rhsa-2017_2077
Vulnerability from csaf_redhat
Published
2017-08-01 14:13
Modified
2024-11-14 23:35
Summary
Red Hat Security Advisory: kernel-rt security, bug fix, and enhancement update
Notes
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* An use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the system. (CVE-2016-10200, Important)
* A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges. (CVE-2017-2647, Important)
* It was found that the NFSv4 server in the Linux kernel did not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote attacker could use this flaw to soft-lockup the system and thus cause denial of service. (CVE-2017-8797, Important)
This update also fixes multiple Moderate and Low impact security issues:
* CVE-2015-8839, CVE-2015-8970, CVE-2016-9576, CVE-2016-7042, CVE-2016-7097, CVE-2016-8645, CVE-2016-9576, CVE-2016-9588, CVE-2016-9806, CVE-2016-10088, CVE-2016-10147, CVE-2017-2596, CVE-2017-2671, CVE-2017-5970, CVE-2017-6001, CVE-2017-6951, CVE-2017-7187, CVE-2017-7616, CVE-2017-7889, CVE-2017-8890, CVE-2017-9074, CVE-2017-8890, CVE-2017-9075, CVE-2017-8890, CVE-2017-9076, CVE-2017-8890, CVE-2017-9077, CVE-2017-9242, CVE-2014-7970, CVE-2014-7975, CVE-2016-6213, CVE-2016-9604, CVE-2016-9685
Documentation for these issues is available from the Release Notes document linked from the References section.
Red Hat would like to thank Igor Redko (Virtuozzo) and Andrey Ryabinin (Virtuozzo) for reporting CVE-2017-2647; Igor Redko (Virtuozzo) and Vasily Averin (Virtuozzo) for reporting CVE-2015-8970; Marco Grassi for reporting CVE-2016-8645; and Dmitry Vyukov (Google Inc.) for reporting CVE-2017-2596. The CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat); the CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red Hat) and Jan Kara (SUSE); the CVE-2016-6213 and CVE-2016-9685 issues were discovered by Qian Cai (Red Hat); and the CVE-2016-9604 issue was discovered by David Howells (Red Hat).
Additional Changes:
For detailed information on other changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for kernel-rt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* An use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the system. (CVE-2016-10200, Important)\n\n* A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type-\u003ematch is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges. (CVE-2017-2647, Important)\n\n* It was found that the NFSv4 server in the Linux kernel did not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote attacker could use this flaw to soft-lockup the system and thus cause denial of service. (CVE-2017-8797, Important)\n\nThis update also fixes multiple Moderate and Low impact security issues:\n\n* CVE-2015-8839, CVE-2015-8970, CVE-2016-9576, CVE-2016-7042, CVE-2016-7097, CVE-2016-8645, CVE-2016-9576, CVE-2016-9588, CVE-2016-9806, CVE-2016-10088, CVE-2016-10147, CVE-2017-2596, CVE-2017-2671, CVE-2017-5970, CVE-2017-6001, CVE-2017-6951, CVE-2017-7187, CVE-2017-7616, CVE-2017-7889, CVE-2017-8890, CVE-2017-9074, CVE-2017-8890, CVE-2017-9075, CVE-2017-8890, CVE-2017-9076, CVE-2017-8890, CVE-2017-9077, CVE-2017-9242, CVE-2014-7970, CVE-2014-7975, CVE-2016-6213, CVE-2016-9604, CVE-2016-9685\n\nDocumentation for these issues is available from the Release Notes document linked from the References section.\n\nRed Hat would like to thank Igor Redko (Virtuozzo) and Andrey Ryabinin (Virtuozzo) for reporting CVE-2017-2647; Igor Redko (Virtuozzo) and Vasily Averin (Virtuozzo) for reporting CVE-2015-8970; Marco Grassi for reporting CVE-2016-8645; and Dmitry Vyukov (Google Inc.) for reporting CVE-2017-2596. The CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat); the CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red Hat) and Jan Kara (SUSE); the CVE-2016-6213 and CVE-2016-9685 issues were discovered by Qian Cai (Red Hat); and the CVE-2016-9604 issue was discovered by David Howells (Red Hat).\n\nAdditional Changes:\n\nFor detailed information on other changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2017:2077", "url": "https://access.redhat.com/errata/RHSA-2017:2077" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.4_Release_Notes/index.html", "url": "https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.4_Release_Notes/index.html" }, { "category": "external", "summary": "1151095", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1151095" }, { "category": "external", "summary": "1151108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1151108" }, { "category": "external", "summary": "1323577", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1323577" }, { "category": "external", "summary": "1356471", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1356471" }, { "category": "external", "summary": "1368938", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1368938" }, { "category": "external", "summary": "1373966", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373966" }, { "category": "external", "summary": "1377840", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1377840" }, { "category": "external", "summary": "1378172", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378172" }, { "category": "external", "summary": "1386286", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1386286" }, { "category": "external", "summary": "1389215", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1389215" }, { "category": "external", "summary": "1389433", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1389433" }, { "category": "external", "summary": "1393904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1393904" }, { "category": "external", "summary": "1396941", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396941" }, { "category": "external", "summary": "1400188", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1400188" }, { "category": "external", "summary": "1401502", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1401502" }, { "category": "external", "summary": "1403145", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1403145" }, { "category": "external", "summary": "1404200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404200" }, { "category": "external", "summary": "1404924", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404924" }, { "category": "external", "summary": "1412210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412210" }, { "category": "external", "summary": "1414052", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414052" }, { "category": "external", "summary": "1417812", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1417812" }, { "category": "external", "summary": "1421638", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1421638" }, { "category": "external", "summary": "1421801", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1421801" }, { "category": "external", "summary": "1421810", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1421810" }, { "category": "external", "summary": "1422825", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422825" }, { "category": "external", "summary": "1425780", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1425780" }, { "category": "external", "summary": "1426661", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1426661" }, { "category": "external", "summary": "1427626", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1427626" }, { "category": "external", "summary": "1427647", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1427647" }, { "category": "external", "summary": "1427991", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1427991" }, { "category": "external", "summary": "1428353", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1428353" }, { "category": "external", "summary": "1428890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1428890" }, { "category": "external", "summary": "1428943", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1428943" }, { "category": "external", "summary": "1429610", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429610" }, { "category": "external", "summary": "1429640", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429640" }, { "category": "external", "summary": "1429951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429951" }, { "category": "external", "summary": "1429977", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429977" }, { "category": "external", "summary": "1430023", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1430023" }, { "category": "external", "summary": "1430038", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1430038" }, { "category": "external", "summary": "1430074", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1430074" }, { "category": "external", "summary": "1430347", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1430347" }, { "category": "external", "summary": "1430353", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1430353" }, { "category": "external", "summary": "1430926", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1430926" }, { "category": "external", "summary": "1430946", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1430946" }, { "category": "external", "summary": "1431104", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1431104" }, { "category": "external", "summary": "1432118", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432118" }, { "category": "external", "summary": "1433252", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1433252" }, { "category": "external", "summary": "1434327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1434327" }, { "category": "external", "summary": "1434616", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1434616" }, { "category": "external", "summary": "1436649", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1436649" }, { "category": "external", "summary": "1438512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1438512" }, { "category": "external", "summary": "1441088", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441088" }, { "category": "external", "summary": "1441552", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441552" }, { "category": "external", "summary": "1444493", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1444493" }, { "category": "external", "summary": "1450972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1450972" }, { "category": "external", "summary": "1452240", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452240" }, { "category": "external", "summary": "1452679", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452679" }, { "category": "external", "summary": "1452688", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452688" }, { "category": "external", "summary": "1452691", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452691" }, { "category": "external", "summary": "1452744", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452744" }, { "category": "external", "summary": "1456388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1456388" }, { "category": "external", "summary": "1459056", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459056" }, { "category": "external", "summary": "1466329", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466329" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_2077.json" } ], "title": "Red Hat Security Advisory: kernel-rt security, bug fix, and enhancement update", "tracking": { "current_release_date": "2024-11-14T23:35:55+00:00", "generator": { "date": "2024-11-14T23:35:55+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2017:2077", "initial_release_date": "2017-08-01T14:13:37+00:00", "revision_history": [ { "date": "2017-08-01T14:13:37+00:00", "number": "1", "summary": "Initial version" }, { "date": "2017-08-01T14:13:37+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T23:35:55+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product": { "name": "Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras_rt:7" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux for Real Time (v. 7)", "product": { "name": "Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras_rt:7" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "product": { "name": "kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "product_id": "kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-devel@3.10.0-693.rt56.617.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "product": { "name": "kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "product_id": "kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-trace@3.10.0-693.rt56.617.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "product": { "name": "kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "product_id": "kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt@3.10.0-693.rt56.617.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "product": { "name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "product_id": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@3.10.0-693.rt56.617.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "product": { "name": "kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "product_id": "kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-kvm-debuginfo@3.10.0-693.rt56.617.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "product": { "name": "kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "product_id": "kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug@3.10.0-693.rt56.617.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "product": { "name": "kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "product_id": "kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-trace-kvm@3.10.0-693.rt56.617.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "product": { "name": "kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "product_id": "kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@3.10.0-693.rt56.617.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "product": { "name": "kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "product_id": "kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-kvm@3.10.0-693.rt56.617.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "product": { "name": "kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "product_id": "kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debuginfo@3.10.0-693.rt56.617.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "product": { "name": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "product_id": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-trace-kvm-debuginfo@3.10.0-693.rt56.617.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "product": { "name": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "product_id": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-kvm-debuginfo@3.10.0-693.rt56.617.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "product": { "name": "kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "product_id": "kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-devel@3.10.0-693.rt56.617.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "product": { "name": "kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "product_id": "kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-trace-debuginfo@3.10.0-693.rt56.617.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "product": { "name": "kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "product_id": "kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-trace-devel@3.10.0-693.rt56.617.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "product": { "name": "kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "product_id": "kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-kvm@3.10.0-693.rt56.617.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "kernel-rt-0:3.10.0-693.rt56.617.el7.src", "product": { "name": "kernel-rt-0:3.10.0-693.rt56.617.el7.src", "product_id": "kernel-rt-0:3.10.0-693.rt56.617.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt@3.10.0-693.rt56.617.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "product": { "name": "kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "product_id": "kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-doc@3.10.0-693.rt56.617.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:3.10.0-693.rt56.617.el7.src as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src" }, "product_reference": "kernel-rt-0:3.10.0-693.rt56.617.el7.src", "relates_to_product_reference": "7Server-NFV" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64" }, "product_reference": "kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "relates_to_product_reference": "7Server-NFV" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64" }, "product_reference": "kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "relates_to_product_reference": "7Server-NFV" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" }, "product_reference": "kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "relates_to_product_reference": "7Server-NFV" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64" }, "product_reference": "kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "relates_to_product_reference": "7Server-NFV" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64" }, "product_reference": "kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "relates_to_product_reference": "7Server-NFV" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" }, "product_reference": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "relates_to_product_reference": "7Server-NFV" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" }, "product_reference": "kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "relates_to_product_reference": "7Server-NFV" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64" }, "product_reference": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "relates_to_product_reference": "7Server-NFV" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64" }, "product_reference": "kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "relates_to_product_reference": "7Server-NFV" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch" }, "product_reference": "kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "relates_to_product_reference": "7Server-NFV" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64" }, "product_reference": "kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "relates_to_product_reference": "7Server-NFV" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" }, "product_reference": "kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "relates_to_product_reference": "7Server-NFV" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64" }, "product_reference": "kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "relates_to_product_reference": "7Server-NFV" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" }, "product_reference": "kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "relates_to_product_reference": "7Server-NFV" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64" }, "product_reference": "kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "relates_to_product_reference": "7Server-NFV" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64" }, "product_reference": "kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "relates_to_product_reference": "7Server-NFV" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" }, "product_reference": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "relates_to_product_reference": "7Server-NFV" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:3.10.0-693.rt56.617.el7.src as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src" }, "product_reference": "kernel-rt-0:3.10.0-693.rt56.617.el7.src", "relates_to_product_reference": "7Server-RT" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64" }, "product_reference": "kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "relates_to_product_reference": "7Server-RT" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64" }, "product_reference": "kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "relates_to_product_reference": "7Server-RT" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" }, "product_reference": "kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "relates_to_product_reference": "7Server-RT" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64" }, "product_reference": "kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "relates_to_product_reference": "7Server-RT" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64" }, "product_reference": "kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "relates_to_product_reference": "7Server-RT" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" }, "product_reference": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "relates_to_product_reference": "7Server-RT" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" }, "product_reference": "kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "relates_to_product_reference": "7Server-RT" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64" }, "product_reference": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "relates_to_product_reference": "7Server-RT" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64" }, "product_reference": "kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "relates_to_product_reference": "7Server-RT" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch" }, "product_reference": "kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "relates_to_product_reference": "7Server-RT" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64" }, "product_reference": "kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "relates_to_product_reference": "7Server-RT" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" }, "product_reference": "kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "relates_to_product_reference": "7Server-RT" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64" }, "product_reference": "kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "relates_to_product_reference": "7Server-RT" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" }, "product_reference": "kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "relates_to_product_reference": "7Server-RT" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64" }, "product_reference": "kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "relates_to_product_reference": "7Server-RT" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64" }, "product_reference": "kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "relates_to_product_reference": "7Server-RT" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" }, "product_reference": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "relates_to_product_reference": "7Server-RT" } ] }, "vulnerabilities": [ { "cve": "CVE-2014-7970", "discovery_date": "2014-10-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1151095" } ], "notes": [ { "category": "description", "text": "The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call.", "title": "Vulnerability description" }, { "category": "summary", "text": "Kernel: fs: VFS denial of service", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-7970" }, { "category": "external", "summary": "RHBZ#1151095", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1151095" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-7970", "url": "https://www.cve.org/CVERecord?id=CVE-2014-7970" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-7970", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7970" } ], "release_date": "2014-10-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-01T14:13:37+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2077" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 1.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:H/Au:S/C:N/I:N/A:P", "version": "2.0" }, "products": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Kernel: fs: VFS denial of service" }, { "cve": "CVE-2014-7975", "discovery_date": "2014-10-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1151108" } ], "notes": [ { "category": "description", "text": "The do_umount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAP_SYS_ADMIN capability for do_remount_sb calls that change the root filesystem to read-only, which allows local users to cause a denial of service (loss of writability) by making certain unshare system calls, clearing the / MNT_LOCKED flag, and making an MNT_FORCE umount system call.", "title": "Vulnerability description" }, { "category": "summary", "text": "Kernel: fs: umount denial of service", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-7975" }, { "category": "external", "summary": "RHBZ#1151108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1151108" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-7975", "url": "https://www.cve.org/CVERecord?id=CVE-2014-7975" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-7975", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7975" } ], "release_date": "2014-10-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-01T14:13:37+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2077" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Kernel: fs: umount denial of service" }, { "cve": "CVE-2015-8839", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)" }, "discovery_date": "2016-04-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1323577" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel when attempting to \"punch a hole\" in files existing on an ext4 filesystem. When punching holes into a file races with the page fault of the same area, it is possible that freed blocks remain referenced from page cache pages mapped to process\u0027 address space.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: ext4 filesystem page fault race condition with fallocate call.", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5 and 6.\n\nThis issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 7 and MRG-2 kernels.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-8839" }, { "category": "external", "summary": "RHBZ#1323577", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1323577" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-8839", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8839" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-8839", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8839" } ], "release_date": "2016-03-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-01T14:13:37+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2077" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.7, "confidentialityImpact": "NONE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:N", "version": "2.0" }, "products": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: ext4 filesystem page fault race condition with fallocate call." }, { "acknowledgments": [ { "names": [ "Igor Redko", "Vasily Averin" ], "organization": "Virtuozzo" } ], "cve": "CVE-2015-8970", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2016-10-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1386286" } ], "notes": [ { "category": "description", "text": "The lrw_crypt() function in \u0027crypto/lrw.c\u0027 in the Linux kernel before 4.5 allows local users to cause a system crash and a denial of service by the NULL pointer dereference via accept(2) system call for AF_ALG socket without calling setkey() first to set a cipher key.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: crypto: GPF in lrw_crypt caused by null-deref", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code with the flaw is not present in the products listed.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-8970" }, { "category": "external", "summary": "RHBZ#1386286", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1386286" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-8970", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8970" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-8970", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8970" } ], "release_date": "2015-12-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-01T14:13:37+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2077" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: crypto: GPF in lrw_crypt caused by null-deref" }, { "acknowledgments": [ { "names": [ "Qian Cai" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2016-6213", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2016-07-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1356471" } ], "notes": [ { "category": "description", "text": "It was found that in Linux kernel the mount table expands by a power-of-two with each bind mount command. If a system is configured to allow non-privileged user to do bind mounts, or allows to do so in a container or unprivileged mount namespace, then non-privileged user is able to cause a local DoS by overflowing the mount table, which causes a deadlock for the whole system.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Overflowing kernel mount table using shared bind mount", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and MRG-2 as of now due to the absence of unprivileged mount name spaces support.\n\nNevertheless, the unprivileged mount name spaces might be added to a future RHEL-7 version as a supported feature, so future Linux kernel updates for the respective releases might address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-6213" }, { "category": "external", "summary": "RHBZ#1356471", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1356471" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-6213", "url": "https://www.cve.org/CVERecord?id=CVE-2016-6213" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6213", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6213" } ], "release_date": "2016-07-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-01T14:13:37+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2077" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:C", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: Overflowing kernel mount table using shared bind mount" }, { "acknowledgments": [ { "names": [ "Ondrej Kozina" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2016-7042", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "discovery_date": "2016-09-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1373966" } ], "notes": [ { "category": "description", "text": "It was found that when the gcc stack protector was enabled, reading the /proc/keys file could cause a panic in the Linux kernel due to stack corruption. This happened because an incorrect buffer size was used to hold a 64-bit timeout value rendered as weeks.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Stack corruption while reading /proc/keys when gcc stack protector is enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-7042" }, { "category": "external", "summary": "RHBZ#1373966", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373966" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-7042", "url": "https://www.cve.org/CVERecord?id=CVE-2016-7042" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-7042", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7042" } ], "release_date": "2016-10-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-01T14:13:37+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2077" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: Stack corruption while reading /proc/keys when gcc stack protector is enabled" }, { "acknowledgments": [ { "names": [ "Andreas Gruenbacher" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." }, { "names": [ "Jan Kara" ], "organization": "SUSE" } ], "cve": "CVE-2016-7097", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2016-08-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1368938" } ], "notes": [ { "category": "description", "text": "It was found that when file permissions were modified via chmod and the user modifying them was not in the owning group or capable of CAP_FSETID, the setgid bit would be cleared. Setting a POSIX ACL via setxattr sets the file permissions as well as the new ACL, but doesn\u0027t clear the setgid bit in a similar way. This could allow a local user to gain group privileges via certain setgid applications.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Setting a POSIX ACL via setxattr doesn\u0027t clear the setgid bit", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-7097" }, { "category": "external", "summary": "RHBZ#1368938", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1368938" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-7097", "url": "https://www.cve.org/CVERecord?id=CVE-2016-7097" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-7097", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7097" } ], "release_date": "2016-05-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-01T14:13:37+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2077" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: Setting a POSIX ACL via setxattr doesn\u0027t clear the setgid bit" }, { "acknowledgments": [ { "names": [ "Marco Grassi" ] } ], "cve": "CVE-2016-8645", "cwe": { "id": "CWE-617", "name": "Reachable Assertion" }, "discovery_date": "2016-11-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1393904" } ], "notes": [ { "category": "description", "text": "It was discovered that the Linux kernel since 3.6-rc1 with \u0027net.ipv4.tcp_fastopen\u0027 set to 1 can hit BUG() statement in tcp_collapse() function after making a number of certain syscalls leading to a possible system crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: a BUG() statement can be hit in net/ipv4/tcp_input.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code which can trigger the flaw is not present in the products listed.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-8645" }, { "category": "external", "summary": "RHBZ#1393904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1393904" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-8645", "url": "https://www.cve.org/CVERecord?id=CVE-2016-8645" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8645", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8645" } ], "release_date": "2016-11-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-01T14:13:37+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2077" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: a BUG() statement can be hit in net/ipv4/tcp_input.c" }, { "cve": "CVE-2016-9576", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2016-12-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1403145" } ], "notes": [ { "category": "description", "text": "It was found that the blk_rq_map_user_iov() function in the Linux kernel\u0027s block device implementation did not properly restrict the type of iterator, which could allow a local attacker to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging write access to a /dev/sg device.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Use after free in SCSI generic device interface", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code which can trigger the flaw is not present in the products listed.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-9576" }, { "category": "external", "summary": "RHBZ#1403145", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1403145" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-9576", "url": "https://www.cve.org/CVERecord?id=CVE-2016-9576" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-9576", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9576" } ], "release_date": "2016-11-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-01T14:13:37+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2077" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: Use after free in SCSI generic device interface" }, { "cve": "CVE-2016-9588", "cwe": { "id": "CWE-248", "name": "Uncaught Exception" }, "discovery_date": "2016-12-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1404924" } ], "notes": [ { "category": "description", "text": "Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature enabled(nested=1), is vulnerable to an uncaught exception issue. It could occur if an L2 guest was to throw an exception which is not handled by an L1 guest.", "title": "Vulnerability description" }, { "category": "summary", "text": "Kernel: kvm: nVMX: uncaught software exceptions in L1 guest leads to DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-9588" }, { "category": "external", "summary": "RHBZ#1404924", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404924" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-9588", "url": "https://www.cve.org/CVERecord?id=CVE-2016-9588" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-9588", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9588" } ], "release_date": "2016-12-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-01T14:13:37+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2077" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Kernel: kvm: nVMX: uncaught software exceptions in L1 guest leads to DoS" }, { "acknowledgments": [ { "names": [ "David Howells" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2016-9604", "cwe": { "id": "CWE-732", "name": "Incorrect Permission Assignment for Critical Resource" }, "discovery_date": "2016-10-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1389433" } ], "notes": [ { "category": "description", "text": "It was discovered that root can gain direct access to an internal keyring, such as \u0027.dns_resolver\u0027 in RHEL-7 or \u0027.builtin_trusted_keys\u0027 upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: security: The built-in keyrings for security tokens can be joined as a session and then modified by the root user", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code with the flaw is not present in this product.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-9604" }, { "category": "external", "summary": "RHBZ#1389433", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1389433" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-9604", "url": "https://www.cve.org/CVERecord?id=CVE-2016-9604" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-9604", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9604" } ], "release_date": "2017-04-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-01T14:13:37+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2077" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.2, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: security: The built-in keyrings for security tokens can be joined as a session and then modified by the root user" }, { "acknowledgments": [ { "names": [ "Qian Cai" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2016-9685", "cwe": { "id": "CWE-772", "name": "Missing Release of Resource after Effective Lifetime" }, "discovery_date": "2016-11-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1396941" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel\u0027s implementation of XFS file attributes. Two memory leaks were detected in xfs_attr_shortform_list and xfs_attr3_leaf_list_int when running a docker container backed by xfs/overlay2. A dedicated attacker could possible exhaust all memory and create a denial of service situation.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Memory leaks in xfs_attr_list.c error paths", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6 and 7. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-9685" }, { "category": "external", "summary": "RHBZ#1396941", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396941" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-9685", "url": "https://www.cve.org/CVERecord?id=CVE-2016-9685" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-9685", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9685" } ], "release_date": "2016-12-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-01T14:13:37+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2077" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.0" }, "products": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: Memory leaks in xfs_attr_list.c error paths" }, { "cve": "CVE-2016-9806", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2016-12-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1401502" } ], "notes": [ { "category": "description", "text": "A double free vulnerability was found in netlink_dump, which could cause a denial of service or possibly other unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: netlink: double-free in netlink_dump", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code with the flaw is not present in the products listed.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-9806" }, { "category": "external", "summary": "RHBZ#1401502", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1401502" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-9806", "url": "https://www.cve.org/CVERecord?id=CVE-2016-9806" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-9806", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9806" } ], "release_date": "2016-05-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-01T14:13:37+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2077" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: netlink: double-free in netlink_dump" }, { "cve": "CVE-2016-10088", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2016-12-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1412210" } ], "notes": [ { "category": "description", "text": "It was found that the fix for CVE-2016-9576 was incomplete: the Linux kernel\u0027s sg implementation did not properly restrict write operations in situations where the KERNEL_DS option is set. A local attacker to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging write access to a /dev/sg device.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Use after free in SCSI generic device interface (CVE-2016-9576 regression)", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code which can trigger the flaw is not present in the products listed.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-10088" }, { "category": "external", "summary": "RHBZ#1412210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412210" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-10088", "url": "https://www.cve.org/CVERecord?id=CVE-2016-10088" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-10088", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10088" } ], "release_date": "2017-01-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-01T14:13:37+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2077" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: Use after free in SCSI generic device interface (CVE-2016-9576 regression)" }, { "cve": "CVE-2016-10147", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2016-12-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1404200" } ], "notes": [ { "category": "description", "text": "Algorithms not compatible with mcryptd could be spawned by mcryptd with a direct crypto_alloc_tfm invocation using a \"mcryptd(alg)\" name construct. This causes mcryptd to crash the kernel if an arbitrary \"alg\" is incompatible and not intended to be used with mcryptd.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Kernel crash by spawning mcrypt(alg) with incompatible algorithm", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG-2 as the flaw is not present in the products listed.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-10147" }, { "category": "external", "summary": "RHBZ#1404200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404200" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-10147", "url": "https://www.cve.org/CVERecord?id=CVE-2016-10147" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-10147", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10147" } ], "release_date": "2016-12-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-01T14:13:37+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2077" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: Kernel crash by spawning mcrypt(alg) with incompatible algorithm" }, { "cve": "CVE-2016-10200", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)" }, "discovery_date": "2017-03-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1430347" } ], "notes": [ { "category": "description", "text": "A use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: l2tp: Race condition in the L2TPv3 IP encapsulation feature", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6 as the code with the flaw is not present in the products listed.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases may address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-10200" }, { "category": "external", "summary": "RHBZ#1430347", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1430347" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-10200", "url": "https://www.cve.org/CVERecord?id=CVE-2016-10200" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-10200", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10200" } ], "release_date": "2016-11-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-01T14:13:37+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2077" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "kernel: l2tp: Race condition in the L2TPv3 IP encapsulation feature" }, { "cve": "CVE-2016-10741", "cwe": { "id": "CWE-369", "name": "Divide By Zero" }, "discovery_date": "2016-02-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1671869" } ], "notes": [ { "category": "description", "text": "It was found that the Linux kernel can hit a BUG_ON() statement in the __xfs_get_blocks() in the fs/xfs/xfs_aops.c because of a race condition between direct and memory-mapped I/O associated with a hole in a file that is handled with BUG_ON() instead of an I/O failure. This allows a local unprivileged attacker to cause a system crash and a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: race condition between direct and memory-mapped I/O in fs/xfs/xfs_aops.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-10741" }, { "category": "external", "summary": "RHBZ#1671869", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671869" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-10741", "url": "https://www.cve.org/CVERecord?id=CVE-2016-10741" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-10741", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10741" } ], "release_date": "2016-11-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-01T14:13:37+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2077" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: race condition between direct and memory-mapped I/O in fs/xfs/xfs_aops.c" }, { "cve": "CVE-2017-2584", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2017-01-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1413001" } ], "notes": [ { "category": "description", "text": "arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt.", "title": "Vulnerability description" }, { "category": "summary", "text": "Kernel: kvm: use after free in complete_emulated_mmio", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.\n\nThis issue affects the version of Linux kernel as shipped with\nRed Hat Enterprise Linux 7.\n\nThis has been rated as having Low security impact and is not currently\nplanned to be addressed in future updates. For additional information, refer\nto the Red Hat Enterprise Linux Life Cycle:\nhttps://access.redhat.com/support/policy/updates/errata/", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2584" }, { "category": "external", "summary": "RHBZ#1413001", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413001" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2584", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2584" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2584", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2584" } ], "release_date": "2017-01-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-01T14:13:37+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2077" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:H/Au:S/C:P/I:P/A:C", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H", "version": "3.0" }, "products": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Kernel: kvm: use after free in complete_emulated_mmio" }, { "acknowledgments": [ { "names": [ "Dmitry Vyukov" ], "organization": "Google Inc." } ], "cve": "CVE-2017-2596", "cwe": { "id": "CWE-772", "name": "Missing Release of Resource after Effective Lifetime" }, "discovery_date": "2017-01-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1417812" } ], "notes": [ { "category": "description", "text": "Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature enabled(nested=1), is vulnerable to host memory leakage issue. It could occur while emulating VMXON instruction in \u0027handle_vmon\u0027. An L1 guest user could use this flaw to leak host memory potentially resulting in DoS.", "title": "Vulnerability description" }, { "category": "summary", "text": "Kernel: kvm: page reference leakage in handle_vmon", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2596" }, { "category": "external", "summary": "RHBZ#1417812", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1417812" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2596", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2596" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2596", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2596" } ], "release_date": "2017-01-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-01T14:13:37+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2077" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:H/Au:S/C:N/I:N/A:C", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" }, "products": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Kernel: kvm: page reference leakage in handle_vmon" }, { "acknowledgments": [ { "names": [ "Andrey Ryabinin", "Igor Redko" ], "organization": "Virtuozzo" } ], "cve": "CVE-2017-2647", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2017-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1428353" } ], "notes": [ { "category": "description", "text": "A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type-\u003ematch is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Null pointer dereference in search_keyring", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code which can trigger the flaw is not present in the products listed.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2647" }, { "category": "external", "summary": "RHBZ#1428353", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1428353" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2647", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2647" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2647", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2647" } ], "release_date": "2017-03-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-01T14:13:37+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2077" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "kernel: Null pointer dereference in search_keyring" }, { "cve": "CVE-2017-2671", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)" }, "discovery_date": "2017-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1436649" } ], "notes": [ { "category": "description", "text": "A race condition leading to a NULL pointer dereference was found in the Linux kernel\u0027s Link Layer Control implementation. A local attacker with access to ping sockets could use this flaw to crash the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: ping socket / AF_LLC connect() sin_family race", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code with the flaw is not present in the products listed.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases may address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2671" }, { "category": "external", "summary": "RHBZ#1436649", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1436649" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2671", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2671" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2671", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2671" } ], "release_date": "2017-03-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-01T14:13:37+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2077" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: ping socket / AF_LLC connect() sin_family race" }, { "cve": "CVE-2017-5551", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2017-01-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1416126" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the Linux kernel in \u0027tmpfs\u0027 file system. When file permissions are modified via \u0027chmod\u0027 and the user is not in the owning group or capable of CAP_FSETID, the setgid bit is cleared in inode_change_ok(). Setting a POSIX ACL via \u0027setxattr\u0027 sets the file permissions as well as the new ACL, but doesn\u0027t clear the setgid bit in a similar way; this allows to bypass the check in \u0027chmod\u0027.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: S_ISGD is not cleared when setting posix ACLs in tmpfs (CVE-2016-7097 incomplete fix)", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.\n\nThis flaw was fixed in the Red Hat products as a part of the CVE-2016-7097 fix.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-5551" }, { "category": "external", "summary": "RHBZ#1416126", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416126" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-5551", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5551" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5551", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5551" } ], "release_date": "2017-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-01T14:13:37+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2077" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: S_ISGD is not cleared when setting posix ACLs in tmpfs (CVE-2016-7097 incomplete fix)" }, { "cve": "CVE-2017-5970", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2017-02-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1421638" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the Linux kernel where having malicious IP options present would cause the ipv4_pktinfo_prepare() function to drop/free the dst. This could result in a system crash or possible privilege escalation.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: ipv4: Invalid IP options could cause skb-\u003edst drop", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code which can trigger the flaw is not present in the products listed.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-5970" }, { "category": "external", "summary": "RHBZ#1421638", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1421638" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-5970", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5970" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5970", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5970" } ], "release_date": "2017-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-01T14:13:37+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2077" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: ipv4: Invalid IP options could cause skb-\u003edst drop" }, { "cve": "CVE-2017-6001", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)" }, "discovery_date": "2017-02-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1422825" } ], "notes": [ { "category": "description", "text": "It was found that the original fix for CVE-2016-6786 was incomplete. There exist a race between two concurrent sys_perf_event_open() calls when both try and move the same pre-existing software group into a hardware context.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Race condition between multiple sys_perf_event_open() calls", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the perf subsystem where the flaw was found is not present in this product.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-6001" }, { "category": "external", "summary": "RHBZ#1422825", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422825" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-6001", "url": "https://www.cve.org/CVERecord?id=CVE-2017-6001" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-6001", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6001" } ], "release_date": "2017-01-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-01T14:13:37+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2077" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: Race condition between multiple sys_perf_event_open() calls" }, { "cve": "CVE-2017-6951", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2017-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1433252" } ], "notes": [ { "category": "description", "text": "The keyring_search_aux function in security/keys/keyring.c in the Linux kernel allows local users to cause a denial of service via a request_key system call for the \"dead\" key type.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: NULL pointer dereference in keyring_search_aux function", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2.\n\nFuture Linux kernel updates for the respective releases may address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-6951" }, { "category": "external", "summary": "RHBZ#1433252", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1433252" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-6951", "url": "https://www.cve.org/CVERecord?id=CVE-2017-6951" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-6951", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6951" } ], "release_date": "2017-03-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-01T14:13:37+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2077" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: NULL pointer dereference in keyring_search_aux function" }, { "cve": "CVE-2017-7187", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "discovery_date": "2017-03-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1434327" } ], "notes": [ { "category": "description", "text": "The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impacts via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: scsi: Stack-based buffer overflow in sg_ioctl function", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, as the change that introduced the flaw is not present in the code of these products. \n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases may address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-7187" }, { "category": "external", "summary": "RHBZ#1434327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1434327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-7187", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7187" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7187", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7187" } ], "release_date": "2017-03-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-01T14:13:37+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2077" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: scsi: Stack-based buffer overflow in sg_ioctl function" }, { "acknowledgments": [ { "names": [ "Takeshi Nishimura" ], "organization": "NEC" } ], "cve": "CVE-2017-7495", "cwe": { "id": "CWE-665", "name": "Improper Initialization" }, "discovery_date": "2017-01-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1450261" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the Linux kernel where filesystems mounted with data=ordered mode may allow an attacker to read stale data from recently allocated blocks in new files after a system \u0027reset\u0027 by abusing ext4 mechanics of delayed allocation.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: ext4: power failure during write(2) causes on-disk information leak", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases may address this issue.\nfs", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-7495" }, { "category": "external", "summary": "RHBZ#1450261", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1450261" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-7495", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7495" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7495", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7495" }, { "category": "external", "summary": "http://seclists.org/oss-sec/2017/q2/259", "url": "http://seclists.org/oss-sec/2017/q2/259" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=06bd3c36a733ac27962fea7d6f47168841376824", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=06bd3c36a733ac27962fea7d6f47168841376824" } ], "release_date": "2017-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-01T14:13:37+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2077" }, { "category": "workaround", "details": "Alternative filesystems may be used in place of ext4 in case of sensitive data leak. Alternatively, don\u0027t hard reset the system.", "product_ids": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: ext4: power failure during write(2) causes on-disk information leak" }, { "cve": "CVE-2017-7616", "cwe": { "id": "CWE-390", "name": "Detection of Error Condition Without Action" }, "discovery_date": "2017-04-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1441088" } ], "notes": [ { "category": "description", "text": "Incorrect error handling in the set_mempolicy() and mbind() compat syscalls in \u0027mm/mempolicy.c\u0027 in the Linux kernel allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 on ppc64 and ppc64le platforms. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6 and 7 on ppc64 and ppc64le platforms. Future Linux kernel updates for the respective releases might address this issue.\n\nOnly ppc64 and ppc64le hardware platforms are vulnerable. The Linux kernel packages for other platforms which Red Hat ships (i386, x86_64, s390x) are not vulnerable to this security flaw.\n\nThis issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux MRG-2 as this product is shipped for x86_64 hardware platform only.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-7616" }, { "category": "external", "summary": "RHBZ#1441088", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441088" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-7616", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7616" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7616", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7616" } ], "release_date": "2017-04-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-01T14:13:37+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2077" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c" }, { "cve": "CVE-2017-7889", "cwe": { "id": "CWE-391", "name": "Unchecked Error Condition" }, "discovery_date": "2017-04-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1444493" } ], "notes": [ { "category": "description", "text": "The mm subsystem in the Linux kernel through 4.10.10 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This is not currently planned to be addressed in future updates of the product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of the Linux kernel as shipped with\nRed Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel\nupdates for Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 may\naddress this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-7889" }, { "category": "external", "summary": "RHBZ#1444493", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1444493" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-7889", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7889" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7889", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7889" } ], "release_date": "2017-04-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-01T14:13:37+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2077" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism" }, { "cve": "CVE-2017-8797", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2017-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1466329" } ], "notes": [ { "category": "description", "text": "It was found that the NFSv4 server in the Linux kernel did not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote attacker could use this flaw to soft-lockup the system and thus cause denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: NFSv4 server does not properly validate layout type when processing NFSv4 pNFS LAYOUTGET operand", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 as the code with the flaw is not present in the products listed.\n\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates for these products may address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-8797" }, { "category": "external", "summary": "RHBZ#1466329", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466329" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-8797", "url": "https://www.cve.org/CVERecord?id=CVE-2017-8797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-8797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8797" } ], "release_date": "2017-06-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-01T14:13:37+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2077" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" }, "products": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "kernel: NFSv4 server does not properly validate layout type when processing NFSv4 pNFS LAYOUTGET operand" }, { "cve": "CVE-2017-8890", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2017-05-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1450972" } ], "notes": [ { "category": "description", "text": "The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Double free in the inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of this product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 may address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-8890" }, { "category": "external", "summary": "RHBZ#1450972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1450972" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-8890", "url": "https://www.cve.org/CVERecord?id=CVE-2017-8890" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-8890", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8890" } ], "release_date": "2017-05-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-01T14:13:37+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2077" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0" }, "products": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: Double free in the inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c" }, { "cve": "CVE-2017-9074", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2017-05-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1452679" } ], "notes": [ { "category": "description", "text": "The IPv6 fragmentation implementation in the Linux kernel does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: net: IPv6 fragmentation implementation of nexthdr field may be associated with an invalid option", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of this product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 may address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-9074" }, { "category": "external", "summary": "RHBZ#1452679", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452679" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-9074", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9074" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9074", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9074" } ], "release_date": "2017-05-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-01T14:13:37+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2077" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: net: IPv6 fragmentation implementation of nexthdr field may be associated with an invalid option" }, { "cve": "CVE-2017-9075", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2017-05-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1452691" } ], "notes": [ { "category": "description", "text": "The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: net: sctp_v6_create_accept_sk function mishandles inheritance", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of this product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 may address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-9075" }, { "category": "external", "summary": "RHBZ#1452691", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452691" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-9075", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9075" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9075", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9075" } ], "release_date": "2017-05-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-01T14:13:37+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2077" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0" }, "products": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: net: sctp_v6_create_accept_sk function mishandles inheritance" }, { "cve": "CVE-2017-9076", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2017-05-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1452688" } ], "notes": [ { "category": "description", "text": "The IPv6 DCCP implementation in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: net: IPv6 DCCP implementation mishandles inheritance", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of this product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 may address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-9076" }, { "category": "external", "summary": "RHBZ#1452688", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452688" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-9076", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9076" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9076", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9076" } ], "release_date": "2017-05-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-01T14:13:37+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2077" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0" }, "products": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: net: IPv6 DCCP implementation mishandles inheritance" }, { "cve": "CVE-2017-9077", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2017-05-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1452744" } ], "notes": [ { "category": "description", "text": "The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: net: tcp_v6_syn_recv_sock function mishandles inheritance", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of this product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 may address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-9077" }, { "category": "external", "summary": "RHBZ#1452744", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452744" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-9077", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9077" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9077", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9077" } ], "release_date": "2017-05-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-01T14:13:37+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2077" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0" }, "products": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: net: tcp_v6_syn_recv_sock function mishandles inheritance" }, { "cve": "CVE-2017-9242", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2017-05-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1456388" } ], "notes": [ { "category": "description", "text": "The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Incorrect overwrite check in __ip6_append_data()", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-9242" }, { "category": "external", "summary": "RHBZ#1456388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1456388" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-9242", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9242" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9242", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9242" } ], "release_date": "2017-05-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-01T14:13:37+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2077" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-NFV:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-NFV:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-NFV:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.src", "7Server-RT:kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch", "7Server-RT:kernel-rt-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7.x86_64", "7Server-RT:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: Incorrect overwrite check in __ip6_append_data()" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.