Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2016-3707
Vulnerability from cvelistv5
Published
2016-06-27 10:00
Modified
2024-08-06 00:03
Severity ?
EPSS score ?
Summary
The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T00:03:34.462Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2016:1341", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2016:1341" }, { "name": "SUSE-SU-2016:1985", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html" }, { "name": "RHSA-2016:1301", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2016:1301" }, { "name": "[oss-security] 20160517 CVE-2016-3707 : kernel-rt - Sending SysRq command via ICMP echo request", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/05/17/1" }, { "name": "SUSE-SU-2016:1764", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327484" }, { "name": "SUSE-SU-2016:1937", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-05-17T00:00:00", "descriptions": [ { "lang": "en", "value": "The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2016:1341", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2016:1341" }, { "name": "SUSE-SU-2016:1985", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html" }, { "name": "RHSA-2016:1301", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2016:1301" }, { "name": "[oss-security] 20160517 CVE-2016-3707 : kernel-rt - Sending SysRq command via ICMP echo request", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/05/17/1" }, { "name": "SUSE-SU-2016:1764", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327484" }, { "name": "SUSE-SU-2016:1937", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-3707", "datePublished": "2016-06-27T10:00:00", "dateReserved": "2016-03-30T00:00:00", "dateUpdated": "2024-08-06T00:03:34.462Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2016-3707\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2016-06-27T10:59:04.563\",\"lastModified\":\"2024-11-21T02:50:32.623\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n icmp_check_sysrq en net/ipv4/icmp.c en los kernel.org projects/rt patches para el kernel de Linux, tal como se utiliza en el paquete kernel-rt en versiones anteriores a 3.10.0-327.22.1 en Red Hat Enterprise Linux for Real Time 7 y otros productos, permite a atacantes remotos ejecutar comandos SysRq a trav\u00e9s de paquetes ICMP Echo Request manipulados, como demuestra un ataque de fuerza bruta para descubrir una cookie, o un ataque que ocurra despu\u00e9s de leer el archivo local icmp_echo_sysrq.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel-rt:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.10.0\",\"matchCriteriaId\":\"E86CD217-1B09-4319-8C00-8430767D2A90\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_real_time:7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2B15608-BABC-4663-A58F-B74BD2D1A734\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36E85B24-30F2-42AB-9F68-8668C0FCC5E3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2905A9C-3E00-4188-8341-E5C2F62EF405\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2016/05/17/1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2016:1301\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2016:1341\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1327484\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2016/05/17/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2016:1301\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2016:1341\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1327484\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]}]}}" } }
rhsa-2016_1301
Vulnerability from csaf_redhat
Published
2016-06-23 16:15
Modified
2024-11-14 19:54
Summary
Red Hat Security Advisory: kernel-rt security, bug fix, and enhancement update
Notes
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.
The following packages have been upgraded to a newer upstream version:
kernel-rt (3.10.0-327.22.1). This version provides a number of bug fixes
and enhancements, including:
* [netdrv] ixgbevf: fix spoofed packets with random MAC and use ether_addr_copy instead of memcpy
* [mm] mmu_notifier: fix memory corruption
* [mm] hugetlbfs: optimize when NUMA=n
* [mm] optimize put_mems_allowed() usage
* [x86] mm: suitable memory should go to ZONE_MOVABLE
* [fs] xfs: fix splice/direct-IO deadlock
* [acpi] tables: Add acpi_subtable_proc to ACPI table parsers
* [acpi] table: Add new function to get table entries
* [net] ipv6: Nonlocal bind
* [net] ipv4: bind ip_nonlocal_bind to current netns
(BZ#1335747)
Security Fix(es):
* A flaw was found in the way certain interfaces of the Linux kernel's
Infiniband subsystem used write() as bi-directional ioctl() replacement,
which could lead to insufficient memory security checks when being invoked
using the the splice() system call. A local unprivileged user on a system
with either Infiniband hardware present or RDMA Userspace Connection
Manager Access module explicitly loaded, could use this flaw to escalate
their privileges on the system. (CVE-2016-4565, Important)
* A race condition flaw was found in the way the Linux kernel's SCTP
implementation handled sctp_accept() during the processing of heartbeat
timeout events. A remote attacker could use this flaw to prevent further
connections to be accepted by the SCTP server running on the system,
resulting in a denial of service. (CVE-2015-8767, Moderate)
* A flaw was found in the way the realtime kernel processed specially
crafted ICMP echo requests. A remote attacker could use this flaw to
trigger a sysrql function based on values in the ICMP packet, allowing them
to remotely restart the system. Note that this feature is not enabled by
default and requires elevated privileges to be configured. (CVE-2016-3707,
Moderate)
Red Hat would like to thank Jann Horn for reporting CVE-2016-4565.
Bug Fix(es):
* Previously, configuration changes to the Hewlett Packard Smart Array
(HPSA) driver during I/O operations could set the phys_disk pointer to
NULL. Consequently, kernel oops could occur while the HPSA driver was
submitting ioaccel2 commands. An upstream patch has been provided to fix
this bug, and the oops in the hpsa_scsi_ioaccel_raid_map() function no
longer occurs. (BZ#1335411)
* In a previous code update one extra spin_lock operation was left
untouched. Consequently, a deadlock could occur when looping through cache
pages. With this update, the extra lock operation has been removed from
the source code and the deadlock no longer occurs in the described
situation. (BZ#1327073)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for kernel-rt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThe following packages have been upgraded to a newer upstream version:\nkernel-rt (3.10.0-327.22.1). This version provides a number of bug fixes\nand enhancements, including:\n\n* [netdrv] ixgbevf: fix spoofed packets with random MAC and use ether_addr_copy instead of memcpy \n* [mm] mmu_notifier: fix memory corruption \n* [mm] hugetlbfs: optimize when NUMA=n \n* [mm] optimize put_mems_allowed() usage \n* [x86] mm: suitable memory should go to ZONE_MOVABLE \n* [fs] xfs: fix splice/direct-IO deadlock \n* [acpi] tables: Add acpi_subtable_proc to ACPI table parsers \n* [acpi] table: Add new function to get table entries \n* [net] ipv6: Nonlocal bind \n* [net] ipv4: bind ip_nonlocal_bind to current netns \n\n(BZ#1335747)\n\nSecurity Fix(es):\n\n* A flaw was found in the way certain interfaces of the Linux kernel\u0027s\nInfiniband subsystem used write() as bi-directional ioctl() replacement,\nwhich could lead to insufficient memory security checks when being invoked\nusing the the splice() system call. A local unprivileged user on a system\nwith either Infiniband hardware present or RDMA Userspace Connection\nManager Access module explicitly loaded, could use this flaw to escalate\ntheir privileges on the system. (CVE-2016-4565, Important)\n\n* A race condition flaw was found in the way the Linux kernel\u0027s SCTP\nimplementation handled sctp_accept() during the processing of heartbeat\ntimeout events. A remote attacker could use this flaw to prevent further\nconnections to be accepted by the SCTP server running on the system,\nresulting in a denial of service. (CVE-2015-8767, Moderate)\n\n* A flaw was found in the way the realtime kernel processed specially\ncrafted ICMP echo requests. A remote attacker could use this flaw to\ntrigger a sysrql function based on values in the ICMP packet, allowing them\nto remotely restart the system. Note that this feature is not enabled by\ndefault and requires elevated privileges to be configured. (CVE-2016-3707,\nModerate)\n\nRed Hat would like to thank Jann Horn for reporting CVE-2016-4565.\n\nBug Fix(es):\n\n* Previously, configuration changes to the Hewlett Packard Smart Array\n(HPSA) driver during I/O operations could set the phys_disk pointer to\nNULL. Consequently, kernel oops could occur while the HPSA driver was\nsubmitting ioaccel2 commands. An upstream patch has been provided to fix\nthis bug, and the oops in the hpsa_scsi_ioaccel_raid_map() function no\nlonger occurs. (BZ#1335411)\n\n* In a previous code update one extra spin_lock operation was left\nuntouched. Consequently, a deadlock could occur when looping through cache\npages. With this update, the extra lock operation has been removed from\nthe source code and the deadlock no longer occurs in the described\nsituation. (BZ#1327073)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2016:1301", "url": "https://access.redhat.com/errata/RHSA-2016:1301" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1297389", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1297389" }, { "category": "external", "summary": "1310570", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310570" }, { "category": "external", "summary": "1327073", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327073" }, { "category": "external", "summary": "1327484", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327484" }, { "category": "external", "summary": "1334459", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334459" }, { "category": "external", "summary": "1335747", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335747" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_1301.json" } ], "title": "Red Hat Security Advisory: kernel-rt security, bug fix, and enhancement update", "tracking": { "current_release_date": "2024-11-14T19:54:33+00:00", "generator": { "date": "2024-11-14T19:54:33+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2016:1301", "initial_release_date": "2016-06-23T16:15:04+00:00", "revision_history": [ { "date": "2016-06-23T16:15:04+00:00", "number": "1", "summary": "Initial version" }, { "date": "2016-06-23T16:15:04+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T19:54:33+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product": { "name": "Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV-7.2.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras_rt:7" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Realtime (v. 7)", "product": { "name": "Red Hat Enterprise Linux Realtime (v. 7)", "product_id": "7Server-RT-7.2.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras_rt:7" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product": { "name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product_id": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@3.10.0-327.22.2.rt56.230.el7_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product": { "name": "kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product_id": "kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt@3.10.0-327.22.2.rt56.230.el7_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product": { "name": "kernel-rt-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product_id": "kernel-rt-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debuginfo@3.10.0-327.22.2.rt56.230.el7_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product": { "name": "kernel-rt-debug-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product_id": "kernel-rt-debug-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@3.10.0-327.22.2.rt56.230.el7_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product": { "name": "kernel-rt-debug-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product_id": "kernel-rt-debug-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-devel@3.10.0-327.22.2.rt56.230.el7_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-trace-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product": { "name": "kernel-rt-trace-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product_id": "kernel-rt-trace-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-trace@3.10.0-327.22.2.rt56.230.el7_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product": { "name": "kernel-rt-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product_id": "kernel-rt-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-devel@3.10.0-327.22.2.rt56.230.el7_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-trace-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product": { "name": "kernel-rt-trace-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product_id": "kernel-rt-trace-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-trace-debuginfo@3.10.0-327.22.2.rt56.230.el7_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product": { "name": "kernel-rt-debug-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product_id": "kernel-rt-debug-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug@3.10.0-327.22.2.rt56.230.el7_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-trace-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product": { "name": "kernel-rt-trace-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product_id": "kernel-rt-trace-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-trace-devel@3.10.0-327.22.2.rt56.230.el7_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product": { "name": "kernel-rt-debug-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product_id": "kernel-rt-debug-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-kvm@3.10.0-327.22.2.rt56.230.el7_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product": { "name": "kernel-rt-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product_id": "kernel-rt-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-kvm@3.10.0-327.22.2.rt56.230.el7_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product": { "name": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product_id": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-trace-kvm-debuginfo@3.10.0-327.22.2.rt56.230.el7_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product": { "name": "kernel-rt-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product_id": "kernel-rt-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-kvm-debuginfo@3.10.0-327.22.2.rt56.230.el7_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product": { "name": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product_id": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-kvm-debuginfo@3.10.0-327.22.2.rt56.230.el7_2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-trace-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product": { "name": "kernel-rt-trace-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product_id": "kernel-rt-trace-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-trace-kvm@3.10.0-327.22.2.rt56.230.el7_2?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "kernel-rt-doc-0:3.10.0-327.22.2.rt56.230.el7_2.noarch", "product": { "name": "kernel-rt-doc-0:3.10.0-327.22.2.rt56.230.el7_2.noarch", "product_id": "kernel-rt-doc-0:3.10.0-327.22.2.rt56.230.el7_2.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-doc@3.10.0-327.22.2.rt56.230.el7_2?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.src", "product": { "name": "kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.src", "product_id": "kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt@3.10.0-327.22.2.rt56.230.el7_2?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.src as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.src" }, "product_reference": "kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.src", "relates_to_product_reference": "7Server-NFV-7.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" }, "product_reference": "kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "relates_to_product_reference": "7Server-NFV-7.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV-7.2.Z:kernel-rt-debug-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" }, "product_reference": "kernel-rt-debug-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "relates_to_product_reference": "7Server-NFV-7.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV-7.2.Z:kernel-rt-debug-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" }, "product_reference": "kernel-rt-debug-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "relates_to_product_reference": "7Server-NFV-7.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV-7.2.Z:kernel-rt-debug-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" }, "product_reference": "kernel-rt-debug-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "relates_to_product_reference": "7Server-NFV-7.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV-7.2.Z:kernel-rt-debug-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" }, "product_reference": "kernel-rt-debug-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "relates_to_product_reference": "7Server-NFV-7.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV-7.2.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" }, "product_reference": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "relates_to_product_reference": "7Server-NFV-7.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV-7.2.Z:kernel-rt-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" }, "product_reference": "kernel-rt-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "relates_to_product_reference": "7Server-NFV-7.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV-7.2.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" }, "product_reference": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "relates_to_product_reference": "7Server-NFV-7.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV-7.2.Z:kernel-rt-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" }, "product_reference": "kernel-rt-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "relates_to_product_reference": "7Server-NFV-7.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-doc-0:3.10.0-327.22.2.rt56.230.el7_2.noarch as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV-7.2.Z:kernel-rt-doc-0:3.10.0-327.22.2.rt56.230.el7_2.noarch" }, "product_reference": "kernel-rt-doc-0:3.10.0-327.22.2.rt56.230.el7_2.noarch", "relates_to_product_reference": "7Server-NFV-7.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV-7.2.Z:kernel-rt-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" }, "product_reference": "kernel-rt-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "relates_to_product_reference": "7Server-NFV-7.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV-7.2.Z:kernel-rt-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" }, "product_reference": "kernel-rt-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "relates_to_product_reference": "7Server-NFV-7.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-trace-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV-7.2.Z:kernel-rt-trace-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" }, "product_reference": "kernel-rt-trace-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "relates_to_product_reference": "7Server-NFV-7.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-trace-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV-7.2.Z:kernel-rt-trace-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" }, "product_reference": "kernel-rt-trace-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "relates_to_product_reference": "7Server-NFV-7.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-trace-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV-7.2.Z:kernel-rt-trace-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" }, "product_reference": "kernel-rt-trace-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "relates_to_product_reference": "7Server-NFV-7.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-trace-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV-7.2.Z:kernel-rt-trace-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" }, "product_reference": "kernel-rt-trace-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "relates_to_product_reference": "7Server-NFV-7.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV-7.2.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" }, "product_reference": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "relates_to_product_reference": "7Server-NFV-7.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.src as a component of Red Hat Enterprise Linux Realtime (v. 7)", "product_id": "7Server-RT-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.src" }, "product_reference": "kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.src", "relates_to_product_reference": "7Server-RT-7.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)", "product_id": "7Server-RT-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" }, "product_reference": "kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "relates_to_product_reference": "7Server-RT-7.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)", "product_id": "7Server-RT-7.2.Z:kernel-rt-debug-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" }, "product_reference": "kernel-rt-debug-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "relates_to_product_reference": "7Server-RT-7.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)", "product_id": "7Server-RT-7.2.Z:kernel-rt-debug-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" }, "product_reference": "kernel-rt-debug-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "relates_to_product_reference": "7Server-RT-7.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)", "product_id": "7Server-RT-7.2.Z:kernel-rt-debug-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" }, "product_reference": "kernel-rt-debug-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "relates_to_product_reference": "7Server-RT-7.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)", "product_id": "7Server-RT-7.2.Z:kernel-rt-debug-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" }, "product_reference": "kernel-rt-debug-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "relates_to_product_reference": "7Server-RT-7.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)", "product_id": "7Server-RT-7.2.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" }, "product_reference": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "relates_to_product_reference": "7Server-RT-7.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)", "product_id": "7Server-RT-7.2.Z:kernel-rt-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" }, "product_reference": "kernel-rt-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "relates_to_product_reference": "7Server-RT-7.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)", "product_id": "7Server-RT-7.2.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" }, "product_reference": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "relates_to_product_reference": "7Server-RT-7.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)", "product_id": "7Server-RT-7.2.Z:kernel-rt-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" }, "product_reference": "kernel-rt-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "relates_to_product_reference": "7Server-RT-7.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-doc-0:3.10.0-327.22.2.rt56.230.el7_2.noarch as a component of Red Hat Enterprise Linux Realtime (v. 7)", "product_id": "7Server-RT-7.2.Z:kernel-rt-doc-0:3.10.0-327.22.2.rt56.230.el7_2.noarch" }, "product_reference": "kernel-rt-doc-0:3.10.0-327.22.2.rt56.230.el7_2.noarch", "relates_to_product_reference": "7Server-RT-7.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)", "product_id": "7Server-RT-7.2.Z:kernel-rt-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" }, "product_reference": "kernel-rt-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "relates_to_product_reference": "7Server-RT-7.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)", "product_id": "7Server-RT-7.2.Z:kernel-rt-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" }, "product_reference": "kernel-rt-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "relates_to_product_reference": "7Server-RT-7.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-trace-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)", "product_id": "7Server-RT-7.2.Z:kernel-rt-trace-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" }, "product_reference": "kernel-rt-trace-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "relates_to_product_reference": "7Server-RT-7.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-trace-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)", "product_id": "7Server-RT-7.2.Z:kernel-rt-trace-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" }, "product_reference": "kernel-rt-trace-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "relates_to_product_reference": "7Server-RT-7.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-trace-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)", "product_id": "7Server-RT-7.2.Z:kernel-rt-trace-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" }, "product_reference": "kernel-rt-trace-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "relates_to_product_reference": "7Server-RT-7.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-trace-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)", "product_id": "7Server-RT-7.2.Z:kernel-rt-trace-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" }, "product_reference": "kernel-rt-trace-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "relates_to_product_reference": "7Server-RT-7.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)", "product_id": "7Server-RT-7.2.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" }, "product_reference": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "relates_to_product_reference": "7Server-RT-7.2.Z" } ] }, "vulnerabilities": [ { "cve": "CVE-2015-8767", "cwe": { "id": "CWE-367", "name": "Time-of-check Time-of-use (TOCTOU) Race Condition" }, "discovery_date": "2015-11-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1297389" } ], "notes": [ { "category": "description", "text": "A race condition flaw was found in the way the Linux kernel\u0027s SCTP implementation handled sctp_accept() during the processing of heartbeat timeout events. A remote attacker could use this flaw to prevent further connections to be accepted by the SCTP server running on the system, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: SCTP denial of service during timeout", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2 and may be addressed in future updates. \n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.src", "7Server-NFV-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-doc-0:3.10.0-327.22.2.rt56.230.el7_2.noarch", "7Server-NFV-7.2.Z:kernel-rt-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.src", "7Server-RT-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-doc-0:3.10.0-327.22.2.rt56.230.el7_2.noarch", "7Server-RT-7.2.Z:kernel-rt-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-8767" }, { "category": "external", "summary": "RHBZ#1297389", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1297389" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-8767", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8767" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-8767", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8767" } ], "release_date": "2015-01-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2016-06-23T16:15:04+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.src", "7Server-NFV-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-doc-0:3.10.0-327.22.2.rt56.230.el7_2.noarch", "7Server-NFV-7.2.Z:kernel-rt-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.src", "7Server-RT-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-doc-0:3.10.0-327.22.2.rt56.230.el7_2.noarch", "7Server-RT-7.2.Z:kernel-rt-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2016:1301" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0" }, "products": [ "7Server-NFV-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.src", "7Server-NFV-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-doc-0:3.10.0-327.22.2.rt56.230.el7_2.noarch", "7Server-NFV-7.2.Z:kernel-rt-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.src", "7Server-RT-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-doc-0:3.10.0-327.22.2.rt56.230.el7_2.noarch", "7Server-RT-7.2.Z:kernel-rt-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: SCTP denial of service during timeout" }, { "cve": "CVE-2016-3707", "cwe": { "id": "CWE-312", "name": "Cleartext Storage of Sensitive Information" }, "discovery_date": "2016-04-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1327484" } ], "notes": [ { "category": "description", "text": "A flaw was found in the way the realtime kernel processed specially crafted ICMP echo requests. A remote attacker could use this flaw to trigger a sysrql function based on values in the ICMP packet, allowing them to remotely restart the system. Note that this feature is not enabled by default and requires elevated privileges to be configured.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel-rt: Sending SysRq command via ICMP echo request", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5, 6 and 7.\n\nThis issue affects the Linux kernel-rt packages as shipped with Red Hat Enterprise Linux 7 and MRG-2 and may be addressed in a future update.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.src", "7Server-NFV-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-doc-0:3.10.0-327.22.2.rt56.230.el7_2.noarch", "7Server-NFV-7.2.Z:kernel-rt-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.src", "7Server-RT-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-doc-0:3.10.0-327.22.2.rt56.230.el7_2.noarch", "7Server-RT-7.2.Z:kernel-rt-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-3707" }, { "category": "external", "summary": "RHBZ#1327484", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327484" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-3707", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3707" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3707", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3707" } ], "release_date": "2016-05-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2016-06-23T16:15:04+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.src", "7Server-NFV-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-doc-0:3.10.0-327.22.2.rt56.230.el7_2.noarch", "7Server-NFV-7.2.Z:kernel-rt-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.src", "7Server-RT-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-doc-0:3.10.0-327.22.2.rt56.230.el7_2.noarch", "7Server-RT-7.2.Z:kernel-rt-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2016:1301" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0" }, "products": [ "7Server-NFV-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.src", "7Server-NFV-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-doc-0:3.10.0-327.22.2.rt56.230.el7_2.noarch", "7Server-NFV-7.2.Z:kernel-rt-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.src", "7Server-RT-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-doc-0:3.10.0-327.22.2.rt56.230.el7_2.noarch", "7Server-RT-7.2.Z:kernel-rt-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel-rt: Sending SysRq command via ICMP echo request" }, { "acknowledgments": [ { "names": [ "Jann Horn" ] } ], "cve": "CVE-2016-4565", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2016-02-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1310570" } ], "notes": [ { "category": "description", "text": "A flaw was found in the way certain interfaces of the Linux kernel\u0027s Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: infiniband: Unprivileged process can overwrite kernel memory using rdma_ucm.ko", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.src", "7Server-NFV-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-doc-0:3.10.0-327.22.2.rt56.230.el7_2.noarch", "7Server-NFV-7.2.Z:kernel-rt-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.src", "7Server-RT-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-doc-0:3.10.0-327.22.2.rt56.230.el7_2.noarch", "7Server-RT-7.2.Z:kernel-rt-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-4565" }, { "category": "external", "summary": "RHBZ#1310570", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310570" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-4565", "url": "https://www.cve.org/CVERecord?id=CVE-2016-4565" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-4565", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4565" } ], "release_date": "2016-05-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2016-06-23T16:15:04+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.src", "7Server-NFV-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-doc-0:3.10.0-327.22.2.rt56.230.el7_2.noarch", "7Server-NFV-7.2.Z:kernel-rt-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.src", "7Server-RT-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-doc-0:3.10.0-327.22.2.rt56.230.el7_2.noarch", "7Server-RT-7.2.Z:kernel-rt-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2016:1301" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Server-NFV-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.src", "7Server-NFV-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-doc-0:3.10.0-327.22.2.rt56.230.el7_2.noarch", "7Server-NFV-7.2.Z:kernel-rt-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-NFV-7.2.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.src", "7Server-RT-7.2.Z:kernel-rt-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-doc-0:3.10.0-327.22.2.rt56.230.el7_2.noarch", "7Server-RT-7.2.Z:kernel-rt-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-devel-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-kvm-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64", "7Server-RT-7.2.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-327.22.2.rt56.230.el7_2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "kernel: infiniband: Unprivileged process can overwrite kernel memory using rdma_ucm.ko" } ] }
rhsa-2016_1341
Vulnerability from csaf_redhat
Published
2016-06-27 10:02
Modified
2024-11-14 19:54
Summary
Red Hat Security Advisory: kernel-rt security and bug fix update
Notes
Topic
An update for kernel-rt is now available for Red Hat Enterprise MRG 2.5.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
The kernel-rt package contain the Linux kernel, the core of any Linux
operating system.
This update provides a build of the kernel-rt package for Red Hat
Enterprise MRG 2.5 that is layered on Red Hat Enterprise Linux 6, and
provides a number of bug fixes including:
* [netdrv] ixgbevf: fix spoofed packets with random MAC and use ether_addr_copy instead of memcpy
* [mm] mmu_notifier: fix memory corruption
* [mm] hugetlbfs: optimize when NUMA=n
* [mm] optimize put_mems_allowed() usage
* [x86] mm: suitable memory should go to ZONE_MOVABLE
* [fs] xfs: fix splice/direct-IO deadlock
* [acpi] tables: Add acpi_subtable_proc to ACPI table parsers
* [acpi] table: Add new function to get table entries
* [net] ipv6: Nonlocal bind
* [net] ipv4: bind ip_nonlocal_bind to current netns
(BZ#1332298)
Security Fix(es):
* A flaw was found in the way certain interfaces of the Linux kernel's
Infiniband subsystem used write() as bi-directional ioctl() replacement,
which could lead to insufficient memory security checks when being invoked
using the splice() system call. A local unprivileged user on a system
with either Infiniband hardware present or RDMA Userspace Connection
Manager Access module explicitly loaded, could use this flaw to escalate
their privileges on the system. (CVE-2016-4565, Important)
* A race condition flaw was found in the way the Linux kernel's SCTP
implementation handled sctp_accept() during the processing of heartbeat
timeout events. A remote attacker could use this flaw to prevent further
connections to be accepted by the SCTP server running on the system,
resulting in a denial of service. (CVE-2015-8767, Moderate)
* A flaw was found in the way the realtime kernel processed specially
crafted ICMP echo requests. A remote attacker could use this flaw to
trigger a sysrql function based on values in the ICMP packet, allowing them
to remotely restart the system. Note that this feature is not enabled by
default and requires elevated privileges to be configured. (CVE-2016-3707,
Moderate)
Red Hat would like to thank Jann Horn for reporting CVE-2016-4565.
Bug Fix(es):
* An oops can occur in the hpsa driver while submitting ioaccel2 commands
when the phys_disk pointer is NULL (in hpsa_scsi_ioaccel_raid_map).
Configuration changes during I/O operations could set the phys_disk
pointer to NULL. In this case, send the command down the RAID path for
correct processing, avoiding the oops. (BZ#1334260)
* A faulty code merge left an extra spin_lock operation in the function
fscache_invalidate_write(). The code has been correctly updated to remove
this extra lock operation, which avoids a potential deadlock situation
when looping through cache pages. (BZ#1327730)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for kernel-rt is now available for Red Hat Enterprise MRG 2.5.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The kernel-rt package contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update provides a build of the kernel-rt package for Red Hat\nEnterprise MRG 2.5 that is layered on Red Hat Enterprise Linux 6, and\nprovides a number of bug fixes including:\n\n* [netdrv] ixgbevf: fix spoofed packets with random MAC and use ether_addr_copy instead of memcpy \n* [mm] mmu_notifier: fix memory corruption \n* [mm] hugetlbfs: optimize when NUMA=n \n* [mm] optimize put_mems_allowed() usage \n* [x86] mm: suitable memory should go to ZONE_MOVABLE \n* [fs] xfs: fix splice/direct-IO deadlock \n* [acpi] tables: Add acpi_subtable_proc to ACPI table parsers \n* [acpi] table: Add new function to get table entries \n* [net] ipv6: Nonlocal bind \n* [net] ipv4: bind ip_nonlocal_bind to current netns \n\n(BZ#1332298)\n\nSecurity Fix(es):\n\n* A flaw was found in the way certain interfaces of the Linux kernel\u0027s\nInfiniband subsystem used write() as bi-directional ioctl() replacement,\nwhich could lead to insufficient memory security checks when being invoked\nusing the splice() system call. A local unprivileged user on a system\nwith either Infiniband hardware present or RDMA Userspace Connection\nManager Access module explicitly loaded, could use this flaw to escalate\ntheir privileges on the system. (CVE-2016-4565, Important)\n\n* A race condition flaw was found in the way the Linux kernel\u0027s SCTP\nimplementation handled sctp_accept() during the processing of heartbeat\ntimeout events. A remote attacker could use this flaw to prevent further\nconnections to be accepted by the SCTP server running on the system,\nresulting in a denial of service. (CVE-2015-8767, Moderate)\n\n* A flaw was found in the way the realtime kernel processed specially\ncrafted ICMP echo requests. A remote attacker could use this flaw to\ntrigger a sysrql function based on values in the ICMP packet, allowing them\nto remotely restart the system. Note that this feature is not enabled by\ndefault and requires elevated privileges to be configured. (CVE-2016-3707,\nModerate)\n\nRed Hat would like to thank Jann Horn for reporting CVE-2016-4565.\n\nBug Fix(es):\n\n* An oops can occur in the hpsa driver while submitting ioaccel2 commands\nwhen the phys_disk pointer is NULL (in hpsa_scsi_ioaccel_raid_map).\nConfiguration changes during I/O operations could set the phys_disk\npointer to NULL. In this case, send the command down the RAID path for\ncorrect processing, avoiding the oops. (BZ#1334260)\n\n* A faulty code merge left an extra spin_lock operation in the function\nfscache_invalidate_write(). The code has been correctly updated to remove\nthis extra lock operation, which avoids a potential deadlock situation\nwhen looping through cache pages. (BZ#1327730)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2016:1341", "url": "https://access.redhat.com/errata/RHSA-2016:1341" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1297389", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1297389" }, { "category": "external", "summary": "1310570", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310570" }, { "category": "external", "summary": "1327484", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327484" }, { "category": "external", "summary": "1327730", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327730" }, { "category": "external", "summary": "1332298", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332298" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_1341.json" } ], "title": "Red Hat Security Advisory: kernel-rt security and bug fix update", "tracking": { "current_release_date": "2024-11-14T19:54:41+00:00", "generator": { "date": "2024-11-14T19:54:41+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2016:1341", "initial_release_date": "2016-06-27T10:02:50+00:00", "revision_history": [ { "date": "2016-06-27T10:02:50+00:00", "number": "1", "summary": "Initial version" }, { "date": "2016-06-27T10:02:50+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T19:54:41+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat MRG Realtime for RHEL 6 Server v.2", "product": { "name": "Red Hat MRG Realtime for RHEL 6 Server v.2", "product_id": "6Server-MRG-Realtime-2", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6" } } } ], "category": "product_family", "name": "Red Hat Enterprise MRG for RHEL-6" }, { "branches": [ { "category": "product_version", "name": "kernel-rt-trace-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "product": { "name": "kernel-rt-trace-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "product_id": "kernel-rt-trace-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-trace-debuginfo@3.10.0-327.rt56.190.el6rt?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "kernel-rt-1:3.10.0-327.rt56.190.el6rt.x86_64", "product": { "name": "kernel-rt-1:3.10.0-327.rt56.190.el6rt.x86_64", "product_id": "kernel-rt-1:3.10.0-327.rt56.190.el6rt.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt@3.10.0-327.rt56.190.el6rt?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "kernel-rt-debug-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "product": { "name": "kernel-rt-debug-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "product_id": "kernel-rt-debug-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@3.10.0-327.rt56.190.el6rt?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "kernel-rt-trace-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "product": { "name": "kernel-rt-trace-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "product_id": "kernel-rt-trace-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-trace-devel@3.10.0-327.rt56.190.el6rt?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-327.rt56.190.el6rt.x86_64", "product": { "name": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-327.rt56.190.el6rt.x86_64", "product_id": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-327.rt56.190.el6rt.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@3.10.0-327.rt56.190.el6rt?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "kernel-rt-vanilla-1:3.10.0-327.rt56.190.el6rt.x86_64", "product": { "name": "kernel-rt-vanilla-1:3.10.0-327.rt56.190.el6rt.x86_64", "product_id": "kernel-rt-vanilla-1:3.10.0-327.rt56.190.el6rt.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-vanilla@3.10.0-327.rt56.190.el6rt?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "kernel-rt-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "product": { "name": "kernel-rt-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "product_id": "kernel-rt-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debuginfo@3.10.0-327.rt56.190.el6rt?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "kernel-rt-trace-1:3.10.0-327.rt56.190.el6rt.x86_64", "product": { "name": "kernel-rt-trace-1:3.10.0-327.rt56.190.el6rt.x86_64", "product_id": "kernel-rt-trace-1:3.10.0-327.rt56.190.el6rt.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-trace@3.10.0-327.rt56.190.el6rt?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "kernel-rt-debug-1:3.10.0-327.rt56.190.el6rt.x86_64", "product": { "name": "kernel-rt-debug-1:3.10.0-327.rt56.190.el6rt.x86_64", "product_id": "kernel-rt-debug-1:3.10.0-327.rt56.190.el6rt.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug@3.10.0-327.rt56.190.el6rt?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "kernel-rt-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "product": { "name": "kernel-rt-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "product_id": "kernel-rt-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-devel@3.10.0-327.rt56.190.el6rt?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "kernel-rt-debug-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "product": { "name": "kernel-rt-debug-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "product_id": "kernel-rt-debug-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-devel@3.10.0-327.rt56.190.el6rt?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "kernel-rt-vanilla-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "product": { "name": "kernel-rt-vanilla-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "product_id": "kernel-rt-vanilla-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-vanilla-devel@3.10.0-327.rt56.190.el6rt?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "kernel-rt-vanilla-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "product": { "name": "kernel-rt-vanilla-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "product_id": "kernel-rt-vanilla-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-vanilla-debuginfo@3.10.0-327.rt56.190.el6rt?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "kernel-rt-firmware-1:3.10.0-327.rt56.190.el6rt.noarch", "product": { "name": "kernel-rt-firmware-1:3.10.0-327.rt56.190.el6rt.noarch", "product_id": "kernel-rt-firmware-1:3.10.0-327.rt56.190.el6rt.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-firmware@3.10.0-327.rt56.190.el6rt?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "kernel-rt-doc-1:3.10.0-327.rt56.190.el6rt.noarch", "product": { "name": "kernel-rt-doc-1:3.10.0-327.rt56.190.el6rt.noarch", "product_id": "kernel-rt-doc-1:3.10.0-327.rt56.190.el6rt.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-doc@3.10.0-327.rt56.190.el6rt?arch=noarch\u0026epoch=1" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "kernel-rt-1:3.10.0-327.rt56.190.el6rt.src", "product": { "name": "kernel-rt-1:3.10.0-327.rt56.190.el6rt.src", "product_id": "kernel-rt-1:3.10.0-327.rt56.190.el6rt.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt@3.10.0-327.rt56.190.el6rt?arch=src\u0026epoch=1" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-1:3.10.0-327.rt56.190.el6rt.src as a component of Red Hat MRG Realtime for RHEL 6 Server v.2", "product_id": "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.190.el6rt.src" }, "product_reference": "kernel-rt-1:3.10.0-327.rt56.190.el6rt.src", "relates_to_product_reference": "6Server-MRG-Realtime-2" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-1:3.10.0-327.rt56.190.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2", "product_id": "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.190.el6rt.x86_64" }, "product_reference": "kernel-rt-1:3.10.0-327.rt56.190.el6rt.x86_64", "relates_to_product_reference": "6Server-MRG-Realtime-2" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-1:3.10.0-327.rt56.190.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2", "product_id": "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-327.rt56.190.el6rt.x86_64" }, "product_reference": "kernel-rt-debug-1:3.10.0-327.rt56.190.el6rt.x86_64", "relates_to_product_reference": "6Server-MRG-Realtime-2" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2", "product_id": "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64" }, "product_reference": "kernel-rt-debug-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "relates_to_product_reference": "6Server-MRG-Realtime-2" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-devel-1:3.10.0-327.rt56.190.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2", "product_id": "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-327.rt56.190.el6rt.x86_64" }, "product_reference": "kernel-rt-debug-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "relates_to_product_reference": "6Server-MRG-Realtime-2" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2", "product_id": "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64" }, "product_reference": "kernel-rt-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "relates_to_product_reference": "6Server-MRG-Realtime-2" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-327.rt56.190.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2", "product_id": "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-327.rt56.190.el6rt.x86_64" }, "product_reference": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-327.rt56.190.el6rt.x86_64", "relates_to_product_reference": "6Server-MRG-Realtime-2" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-devel-1:3.10.0-327.rt56.190.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2", "product_id": "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-327.rt56.190.el6rt.x86_64" }, "product_reference": "kernel-rt-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "relates_to_product_reference": "6Server-MRG-Realtime-2" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-doc-1:3.10.0-327.rt56.190.el6rt.noarch as a component of Red Hat MRG Realtime for RHEL 6 Server v.2", "product_id": "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-327.rt56.190.el6rt.noarch" }, "product_reference": "kernel-rt-doc-1:3.10.0-327.rt56.190.el6rt.noarch", "relates_to_product_reference": "6Server-MRG-Realtime-2" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-firmware-1:3.10.0-327.rt56.190.el6rt.noarch as a component of Red Hat MRG Realtime for RHEL 6 Server v.2", "product_id": "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-327.rt56.190.el6rt.noarch" }, "product_reference": "kernel-rt-firmware-1:3.10.0-327.rt56.190.el6rt.noarch", "relates_to_product_reference": "6Server-MRG-Realtime-2" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-trace-1:3.10.0-327.rt56.190.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2", "product_id": "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-327.rt56.190.el6rt.x86_64" }, "product_reference": "kernel-rt-trace-1:3.10.0-327.rt56.190.el6rt.x86_64", "relates_to_product_reference": "6Server-MRG-Realtime-2" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-trace-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2", "product_id": "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64" }, "product_reference": "kernel-rt-trace-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "relates_to_product_reference": "6Server-MRG-Realtime-2" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-trace-devel-1:3.10.0-327.rt56.190.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2", "product_id": "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-327.rt56.190.el6rt.x86_64" }, "product_reference": "kernel-rt-trace-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "relates_to_product_reference": "6Server-MRG-Realtime-2" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-vanilla-1:3.10.0-327.rt56.190.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2", "product_id": "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-327.rt56.190.el6rt.x86_64" }, "product_reference": "kernel-rt-vanilla-1:3.10.0-327.rt56.190.el6rt.x86_64", "relates_to_product_reference": "6Server-MRG-Realtime-2" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-vanilla-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2", "product_id": "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64" }, "product_reference": "kernel-rt-vanilla-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "relates_to_product_reference": "6Server-MRG-Realtime-2" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-vanilla-devel-1:3.10.0-327.rt56.190.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2", "product_id": "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-327.rt56.190.el6rt.x86_64" }, "product_reference": "kernel-rt-vanilla-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "relates_to_product_reference": "6Server-MRG-Realtime-2" } ] }, "vulnerabilities": [ { "cve": "CVE-2015-8767", "cwe": { "id": "CWE-367", "name": "Time-of-check Time-of-use (TOCTOU) Race Condition" }, "discovery_date": "2015-11-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1297389" } ], "notes": [ { "category": "description", "text": "A race condition flaw was found in the way the Linux kernel\u0027s SCTP implementation handled sctp_accept() during the processing of heartbeat timeout events. A remote attacker could use this flaw to prevent further connections to be accepted by the SCTP server running on the system, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: SCTP denial of service during timeout", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2 and may be addressed in future updates. \n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.190.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-327.rt56.190.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-327.rt56.190.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-327.rt56.190.el6rt.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-8767" }, { "category": "external", "summary": "RHBZ#1297389", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1297389" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-8767", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8767" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-8767", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8767" } ], "release_date": "2015-01-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2016-06-27T10:02:50+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.190.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-327.rt56.190.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-327.rt56.190.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-327.rt56.190.el6rt.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2016:1341" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0" }, "products": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.190.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-327.rt56.190.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-327.rt56.190.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-327.rt56.190.el6rt.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: SCTP denial of service during timeout" }, { "cve": "CVE-2016-3707", "cwe": { "id": "CWE-312", "name": "Cleartext Storage of Sensitive Information" }, "discovery_date": "2016-04-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1327484" } ], "notes": [ { "category": "description", "text": "A flaw was found in the way the realtime kernel processed specially crafted ICMP echo requests. A remote attacker could use this flaw to trigger a sysrql function based on values in the ICMP packet, allowing them to remotely restart the system. Note that this feature is not enabled by default and requires elevated privileges to be configured.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel-rt: Sending SysRq command via ICMP echo request", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5, 6 and 7.\n\nThis issue affects the Linux kernel-rt packages as shipped with Red Hat Enterprise Linux 7 and MRG-2 and may be addressed in a future update.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.190.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-327.rt56.190.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-327.rt56.190.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-327.rt56.190.el6rt.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-3707" }, { "category": "external", "summary": "RHBZ#1327484", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327484" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-3707", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3707" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3707", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3707" } ], "release_date": "2016-05-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2016-06-27T10:02:50+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.190.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-327.rt56.190.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-327.rt56.190.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-327.rt56.190.el6rt.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2016:1341" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0" }, "products": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.190.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-327.rt56.190.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-327.rt56.190.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-327.rt56.190.el6rt.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel-rt: Sending SysRq command via ICMP echo request" }, { "acknowledgments": [ { "names": [ "Jann Horn" ] } ], "cve": "CVE-2016-4565", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2016-02-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1310570" } ], "notes": [ { "category": "description", "text": "A flaw was found in the way certain interfaces of the Linux kernel\u0027s Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: infiniband: Unprivileged process can overwrite kernel memory using rdma_ucm.ko", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.190.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-327.rt56.190.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-327.rt56.190.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-327.rt56.190.el6rt.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-4565" }, { "category": "external", "summary": "RHBZ#1310570", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310570" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-4565", "url": "https://www.cve.org/CVERecord?id=CVE-2016-4565" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-4565", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4565" } ], "release_date": "2016-05-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2016-06-27T10:02:50+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.190.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-327.rt56.190.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-327.rt56.190.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-327.rt56.190.el6rt.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2016:1341" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.190.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-327.rt56.190.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-327.rt56.190.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-327.rt56.190.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-327.rt56.190.el6rt.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "kernel: infiniband: Unprivileged process can overwrite kernel memory using rdma_ucm.ko" } ] }
gsd-2016-3707
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2016-3707", "description": "The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file.", "id": "GSD-2016-3707", "references": [ "https://www.suse.com/security/cve/CVE-2016-3707.html", "https://access.redhat.com/errata/RHSA-2016:1341", "https://access.redhat.com/errata/RHSA-2016:1301" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2016-3707" ], "details": "The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file.", "id": "GSD-2016-3707", "modified": "2023-12-13T01:21:27.592974Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-3707", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_affected": "=", "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", "refsource": "MISC", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "name": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html", "refsource": "MISC", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html" }, { "name": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", "refsource": "MISC", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html" }, { "name": "http://www.openwall.com/lists/oss-security/2016/05/17/1", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2016/05/17/1" }, { "name": "https://access.redhat.com/errata/RHSA-2016:1301", "refsource": "MISC", "url": "https://access.redhat.com/errata/RHSA-2016:1301" }, { "name": "https://access.redhat.com/errata/RHSA-2016:1341", "refsource": "MISC", "url": "https://access.redhat.com/errata/RHSA-2016:1341" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1327484", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327484" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel-rt:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "3.10.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_real_time:7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12.0:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-3707" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-284" } ] } ] }, "references": { "reference_data": [ { "name": "[oss-security] 20160517 CVE-2016-3707 : kernel-rt - Sending SysRq command via ICMP echo request", "refsource": "MLIST", "tags": [], "url": "http://www.openwall.com/lists/oss-security/2016/05/17/1" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1327484", "refsource": "CONFIRM", "tags": [ "Issue Tracking" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327484" }, { "name": "RHSA-2016:1341", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2016:1341" }, { "name": "RHSA-2016:1301", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2016:1301" }, { "name": "SUSE-SU-2016:1764", "refsource": "SUSE", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "name": "SUSE-SU-2016:1937", "refsource": "SUSE", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html" }, { "name": "SUSE-SU-2016:1985", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 2.2, "impactScore": 5.9 } }, "lastModifiedDate": "2023-02-12T23:19Z", "publishedDate": "2016-06-27T10:59Z" } } }
ghsa-558g-x28c-wmj6
Vulnerability from github
Published
2022-05-17 03:42
Modified
2022-05-17 03:42
Severity ?
Details
The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file.
{ "affected": [], "aliases": [ "CVE-2016-3707" ], "database_specific": { "cwe_ids": [ "CWE-284" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2016-06-27T10:59:00Z", "severity": "HIGH" }, "details": "The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file.", "id": "GHSA-558g-x28c-wmj6", "modified": "2022-05-17T03:42:17Z", "published": "2022-05-17T03:42:17Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3707" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2016:1301" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2016:1341" }, { "type": "WEB", "url": "https://access.redhat.com/security/cve/CVE-2016-3707" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327484" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2016/05/17/1" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.