- Home
- CVEs with nessus.description==From+Red+Hat+Security+Advisory+2014%3A1167+%3A%0A%0AUpdated+kernel+packages+that+fix+multiple+security+issues+and+several+bugs+are+now+available+for+Red+Hat+Enterprise+Linux+6.%0A%0ARed+Hat+Product+Security+has+rated+this+update+as+having+Important+security+impact.+Common+Vulnerability+Scoring+System+%28CVSS%29+base+scores%2C+which+give+detailed+severity+ratings%2C+are+available+for+each+vulnerability+from+the+CVE+links+in+the+References+section.%0A%0AThe+kernel+packages+contain+the+Linux+kernel%2C+the+core+of+any+Linux+operating+system.%0A%0A%2A+A+flaw+was+found+in+the+way+the+Linux+kernel%27s+futex+subsystem+handled+reference+counting+when+requeuing+futexes+during+futex_wait%28%29.%0AA+local%2C+unprivileged+user+could+use+this+flaw+to+zero+out+the+reference+counter+of+an+inode+or+an+mm+struct+that+backs+up+the+memory+area+of+the+futex%2C+which+could+lead+to+a+use-after-free+flaw%2C+resulting+in+a+system+crash+or%2C+potentially%2C+privilege+escalation.%0A%28CVE-2014-0205%2C+Important%29%0A%0A%2A+A+NULL+pointer+dereference+flaw+was+found+in+the+way+the+Linux+kernel%27s+networking+implementation+handled+logging+while+processing+certain+invalid+packets+coming+in+via+a+VxLAN+interface.+A+remote+attacker+could+use+this+flaw+to+crash+the+system+by+sending+a+specially+crafted+packet+to+such+an+interface.+%28CVE-2014-3535%2C+Important%29%0A%0A%2A+An+out-of-bounds+memory+access+flaw+was+found+in+the+Linux+kernel%27s+system+call+auditing+implementation.+On+a+system+with+existing+audit+rules+defined%2C+a+local%2C+unprivileged+user+could+use+this+flaw+to+leak+kernel+memory+to+user+space+or%2C+potentially%2C+crash+the+system.%0A%28CVE-2014-3917%2C+Moderate%29%0A%0A%2A+An+integer+underflow+flaw+was+found+in+the+way+the+Linux+kernel%27s+Stream+Control+Transmission+Protocol+%28SCTP%29+implementation+processed+certain+COOKIE_ECHO+packets.+By+sending+a+specially+crafted+SCTP+packet%2C+a+remote+attacker+could+use+this+flaw+to+prevent+legitimate+connections+to+a+particular+SCTP+server+socket+to+be+made.%0A%28CVE-2014-4667%2C+Moderate%29%0A%0ARed+Hat+would+like+to+thank+Gopal+Reddy+Kodudula+of+Nokia+Siemens+Networks+for+reporting+CVE-2014-4667.+The+security+impact+of+the+CVE-2014-0205+issue+was+discovered+by+Mateusz+Guzik+of+Red+Hat.%0A%0AThis+update+also+fixes+several+bugs.+Documentation+for+these+changes+will+be+available+shortly+from+the+Technical+Notes+document+linked+to+in+the+References+section.%0A%0AAll+kernel+users+are+advised+to+upgrade+to+these+updated+packages%2C+which+contain+backported+patches+to+correct+these+issues.+The+system+must+be+rebooted+for+this+update+to+take+effect
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top