE-2016-3070}
    last seen 2019-02-21
    modified 2018-09-05
    plugin id 95043
    published 2016-11-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95043
    title Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3645)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-2574.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. (CVE-2016-3841, Important) * Several Moderate and Low impact security issues were found in the Linux kernel. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412, CVE-2016-5828, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480, CVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384, CVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578) Red Hat would like to thank Philip Pettersson (Samsung) for reporting CVE-2016-2053; Tetsuo Handa for reporting CVE-2016-2847; the Virtuozzo kernel team and Solar Designer (Openwall) for reporting CVE-2016-3156; Justin Yackoski (Cryptonite) for reporting CVE-2016-2117; and Linn Crosetto (HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was discovered by Venkatesh Pottem (Red Hat Engineering); the CVE-2015-8844 and CVE-2015-8845 issues were discovered by Miroslav Vadkerti (Red Hat Engineering); the CVE-2016-4581 issue was discovered by Eric W. Biederman (Red Hat); the CVE-2016-6198 issue was discovered by CAI Qian (Red Hat); and the CVE-2016-3070 issue was discovered by Jan Stancek (Red Hat). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 95321
    published 2016-11-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95321
    title CentOS 7 : kernel (CESA-2016:2574)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-3646.NASL
    description Description of changes: [2.6.39-400.290.2.el6uek] - aacraid: Check size values after double-fetch from user (Dave Carroll) [Orabug: 25060055] {CVE-2016-6480} {CVE-2016-6480} - audit: fix a double fetch in audit_log_single_execve_arg() (Paul Moore) [Orabug: 25059962] {CVE-2016-6136} - ecryptfs: don't allow mmap when the lower fs doesn't support it (Jeff Mahoney) [Orabug: 24971918] {CVE-2016-1583} {CVE-2016-1583} - ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt (Kangjie Lu) [Orabug: 25059900] {CVE-2016-4578} - ALSA: timer: Fix leak in events via snd_timer_user_ccallback (Kangjie Lu) [Orabug: 25059900] {CVE-2016-4578} - ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS (Kangjie Lu) [Orabug: 25059755] {CVE-2016-4569} - Bluetooth: Fix potential NULL dereference in RFCOMM bind callback (Jaganath Kanakkassery) [Orabug: 25058905] {CVE-2015-8956} - mm: migrate dirty page without clear_page_dirty_for_io etc (Hugh Dickins) [Orabug: 25059195] {CVE-2016-3070}
    last seen 2019-02-21
    modified 2016-11-22
    plugin id 95044
    published 2016-11-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95044
    title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3646)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20161103_KERNEL_ON_SL7_X.NASL
    description Security Fix(es) : - It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. (CVE-2016-3841, Important) (CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412, CVE-2016-5828, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480, CVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384, CVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578) Additional Changes :
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 95841
    published 2016-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95841
    title Scientific Linux Security Update : kernel on SL7.x x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-3644.NASL
    description Description of changes: kernel-uek [4.1.12-61.1.19.el7uek] - acpi: Disable ACPI table override if securelevel is set (Linn Crosetto) [Orabug: 25058966] {CVE-2016-3699} - aacraid: Check size values after double-fetch from user (Dave Carroll) [Orabug: 25060060] {CVE-2016-6480} {CVE-2016-6480} - audit: fix a double fetch in audit_log_single_execve_arg() (Paul Moore) [Orabug: 25059969] {CVE-2016-6136} - ecryptfs: don't allow mmap when the lower fs doesn't support it (Jeff Mahoney) [Orabug: 25023269] {CVE-2016-1583} {CVE-2016-1583} - Revert 'ecryptfs: forbid opening files without mmap handler' (Chuck Anderson) [Orabug: 24971921] {CVE-2016-1583} - percpu: fix synchronization between synchronous map extension and chunk destruction (Tejun Heo) [Orabug: 25060084] {CVE-2016-4794} - percpu: fix synchronization between chunk->map_extend_work and chunk destruction (Tejun Heo) [Orabug: 25060084] {CVE-2016-4794} - ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt (Kangjie Lu) [Orabug: 25059898] {CVE-2016-4578} - ALSA: timer: Fix leak in events via snd_timer_user_ccallback (Kangjie Lu) [Orabug: 25059898] {CVE-2016-4578} - ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS (Kangjie Lu) [Orabug: 25059752] {CVE-2016-4569} - Bluetooth: Fix potential NULL dereference in RFCOMM bind callback (Jaganath Kanakkassery) [Orabug: 25058894] {CVE-2015-8956} - ASN.1: Fix non-match detection failure on data overrun (David Howells) [Orabug: 25059037] {CVE-2016-2053} - mm: migrate dirty page without clear_page_dirty_for_io etc (Hugh Dickins) [Orabug: 25059188] {CVE-2016-3070}
    last seen 2019-02-21
    modified 2016-11-22
    plugin id 95042
    published 2016-11-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95042
    title Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3644)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2016-0181.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - x86/iopl/64: properly context-switch IOPL on Xen PV (Andy Lutomirski) [Orabug: 25269184] (CVE-2016-3157) - net: Fix use after free in the recvmmsg exit path (Arnaldo Carvalho de Melo) [Orabug: 25298618] (CVE-2016-7117) - logging errors that get masked to EIO inside drivers/block/loop.c (Manjunath Patil) [Orabug: 21962821] - sched/core: Clear the root_domain cpumasks in init_rootdomain (Xunlei Pang) [Orabug: 23518650] - bio allocation failure due to bio_get_nr_vecs (Darrick J. Wong) - mlx4: avoid ABBA deadlock (Wengang Wang) [Orabug: 23538548] - mlx4: avoid multiple free on id_map_ent (Wengang Wang) [Orabug: 25022815] - sctp: validate chunk len before actually using it (Marcelo Ricardo Leitner) [Orabug: 25142906] (CVE-2016-9555) - NVMe: reduce queue depth as workaround for Samsung EPIC SQ errata (Ashok Vairavan) [Orabug: 25138146] - RDS: Drop the connection as part of cancel to avoid hangs (Avinash Repaka) [Orabug: 24951873] - aacraid: Check size values after double-fetch from user (Dave Carroll) [Orabug: 25060055] (CVE-2016-6480) (CVE-2016-6480) - audit: fix a double fetch in audit_log_single_execve_arg (Paul Moore) [Orabug: 25059962] (CVE-2016-6136) - ecryptfs: don't allow mmap when the lower fs doesn't support it (Jeff Mahoney) [Orabug: 24971918] (CVE-2016-1583) (CVE-2016-1583) - ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt (Kangjie Lu) [Orabug: 25059900] (CVE-2016-4578) - ALSA: timer: Fix leak in events via snd_timer_user_ccallback (Kangjie Lu) [Orabug: 25059900] (CVE-2016-4578) - ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS (Kangjie Lu) [Orabug: 25059755] (CVE-2016-4569) - Bluetooth: Fix potential NULL dereference in RFCOMM bind callback (Jaganath Kanakkassery) [Orabug: 25058905] (CVE-2015-8956) - mm: migrate dirty page without clear_page_dirty_for_io etc (Hugh Dickins) [Orabug: 25059195] [CVE-2016-3070
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 96073
    published 2016-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96073
    title OracleVM 3.2 : Unbreakable / etc (OVMSA-2016-0181)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1360-1.NASL
    description The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.74 to receive various security and bugfixes. Notable new/improved features : - Improved support for Hyper-V - Support for the tcp_westwood TCP scheduling algorithm The following security bugs were fixed : - CVE-2017-8106: The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel allowed privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a single-context INVEPT instruction with a NULL EPT pointer (bsc#1035877). - CVE-2017-6951: The keyring_search_aux function in security/keys/keyring.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the 'dead' type. (bsc#1029850). - CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c. (bsc#1030593) - CVE-2016-9604: This fixes handling of keyrings starting with '.' in KEYCTL_JOIN_SESSION_KEYRING, which could have allowed local users to manipulate privileged keyrings (bsc#1035576) - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel allowed local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation. (bnc#1033336). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. (bsc#1034670). - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bnc#1031579) - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel was too late in obtaining a certain lock and consequently could not ensure that disconnect function calls are safe, which allowed local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003) - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440) - CVE-2017-7261: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not check for a zero value of certain levels data, which allowed local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031052) - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function (bnc#1030213) - CVE-2016-9588: arch/x86/kvm/vmx.c in the Linux kernel mismanaged the #BP and #OF exceptions, which allowed guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest (bsc#1015703). - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel did not restrict the address calculated by a certain rounding operation, which allowed local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context (bnc#1026914). - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415) - CVE-2016-10208: The ext4_fill_super function in fs/ext4/super.c in the Linux kernel did not properly validate meta block groups, which allowed physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image (bnc#1023377). - CVE-2017-5897: The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allowed remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access (bsc#1023762). - CVE-2017-5986: A race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bsc#1025235). - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to obtain root privileges or cause a denial of service (double free) via an application that made an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024) - CVE-2016-9191: The cgroup offline implementation in the Linux kernel mishandled certain drain operations, which allowed local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application (bnc#1008842) - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the Linux kernel improperly managed lock dropping, which allowed local users to cause a denial of service (deadlock) via crafted operations on IrDA devices (bnc#1027178). - CVE-2016-10044: The aio_mount function in fs/aio.c in the Linux kernel did not properly restrict execute access, which made it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call (bnc#1023992). - CVE-2016-3070: The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel improperly interacts with mm/migrate.c, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move (bnc#979215). - CVE-2016-5243: The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel did not properly copy a certain string, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#983212). - CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that a certain destructor exists in required circumstances, which allowed local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls (bnc#1027190) - CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that made PACKET_FANOUT setsockopt system calls (bnc#1027189) - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986 (bnc#1027066) - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bsc#1025235). - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722) - CVE-2016-2117: The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly enables scatter/gather I/O, which allowed remote attackers to obtain sensitive information from kernel memory by reading packet data (bnc#968697) - CVE-2015-1350: The VFS subsystem in the Linux kernel provided an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bsc#914939). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bsc#1003077). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 100320
    published 2017-05-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100320
    title SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:1360-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1247-1.NASL
    description The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2015-1350: The VFS subsystem in the Linux kernel provided an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939). - CVE-2016-2117: The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly enabled scatter/gather I/O, which allowed remote attackers to obtain sensitive information from kernel memory by reading packet data (bnc#968697). - CVE-2016-3070: The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel improperly interacted with mm/migrate.c, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move (bnc#979215). - CVE-2016-5243: The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel did not properly copy a certain string, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#983212). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077). - CVE-2016-9588: arch/x86/kvm/vmx.c in the Linux kernel mismanages the #BP and #OF exceptions, which allowed guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest (bnc#1015703). - CVE-2016-10044: The aio_mount function in fs/aio.c in the Linux kernel did not properly restrict execute access, which made it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call (bnc#1023992). - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415). - CVE-2016-10208: The ext4_fill_super function in fs/ext4/super.c in the Linux kernel did not properly validate meta block groups, which allowed physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image (bnc#1023377). - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allowed local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003). - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel did not restrict the address calculated by a certain rounding operation, which allowed local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context (bnc#1026914). - CVE-2017-5897: The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allowed remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access (bnc#1023762). - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bnc#1024938). - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bnc#1025235). - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to obtain root privileges or cause a denial of service (double free) via an application that made an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024). - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722). - CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that a certain destructor exists in required circumstances, which allowed local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls (bnc#1027190). - CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that made PACKET_FANOUT setsockopt system calls (bnc#1027189). - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the Linux kernel improperly managed lock dropping, which allowed local users to cause a denial of service (deadlock) via crafted operations on IrDA devices (bnc#1027178). - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986 (bnc#1027066). - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function (bnc#1030213). - CVE-2017-7261: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not check for a zero value of certain levels data, which allowed local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031052). - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440). - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bnc#1031579). - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel allowed local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation (bnc#1033336). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 100150
    published 2017-05-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100150
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2017:1247-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-2584.NASL
    description An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. (CVE-2016-3841, Important) * Several Moderate and Low impact security issues were found in the Linux kernel. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480, CVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384, CVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578) Red Hat would like to thank Philip Pettersson (Samsung) for reporting CVE-2016-2053; Tetsuo Handa for reporting CVE-2016-2847; the Virtuozzo kernel team and Solar Designer (Openwall) for reporting CVE-2016-3156; Justin Yackoski (Cryptonite) for reporting CVE-2016-2117; and Linn Crosetto (HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was discovered by Venkatesh Pottem (Red Hat Engineering); the CVE-2015-8844 and CVE-2015-8845 issues were discovered by Miroslav Vadkerti (Red Hat Engineering); the CVE-2016-4581 issue was discovered by Eric W. Biederman (Red Hat); the CVE-2016-6198 issue was discovered by CAI Qian (Red Hat); and the CVE-2016-3070 issue was discovered by Jan Stancek (Red Hat). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 94547
    published 2016-11-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94547
    title RHEL 7 : kernel-rt (RHSA-2016:2584)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-2574.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. (CVE-2016-3841, Important) * Several Moderate and Low impact security issues were found in the Linux kernel. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412, CVE-2016-5828, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480, CVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384, CVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578) Red Hat would like to thank Philip Pettersson (Samsung) for reporting CVE-2016-2053; Tetsuo Handa for reporting CVE-2016-2847; the Virtuozzo kernel team and Solar Designer (Openwall) for reporting CVE-2016-3156; Justin Yackoski (Cryptonite) for reporting CVE-2016-2117; and Linn Crosetto (HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was discovered by Venkatesh Pottem (Red Hat Engineering); the CVE-2015-8844 and CVE-2015-8845 issues were discovered by Miroslav Vadkerti (Red Hat Engineering); the CVE-2016-4581 issue was discovered by Eric W. Biederman (Red Hat); the CVE-2016-6198 issue was discovered by CAI Qian (Red Hat); and the CVE-2016-3070 issue was discovered by Jan Stancek (Red Hat). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 94537
    published 2016-11-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94537
    title RHEL 7 : kernel (RHSA-2016:2574)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-2574.NASL
    description From Red Hat Security Advisory 2016:2574 : An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. (CVE-2016-3841, Important) * Several Moderate and Low impact security issues were found in the Linux kernel. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412, CVE-2016-5828, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480, CVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384, CVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578) Red Hat would like to thank Philip Pettersson (Samsung) for reporting CVE-2016-2053; Tetsuo Handa for reporting CVE-2016-2847; the Virtuozzo kernel team and Solar Designer (Openwall) for reporting CVE-2016-3156; Justin Yackoski (Cryptonite) for reporting CVE-2016-2117; and Linn Crosetto (HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was discovered by Venkatesh Pottem (Red Hat Engineering); the CVE-2015-8844 and CVE-2015-8845 issues were discovered by Miroslav Vadkerti (Red Hat Engineering); the CVE-2016-4581 issue was discovered by Eric W. Biederman (Red Hat); the CVE-2016-6198 issue was discovered by CAI Qian (Red Hat); and the CVE-2016-3070 issue was discovered by Jan Stancek (Red Hat). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-10-24
    plugin id 94697
    published 2016-11-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94697
    title Oracle Linux 7 : kernel (ELSA-2016-2574)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2016-0167.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - aacraid: Check size values after double-fetch from user (Dave Carroll) [Orabug: 25060055] (CVE-2016-6480) (CVE-2016-6480) - audit: fix a double fetch in audit_log_single_execve_arg (Paul Moore) [Orabug: 25059962] (CVE-2016-6136) - ecryptfs: don't allow mmap when the lower fs doesn't support it (Jeff Mahoney) [Orabug: 24971918] (CVE-2016-1583) (CVE-2016-1583) - ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt (Kangjie Lu) [Orabug: 25059900] (CVE-2016-4578) - ALSA: timer: Fix leak in events via snd_timer_user_ccallback (Kangjie Lu) [Orabug: 25059900] (CVE-2016-4578) - ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS (Kangjie Lu) [Orabug: 25059755] (CVE-2016-4569) - Bluetooth: Fix potential NULL dereference in RFCOMM bind callback (Jaganath Kanakkassery) [Orabug: 25058905] (CVE-2015-8956) - mm: migrate dirty page without clear_page_dirty_for_io etc (Hugh Dickins) [Orabug: 25059195] (CVE-2016-3070) - intel_idle: Fix C0 state for BDW (Guru Anbalagane) [Orabug: 25024180] - intel_idle: update Broadwell cstates (Brian Maly) [Orabug: 25024180] - Revert 'ecryptfs: forbid opening files without mmap handler' (Brian Maly) [Orabug: 24971918] - ocfs2: o2hb: fix hb hung time (Junxiao Bi) - ocfs2: o2hb: don't negotiate if last hb fail (Junxiao Bi) - ocfs2: o2hb: add some user/debug log (Junxiao Bi) - ocfs2: o2hb: add NEGOTIATE_APPROVE message (Junxiao Bi) - ocfs2: o2hb: add NEGO_TIMEOUT message (Junxiao Bi) - ocfs2: o2hb: add negotiate timer (Junxiao Bi) - ecryptfs: forbid opening files without mmap handler (Jann Horn) [Orabug: 24971919] (CVE-2016-1583) - RDS: IB: fix panic with handlers running post teardown (Santosh Shilimkar) [Orabug: 24314773] - ocfs2: improve recovery performance (Junxiao Bi) [Orabug: 24589532] - ocfs2: call ocfs2_journal_access_di before ocfs2_journal_dirty in ocfs2_write_end_nolock (Junxiao Bi) [Orabug: 24606864]
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 95366
    published 2016-11-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95366
    title OracleVM 3.2 : Unbreakable / etc (OVMSA-2016-0167)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2017-0057.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0057 for details.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 99163
    published 2017-04-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99163
    title OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)
redhat via4
advisories
  • rhsa
    id RHSA-2016:2574
  • rhsa
    id RHSA-2016:2584
rpms
  • kernel-0:3.10.0-514.el7
  • kernel-abi-whitelists-0:3.10.0-514.el7
  • kernel-bootwrapper-0:3.10.0-514.el7
  • kernel-debug-0:3.10.0-514.el7
  • kernel-debug-devel-0:3.10.0-514.el7
  • kernel-devel-0:3.10.0-514.el7
  • kernel-doc-0:3.10.0-514.el7
  • kernel-headers-0:3.10.0-514.el7
  • kernel-kdump-0:3.10.0-514.el7
  • kernel-kdump-devel-0:3.10.0-514.el7
  • kernel-tools-0:3.10.0-514.el7
  • kernel-tools-libs-0:3.10.0-514.el7
  • kernel-tools-libs-devel-0:3.10.0-514.el7
  • perf-0:3.10.0-514.el7
  • python-perf-0:3.10.0-514.el7
  • kernel-rt-0:3.10.0-514.rt56.420.el7
  • kernel-rt-debug-0:3.10.0-514.rt56.420.el7
  • kernel-rt-debug-devel-0:3.10.0-514.rt56.420.el7
  • kernel-rt-debug-kvm-0:3.10.0-514.rt56.420.el7
  • kernel-rt-devel-0:3.10.0-514.rt56.420.el7
  • kernel-rt-doc-0:3.10.0-514.rt56.420.el7
  • kernel-rt-kvm-0:3.10.0-514.rt56.420.el7
  • kernel-rt-trace-0:3.10.0-514.rt56.420.el7
  • kernel-rt-trace-devel-0:3.10.0-514.rt56.420.el7
  • kernel-rt-trace-kvm-0:3.10.0-514.rt56.420.el7
refmap via4
bid 90518
confirm
debian DSA-3607
ubuntu
  • USN-3034-1
  • USN-3034-2
  • USN-3035-1
  • USN-3035-2
  • USN-3035-3
  • USN-3036-1
  • USN-3037-1
Last major update 28-11-2016 - 15:06
Published 06-08-2016 - 16:59
Last modified 04-01-2018 - 21:30
Back to Top