rhsa-2017_1616
Vulnerability from csaf_redhat
Published
2017-06-28 16:57
Modified
2024-09-13 16:48
Summary
Red Hat Security Advisory: kernel-rt security and bug fix update
Notes
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult. (CVE-2017-1000364, Important)
* A flaw was found in the way Linux kernel allocates heap memory to build the scattergather list from a fragment list(skb_shinfo(skb)->frag_list) in the socket buffer(skb_buff). The heap overflow occurred if 'MAX_SKB_FRAGS + 1' parameter and 'NETIF_F_FRAGLIST' feature are both used together. A remote user or process could use this flaw to potentially escalate their privilege on a system. (CVE-2017-7477, Important)
* The NFS2/3 RPC client could send long arguments to the NFS server. These encoded arguments are stored in an array of memory pages, and accessed using pointer variables. Arbitrarily long arguments could make these pointers point outside the array and cause an out-of-bounds memory access. A remote user or program could use this flaw to crash the kernel, resulting in denial of service. (CVE-2017-7645, Important)
* The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important)
* Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was vulnerable to an incorrect segment selector(SS) value error. The error could occur while loading values into the SS register in long mode. A user or process inside a guest could use this flaw to crash the guest, resulting in DoS or potentially escalate their privileges inside the guest. (CVE-2017-2583, Moderate)
* A flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality could allow a remote attacker to force the kernel to enter a condition in which it could loop indefinitely. (CVE-2017-6214, Moderate)
Red Hat would like to thank Qualys Research Labs for reporting CVE-2017-1000364; Ari Kauppi for reporting CVE-2017-7895; and Xiaohan Zhang (Huawei Inc.) for reporting CVE-2017-2583.
Bug Fix(es):
* The kernel-rt packages have been upgraded to the 3.10.0-514.25.2 source tree, which provides a number of bug fixes over the previous version. (BZ#1452742)
* Previously, a local lock acquisition around the ip_send_unicast_reply() function was incorrectly terminated. Consequently, a list corruption occurred that led to a kernel panic. This update adds locking functions around calls to ip_send_unicast_reply(). As a result, neither list corruption nor kernel panic occur under the described circumstances. (BZ#1455239)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for kernel-rt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult. (CVE-2017-1000364, Important)\n\n* A flaw was found in the way Linux kernel allocates heap memory to build the scattergather list from a fragment list(skb_shinfo(skb)-\u003efrag_list) in the socket buffer(skb_buff). The heap overflow occurred if \u0027MAX_SKB_FRAGS + 1\u0027 parameter and \u0027NETIF_F_FRAGLIST\u0027 feature are both used together. A remote user or process could use this flaw to potentially escalate their privilege on a system. (CVE-2017-7477, Important)\n\n* The NFS2/3 RPC client could send long arguments to the NFS server. These encoded arguments are stored in an array of memory pages, and accessed using pointer variables. Arbitrarily long arguments could make these pointers point outside the array and cause an out-of-bounds memory access. A remote user or program could use this flaw to crash the kernel, resulting in denial of service. (CVE-2017-7645, Important)\n\n* The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important)\n\n* Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was vulnerable to an incorrect segment selector(SS) value error. The error could occur while loading values into the SS register in long mode. A user or process inside a guest could use this flaw to crash the guest, resulting in DoS or potentially escalate their privileges inside the guest. (CVE-2017-2583, Moderate)\n\n* A flaw was found in the Linux kernel\u0027s handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality could allow a remote attacker to force the kernel to enter a condition in which it could loop indefinitely. (CVE-2017-6214, Moderate)\n\nRed Hat would like to thank Qualys Research Labs for reporting CVE-2017-1000364; Ari Kauppi for reporting CVE-2017-7895; and Xiaohan Zhang (Huawei Inc.) for reporting CVE-2017-2583.\n\nBug Fix(es):\n\n* The kernel-rt packages have been upgraded to the 3.10.0-514.25.2 source tree, which provides a number of bug fixes over the previous version. (BZ#1452742)\n\n* Previously, a local lock acquisition around the ip_send_unicast_reply() function was incorrectly terminated. Consequently, a list corruption occurred that led to a kernel panic. This update adds locking functions around calls to ip_send_unicast_reply(). As a result, neither list corruption nor kernel panic occur under the described circumstances. (BZ#1455239)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:1616",
"url": "https://access.redhat.com/errata/RHSA-2017:1616"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1414735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414735"
},
{
"category": "external",
"summary": "1426542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1426542"
},
{
"category": "external",
"summary": "1443615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443615"
},
{
"category": "external",
"summary": "1445207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445207"
},
{
"category": "external",
"summary": "1446103",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1446103"
},
{
"category": "external",
"summary": "1452742",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452742"
},
{
"category": "external",
"summary": "1455239",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1455239"
},
{
"category": "external",
"summary": "1461333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461333"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2017/rhsa-2017_1616.json"
}
],
"title": "Red Hat Security Advisory: kernel-rt security and bug fix update",
"tracking": {
"current_release_date": "2024-09-13T16:48:37+00:00",
"generator": {
"date": "2024-09-13T16:48:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2017:1616",
"initial_release_date": "2017-06-28T16:57:58+00:00",
"revision_history": [
{
"date": "2017-06-28T16:57:58+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-06-28T16:57:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-13T16:48:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.3.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras_rt:7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Realtime (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Realtime (v. 7)",
"product_id": "7Server-RT-7.3.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras_rt:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product": {
"name": "kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product_id": "kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@3.10.0-514.26.1.rt56.442.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product": {
"name": "kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product_id": "kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-trace-debuginfo@3.10.0-514.26.1.rt56.442.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product": {
"name": "kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product_id": "kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-kvm-debuginfo@3.10.0-514.26.1.rt56.442.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product": {
"name": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product_id": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-trace-kvm-debuginfo@3.10.0-514.26.1.rt56.442.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product": {
"name": "kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product_id": "kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@3.10.0-514.26.1.rt56.442.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product": {
"name": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product_id": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-kvm-debuginfo@3.10.0-514.26.1.rt56.442.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product": {
"name": "kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product_id": "kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-kvm@3.10.0-514.26.1.rt56.442.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product": {
"name": "kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product_id": "kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug@3.10.0-514.26.1.rt56.442.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product": {
"name": "kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product_id": "kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-kvm@3.10.0-514.26.1.rt56.442.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product": {
"name": "kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product_id": "kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-trace-kvm@3.10.0-514.26.1.rt56.442.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product": {
"name": "kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product_id": "kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-devel@3.10.0-514.26.1.rt56.442.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product": {
"name": "kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product_id": "kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-devel@3.10.0-514.26.1.rt56.442.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product": {
"name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product_id": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@3.10.0-514.26.1.rt56.442.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product": {
"name": "kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product_id": "kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo@3.10.0-514.26.1.rt56.442.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product": {
"name": "kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product_id": "kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-trace-devel@3.10.0-514.26.1.rt56.442.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product": {
"name": "kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product_id": "kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-trace@3.10.0-514.26.1.rt56.442.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"product": {
"name": "kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"product_id": "kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@3.10.0-514.26.1.rt56.442.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"product": {
"name": "kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"product_id": "kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-doc@3.10.0-514.26.1.rt56.442.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src"
},
"product_reference": "kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"relates_to_product_reference": "7Server-NFV-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
},
"product_reference": "kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
},
"product_reference": "kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
},
"product_reference": "kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
},
"product_reference": "kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
},
"product_reference": "kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
},
"product_reference": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
},
"product_reference": "kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
},
"product_reference": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
},
"product_reference": "kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch"
},
"product_reference": "kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"relates_to_product_reference": "7Server-NFV-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
},
"product_reference": "kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
},
"product_reference": "kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
},
"product_reference": "kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
},
"product_reference": "kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
},
"product_reference": "kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
},
"product_reference": "kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
},
"product_reference": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src as a component of Red Hat Enterprise Linux Realtime (v. 7)",
"product_id": "7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src"
},
"product_reference": "kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"relates_to_product_reference": "7Server-RT-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)",
"product_id": "7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
},
"product_reference": "kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)",
"product_id": "7Server-RT-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
},
"product_reference": "kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)",
"product_id": "7Server-RT-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
},
"product_reference": "kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)",
"product_id": "7Server-RT-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
},
"product_reference": "kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)",
"product_id": "7Server-RT-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
},
"product_reference": "kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)",
"product_id": "7Server-RT-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
},
"product_reference": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)",
"product_id": "7Server-RT-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
},
"product_reference": "kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)",
"product_id": "7Server-RT-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
},
"product_reference": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)",
"product_id": "7Server-RT-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
},
"product_reference": "kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch as a component of Red Hat Enterprise Linux Realtime (v. 7)",
"product_id": "7Server-RT-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch"
},
"product_reference": "kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"relates_to_product_reference": "7Server-RT-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)",
"product_id": "7Server-RT-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
},
"product_reference": "kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)",
"product_id": "7Server-RT-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
},
"product_reference": "kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)",
"product_id": "7Server-RT-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
},
"product_reference": "kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)",
"product_id": "7Server-RT-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
},
"product_reference": "kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)",
"product_id": "7Server-RT-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
},
"product_reference": "kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)",
"product_id": "7Server-RT-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
},
"product_reference": "kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)",
"product_id": "7Server-RT-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
},
"product_reference": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.3.Z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Xiaohan Zhang"
],
"organization": "Huawei Inc."
}
],
"cve": "CVE-2017-2583",
"cwe": {
"id": "CWE-250",
"name": "Execution with Unnecessary Privileges"
},
"discovery_date": "2017-01-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1414735"
}
],
"notes": [
{
"category": "description",
"text": "Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was vulnerable to an incorrect segment selector(SS) value error. The error could occur while loading values into the SS register in long mode. A user or process inside a guest could use this flaw to crash the guest, resulting in DoS or potentially escalate their privileges inside the guest.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Kernel: Kvm: vmx/svm potential privilege escalation inside guest",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.\n\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7. Future kernel updates for Red Hat Enterprise Linux 7\nmay address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-NFV-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-RT-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-2583"
},
{
"category": "external",
"summary": "RHBZ#1414735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-2583",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2583"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2583",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2583"
}
],
"release_date": "2017-01-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-NFV-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-RT-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1616"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-NFV-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-RT-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Kernel: Kvm: vmx/svm potential privilege escalation inside guest"
},
{
"cve": "CVE-2017-6214",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2017-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1426542"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel\u0027s handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality could allow a remote attacker to force the kernel to enter a condition in which it could loop indefinitely.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: ipv4/tcp: Infinite loop in tcp_splice_read()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code with the flaw is not present in the products listed.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-NFV-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-RT-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-6214"
},
{
"category": "external",
"summary": "RHBZ#1426542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1426542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-6214",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6214"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-6214",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6214"
}
],
"release_date": "2017-02-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-NFV-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-RT-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1616"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-NFV-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-RT-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: ipv4/tcp: Infinite loop in tcp_splice_read()"
},
{
"cve": "CVE-2017-7477",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2017-04-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1445207"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way Linux kernel allocates heap memory to build the scattergather list from a fragment list(skb_shinfo(skb)-\u003efrag_list) in the socket buffer(skb_buff). The heap overflow occurred if \u0027MAX_SKB_FRAGS + 1\u0027 parameter and \u0027NETIF_F_FRAGLIST\u0027 feature are both used together. A remote user or process could use this flaw to potentially escalate their privilege on a system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: net: Heap overflow in skb_to_sgvec in macsec.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 starting with the version kernel-3.10.0-514.el7, that is with Red Hat Enterprise Linux 7.3 GA. Prior Red Hat Enterprise Linux 7 kernel versions are not affected.\n\nIn order to exploit this issue, the system needs to be manually configured by privileged user. The default Red Hat Enterprise Linux 7 configuration is not vulnerable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-NFV-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-RT-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-7477"
},
{
"category": "external",
"summary": "RHBZ#1445207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445207"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-7477",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7477"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7477",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7477"
}
],
"release_date": "2017-04-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-NFV-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-RT-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1616"
},
{
"category": "workaround",
"details": "Red Hat recommends blacklisting the kernel module to prevent its use. This will prevent accidental version loading by administration and also mitigate the flaw if a kernel with the affected module is booted.\n\nAs the macsec module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:\nRaw\n\n # echo \"install macsec /bin/true\" \u003e\u003e /etc/modprobe.d/disable-macsec.conf \n\nIf macsec functionality is in use as a functional part of the system a kernel upgrade is required.",
"product_ids": [
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-NFV-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-RT-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-NFV-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-RT-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: net: Heap overflow in skb_to_sgvec in macsec.c"
},
{
"cve": "CVE-2017-7645",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2017-04-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1443615"
}
],
"notes": [
{
"category": "description",
"text": "The NFS2/3 RPC client could send long arguments to the NFS server. These encoded arguments are stored in an array of memory pages, and accessed using pointer variables. Arbitrarily long arguments could make these pointers point outside the array and cause an out-of-bounds memory access. A remote user or program could use this flaw to crash the kernel, resulting in denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: nfsd: Incorrect handling of long RPC replies",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of the Linux kernel as shipped with\nRed Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel\nupdates for Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 may\naddress this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-NFV-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-RT-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-7645"
},
{
"category": "external",
"summary": "RHBZ#1443615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443615"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-7645",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7645"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7645",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7645"
}
],
"release_date": "2017-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-NFV-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-RT-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1616"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-NFV-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-RT-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: nfsd: Incorrect handling of long RPC replies"
},
{
"acknowledgments": [
{
"names": [
"Ari Kauppi"
]
}
],
"cve": "CVE-2017-7895",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2017-04-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1446103"
}
],
"notes": [
{
"category": "description",
"text": "The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: NFSv3 server does not properly handle payload bounds checking of WRITE requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2 may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-NFV-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-RT-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-7895"
},
{
"category": "external",
"summary": "RHBZ#1446103",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1446103"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-7895",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7895"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7895",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7895"
}
],
"release_date": "2017-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-NFV-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-RT-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1616"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-NFV-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-RT-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: NFSv3 server does not properly handle payload bounds checking of WRITE requests"
},
{
"acknowledgments": [
{
"names": [
"Qualys Research Labs"
]
}
],
"cve": "CVE-2017-1000364",
"discovery_date": "2017-05-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1461333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: heap/stack gap jumping via unbounded stack allocations",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a kernel-side mitigation. For a related glibc mitigation please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-1000366 .",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-NFV-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-RT-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-1000364"
},
{
"category": "external",
"summary": "RHBZ#1461333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-1000364",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000364"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000364",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000364"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/stackguard",
"url": "https://access.redhat.com/security/vulnerabilities/stackguard"
},
{
"category": "external",
"summary": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt",
"url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"
}
],
"release_date": "2017-06-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-NFV-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-RT-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1616"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-NFV-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-RT-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: heap/stack gap jumping via unbounded stack allocations"
},
{
"acknowledgments": [
{
"names": [
"Qualys Inc"
]
}
],
"cve": "CVE-2017-1000379",
"discovery_date": "2017-05-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1462165"
}
],
"notes": [
{
"category": "description",
"text": "The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Incorrectly mapped contents of PIE executable",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue was part of the stack guard fixes that was fixed along side the CVE-2017-1000364 flaw. This issue has previously affected Red Hat Enterprise Linux 5,6,7 and MRG-2. This issue is currently fixed in most versions of shipping products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-NFV-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-RT-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-1000379"
},
{
"category": "external",
"summary": "RHBZ#1462165",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462165"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-1000379",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000379"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000379",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000379"
},
{
"category": "external",
"summary": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt",
"url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"
}
],
"release_date": "2017-06-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-NFV-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-RT-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1616"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-NFV-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-NFV-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-NFV-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.src",
"7Server-RT-7.3.Z:kernel-rt-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7.noarch",
"7Server-RT-7.3.Z:kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7.x86_64",
"7Server-RT-7.3.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "kernel: Incorrectly mapped contents of PIE executable"
}
]
}
Loading...