- Home
- CVEs with nessus.description==An+update+for+kernel-rt+is+now+available+for+Red+Hat+Enterprise+MRG+2.%0A%0ARed+Hat+Product+Security+has+rated+this+update+as+having+a+security+impact+of+Important.+A+Common+Vulnerability+Scoring+System+%28CVSS%29+base+score%2C+which+gives+a+detailed+severity+rating%2C+is+available+for+each+vulnerability+from+the+CVE+link%28s%29+in+the+References+section.%0A%0AThe+kernel-rt+packages+provide+the+Real+Time+Linux+Kernel%2C+which+enables+fine-tuning+for+systems+with+extremely+high+determinism+requirements.%0A%0ASecurity+Fix%28es%29+%3A%0A%0A%2A+A+use-after-free+flaw+was+found+in+the+Linux+kernel+which+enables+a+race+condition+in+the+L2TPv3+IP+Encapsulation+feature.+A+local+user+could+use+this+flaw+to+escalate+their+privileges+or+crash+the+system.%0A%28CVE-2016-10200%2C+Important%29%0A%0A%2A+A+flaw+was+found+that+can+be+triggered+in+keyring_search_iterator+in+keyring.c+if+type-%3Ematch+is+NULL.+A+local+user+could+use+this+flaw+to+crash+the+system+or%2C+potentially%2C+escalate+their+privileges.%0A%28CVE-2017-2647%2C+Important%29%0A%0A%2A+The+lrw_crypt%28%29+function+in+%27crypto%2Flrw.c%27+in+the+Linux+kernel+before+4.5+allows+local+users+to+cause+a+system+crash+and+a+denial+of+service+by+the+NULL+pointer+dereference+via+accept%282%29+system+call+for+AF_ALG+socket+without+calling+setkey%28%29+first+to+set+a+cipher+key.%0A%28CVE-2015-8970%2C+Moderate%29%0A%0ARed+Hat+would+like+to+thank+Igor+Redko+%28Virtuozzo%29+and+Andrey+Ryabinin+%28Virtuozzo%29+for+reporting+CVE-2017-2647+and+Igor+Redko+%28Virtuozzo%29+and+Vasily+Averin+%28Virtuozzo%29+for+reporting+CVE-2015-8970.%0A%0ABug+Fix%28es%29+%3A%0A%0A%2A+Writing+model-specific+register+%28MSR%29+registers+during+intel_idle+initialization+could+previously+cause+exceptions.+Consequently%2C+a+kernel+panic+occurred+during+this+initialization.+The+function+call+to+write+to+the+MSR+with+exception+handling+was+modified+to+use+wrmsrl_safe%28%29+instead+of+wrmsrl%28%29.+In+this+scenario%2C+the+kernel+no+longer+panics.+%28BZ%231447438%29%0A%0A%2A+The+ixgbe+driver+was+using+incorrect+bitwise+operations+on+received+PTP+flags.+Consequently%2C+systems+that+were+using+the+ixgbe+driver+could+not+synchronize+time+using+PTP.+The+provided+patch+corrected+the+bitwise+operations+on+received+PTP+flags+allowing+these+system+to+correctly+synchronize+time+using+PTP.+%28BZ%231469795%29+%28BZ%231451821%29%0A%0AThe+kernel-rt+packages+have+been+upgraded+to+version+3.10.0-514.rt56.230%2C+which+provides+a+number+of+security+and+bug+fixes+over+the+previous+version.+%28BZ%231463427%29
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top