ID CVE-2016-8655
Summary Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions.
References
Vulnerable Configurations
  • Linux Kernel 4.8.12
    cpe:2.3:o:linux:linux_kernel:4.8.12
CVSS
Base: 7.2 (as of 08-12-2016 - 09:44)
Impact:
Exploitability:
CWE CWE-362
CAPEC
  • Leveraging Race Conditions
    This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
  • Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
    This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
  • description Linux 4.4.0 < 4.4.0-53 - AF_PACKET chocobo_root Privilege Escalation (Metasploit). CVE-2016-8655. Local exploit for Linux platform. Tags: Metasploit Frame...
    file exploits/linux/local/44696.rb
    id EDB-ID:44696
    last seen 2018-05-24
    modified 2018-05-22
    platform linux
    port
    published 2018-05-22
    reporter Exploit-DB
    source https://www.exploit-db.com/download/44696/
    title Linux 4.4.0 < 4.4.0-53 - AF_PACKET chocobo_root Privilege Escalation (Metasploit)
    type local
  • file exploits/linux_x86-64/local/40871.c
    id EDB-ID:40871
    last seen 2018-11-30
    modified 2016-12-06
    platform linux_x86-64
    port
    published 2016-12-06
    reporter Exploit-DB
    source https://www.exploit-db.com/download/40871
    title Linux Kernel 4.4.0 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege Escalation
    type local
metasploit via4
description This module exploits a race condition and use-after-free in the packet_set_ring function in net/packet/af_packet.c (AF_PACKET) in the Linux kernel to execute code as root (CVE-2016-8655). The bug was initially introduced in 2011 and patched in 2016 in version 4.4.0-53.74, potentially affecting a large number of kernels; however this exploit targets only systems using Ubuntu (Trusty / Xenial) kernels 4.4.0 < 4.4.0-53, including Linux distros based on Ubuntu, such as Linux Mint. The target system must have unprivileged user namespaces enabled, two or more CPU cores, and SMAP must be disabled. Bypasses for SMEP and KASLR are included. Failed exploitation may crash the kernel. This module has been tested successfully on Linux Mint 17.3 (x86_64); Linux Mint 18 (x86_64); and Ubuntu 16.04.2 (x86_64) with kernel versions 4.4.0-45-generic and 4.4.0-51-generic.
id MSF:EXPLOIT/LINUX/LOCAL/AF_PACKET_CHOCOBO_ROOT_PRIV_ESC
last seen 2019-03-22
modified 2019-01-10
published 2018-05-07
reliability Good
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/af_packet_chocobo_root_priv_esc.rb
title AF_PACKET chocobo_root Privilege Escalation
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1436.NASL
    description The openSUSE 13.1 kernel was updated to receive various critical security fixes. The following security bugs were fixed : - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012754). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685).
    last seen 2019-02-21
    modified 2018-05-23
    plugin id 95708
    published 2016-12-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95708
    title openSUSE Security Update : the Linux Kernel (openSUSE-2016-1436)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1431.NASL
    description The openSUSE 13.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501). - CVE-2015-8963: Race condition in kernel/events/core.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation (bnc#1010502). - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517). - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716). - CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711). - CVE-2016-7913: The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure (bnc#1010478). - CVE-2016-7914: The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel did not check whether a slot is a leaf, which allowed local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite (bnc#1010475). - CVE-2016-7916: Race condition in the environ_read function in fs/proc/base.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete (bnc#1010467). - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833). - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the Linux kernel allowed local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data (bnc#1010150). - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012754). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). The following non-security bugs were fixed : - bna: Add synchronization for tx ring (bsc#993739). - bonding: set carrier off for devices created through netlink (bsc#999577). - btrfs: fix extent tree corruption due to relocation (bsc#990384). - introduce NETIF_F_GSO_ENCAP_ALL helper mask (bsc#1001486). - ipv6: send NEWLINK on RA managed/otherconf changes (bsc#934067). - ipv6: send only one NEWLINK when RA causes changes (bsc#934067). - tunnels: Remove encapsulation offloads on decap (bsc#1001486). - usbhid: add ATEN CS962 to list of quirky devices (bsc#1007615). - vmxnet3: Wake queue from reset work (bsc#999907).
    last seen 2019-02-21
    modified 2018-05-23
    plugin id 95705
    published 2016-12-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95705
    title openSUSE Security Update : the Linux Kernel (openSUSE-2016-1431)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-772.NASL
    description Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2012-6704, CVE-2016-9793 Eric Dumazet found that a local user with CAP_NET_ADMIN capability could set a socket's buffer size to be negative, leading to a denial of service or other security impact. Additionally, in kernel versions prior to 3.5, any user could do this if sysctl net.core.rmem_max was changed to a very large value. CVE-2015-1350 / #770492 Ben Harris reported that local users could remove set-capability attributes from any file visible to them, allowing a denial of service. CVE-2015-8962 Calvin Owens fouund that removing a SCSI device while it was being accessed through the SCSI generic (sg) driver led to a double- free, possibly causing a denial of service (crash or memory corruption) or privilege escalation. This could be exploited by local users with permision to access a SCSI device node. CVE-2015-8963 Sasha Levin reported that hot-unplugging a CPU resulted in a use-after-free by the performance events (perf) subsystem, possibly causing a denial of service (crash or memory corruption) or privilege escalation. This could by exploited by any local user. CVE-2015-8964 It was found that the terminal/serial (tty) subsystem did not reliably reset the terminal buffer state when the terminal line discipline was changed. This could allow a local user with access to a terminal device to read sensitive information from kernel memory. CVE-2016-7097 Jan Kara found that changing the POSIX ACL of a file never cleared its set-group-ID flag, which should be done if the user changing it is not a member of the group-owner. In some cases, this would allow the user-owner of an executable to gain the privileges of the group-owner. CVE-2016-7910 Vegard Nossum discovered that a memory allocation failure while handling a read of /proc/diskstats or /proc/partitions could lead to a use-after-free, possibly causing a denial of service (crash or memory corruption) or privilege escalation. CVE-2016-7911 Dmitry Vyukov reported that a race between ioprio_get() and ioprio_set() system calls could result in a use-after-free, possibly causing a denial of service (crash) or leaking sensitive information. CVE-2016-7915 Benjamin Tissoires found that HID devices could trigger an out-of- bounds memory access in the HID core. A physically present user could possibly use this for denial of service (crash) or to leak sensitive information. CVE-2016-8399 Qidan He reported that the IPv4 ping socket implementation did not validate the length of packets to be sent. A user with permisson to use ping sockets could cause an out-of-bounds read, possibly resulting in a denial of service or information leak. However, on Debian systems no users have permission to create ping sockets by default. CVE-2016-8633 Eyal Itkin reported that the IP-over-Firewire driver (firewire-net) did not validate the offset or length in link-layer fragmentation headers. This allowed a remote system connected by Firewire to write to memory after a packet buffer, leading to a denial of service (crash) or remote code execution. CVE-2016-8645 Marco Grassi reported that if a socket filter (BPF program) attached to a TCP socket truncates or removes the TCP header, this could cause a denial of service (crash). This was exploitable by any local user. CVE-2016-8655 Philip Pettersson found that the implementation of packet sockets (AF_PACKET family) had a race condition between enabling a transmit ring buffer and changing the version of buffers used, which could result in a use-after-free. A local user with the CAP_NET_ADMIN capability could exploit this for privilege escalation. CVE-2016-9178 Al Viro found that a failure to read data from user memory might lead to a information leak on the x86 architecture (amd64 or i386). CVE-2016-9555 Andrey Konovalov reported that the SCTP implementation does not validate 'out of the blue' packet chunk lengths early enough. A remote system able could use this to cause a denial of service (crash) or other security impact for systems using SCTP. CVE-2016-9576, CVE-2016-10088 Dmitry Vyukov reported that using splice() with the SCSI generic driver led to kernel memory corruption. Local users with permision to access a SCSI device node could exploit this for privilege escalation. CVE-2016-9756 Dmitry Vyukov reported that KVM for the x86 architecture (amd64 or i386) did not correctly handle the failure of certain instructions that require software emulation on older processors. This could be exploited by guest systems to leak sensitive information or for denial of service (log spam). CVE-2016-9794 Baozeng Ding reported a race condition in the ALSA (sound) subsystem that could result in a use-after-free. Local users with access to a PCM sound device could exploit this for denial of service (crash or memory corruption) or other security impact. For Debian 7 'Wheezy', these problems have been fixed in version 3.2.84-1. This version also includes bug fixes from upstream version 3.2.84 and updates the PREEMPT_RT featureset to version 3.2.84-rt122. Finally, this version adds the option to mitigate security issues in the performance events (perf) subsystem by disabling use by unprivileged users. This can be done by setting sysctl kernel.perf_event_paranoid=3. For Debian 8 'Jessie', these problems have been fixed in version 3.16.39-1 which will be included in the next point release (8.6). We recommend that you upgrade your linux packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-09
    plugin id 96188
    published 2017-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96188
    title Debian DLA-772-1 : linux security update
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-3063-1.NASL
    description The SUSE Linux Enterprise 12 kernel was updated to receive critical security fixes. The following security bugs were fixed : - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012754). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 95660
    published 2016-12-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95660
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3063-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-3039-1.NASL
    description The SUSE Linux Enterprise 12 SP1 kernel was updated to receive various critical security fixes. The following security bugs were fixed : - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012754). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 95606
    published 2016-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95606
    title SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:3039-1)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2017-0004.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - KEYS: Fix short sprintf buffer in /proc/keys show function (David Howells) [Orabug: 25306361] (CVE-2016-7042) - nvme: Limit command retries (Keith Busch) [Orabug: 25374751] - fs/proc/task_mmu.c: fix mm_access mode parameter in pagemap_read (Kenny Keslar) [Orabug: 25374977] - tcp: fix use after free in tcp_xmit_retransmit_queue (Eric Dumazet) [Orabug: 25374364] (CVE-2016-6828) - tunnels: Don't apply GRO to multiple layers of encapsulation. (Jesse Gross) [Orabug: 25036352] (CVE-2016-8666) - i40e: Don't notify client(s) for DCB changes on all VSIs (Neerav Parikh) [Orabug: 25046290] - packet: fix race condition in packet_set_ring (Philip Pettersson) [Orabug: 25231617] (CVE-2016-8655) - netlink: Fix dump skb leak/double free (Herbert Xu) [Orabug: 25231692] (CVE-2016-9806) - ALSA: pcm : Call kill_fasync in stream lock (Takashi Iwai) [Orabug: 25231720] (CVE-2016-9794) - net: avoid signed overflows for SO_[SND|RCV]BUFFORCE (Eric Dumazet) [Orabug: 25231751] (CVE-2016-9793) - rebuild bumping release
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 96517
    published 2017-01-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96517
    title OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0004)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-1842-1.NASL
    description The remote Oracle Linux host is missing a security update for the kernel package(s).
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 102511
    published 2017-08-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102511
    title Oracle Linux 7 : kernel (ELSA-2017-1842-1) (Stack Clash)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-3112-1.NASL
    description This update for the Linux Kernel 3.12.55-52_42 fixes several issues. The following security bugs were fixed : - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012759). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bsc#1012183). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bsc#1003253). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 95802
    published 2016-12-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95802
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3112-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-0386.NASL
    description From Red Hat Security Advisory 2017:0386 : An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to a NULL pointer dereference flaw. It could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS. (CVE-2016-8630, Important) * A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system. (CVE-2016-8655, Important) * A flaw was discovered in the Linux kernel's implementation of VFIO. An attacker issuing an ioctl can create a situation where memory is corrupted and modify memory outside of the expected area. This may overwrite kernel memory and subvert kernel execution. (CVE-2016-9083, Important) * The use of a kzalloc with an integer multiplication allowed an integer overflow condition to be reached in vfio_pci_intrs.c. This combined with CVE-2016-9083 may allow an attacker to craft an attack and use unallocated memory, potentially crashing the machine. (CVE-2016-9084, Moderate) Red Hat would like to thank Philip Pettersson for reporting CVE-2016-8655. Additional Changes : Space precludes documenting all of the bug fixes and enhancements included in this advisory. To see the complete list of bug fixes and enhancements, refer to the following KnowledgeBase article: https://access.redhat.com/articles/2940041 .
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 97506
    published 2017-03-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97506
    title Oracle Linux 7 : kernel (ELSA-2017-0386)
  • NASL family Virtuozzo Local Security Checks
    NASL id VIRTUOZZO_VZLSA-2017-0386.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to a NULL pointer dereference flaw. It could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS. (CVE-2016-8630, Important) * A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system. (CVE-2016-8655, Important) * A flaw was discovered in the Linux kernel's implementation of VFIO. An attacker issuing an ioctl can create a situation where memory is corrupted and modify memory outside of the expected area. This may overwrite kernel memory and subvert kernel execution. (CVE-2016-9083, Important) * The use of a kzalloc with an integer multiplication allowed an integer overflow condition to be reached in vfio_pci_intrs.c. This combined with CVE-2016-9083 may allow an attacker to craft an attack and use unallocated memory, potentially crashing the machine. (CVE-2016-9084, Moderate) Red Hat would like to thank Philip Pettersson for reporting CVE-2016-8655. Additional Changes : Space precludes documenting all of the bug fixes and enhancements included in this advisory. To see the complete list of bug fixes and enhancements, refer to the following KnowledgeBase article: https://access.redhat.com/articles/ 2940041. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 101431
    published 2017-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101431
    title Virtuozzo 7 : kernel / kernel-abi-whitelists / kernel-debug / etc (VZLSA-2017-0386)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-3109-1.NASL
    description This update for the Linux Kernel 3.12.55-52_45 fixes several issues. The following security bugs were fixed : - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012759). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bsc#1012183). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bsc#1003253). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 95799
    published 2016-12-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95799
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3109-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-3049-1.NASL
    description The SUSE Linux Enterprise 12 SP2 kernel was updated to receive critical security fixes. The following security bugs were fixed : - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012754). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 95628
    published 2016-12-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95628
    title SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:3049-1)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2016-0014_LINUX.NASL
    description An update of the linux package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 121658
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121658
    title Photon OS 1.0: Linux PHSA-2016-0014
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3151-2.NASL
    description USN-3151-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 95570
    published 2016-12-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95570
    title Ubuntu 14.04 LTS : linux-lts-xenial vulnerability (USN-3151-2)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3152-1.NASL
    description Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 95573
    published 2016-12-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95573
    title Ubuntu 16.10 : linux vulnerability (USN-3152-1)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2016-347-01.NASL
    description New kernel packages are available for Slackware 14.2 and -current to fix a security issue.
    last seen 2019-02-21
    modified 2018-05-23
    plugin id 95723
    published 2016-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95723
    title Slackware 14.2 / current : kernel (SSA:2016-347-01)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-5CB5B4082D.NASL
    description The 4.8.13 stable kernel update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-05-23
    plugin id 95727
    published 2016-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95727
    title Fedora 24 : kernel (2016-5cb5b4082d)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3151-1.NASL
    description Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 95569
    published 2016-12-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95569
    title Ubuntu 16.04 LTS : linux vulnerability (USN-3151-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-3508.NASL
    description Description of changes: kernel-uek [4.1.12-61.1.25.el7uek] - KEYS: Fix short sprintf buffer in /proc/keys show function (David Howells) [Orabug: 25306361] {CVE-2016-7042} - nvme: Limit command retries (Keith Busch) [Orabug: 25374751] - fs/proc/task_mmu.c: fix mm_access() mode parameter in pagemap_read() (Kenny Keslar) [Orabug: 25374977] - tcp: fix use after free in tcp_xmit_retransmit_queue() (Eric Dumazet) [Orabug: 25374364] {CVE-2016-6828} - tunnels: Don't apply GRO to multiple layers of encapsulation. (Jesse Gross) [Orabug: 25036352] {CVE-2016-8666} - i40e: Don't notify client(s) for DCB changes on all VSIs (Neerav Parikh) [Orabug: 25046290] - packet: fix race condition in packet_set_ring (Philip Pettersson) [Orabug: 25231617] {CVE-2016-8655} - netlink: Fix dump skb leak/double free (Herbert Xu) [Orabug: 25231692] {CVE-2016-9806} - ALSA: pcm : Call kill_fasync() in stream lock (Takashi Iwai) [Orabug: 25231720] {CVE-2016-9794} - net: avoid signed overflows for SO_{SND|RCV}BUFFORCE (Eric Dumazet) [Orabug: 25231751] {CVE-2016-9793}
    last seen 2019-02-21
    modified 2018-05-23
    plugin id 96477
    published 2017-01-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96477
    title Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3508)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-0386.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to a NULL pointer dereference flaw. It could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS. (CVE-2016-8630, Important) * A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system. (CVE-2016-8655, Important) * A flaw was discovered in the Linux kernel's implementation of VFIO. An attacker issuing an ioctl can create a situation where memory is corrupted and modify memory outside of the expected area. This may overwrite kernel memory and subvert kernel execution. (CVE-2016-9083, Important) * The use of a kzalloc with an integer multiplication allowed an integer overflow condition to be reached in vfio_pci_intrs.c. This combined with CVE-2016-9083 may allow an attacker to craft an attack and use unallocated memory, potentially crashing the machine. (CVE-2016-9084, Moderate) Red Hat would like to thank Philip Pettersson for reporting CVE-2016-8655. Additional Changes : Space precludes documenting all of the bug fixes and enhancements included in this advisory. To see the complete list of bug fixes and enhancements, refer to the following KnowledgeBase article: https://access.redhat.com/articles/ 2940041.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 97509
    published 2017-03-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97509
    title RHEL 7 : kernel (RHSA-2017:0386)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-3197-1.NASL
    description This update for the Linux Kernel 3.12.60-52_54 fixes several issues. The following security bugs were fixed : - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012759). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bsc#1012183). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 95989
    published 2016-12-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95989
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3197-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-5AFF4A6BBC.NASL
    description The 4.8.13 stable kernel update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-05-23
    plugin id 95778
    published 2016-12-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95778
    title Fedora 23 : kernel (2016-5aff4a6bbc)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3150-1.NASL
    description Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 95568
    published 2016-12-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95568
    title Ubuntu 12.04 LTS : linux vulnerability (USN-3150-1)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2016-0014.NASL
    description An update of [ openssh , linux ] packages for PhotonOS has been released.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 111848
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111848
    title Photon OS 1.0: Linux / Openssh PHSA-2016-0014 (deprecated)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1426.NASL
    description The openSUSE Leap 42.2 kernel was updated to 4.4.36 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939). - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507). - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517). - CVE-2016-7913: The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure (bnc#1010478). - CVE-2016-7917: The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel did not check whether a batch message's length field is large enough, which allowed local users to obtain sensitive information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by leveraging the CAP_NET_ADMIN capability (bnc#1010444). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831). - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012754). - CVE-2016-8666: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039 (bnc#1001486). - CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux kernel allowed local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a 'state machine confusion bug (bnc#1007197). - CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel misuses the kzalloc function, which allowed local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file (bnc#1007197). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). - CVE-2016-9794: A use-after-free in alsa pcm could lead to crashes or allowed local users to potentially gain privileges (bsc#1013533). The following non-security bugs were fixed : - acpi / pad: do not register acpi_pad driver if running as Xen dom0 (bnc#995278). - Add power key support for PMIcs which are already included in the configs (boo#1012477). Arm64 already has these so no need to patch it. - alsa: hda - Bind with i915 only when Intel graphics is present (bsc#1012767). - alsa: hda - Clear the leftover component assignment at snd_hdac_i915_exit() (bsc#1012767). - alsa: hda - Degrade i915 binding failure message (bsc#1012767). - alsa: hda - Fix yet another i915 pointer leftover in error path (bsc#1012767). - alsa: hda - Gate the mic jack on HP Z1 Gen3 AiO (bsc#1004365). - arm64/efi: Enable runtime call flag checking (bsc#1005745). - arm64/efi: Move to generic {__,}efi_call_virt() (bsc#1005745). - arm64: Refuse to install 4k kernel on 64k system - arm64: Update config files. Disable CONFIG_IPMI_SI_PROBE_DEFAULTS (bsc#1006576) - arm: bcm2835: add CPU node for ARM core (boo#1012094). - arm: bcm2835: Split the DT for peripherals from the DT for the CPU (boo#1012094). - asoc: cht_bsw_rt5645: Enable jack detection (bsc#1010690). - asoc: cht_bsw_rt5645: Fix writing to string literal (bsc#1010690). - asoc: cht_bsw_rt5672: Use HID translation unit (bsc#1010690). - asoc: intel: add function stub when ACPI is not enabled (bsc#1010690). - asoc: Intel: add fw name to common dsp context (bsc#1010690). - asoc: Intel: Add missing 10EC5672 ACPI ID matching for Cherry Trail (bsc#1010690). - asoc: Intel: Add module tags for common match module (bsc#1010690). - asoc: Intel: add NULL test (bsc#1010690). - asoc: Intel: Add quirks for MinnowBoard MAX (bsc#1010690). - asoc: Intel: Add surface3 entry in CHT-RT5645 machine (bsc#1010690). - asoc: Intel: Atom: add 24-bit support for media playback and capture (bsc#1010690). - asoc: Intel: Atom: add deep buffer definitions for atom platforms (bsc#1010690). - asoc: Intel: Atom: add definitions for modem/SSP0 interface (bsc#1010690). - asoc: Intel: Atom: Add quirk for Surface 3 (bsc#1010690). - asoc: Intel: Atom: add support for CHT w/ RT5640 (bsc#1010690). - asoc: Intel: Atom: Add support for HP ElitePad 1000 G2 (bsc#1010690). - asoc: Intel: Atom: add support for RT5642 (bsc#1010690). - asoc: Intel: Atom: add terminate entry for dmi_system_id tables (bsc#1010690). - asoc: Intel: Atom: auto-detection of Baytrail-CR (bsc#1010690). - asoc: Intel: Atom: clean-up compressed DAI definition (bsc#1010690). - asoc: Intel: atom: enable configuration of SSP0 (bsc#1010690). - asoc: Intel: atom: fix 0-day warnings (bsc#1010690). - asoc: Intel: Atom: fix boot warning (bsc#1010690). - asoc: Intel: Atom: Fix message handling during drop stream (bsc#1010690). - asoc: Intel: atom: fix missing breaks that would cause the wrong operation to execute (bsc#1010690). - asoc: Intel: Atom: fix regression on compress DAI (bsc#1010690). - asoc: Intel: Atom: flip logic for gain Switch (bsc#1010690). - asoc: Intel: atom: Make some messages to debug level (bsc#1010690). - asoc: Intel: Atom: move atom driver to common acpi match (bsc#1010690). - asoc: Intel: atom: statify cht_quirk (bsc#1010690). - asoc: Intel: boards: add DEEP_BUFFER support for BYT/CHT/BSW (bsc#1010690). - asoc: Intel: boards: align pin names between byt-rt5640 drivers (bsc#1010690). - asoc: Intel: boards: merge DMI-based quirks in bytcr-rt5640 driver (bsc#1010690). - asoc: Intel: boards: start merging byt-rt5640 drivers (bsc#1010690). - asoc: Intel: bytcr_rt56040: additional routing quirks (bsc#1010690). - asoc: Intel: bytcr-rt5640: add Asus T100TAF quirks (bsc#1010690). - asoc: Intel: bytcr_rt5640: add IN3 map (bsc#1010690). - asoc: Intel: bytcr_rt5640: add MCLK support (bsc#1010690). - asoc: Intel: bytcr_rt5640: Add quirk for Teclast X98 Air 3G tablet (bsc#1010690). - asoc: Intel: bytcr_rt5640: add SSP2_AIF2 routing (bsc#1010690). - asoc: Intel: bytcr_rt5640: change quirk position (bsc#1010690). - asoc: Intel: bytcr_rt5640: default routing and quirks on Baytrail-CR (bsc#1010690). - asoc: Intel: bytcr-rt5640: enable ASRC (bsc#1010690). - asoc: Intel: bytcr_rt5640: enable differential mic quirk (bsc#1010690). - asoc: Intel: bytcr_rt5640: fix dai/clock setup for SSP0 routing (bsc#1010690). - asoc: Intel: bytcr_rt5640: fixup DAI codec_name with HID (bsc#1010690). - asoc: Intel: bytcr_rt5640: log quirks (bsc#1010690). - asoc: Intel: bytcr_rt5640: quirk for Acer Aspire SWS-012 (bsc#1010690). - asoc: Intel: bytcr_rt5640: quirk for mono speaker (bsc#1010690). - asoc: Intel: bytcr_rt5640: set SSP to I2S mode 2ch (bsc#1010690). - asoc: Intel: bytcr_rt5640: use HID translation util (bsc#1010690). - asoc: Intel: cht: fix uninit variable warning (bsc#1010690). - asoc: Intel: common: add translation from HID to codec-name (bsc#1010690). - asoc: Intel: common: filter ACPI devices with _STA return value (bsc#1010690). - asoc: Intel: common: increase the loglevel of 'FW Poll Status' (bsc#1010690). - asoc: Intel: Create independent acpi match module (bsc#1010690). - asoc: intel: Fix sst-dsp dependency on dw stuff (bsc#1010690). - asoc: Intel: Keep building old baytrail machine drivers (bsc#1010690). - asoc: Intel: Load the atom DPCM driver only (bsc#1010690). - asoc: intel: make function stub static (bsc#1010690). - asoc: Intel: Move apci find machine routines (bsc#1010690). - asoc: intel: Replace kthread with work (bsc#1010690). - asoc: Intel: Skylake: Always acquire runtime pm ref on unload (bsc#1005917). - asoc: Intel: sst: fix sst_memcpy32 wrong with non-4x bytes issue (bsc#1010690). - asoc: rt5640: add ASRC support (bsc#1010690). - asoc: rt5640: add internal clock source support (bsc#1010690). - asoc: rt5640: add master clock handling for rt5640 (bsc#1010690). - asoc: rt5640: add supplys for dac power (bsc#1010690). - asoc: rt5640: remove unused variable (bsc#1010690). - asoc: rt5640: Set PLL src according to source (bsc#1010690). - asoc: rt5645: add DAC1 soft volume func control (bsc#1010690). - asoc: rt5645: Add dmi_system_id 'Google Setzer' (bsc#1010690). - asoc: rt5645: extend delay time for headphone pop noise (bsc#1010690). - asoc: rt5645: fix reg-2f default value (bsc#1010690). - asoc: rt5645: improve headphone pop when system resumes from S3 (bsc#1010690). - asoc: rt5645: improve IRQ reaction time for HS button (bsc#1010690). - asoc: rt5645: merge DMI tables of google projects (bsc#1010690). - asoc: rt5645: patch reg-0x8a (bsc#1010690). - asoc: rt5645: polling jd status in all conditions (bsc#1010690). - asoc: rt5645: Separate regmap for rt5645 and rt5650 (bsc#1010690). - asoc: rt5645: set RT5645_PRIV_INDEX as volatile (bsc#1010690). - asoc: rt5645: use polling to support HS button (bsc#1010690). - asoc: rt5645: Use the mod_delayed_work instead of the queue_delayed_work and cancel_delayed_work_sync (bsc#1010690). - asoc: rt5670: Add missing 10EC5072 ACPI ID (bsc#1010690). - asoc: rt5670: Enable Braswell platform workaround for Dell Wyse 3040 (bsc#1010690). - asoc: rt5670: fix HP Playback Volume control (bsc#1010690). - asoc: rt5670: patch reg-0x8a (bsc#1010690). - blacklist.conf: Remove intel_pstate potential patch that SLE 12 SP2 The code layout upstream that motivated this patch is completely different to what is in SLE 12 SP2 as schedutil was not backported. - bna: Add synchronization for tx ring (bsc#993739). - btrfs: allocate root item at snapshot ioctl time (bsc#1012452). - btrfs: better packing of btrfs_delayed_extent_op (bsc#1012452). - btrfs: Check metadata redundancy on balance (bsc#1012452). - btrfs: clean up an error code in btrfs_init_space_info() (bsc#1012452). - btrfs: cleanup, stop casting for extent_map->lookup everywhere (bsc#1012452). - btrfs: cleanup, use enum values for btrfs_path reada (bsc#1012452). - btrfs: deal with duplicates during extent_map insertion in btrfs_get_extent (bsc#1001171). - btrfs: deal with existing encompassing extent map in btrfs_get_extent() (bsc#1001171). - btrfs: do an allocation earlier during snapshot creation (bsc#1012452). - btrfs: do not create or leak aliased root while cleaning up orphans (bsc#994881). - btrfs: do not leave dangling dentry if symlink creation failed (bsc#1012452). - btrfs: do not use slab cache for struct btrfs_delalloc_work (bsc#1012452). - btrfs: drop duplicate prefix from scrub workqueues (bsc#1012452). - btrfs: drop unused parameter from lock_extent_bits (bsc#1012452). - btrfs: Enhance chunk validation check (bsc#1012452). - btrfs: Enhance super validation check (bsc#1012452). - btrfs: Ensure proper sector alignment for btrfs_free_reserved_data_space (bsc#1005666). - btrfs: Expoert and move leaf/subtree qgroup helpers to qgroup.c (bsc983087, bsc986255). - btrfs: fix incremental send failure caused by balance (bsc#985850). - btrfs: fix locking bugs when defragging leaves (bsc#1012452). - btrfs: fix memory leaks after transaction is aborted (bsc#1012452). - btrfs: fix output of compression message in btrfs_parse_options() (bsc#1012452). - btrfs: fix race between free space endio workers and space cache writeout (bsc#1012452). - btrfs: fix races on root_log_ctx lists (bsc#1007653). - btrfs: fix race when finishing dev replace leading to transaction abort (bsc#1012452). - btrfs: fix relocation incorrectly dropping data references (bsc#990384). - btrfs: fix typo in log message when starting a balance (bsc#1012452). - btrfs: fix unprotected list operations at btrfs_write_dirty_block_groups (bsc#1012452). - btrfs: handle quota reserve failure properly (bsc#1005666). - btrfs: make btrfs_close_one_device static (bsc#1012452). - btrfs: make clear_extent_bit helpers static inline (bsc#1012452). - btrfs: make clear_extent_buffer_uptodate return void (bsc#1012452). - btrfs: make end_extent_writepage return void (bsc#1012452). - btrfs: make extent_clear_unlock_delalloc return void (bsc#1012452). - btrfs: make extent_range_clear_dirty_for_io return void (bsc#1012452). - btrfs: make extent_range_redirty_for_io return void (bsc#1012452). - btrfs: make lock_extent static inline (bsc#1012452). - btrfs: make set_extent_bit helpers static inline (bsc#1012452). - btrfs: make set_extent_buffer_uptodate return void (bsc#1012452). - btrfs: make set_range_writeback return void (bsc#1012452). - btrfs: preallocate path for snapshot creation at ioctl time (bsc#1012452). - btrfs: put delayed item hook into inode (bsc#1012452). - btrfs: qgroup: Add comments explaining how btrfs qgroup works (bsc983087, bsc986255). - btrfs: qgroup: Fix qgroup data leaking by using subtree tracing (bsc983087, bsc986255). - btrfs: qgroup: Rename functions to make it follow reserve, trace, account steps (bsc983087, bsc986255). - btrfs: remove a trivial helper btrfs_set_buffer_uptodate (bsc#1012452). - btrfs: remove root_log_ctx from ctx list before btrfs_sync_log returns (bsc#1007653). - btrfs: remove unused inode argument from uncompress_inline() (bsc#1012452). - btrfs: remove wait from struct btrfs_delalloc_work (bsc#1012452). - btrfs: send, do not bug on inconsistent snapshots (bsc#985850). - btrfs: sink parameter wait to btrfs_alloc_delalloc_work (bsc#1012452). - btrfs: Support convert to -d dup for btrfs-convert (bsc#1012452). - btrfs: Update patches.suse/btrfs-8401-fix-qgroup-accounting-when-creat ing-snap.patch (bsc#972993). - btrfs: use GFP_KERNEL for allocations in ioctl handlers (bsc#1012452). - btrfs: use GFP_KERNEL for allocations of workqueues (bsc#1012452). - btrfs: use GFP_KERNEL for xattr and acl allocations (bsc#1012452). - btrfs: use smaller type for btrfs_path locks (bsc#1012452). - btrfs: use smaller type for btrfs_path lowest_level (bsc#1012452). - btrfs: use smaller type for btrfs_path reada (bsc#1012452). - btrfs: verbose error when we find an unexpected item in sys_array (bsc#1012452). - config: i2c: Enable CONFIG_I2C_DESIGNWARE_PLATFORM and *_BAYTRAIL (bsc#1010690) Realtek codecs on CHT platform require this i2c bus driver. - config: select new CONFIG_SND_SOC_INTEL_SST_* helpers - config: Update config files. (boo#1012094) - config: Update config files (bsc#1009454) Do not set CONFIG_EFI_SECURE_BOOT_SECURELEVEL in x86_64/default and x86_64/debug. We do not need to set CONFIG_EFI_SECURE_BOOT_SECURELEVEL in openSUSE kernel because openSUSE does not enable kernel module signature check (bsc#843661). Without kernel module signature check, the root account is allowed to load arbitrary kernel module to kernel space. Then lock functions by securelevel is pointless. - cxgbi: fix uninitialized flowi6 (bsc#963904 FATE#320115). - Delete patches.fixes/Add-a-missed-complete-in-iscsit_close_conn ection.patch. remove patch Add-a-missed-complete-in-iscsit_close_connection.patch add bsc#997807 bsc#992555 in patch-4.4.27-28 references - dell-laptop: Fixate rfkill work on CPU#0 (bsc#1004052). - dell-wmi: Check if Dell WMI descriptor structure is valid (bsc#1004052). - dell-wmi: Clean up hotkey table size check (bsc#1004052). - dell-wmi: Ignore WMI event code 0xe045 (bsc#1004052). - dell-wmi: Improve unknown hotkey handling (bsc#1004052). - dell-wmi: Process only one event on devices with interface version 0 (bsc#1004052). - dell-wmi: Stop storing pointers to DMI tables (bsc#1004052). - dell-wmi: Support new hotkeys on the XPS 13 9350 (Skylake) (bsc#1004052). - dell_wmi: Use a C99-style array for bios_to_linux_keycode (bsc#1004052). - drm/i915: Add missing ring_mask to Pineview (bsc#1005917). - drm/i915: Calculate watermark related members in the crtc_state, v4 (bsc#1011176). - drm/i915/ivb: Move WaCxSRDisabledForSpriteScaling w/a to atomic check (bsc#1011176). - drm/i915: Move disable_cxsr to the crtc_state (bsc#1011176). - drm/mgag200: fix error return code in mgag200fb_create() (bsc#1005917). - drm/radeon: Also call cursor_move_locked when the cursor size changes (bsc#1000433). - drm/radeon: Always store CRTC relative radeon_crtc->cursor_x/y values (bsc#1000433). - drm/radeon: Ensure vblank interrupt is enabled on DPMS transition to on (bsc#998054) - drm/radeon: Hide the HW cursor while it's out of bounds (bsc#1000433). - drm/radeon: Switch to drm_vblank_on/off (bsc#998054). - Drop kernel-obs-qa-xen unconditionally (bsc#1010040) The IBS cannot build it, even if there is a xen-capable kernel-obs-build. - edac/mce_amd: Add missing SMCA error descriptions (fate#320474, bsc#1013700). - edac/mce_amd: Use SMCA prefix for error descriptions arrays (fate#320474, bsc#1013700). - efi/runtime-wrappers: Add {__,}efi_call_virt() templates (bsc#1005745). - efi/runtime-wrappers: Detect firmware IRQ flag corruption (bsc#1005745). - efi/runtime-wrappers: Remove redundant #ifdefs (bsc#1005745). - ext4: fix data exposure after a crash (bsc#1012829). - fs, block: force direct-I/O for dax-enabled block devices (bsc#1012992). - fs/cifs: cifs_get_root shouldn't use path with tree name (bsc#963655, bsc#979681). - fs/cifs: Compare prepaths when comparing superblocks (bsc#799133). - fs/cifs: Fix memory leaks in cifs_do_mount() (bsc#799133). - fs/cifs: Move check for prefix path to within cifs_get_root() (bsc#799133). - fuse: Fixup buggy conflict resolution in patches.fixes/fuse-Propagate-dentry-down-to-inode_change _ok.patch. - genirq: Add untracked irq handler (bsc#1006827). - genirq: Use a common macro to go through the actions list (bsc#1006827). - gre: Disable segmentation offloads w/ CSUM and we are encapsulated via FOU (bsc#1001486). - gro: Allow tunnel stacking in the case of FOU/GUE (bsc#1001486). - hpsa: fallback to use legacy REPORT PHYS command (bsc#1006175). - hpsa: use bus '3' for legacy HBA devices (bsc#1010665). - hpsa: use correct DID_NO_CONNECT hostbyte (bsc#1010665). - hv: do not lose pending heartbeat vmbus packets (bnc#1006918). - i2c: designware-baytrail: Work around Cherry Trail semaphore errors (bsc#1011913). - i2c: xgene: Avoid dma_buffer overrun (bsc#1006576). - i40e: fix an uninitialized variable bug (bsc#969476 FATE#319648). - i40e: fix broken i40e_config_rss_aq function (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - i40e: Remove redundant memset (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - i810: Enable Intel i810 audio driver used in OpenQA VMs. - Import kabi files for x86_64/default from 4.4.27-2.1 - iommu/arm-smmu: Add support for 16 bit VMID (fate#319978). - iommu/arm-smmu: Workaround for ThunderX erratum #27704 (fate#319978). - ipmi_si: create hardware-independent softdep for ipmi_devintf (bsc#1009062). - kABI: protect struct mmc_packed (kabi). - kABI: protect struct mmc_packed (kabi). - kABI: reintroduce sk_filter (kabi). - kABI: reintroduce strtobool (kabi). - kABI: reintroduce strtobool (kabi). - kABI: restore ip_cmsg_recv_offset parameters (kabi). - kabi/severities: Ignore kABI for asoc Intel SST drivers (bsc#1010690) These drivers are self-contained, not for 3rd party drivers. - kernel-module-subpackage: Properly quote flavor in expressions That fixes a parse error if the flavor starts with a digit or contains other non-alphabetic characters. - kgr: ignore zombie tasks during the patching (bnc#1008979). - md/raid1: fix: IO can block resync indefinitely (bsc#1001310). - mm: do not use radix tree writeback tags for pages in swap cache (bnc#971975 VM performance -- swap). - mm/filemap: generic_file_read_iter(): check for zero reads unconditionally (bnc#1007955). - mm/mprotect.c: do not touch single threaded PTEs which are on the right node (bnc#971975 VM performance -- numa balancing). - net/mlx5: Add ConnectX-5 PCIe 4.0 to list of supported devices (bsc#1006809). - net: sctp, forbid negative length (bnc#1005921). - netvsc: fix incorrect receive checksum offloading (bnc#1006915). - overlayfs: allow writing on read-only btrfs subvolumes (bsc#1010158) - pci/ACPI: Allow all PCIe services on non-ACPI host bridges (bsc#1006827). - pci: Allow additional bus numbers for hotplug bridges (bsc#1006827). - pci: correctly cast mem_base in pci_read_bridge_mmio_pref() (bsc#1001888). - pci: pciehp: Allow exclusive userspace control of indicators (bsc#1006827). - pci: Remove return values from pcie_port_platform_notify() and relatives (bsc#1006827). - perf/x86: Add perf support for AMD family-17h processors (fate#320473). - powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec (bsc#1003813). - proc: much faster /proc/vmstat (bnc#971975 VM performance -- vmstat). - qede: Correctly map aggregation replacement pages (bsc#966318 FATE#320158 bsc#966316 FATE#320159). - qed: FLR of active VFs might lead to FW assert (bsc#966318 FATE#320158 bsc#966316 FATE#320159). - Reformat spec files according to the format_spec_file osc helper - Replace patches.kabi/kabi-hide-new-member-recursion_counter-in-s truct-sk_.patch by patches.kabi/kabi-hide-bsc-1001486-changes-in-struct-nap i_gro_cb.patch - Revert 'ACPI / LPSS: allow to use specific PM domain during ->probe()' (bsc#1005917). - Revert 'fix minor infoleak in get_user_ex()' (p.k.o). - REVERT fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681) - Revert 'x86/mm: Expand the exception table logic to allow new handling options' (p.k.o). - rpm/config.sh: Build against SP2 in the OBS as well - rpm/constraints.in: increase disk for kernel-syzkaller The kernel-syzkaller build now consumes around 30G. This causes headache in factory where the package rebuilds over and over. Require 35G disk size to successfully build the flavor. - rpm/kernel-binary.spec.in: Build the -base package unconditionally (bsc#1000118) - rpm/kernel-binary.spec.in: Do not create KMPs with CONFIG_MODULES=n - rpm/kernel-binary.spec.in: Only build -base and -extra with CONFIG_MODULES (bsc#1000118) - rpm/kernel-binary.spec.in: Simplify debug info switch Any CONFIG_DEBUG_INFO sub-options are answered in the configs nowadays. - rpm/kernel-spec-macros: Ignore too high rebuild counter (bsc#1012060) - rpm/mkspec: Read a default release string from rpm/config.sh (bsc997059) - rpm/package-descriptions: Add 64kb kernel flavor description - rpm/package-descriptions: add kernel-syzkaller - rpm/package-descriptions: pv has been merged into -default (fate#315712) - rpm/package-descriptions: the flavor is 64kb, not 64k - sched/core: Optimize __schedule() (bnc#978907 Scheduler performance -- context switch). - sched/fair: Optimize find_idlest_cpu() when there is no choice (bnc#978907 Scheduler performance -- idle search). - supported.conf: Add overlay.ko to -base (fate#321903) Also, delete the stale entry for the old overlayfs. - supported.conf: Mark vmx-crypto as supported (fate#319564) - tg3: Avoid NULL pointer dereference in tg3_io_error_detected() (bsc#963609 FATE#320143). - usbhid: add ATEN CS962 to list of quirky devices (bsc#1007615). - Whitelist KVM KABI changes resulting from adding a hcall. caused by 5246adec59458b5d325b8e1462ea9ef3ead7f6ae powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec No problem is expected as result of changing KVM KABI so whitelisting for now. If we get some additional input from IBM we can back out the patch. - writeback: initialize inode members that track writeback history (bsc#1012829). - x86/apic: Order irq_enter/exit() calls correctly vs. ack_APIC_irq() (bsc#1013479). - x86/efi: Enable runtime call flag checking (bsc#1005745). - x86/efi: Move to generic {__,}efi_call_virt() (bsc#1005745). - x86/mce/AMD, EDAC/mce_amd: Define and use tables for known SMCA IP types (fate#320474, bsc#1013700). Exclude removed symbols from kABI check. They're AMD Zen relevant only and completely useless to other modules - only edac_mce_amd.ko. - x86/mce/AMD: Increase size of the bank_map type (fate#320474, bsc#1013700). - x86/mce/AMD: Read MSRs on the CPU allocating the threshold blocks (fate#320474, bsc#1013700). - x86/mce/AMD: Update sysfs bank names for SMCA systems (fate#320474, bsc#1013700). - x86/mce/AMD: Use msr_ops.misc() in allocate_threshold_blocks() (fate#320474, bsc#1013700). - x86/PCI: VMD: Attach VMD resources to parent domain's resource tree (bsc#1006827). - x86/PCI: VMD: Document code for maintainability (bsc#1006827). - x86/PCI: VMD: Fix infinite loop executing irq's (bsc#1006827). - x86/PCI: VMD: Initialize list item in IRQ disable (bsc#1006827). - x86/PCI: VMD: Request userspace control of PCIe hotplug indicators (bsc#1006827). - x86/PCI: VMD: Select device dma ops to override (bsc#1006827). - x86/PCI: VMD: Separate MSI and MSI-X vector sharing (bsc#1006827). - x86/PCI: VMD: Set bus resource start to 0 (bsc#1006827). - x86/PCI: VMD: Use lock save/restore in interrupt enable path (bsc#1006827). - x86/PCI/VMD: Use untracked irq handler (bsc#1006827). - x86/PCI: VMD: Use x86_vector_domain as parent domain (bsc#1006827). - xen/gntdev: Use VM_MIXEDMAP instead of VM_IO to avoid NUMA balancing (bnc#1005169). - zram: Fix unbalanced idr management at hot removal (bsc#1010970).
    last seen 2019-02-21
    modified 2018-05-23
    plugin id 95701
    published 2016-12-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95701
    title openSUSE Security Update : the Linux Kernel (openSUSE-2016-1426)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1428.NASL
    description The openSUSE Leap 42.1 kernel was updated to 4.1.36 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012754). - CVE-2016-9794: A use-after-free in ALSA pcm could lead to crashes or allowed local users to potentially gain privileges (bsc#1013533). - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501). - CVE-2016-9178: The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel did not initialize a certain integer variable, which allowed local users to obtain sensitive information from kernel stack memory by triggering failure of a get_user_ex call (bnc#1008650). - CVE-2016-7913: The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure (bnc#1010478). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). - CVE-2015-8963: Race condition in kernel/events/core.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation (bnc#1010502). - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507). - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the Linux kernel allowed local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data (bnc#1010150). - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel in certain unusual hardware configurations, allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833). - CVE-2016-8630: The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel, when KVM is enabled, allowed local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction (bnc#1009222). - CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux kernel allowed local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a 'state machine confusion bug (bnc#1007197). - CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel misuses the kzalloc function, which allowed local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file (bnc#1007197). - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517). - CVE-2016-7097: The filesystem implementation in the Linux kernel preserves the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bnc#995968). - CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925). The following non-security bugs were fixed : - ata: ahci_xgene: dereferencing uninitialized pointer in probe (bsc#1006580). - blacklist.conf: add some commits (bsc#1006580) - bna: Add synchronization for tx ring (bsc#993739). - bonding: set carrier off for devices created through netlink (bsc#999577). - btrfs: deal with duplicates during extent_map insertion in btrfs_get_extent (bsc#1001171). - btrfs: deal with existing encompassing extent map in btrfs_get_extent() (bsc#1001171). - btrfs: fix extent tree corruption due to relocation (bsc#990384). - btrfs: fix races on root_log_ctx lists (bsc#1007653). - ext4: fix data exposure after a crash (bsc#1012876). - ext4: fix reference counting bug on block allocation error (bsc#1012876). - gre: Disable segmentation offloads w/ CSUM and we are encapsulated via FOU (bsc#1001486). - gro: Allow tunnel stacking in the case of FOU/GUE (bsc#1001486). - ipv6: send NEWLINK on RA managed/otherconf changes (bsc#934067). - ipv6: send only one NEWLINK when RA causes changes (bsc#934067). - isofs: Do not return EACCES for unknown filesystems (bsc#1012876). - jbd2: fix checkpoint list cleanup (bsc#1012876). - jbd2: Fix unreclaimed pages after truncate in data=journal mode (bsc#1010909). - locking/static_key: Fix concurrent static_key_slow_inc() (bsc#1006580). - mmc: Fix kabi breakage of mmc-block in 4.1.36 (stable-4.1.36). - posix_acl: Added fix for f2fs. - Revert 'kbuild: add -fno-PIE' (stable-4.1.36). - Revert 'x86/mm: Expand the exception table logic to allow new handling options' (stable-4.1.36). - tunnels: Remove encapsulation offloads on decap (bsc#1001486). - usbhid: add ATEN CS962 to list of quirky devices (bsc#1007615). - vmxnet3: Wake queue from reset work (bsc#999907).
    last seen 2019-02-21
    modified 2018-05-23
    plugin id 95702
    published 2016-12-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95702
    title openSUSE Security Update : the Linux Kernel (openSUSE-2016-1428)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20170302_KERNEL_ON_SL7_X.NASL
    description Security Fix(es) : - Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to a NULL pointer dereference flaw. It could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS. (CVE-2016-8630, Important) - A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system. (CVE-2016-8655, Important) - A flaw was discovered in the Linux kernel's implementation of VFIO. An attacker issuing an ioctl can create a situation where memory is corrupted and modify memory outside of the expected area. This may overwrite kernel memory and subvert kernel execution. (CVE-2016-9083, Important) - The use of a kzalloc with an integer multiplication allowed an integer overflow condition to be reached in vfio_pci_intrs.c. This combined with CVE-2016-9083 may allow an attacker to craft an attack and use unallocated memory, potentially crashing the machine. (CVE-2016-9084, Moderate)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 97516
    published 2017-03-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97516
    title Scientific Linux Security Update : kernel on SL7.x x86_64
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3149-1.NASL
    description Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 95566
    published 2016-12-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95566
    title Ubuntu 14.04 LTS : linux vulnerability (USN-3149-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3151-3.NASL
    description Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 95571
    published 2016-12-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95571
    title Ubuntu 16.04 LTS : linux-snapdragon vulnerability (USN-3151-3)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-3111-1.NASL
    description This update for the Linux Kernel 3.12.51-52_31 fixes several issues. The following security bugs were fixed : - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012759). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bsc#1012183). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bsc#1003253). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 95801
    published 2016-12-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95801
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3111-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-0402.NASL
    description An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system. (CVE-2016-8655, Important) Red Hat would like to thank Philip Pettersson for reporting this issue. Enhancement(s) : * Previously, the Broadcom bnx2x driver in the MRG kernel-rt used an incorrect PTP Hardware Clock (PHC) timer divisor value, which broke Precision Time Protocol (PTP) timestamping due to an unstable clock. This update corrects the divisor value, and the PTP timestamping is now accurate, with monotonically increasing timestamp values. (BZ#1411139)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 97513
    published 2017-03-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97513
    title RHEL 6 : MRG (RHSA-2017:0402)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2017-0057.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0057 for details.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 99163
    published 2017-04-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99163
    title OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2017-0386.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to a NULL pointer dereference flaw. It could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS. (CVE-2016-8630, Important) * A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system. (CVE-2016-8655, Important) * A flaw was discovered in the Linux kernel's implementation of VFIO. An attacker issuing an ioctl can create a situation where memory is corrupted and modify memory outside of the expected area. This may overwrite kernel memory and subvert kernel execution. (CVE-2016-9083, Important) * The use of a kzalloc with an integer multiplication allowed an integer overflow condition to be reached in vfio_pci_intrs.c. This combined with CVE-2016-9083 may allow an attacker to craft an attack and use unallocated memory, potentially crashing the machine. (CVE-2016-9084, Moderate) Red Hat would like to thank Philip Pettersson for reporting CVE-2016-8655. Additional Changes : Space precludes documenting all of the bug fixes and enhancements included in this advisory. To see the complete list of bug fixes and enhancements, refer to the following KnowledgeBase article: https://access.redhat.com/articles/ 2940041.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 97558
    published 2017-03-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97558
    title CentOS 7 : kernel (CESA-2017:0386)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-3247-1.NASL
    description This update for the Linux Kernel 3.12.60-52_57 fixes several issues. The following security bugs were fixed : - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012759). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bsc#1012183). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 96088
    published 2016-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96088
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3247-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3151-4.NASL
    description Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 95572
    published 2016-12-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95572
    title Ubuntu 16.04 LTS : linux-raspi2 vulnerability (USN-3151-4)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-3119-1.NASL
    description This update for the Linux Kernel 3.12.51-52_39 fixes several issues. The following security bugs were fixed : - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012759). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bsc#1012183). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bsc#1003253). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 95805
    published 2016-12-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95805
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3119-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-0387.NASL
    description An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to a NULL pointer dereference flaw. It could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS. (CVE-2016-8630, Important) * A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system. (CVE-2016-8655, Important) * A flaw was discovered in the Linux kernel's implementation of VFIO. An attacker issuing an ioctl can create a situation where memory is corrupted and modify memory outside of the expected area. This may overwrite kernel memory and subvert kernel execution. (CVE-2016-9083, Important) * The use of a kzalloc with an integer multiplication allowed an integer overflow condition to be reached in vfio_pci_intrs.c. This combined with CVE-2016-9083 may allow an attacker to craft an attack and use unallocated memory, potentially crashing the machine. (CVE-2016-9084, Moderate) Red Hat would like to thank Philip Pettersson for reporting CVE-2016-8655. Bug Fix(es) : * Previously, the asynchronous page fault woke code references spinlocks, which were actually sleeping locks in the RT kernel. Because of this, when the code was executed from the exception context, a bug warning appeared on the console. With this update, the regular wait queue and spinlock code in this area has been modified to use simple-wait-queue and raw-spinlocks. This code change enables the asynchronous page fault code to run in a non-preemptable state without bug warnings. (BZ#1418035)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 97510
    published 2017-03-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97510
    title RHEL 7 : kernel-rt (RHSA-2017:0387)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3152-2.NASL
    description Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 95574
    published 2016-12-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95574
    title Ubuntu 16.10 : linux-raspi2 vulnerabilities (USN-3152-2)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-3113-1.NASL
    description This update for the Linux Kernel 3.12.60-52_49 fixes several issues. The following security bugs were fixed : - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012759). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bsc#1012183). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 95803
    published 2016-12-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95803
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3113-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-107F03CC00.NASL
    description The 4.8.13 stable kernel update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-05-23
    plugin id 95726
    published 2016-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95726
    title Fedora 25 : kernel (2016-107f03cc00)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2016-772.NASL
    description CVE-2016-8645 kernel: a BUG() statement can be hit in net/ipv4/tcp_input.c It was discovered that the Linux kernel since 3.6-rc1 with net.ipv4.tcp_fastopen; set to 1 can hit BUG() statement in tcp_collapse() function after making a number of certain syscalls leading to a possible system crash. CVE-2016-8655 kernel: Race condition in packet_set_ring leads to use after free A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system. CVE-2016-9083 kernel: State machine confusion bug in vfio driver leading to memory corruption A flaw was discovered in the Linux kernel's implementation of VFIO. An attacker issuing an ioctl can create a situation where memory is corrupted and modify memory outside of the expected area. This may overwrite kernel memory and subvert kernel execution. CVE-2016-9084 kernel: Integer overflow when using kzalloc in vfio driver The use of a kzalloc with an integer multiplication allowed an integer overflow condition to be reached in vfio_pci_intrs.c. This combined with CVE-2016-9083 may allow an attacker to craft an attack and use unallocated memory, potentially crashing the machine.
    last seen 2019-02-21
    modified 2018-05-23
    plugin id 95609
    published 2016-12-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95609
    title Amazon Linux AMI : kernel (ALAS-2016-772)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3149-2.NASL
    description USN-3149-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 95567
    published 2016-12-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95567
    title Ubuntu 12.04 LTS : linux-lts-trusty vulnerability (USN-3149-2)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-3249-1.NASL
    description This update for the Linux Kernel 3.12.51-52_34 fixes several issues. The following security bugs were fixed : - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012759). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bsc#1012183). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bsc#1003253). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 96134
    published 2016-12-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96134
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3249-1)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2017-0005.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - net: avoid signed overflows for SO_[SND|RCV]BUFFORCE (Eric Dumazet) [Orabug: 25203623] (CVE-2016-9793) - nvme: Limit command retries (Ashok Vairavan) [Orabug: 25374794] - tcp: fix use after free in tcp_xmit_retransmit_queue (Eric Dumazet) [Orabug: 25374371] (CVE-2016-6828) - logging errors that get masked to EIO inside drivers/block/loop.c (Manjunath Patil) [Orabug: 22505535] - ALSA: pcm : Call kill_fasync in stream lock (Takashi Iwai) [Orabug: 25203963] (CVE-2016-9794) - packet: fix race condition in packet_set_ring (Philip Pettersson) [Orabug: 25217756] (CVE-2016-8655) - x86: kvmclock: zero initialize pvclock shared memory area (Igor Mammedov) [Orabug: 25218431] - KEYS: Fix short sprintf buffer in /proc/keys show function (David Howells) [Orabug: 25306373] (CVE-2016-7042)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 96518
    published 2017-01-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96518
    title OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0005)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-3509.NASL
    description Description of changes: kernel-uek [3.8.13-118.16.2.el7uek] - net: avoid signed overflows for SO_{SND|RCV}BUFFORCE (Eric Dumazet) [Orabug: 25203623] {CVE-2016-9793} [3.8.13-118.16.1.el7uek] - nvme: Limit command retries (Ashok Vairavan) [Orabug: 25374794] - tcp: fix use after free in tcp_xmit_retransmit_queue() (Eric Dumazet) [Orabug: 25374371] {CVE-2016-6828} - logging errors that get masked to EIO inside drivers/block/loop.c (Manjunath Patil) [Orabug: 22505535] - ALSA: pcm : Call kill_fasync() in stream lock (Takashi Iwai) [Orabug: 25203963] {CVE-2016-9794} - packet: fix race condition in packet_set_ring (Philip Pettersson) [Orabug: 25217756] {CVE-2016-8655} - x86: kvmclock: zero initialize pvclock shared memory area (Igor Mammedov) [Orabug: 25218431] - KEYS: Fix short sprintf buffer in /proc/keys show function (David Howells) [Orabug: 25306373] {CVE-2016-7042}
    last seen 2019-02-21
    modified 2018-05-23
    plugin id 96478
    published 2017-01-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96478
    title Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3509)
packetstorm via4
data source https://packetstormsecurity.com/files/download/147727/af_packet_chocobo_root_priv_esc.rb.txt
id PACKETSTORM:147727
last seen 2018-05-22
published 2018-05-22
reporter rebel
source https://packetstormsecurity.com/files/147727/AF_PACKET-chocobo_root-Privilege-Escalation.html
title AF_PACKET chocobo_root Privilege Escalation
redhat via4
advisories
  • rhsa
    id RHSA-2017:0386
  • rhsa
    id RHSA-2017:0387
  • rhsa
    id RHSA-2017:0402
rpms
  • kernel-0:3.10.0-514.10.2.el7
  • kernel-abi-whitelists-0:3.10.0-514.10.2.el7
  • kernel-bootwrapper-0:3.10.0-514.10.2.el7
  • kernel-debug-0:3.10.0-514.10.2.el7
  • kernel-debug-devel-0:3.10.0-514.10.2.el7
  • kernel-devel-0:3.10.0-514.10.2.el7
  • kernel-doc-0:3.10.0-514.10.2.el7
  • kernel-headers-0:3.10.0-514.10.2.el7
  • kernel-kdump-0:3.10.0-514.10.2.el7
  • kernel-kdump-devel-0:3.10.0-514.10.2.el7
  • kernel-tools-0:3.10.0-514.10.2.el7
  • kernel-tools-libs-0:3.10.0-514.10.2.el7
  • kernel-tools-libs-devel-0:3.10.0-514.10.2.el7
  • perf-0:3.10.0-514.10.2.el7
  • python-perf-0:3.10.0-514.10.2.el7
  • kernel-rt-0:3.10.0-514.10.2.rt56.435.el7
  • kernel-rt-debug-0:3.10.0-514.10.2.rt56.435.el7
  • kernel-rt-debug-devel-0:3.10.0-514.10.2.rt56.435.el7
  • kernel-rt-debug-kvm-0:3.10.0-514.10.2.rt56.435.el7
  • kernel-rt-devel-0:3.10.0-514.10.2.rt56.435.el7
  • kernel-rt-doc-0:3.10.0-514.10.2.rt56.435.el7
  • kernel-rt-kvm-0:3.10.0-514.10.2.rt56.435.el7
  • kernel-rt-trace-0:3.10.0-514.10.2.rt56.435.el7
  • kernel-rt-trace-devel-0:3.10.0-514.10.2.rt56.435.el7
  • kernel-rt-trace-kvm-0:3.10.0-514.10.2.rt56.435.el7
refmap via4
bid 94692
confirm
exploit-db
  • 40871
  • 44696
misc http://packetstormsecurity.com/files/140063/Linux-Kernel-4.4.0-AF_PACKET-Race-Condition-Privilege-Escalation.html
mlist [oss-security] 20161206 CVE-2016-8655 Linux af_packet.c race condition (local root)
sectrack
  • 1037403
  • 1037968
suse
  • SUSE-SU-2016:3096
  • SUSE-SU-2016:3113
  • SUSE-SU-2016:3116
  • SUSE-SU-2016:3117
  • SUSE-SU-2016:3169
  • SUSE-SU-2016:3183
  • SUSE-SU-2016:3197
  • SUSE-SU-2016:3205
  • SUSE-SU-2016:3206
  • SUSE-SU-2016:3247
ubuntu
  • USN-3149-1
  • USN-3149-2
  • USN-3150-1
  • USN-3150-2
  • USN-3151-1
  • USN-3151-2
  • USN-3151-3
  • USN-3151-4
  • USN-3152-1
  • USN-3152-2
the hacker news via4
Last major update 07-03-2017 - 21:59
Published 08-12-2016 - 03:59
Last modified 24-05-2018 - 21:29
Back to Top