- Home
- CVEs with nessus.description==From+Red+Hat+Security+Advisory+2015%3A1221+%3A%0A%0AUpdated+kernel+packages+that+fix+multiple+security+issues%2C+several+bugs%2C+and+add+one+enhancement+are+now+available+for+Red+Hat+Enterprise+Linux+6.%0A%0ARed+Hat+Product+Security+has+rated+this+update+as+having+Moderate+security+impact.+Common+Vulnerability+Scoring+System+%28CVSS%29+base+scores%2C+which+give+detailed+severity+ratings%2C+are+available+for+each+vulnerability+from+the+CVE+links+in+the+References+section.%0A%0AThe+kernel+packages+contain+the+Linux+kernel%2C+the+core+of+any+Linux+operating+system.%0A%0A%2A+A+NULL+pointer+dereference+flaw+was+found+in+the+way+the+Linux+kernel%27s+virtual+console+implementation+handled+reference+counting+when+accessing+pseudo-terminal+device+files+%28%2Fdev%2Fpts%2F%2A%29.+A+local%2C+unprivileged+attacker+could+use+this+flaw+to+crash+the+system.%0A%28CVE-2011-5321%2C+Moderate%29%0A%0A%2A+It+was+found+that+the+Linux+kernel%27s+ping+socket+implementation+did+not+properly+handle+socket+unhashing+during+spurious+disconnects%2C+which+could+lead+to+a+use-after-free+flaw.+On+x86-64+architecture+systems%2C+a+local+user+able+to+create+ping+sockets+could+use+this+flaw+to+crash+the+system.+On+non-x86-64+architecture+systems%2C+a+local+user+able+to+create+ping+sockets+could+use+this+flaw+to+escalate+their+privileges+on+the+system.+%28CVE-2015-3636%2C+Moderate%29%0A%0A%2A+An+integer+overflow+flaw+was+found+in+the+way+the+Linux+kernel+randomized+the+stack+for+processes+on+certain+64-bit+architecture+systems%2C+such+as+x86-64%2C+causing+the+stack+entropy+to+be+reduced+by+four.+%28CVE-2015-1593%2C+Low%29%0A%0A%2A+A+flaw+was+found+in+the+way+the+Linux+kernel%27s+32-bit+emulation+implementation+handled+forking+or+closing+of+a+task+with+an+%27int80%27+entry.+A+local+user+could+potentially+use+this+flaw+to+escalate+their+privileges+on+the+system.+%28CVE-2015-2830%2C+Low%29%0A%0A%2A+It+was+found+that+the+Linux+kernel%27s+TCP%2FIP+protocol+suite+implementation+for+IPv6+allowed+the+Hop+Limit+value+to+be+set+to+a+smaller+value+than+the+default+one.+An+attacker+on+a+local+network+could+use+this+flaw+to+prevent+systems+on+that+network+from+sending+or+receiving+network+packets.+%28CVE-2015-2922%2C+Low%29%0A%0AThese+updated+kernel+packages+also+include+numerous+bug+fixes+and+one+enhancement.+Space+precludes+documenting+all+of+these+changes+in+this+advisory.+For+information+on+the+most+significant+of+these+changes%2C+users+are+directed+to+the+following+article+on+the+Red+Hat+Customer+Portal+%3A%0A%0Ahttps%3A%2F%2Faccess.redhat.com%2Farticles%2F1506133%0A%0AAll+kernel+users+are+advised+to+upgrade+to+these+updated+packages%2C+which+contain+backported+patches+to+correct+these+issues+and+add+this+enhancement.+The+system+must+be+rebooted+for+this+update+to+take+effect
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top