rhsa-2015_2411
Vulnerability from csaf_redhat
Published
2015-11-19 06:24
Modified
2024-11-05 19:06
Summary
Red Hat Security Advisory: kernel-rt security, bug fix, and enhancement update
Notes
Topic
Updated kernel-rt packages that fix multiple security issues, several bugs,
and add various enhancements are now available for Red Hat Enterprise
Linux 7.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details
The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.
* A flaw was found in the way the Linux kernel's file system implementation
handled rename operations in which the source was inside and the
destination was outside of a bind mount. A privileged user inside a
container could use this flaw to escape the bind mount and, potentially,
escalate their privileges on the system. (CVE-2015-2925, Important)
* A race condition flaw was found in the way the Linux kernel's IPC
subsystem initialized certain fields in an IPC object structure that were
later used for permission checking before inserting the object into a
globally visible list. A local, unprivileged user could potentially use
this flaw to elevate their privileges on the system. (CVE-2015-7613,
Important)
* It was found that the Linux kernel memory resource controller's (memcg)
handling of OOM (out of memory) conditions could lead to deadlocks.
An attacker able to continuously spawn new processes within a single
memory-constrained cgroup during an OOM event could use this flaw to lock
up the system. (CVE-2014-8171, Moderate)
* A race condition flaw was found between the chown and execve system
calls. When changing the owner of a setuid user binary to root, the race
condition could momentarily make the binary setuid root. A local,
unprivileged user could potentially use this flaw to escalate their
privileges on the system. (CVE-2015-3339, Moderate)
* A flaw was discovered in the way the Linux kernel's TTY subsystem handled
the tty shutdown phase. A local, unprivileged user could use this flaw to
cause a denial of service on the system by holding a reference to the ldisc
lock during tty shutdown, causing a deadlock. (CVE-2015-4170, Moderate)
* A NULL pointer dereference flaw was found in the SCTP implementation.
A local user could use this flaw to cause a denial of service on the system
by triggering a kernel panic when creating multiple sockets in parallel
while the system did not have the SCTP module loaded. (CVE-2015-5283,
Moderate)
* A flaw was found in the way the Linux kernel's Crypto subsystem handled
automatic loading of kernel modules. A local user could use this flaw to
load any installed kernel module, and thus increase the attack surface of
the running kernel. (CVE-2013-7421, CVE-2014-9644, Low)
* An information leak flaw was found in the way the Linux kernel changed
certain segment registers and thread-local storage (TLS) during a context
switch. A local, unprivileged user could use this flaw to leak the user
space TLS base address of an arbitrary process. (CVE-2014-9419, Low)
* A flaw was found in the way the Linux kernel handled the securelevel
functionality after performing a kexec operation. A local attacker could
use this flaw to bypass the security mechanism of the
securelevel/secureboot combination. (CVE-2015-7837, Low)
Red Hat would like to thank Linn Crosetto of HP for reporting the
CVE-2015-7837 issue. The CVE-2015-5283 issue was discovered by Ji Jianwen
from Red Hat engineering.
The kernel-rt packages have been upgraded to version 3.10.0-326.rt56.204,
which provides a number of bug fixes and enhancements. (BZ#1201915,
BZ#1211724)
This update also fixes several bugs and adds multiple enhancements.
Refer to the following Red Hat Knowledgebase article for information on the
most significant of these changes:
https://access.redhat.com/articles/2055783
All kernel-rt users are advised to upgrade to these updated packages, which
correct these issues and add these enhancements. The system must be
rebooted for this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated kernel-rt packages that fix multiple security issues, several bugs,\nand add various enhancements are now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "The kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel\u0027s file system implementation\nhandled rename operations in which the source was inside and the\ndestination was outside of a bind mount. A privileged user inside a\ncontainer could use this flaw to escape the bind mount and, potentially,\nescalate their privileges on the system. (CVE-2015-2925, Important)\n\n* A race condition flaw was found in the way the Linux kernel\u0027s IPC\nsubsystem initialized certain fields in an IPC object structure that were\nlater used for permission checking before inserting the object into a\nglobally visible list. A local, unprivileged user could potentially use\nthis flaw to elevate their privileges on the system. (CVE-2015-7613,\nImportant)\n\n* It was found that the Linux kernel memory resource controller\u0027s (memcg)\nhandling of OOM (out of memory) conditions could lead to deadlocks.\nAn attacker able to continuously spawn new processes within a single\nmemory-constrained cgroup during an OOM event could use this flaw to lock\nup the system. (CVE-2014-8171, Moderate)\n\n* A race condition flaw was found between the chown and execve system\ncalls. When changing the owner of a setuid user binary to root, the race\ncondition could momentarily make the binary setuid root. A local,\nunprivileged user could potentially use this flaw to escalate their\nprivileges on the system. (CVE-2015-3339, Moderate)\n\n* A flaw was discovered in the way the Linux kernel\u0027s TTY subsystem handled\nthe tty shutdown phase. A local, unprivileged user could use this flaw to\ncause a denial of service on the system by holding a reference to the ldisc\nlock during tty shutdown, causing a deadlock. (CVE-2015-4170, Moderate)\n\n* A NULL pointer dereference flaw was found in the SCTP implementation.\nA local user could use this flaw to cause a denial of service on the system\nby triggering a kernel panic when creating multiple sockets in parallel\nwhile the system did not have the SCTP module loaded. (CVE-2015-5283,\nModerate)\n\n* A flaw was found in the way the Linux kernel\u0027s Crypto subsystem handled\nautomatic loading of kernel modules. A local user could use this flaw to\nload any installed kernel module, and thus increase the attack surface of\nthe running kernel. (CVE-2013-7421, CVE-2014-9644, Low)\n\n* An information leak flaw was found in the way the Linux kernel changed\ncertain segment registers and thread-local storage (TLS) during a context\nswitch. A local, unprivileged user could use this flaw to leak the user\nspace TLS base address of an arbitrary process. (CVE-2014-9419, Low)\n\n* A flaw was found in the way the Linux kernel handled the securelevel\nfunctionality after performing a kexec operation. A local attacker could\nuse this flaw to bypass the security mechanism of the\nsecurelevel/secureboot combination. (CVE-2015-7837, Low)\n\nRed Hat would like to thank Linn Crosetto of HP for reporting the\nCVE-2015-7837 issue. The CVE-2015-5283 issue was discovered by Ji Jianwen\nfrom Red Hat engineering.\n\nThe kernel-rt packages have been upgraded to version 3.10.0-326.rt56.204,\nwhich provides a number of bug fixes and enhancements. (BZ#1201915,\nBZ#1211724)\n\nThis update also fixes several bugs and adds multiple enhancements.\nRefer to the following Red Hat Knowledgebase article for information on the\nmost significant of these changes:\n\nhttps://access.redhat.com/articles/2055783\n\nAll kernel-rt users are advised to upgrade to these updated packages, which\ncorrect these issues and add these enhancements. The system must be\nrebooted for this update to take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2015:2411", "url": "https://access.redhat.com/errata/RHSA-2015:2411" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/articles/2055783", "url": "https://access.redhat.com/articles/2055783" }, { "category": "external", "summary": "1177260", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1177260" }, { "category": "external", "summary": "1185469", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185469" }, { "category": "external", "summary": "1190546", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1190546" }, { "category": "external", "summary": "1198109", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198109" }, { "category": "external", "summary": "1209190", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1209190" }, { "category": "external", "summary": "1209367", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1209367" }, { "category": "external", "summary": "1211724", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211724" }, { "category": "external", "summary": "1214030", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1214030" }, { "category": "external", "summary": "1218879", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1218879" }, { "category": "external", "summary": "1230391", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1230391" }, { "category": "external", "summary": "1230395", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1230395" }, { "category": "external", "summary": "1257528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257528" }, { "category": "external", "summary": "1265251", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1265251" }, { "category": "external", "summary": "1268270", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1268270" }, { "category": "external", "summary": "1272472", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1272472" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_2411.json" } ], "title": "Red Hat Security Advisory: kernel-rt security, bug fix, and enhancement update", "tracking": { "current_release_date": "2024-11-05T19:06:35+00:00", "generator": { "date": "2024-11-05T19:06:35+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2015:2411", "initial_release_date": "2015-11-19T06:24:06+00:00", "revision_history": [ { "date": "2015-11-19T06:24:06+00:00", "number": "1", "summary": "Initial version" }, { "date": "2015-11-19T06:24:06+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T19:06:35+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux for Real Time (v. 7)", "product": { "name": "Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras_rt:7" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "kernel-rt-0:3.10.0-327.rt56.204.el7.x86_64", "product": { "name": "kernel-rt-0:3.10.0-327.rt56.204.el7.x86_64", "product_id": "kernel-rt-0:3.10.0-327.rt56.204.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt@3.10.0-327.rt56.204.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-devel-0:3.10.0-327.rt56.204.el7.x86_64", "product": { "name": "kernel-rt-devel-0:3.10.0-327.rt56.204.el7.x86_64", "product_id": "kernel-rt-devel-0:3.10.0-327.rt56.204.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-devel@3.10.0-327.rt56.204.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-trace-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "product": { "name": "kernel-rt-trace-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "product_id": "kernel-rt-trace-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-trace-debuginfo@3.10.0-327.rt56.204.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "product": { "name": "kernel-rt-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "product_id": "kernel-rt-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debuginfo@3.10.0-327.rt56.204.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "product": { "name": "kernel-rt-debug-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "product_id": "kernel-rt-debug-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@3.10.0-327.rt56.204.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.rt56.204.el7.x86_64", "product": { "name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.rt56.204.el7.x86_64", "product_id": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.rt56.204.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@3.10.0-327.rt56.204.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-0:3.10.0-327.rt56.204.el7.x86_64", "product": { "name": "kernel-rt-debug-0:3.10.0-327.rt56.204.el7.x86_64", "product_id": "kernel-rt-debug-0:3.10.0-327.rt56.204.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug@3.10.0-327.rt56.204.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-devel-0:3.10.0-327.rt56.204.el7.x86_64", "product": { "name": "kernel-rt-debug-devel-0:3.10.0-327.rt56.204.el7.x86_64", "product_id": "kernel-rt-debug-devel-0:3.10.0-327.rt56.204.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-devel@3.10.0-327.rt56.204.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-trace-devel-0:3.10.0-327.rt56.204.el7.x86_64", "product": { "name": "kernel-rt-trace-devel-0:3.10.0-327.rt56.204.el7.x86_64", "product_id": "kernel-rt-trace-devel-0:3.10.0-327.rt56.204.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-trace-devel@3.10.0-327.rt56.204.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-trace-0:3.10.0-327.rt56.204.el7.x86_64", "product": { "name": "kernel-rt-trace-0:3.10.0-327.rt56.204.el7.x86_64", "product_id": "kernel-rt-trace-0:3.10.0-327.rt56.204.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-trace@3.10.0-327.rt56.204.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "kernel-rt-doc-0:3.10.0-327.rt56.204.el7.noarch", "product": { "name": "kernel-rt-doc-0:3.10.0-327.rt56.204.el7.noarch", "product_id": "kernel-rt-doc-0:3.10.0-327.rt56.204.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-doc@3.10.0-327.rt56.204.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "kernel-rt-0:3.10.0-327.rt56.204.el7.src", "product": { "name": "kernel-rt-0:3.10.0-327.rt56.204.el7.src", "product_id": "kernel-rt-0:3.10.0-327.rt56.204.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt@3.10.0-327.rt56.204.el7?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:3.10.0-327.rt56.204.el7.src as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.src" }, "product_reference": "kernel-rt-0:3.10.0-327.rt56.204.el7.src", "relates_to_product_reference": "7Server-RT" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:3.10.0-327.rt56.204.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.x86_64" }, "product_reference": "kernel-rt-0:3.10.0-327.rt56.204.el7.x86_64", "relates_to_product_reference": "7Server-RT" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-0:3.10.0-327.rt56.204.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT:kernel-rt-debug-0:3.10.0-327.rt56.204.el7.x86_64" }, "product_reference": "kernel-rt-debug-0:3.10.0-327.rt56.204.el7.x86_64", "relates_to_product_reference": "7Server-RT" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64" }, "product_reference": "kernel-rt-debug-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "relates_to_product_reference": "7Server-RT" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-devel-0:3.10.0-327.rt56.204.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT:kernel-rt-debug-devel-0:3.10.0-327.rt56.204.el7.x86_64" }, "product_reference": "kernel-rt-debug-devel-0:3.10.0-327.rt56.204.el7.x86_64", "relates_to_product_reference": "7Server-RT" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT:kernel-rt-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64" }, "product_reference": "kernel-rt-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "relates_to_product_reference": "7Server-RT" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.rt56.204.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.rt56.204.el7.x86_64" }, "product_reference": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.rt56.204.el7.x86_64", "relates_to_product_reference": "7Server-RT" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-devel-0:3.10.0-327.rt56.204.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT:kernel-rt-devel-0:3.10.0-327.rt56.204.el7.x86_64" }, "product_reference": "kernel-rt-devel-0:3.10.0-327.rt56.204.el7.x86_64", "relates_to_product_reference": "7Server-RT" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-doc-0:3.10.0-327.rt56.204.el7.noarch as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT:kernel-rt-doc-0:3.10.0-327.rt56.204.el7.noarch" }, "product_reference": "kernel-rt-doc-0:3.10.0-327.rt56.204.el7.noarch", "relates_to_product_reference": "7Server-RT" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-trace-0:3.10.0-327.rt56.204.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT:kernel-rt-trace-0:3.10.0-327.rt56.204.el7.x86_64" }, "product_reference": "kernel-rt-trace-0:3.10.0-327.rt56.204.el7.x86_64", "relates_to_product_reference": "7Server-RT" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-trace-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64" }, "product_reference": "kernel-rt-trace-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "relates_to_product_reference": "7Server-RT" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-trace-devel-0:3.10.0-327.rt56.204.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT:kernel-rt-trace-devel-0:3.10.0-327.rt56.204.el7.x86_64" }, "product_reference": "kernel-rt-trace-devel-0:3.10.0-327.rt56.204.el7.x86_64", "relates_to_product_reference": "7Server-RT" } ] }, "vulnerabilities": [ { "cve": "CVE-2013-7421", "cwe": { "id": "CWE-749", "name": "Exposed Dangerous Method or Function" }, "discovery_date": "2015-01-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1185469" } ], "notes": [ { "category": "description", "text": "A flaw was found in the way the Linux kernel\u0027s Crypto subsystem handled automatic loading of kernel modules. A local user could use this flaw to load any installed kernel module, and thus increase the attack surface of the running kernel.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: crypto api unprivileged arbitrary module load via request_module()", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect the versions of the kernel as shipped\nwith Red Hat Enterprise Linux 4, 5, and 6.\n\nThis issue affects the versions of the Linux as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.src", "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-327.rt56.204.el7.noarch", "7Server-RT:kernel-rt-trace-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-327.rt56.204.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-7421" }, { "category": "external", "summary": "RHBZ#1185469", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185469" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-7421", "url": "https://www.cve.org/CVERecord?id=CVE-2013-7421" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-7421", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7421" } ], "release_date": "2013-03-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-11-19T06:24:06+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.src", "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-327.rt56.204.el7.noarch", "7Server-RT:kernel-rt-trace-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-327.rt56.204.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:2411" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.src", "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-327.rt56.204.el7.noarch", "7Server-RT:kernel-rt-trace-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-327.rt56.204.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: crypto api unprivileged arbitrary module load via request_module()" }, { "cve": "CVE-2014-8171", "cwe": { "id": "CWE-833", "name": "Deadlock" }, "discovery_date": "2014-11-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1198109" } ], "notes": [ { "category": "description", "text": "It was found that the Linux kernel memory resource controller\u0027s (memcg) handling of OOM (out of memory) conditions could lead to deadlocks. An attacker able to continuously spawn new processes within a single memory-constrained cgroup during an OOM event could use this flaw to lock up the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: memcg: OOM handling DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the Linux kernel versions as shipped with Red Hat Enterprise Linux 5. This issue does affect the Linux kernel versions as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future updates may address this issue in the respective releases.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.src", "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-327.rt56.204.el7.noarch", "7Server-RT:kernel-rt-trace-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-327.rt56.204.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-8171" }, { "category": "external", "summary": "RHBZ#1198109", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198109" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-8171", "url": "https://www.cve.org/CVERecord?id=CVE-2014-8171" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-8171", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8171" } ], "release_date": "2015-04-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-11-19T06:24:06+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.src", "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-327.rt56.204.el7.noarch", "7Server-RT:kernel-rt-trace-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-327.rt56.204.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:2411" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 5.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0" }, "products": [ "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.src", "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-327.rt56.204.el7.noarch", "7Server-RT:kernel-rt-trace-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-327.rt56.204.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: memcg: OOM handling DoS" }, { "cve": "CVE-2014-9419", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2014-12-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1177260" } ], "notes": [ { "category": "description", "text": "An information leak flaw was found in the way the Linux kernel changed certain segment registers and thread-local storage (TLS) during a context switch. A local, unprivileged user could use this flaw to leak the user space TLS base address of an arbitrary process.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: partial ASLR bypass through TLS base addresses leak", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 7 may address this issue.\n\nThis issue has been rated as having Low security impact and is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.src", "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-327.rt56.204.el7.noarch", "7Server-RT:kernel-rt-trace-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-327.rt56.204.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-9419" }, { "category": "external", "summary": "RHBZ#1177260", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1177260" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-9419", "url": "https://www.cve.org/CVERecord?id=CVE-2014-9419" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-9419", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9419" } ], "release_date": "2014-12-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-11-19T06:24:06+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.src", "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-327.rt56.204.el7.noarch", "7Server-RT:kernel-rt-trace-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-327.rt56.204.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:2411" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.src", "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-327.rt56.204.el7.noarch", "7Server-RT:kernel-rt-trace-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-327.rt56.204.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: partial ASLR bypass through TLS base addresses leak" }, { "cve": "CVE-2014-9644", "cwe": { "id": "CWE-749", "name": "Exposed Dangerous Method or Function" }, "discovery_date": "2015-01-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1190546" } ], "notes": [ { "category": "description", "text": "A flaw was found in the way the Linux kernel\u0027s Crypto subsystem handled automatic loading of kernel modules. A local user could use this flaw to load any installed kernel module, and thus increase the attack surface of the running kernel.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: crypto api unprivileged arbitrary module load via request_module()", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect the versions of the kernel as shipped\nwith Red Hat Enterprise Linux 4, 5, and 6.\n\nThis issue affects the versions of the Linux as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.src", "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-327.rt56.204.el7.noarch", "7Server-RT:kernel-rt-trace-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-327.rt56.204.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-9644" }, { "category": "external", "summary": "RHBZ#1190546", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1190546" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-9644", "url": "https://www.cve.org/CVERecord?id=CVE-2014-9644" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-9644", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9644" } ], "release_date": "2013-03-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-11-19T06:24:06+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.src", "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-327.rt56.204.el7.noarch", "7Server-RT:kernel-rt-trace-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-327.rt56.204.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:2411" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.src", "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-327.rt56.204.el7.noarch", "7Server-RT:kernel-rt-trace-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-327.rt56.204.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: crypto api unprivileged arbitrary module load via request_module()" }, { "cve": "CVE-2015-2925", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2015-04-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1209367" } ], "notes": [ { "category": "description", "text": "A flaw was found in the way the Linux kernel\u0027s file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a container could use this flaw to escape the bind mount and, potentially, escalate their privileges on the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "Kernel: vfs: Do not allow escaping from bind mounts", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5.\n\nThis issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 6 and 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases may address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.src", "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-327.rt56.204.el7.noarch", "7Server-RT:kernel-rt-trace-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-327.rt56.204.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-2925" }, { "category": "external", "summary": "RHBZ#1209367", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1209367" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-2925", "url": "https://www.cve.org/CVERecord?id=CVE-2015-2925" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-2925", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2925" } ], "release_date": "2015-04-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-11-19T06:24:06+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.src", "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-327.rt56.204.el7.noarch", "7Server-RT:kernel-rt-trace-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-327.rt56.204.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:2411" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C", "version": "2.0" }, "products": [ "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.src", "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-327.rt56.204.el7.noarch", "7Server-RT:kernel-rt-trace-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-327.rt56.204.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Kernel: vfs: Do not allow escaping from bind mounts" }, { "cve": "CVE-2015-3339", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)" }, "discovery_date": "2015-04-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1214030" } ], "notes": [ { "category": "description", "text": "A race condition flaw was found between the chown and execve system calls. When changing the owner of a setuid user binary to root, the race condition could momentarily make the binary setuid root. A local, unprivileged user could potentially use this flaw to escalate their privileges on the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: race condition between chown() and execve()", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 7 and MRG-2. This issue is not currently planned to be addressed in future Red Hat Enterprise Linux 5 kernel updates. Future Linux kernel updates for other releases may address this issue.\n\nFor additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.src", "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-327.rt56.204.el7.noarch", "7Server-RT:kernel-rt-trace-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-327.rt56.204.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-3339" }, { "category": "external", "summary": "RHBZ#1214030", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1214030" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-3339", "url": "https://www.cve.org/CVERecord?id=CVE-2015-3339" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-3339", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3339" } ], "release_date": "2015-04-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-11-19T06:24:06+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.src", "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-327.rt56.204.el7.noarch", "7Server-RT:kernel-rt-trace-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-327.rt56.204.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:2411" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" }, "products": [ "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.src", "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-327.rt56.204.el7.noarch", "7Server-RT:kernel-rt-trace-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-327.rt56.204.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: race condition between chown() and execve()" }, { "cve": "CVE-2015-4170", "cwe": { "id": "CWE-667", "name": "Improper Locking" }, "discovery_date": "2015-01-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1218879" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in the way the Linux kernel\u0027s TTY subsystem handled the tty shutdown phase. A local, unprivileged user could use this flaw to cause denial of service on the system by holding a reference to the ldisc lock during tty shutdown, causing a deadlock.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: pty layer race condition on tty ldisc shutdown.", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5, 6.\n\nThis issue affects the Linux kernel packages kernel as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.src", "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-327.rt56.204.el7.noarch", "7Server-RT:kernel-rt-trace-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-327.rt56.204.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-4170" }, { "category": "external", "summary": "RHBZ#1218879", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1218879" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-4170", "url": "https://www.cve.org/CVERecord?id=CVE-2015-4170" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-4170", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4170" } ], "release_date": "2015-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-11-19T06:24:06+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.src", "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-327.rt56.204.el7.noarch", "7Server-RT:kernel-rt-trace-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-327.rt56.204.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:2411" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0" }, "products": [ "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.src", "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-327.rt56.204.el7.noarch", "7Server-RT:kernel-rt-trace-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-327.rt56.204.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: pty layer race condition on tty ldisc shutdown." }, { "acknowledgments": [ { "names": [ "Ji Jianwen" ], "organization": "Red Hat engineering", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2015-5283", "cwe": { "id": "CWE-665", "name": "Improper Initialization" }, "discovery_date": "2015-08-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1257528" } ], "notes": [ { "category": "description", "text": "A NULL pointer dereference flaw was found in the SCTP implementation. A local user could use this flaw to cause a denial of service on the system by triggering a kernel panic when creating multiple sockets in parallel while the system did not have the SCTP module loaded.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Creating multiple sockets when SCTP module isn\u0027t loaded leads to kernel panic", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 5, 6 and 7. Due to the limited security impact the issue is currently not planned to be addressed in Red Hat Enterprise Linux 5 and 6.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.src", "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-327.rt56.204.el7.noarch", "7Server-RT:kernel-rt-trace-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-327.rt56.204.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-5283" }, { "category": "external", "summary": "RHBZ#1257528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257528" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-5283", "url": "https://www.cve.org/CVERecord?id=CVE-2015-5283" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5283", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5283" } ], "release_date": "2015-09-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-11-19T06:24:06+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.src", "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-327.rt56.204.el7.noarch", "7Server-RT:kernel-rt-trace-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-327.rt56.204.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:2411" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0" }, "products": [ "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.src", "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-327.rt56.204.el7.noarch", "7Server-RT:kernel-rt-trace-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-327.rt56.204.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: Creating multiple sockets when SCTP module isn\u0027t loaded leads to kernel panic" }, { "cve": "CVE-2015-7613", "cwe": { "id": "CWE-732", "name": "Incorrect Permission Assignment for Critical Resource" }, "discovery_date": "2015-10-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1268270" } ], "notes": [ { "category": "description", "text": "A race condition flaw was found in the way the Linux kernel\u0027s IPC subsystem initialized certain fields in an IPC object structure that were later used for permission checking before inserting the object into a globally visible list. A local, unprivileged user could potentially use this flaw to elevate their privileges on the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Unauthorized access to IPC objects with SysV shm", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5.\n\nThis issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat MRG 2 kernels. Future kernel updates for the respective releases may address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.src", "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-327.rt56.204.el7.noarch", "7Server-RT:kernel-rt-trace-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-327.rt56.204.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-7613" }, { "category": "external", "summary": "RHBZ#1268270", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1268270" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-7613", "url": "https://www.cve.org/CVERecord?id=CVE-2015-7613" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7613", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7613" } ], "release_date": "2015-10-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-11-19T06:24:06+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.src", "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-327.rt56.204.el7.noarch", "7Server-RT:kernel-rt-trace-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-327.rt56.204.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:2411" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" }, "products": [ "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.src", "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-327.rt56.204.el7.noarch", "7Server-RT:kernel-rt-trace-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-327.rt56.204.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "kernel: Unauthorized access to IPC objects with SysV shm" }, { "acknowledgments": [ { "names": [ "Linn Crosetto" ], "organization": "HP" } ], "cve": "CVE-2015-7837", "cwe": { "id": "CWE-456", "name": "Missing Initialization of a Variable" }, "discovery_date": "2015-07-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1272472" } ], "notes": [ { "category": "description", "text": "A flaw was found in the way the Linux kernel handled the securelevel functionality after performing a kexec operation. A local attacker could use this flaw to bypass the security mechanism of the securelevel/secureboot combination.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: securelevel disabled after kexec", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5 and 6.\n\nThis issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 7, kernel-rt and MRG-2.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.src", "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-327.rt56.204.el7.noarch", "7Server-RT:kernel-rt-trace-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-327.rt56.204.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-7837" }, { "category": "external", "summary": "RHBZ#1272472", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1272472" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-7837", "url": "https://www.cve.org/CVERecord?id=CVE-2015-7837" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7837", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7837" } ], "release_date": "2015-10-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-11-19T06:24:06+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.src", "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-327.rt56.204.el7.noarch", "7Server-RT:kernel-rt-trace-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-327.rt56.204.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:2411" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.src", "7Server-RT:kernel-rt-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debug-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-devel-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-doc-0:3.10.0-327.rt56.204.el7.noarch", "7Server-RT:kernel-rt-trace-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-debuginfo-0:3.10.0-327.rt56.204.el7.x86_64", "7Server-RT:kernel-rt-trace-devel-0:3.10.0-327.rt56.204.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: securelevel disabled after kexec" } ] }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.