rhsa-2017_2669
Vulnerability from csaf_redhat
Published
2017-09-06 20:36
Modified
2024-11-05 20:11
Summary
Red Hat Security Advisory: kernel-rt security and bug fix update
Notes
Topic
An update for kernel-rt is now available for Red Hat Enterprise MRG 2.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab's free list pointer can be corrupted with attacker-controlled data, which may lead to the privilege escalation. (CVE-2017-7533, Important)
* It was found that the NFSv4 server in the Linux kernel did not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote attacker could use this flaw to soft-lockup the system and thus cause denial of service. (CVE-2017-8797, Important)
This update also fixes multiple Moderate and Low impact security issues:
CVE-2017-8797 CVE-2015-8839 CVE-2016-9576 CVE-2016-7042 CVE-2016-7097 CVE-2016-8645 CVE-2016-9576 CVE-2016-9806 CVE-2016-10088 CVE-2017-2671 CVE-2017-5970 CVE-2017-6001 CVE-2017-6951 CVE-2017-7187 CVE-2017-7889 CVE-2017-8890 CVE-2017-9074 CVE-2017-8890 CVE-2017-9075 CVE-2017-8890 CVE-2017-9076 CVE-2017-8890 CVE-2017-9077 CVE-2016-9604 CVE-2016-9685
Documentation for these issues are available from the Technical Notes document linked to in the References section.
Red Hat would like to thank Leilei Lin (Alibaba Group), Fan Wu (The University of Hong Kong), and Shixiong Zhao (The University of Hong Kong) for reporting CVE-2017-7533 and Marco Grassi for reporting CVE-2016-8645. The CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat); the CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red Hat) and Jan Kara (SUSE); the CVE-2016-9604 issue was discovered by David Howells (Red Hat); and the CVE-2016-9685 issue was discovered by Qian Cai (Red Hat).
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for kernel-rt is now available for Red Hat Enterprise MRG 2.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab\u0027s free list pointer can be corrupted with attacker-controlled data, which may lead to the privilege escalation. (CVE-2017-7533, Important)\n\n* It was found that the NFSv4 server in the Linux kernel did not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote attacker could use this flaw to soft-lockup the system and thus cause denial of service. (CVE-2017-8797, Important)\n\nThis update also fixes multiple Moderate and Low impact security issues:\n\nCVE-2017-8797 CVE-2015-8839 CVE-2016-9576 CVE-2016-7042 CVE-2016-7097 CVE-2016-8645 CVE-2016-9576 CVE-2016-9806 CVE-2016-10088 CVE-2017-2671 CVE-2017-5970 CVE-2017-6001 CVE-2017-6951 CVE-2017-7187 CVE-2017-7889 CVE-2017-8890 CVE-2017-9074 CVE-2017-8890 CVE-2017-9075 CVE-2017-8890 CVE-2017-9076 CVE-2017-8890 CVE-2017-9077 CVE-2016-9604 CVE-2016-9685\n\nDocumentation for these issues are available from the Technical Notes document linked to in the References section.\n\nRed Hat would like to thank Leilei Lin (Alibaba Group), Fan Wu (The University of Hong Kong), and Shixiong Zhao (The University of Hong Kong) for reporting CVE-2017-7533 and Marco Grassi for reporting CVE-2016-8645. The CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat); the CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red Hat) and Jan Kara (SUSE); the CVE-2016-9604 issue was discovered by David Howells (Red Hat); and the CVE-2016-9685 issue was discovered by Qian Cai (Red Hat).", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2017:2669", "url": "https://access.redhat.com/errata/RHSA-2017:2669" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/articles/3173821", "url": "https://access.redhat.com/articles/3173821" }, { "category": "external", "summary": "1323577", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1323577" }, { "category": "external", "summary": "1368938", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1368938" }, { "category": "external", "summary": "1373966", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373966" }, { "category": "external", "summary": "1389433", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1389433" }, { "category": "external", "summary": "1393904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1393904" }, { "category": "external", "summary": "1396941", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396941" }, { "category": "external", "summary": "1401502", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1401502" }, { "category": "external", "summary": "1403145", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1403145" }, { "category": "external", "summary": "1412210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412210" }, { "category": "external", "summary": "1421638", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1421638" }, { "category": "external", "summary": "1422825", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422825" }, { "category": "external", "summary": "1433252", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1433252" }, { "category": "external", "summary": "1434327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1434327" }, { "category": "external", "summary": "1436649", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1436649" }, { "category": "external", "summary": "1444493", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1444493" }, { "category": "external", "summary": "1450972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1450972" }, { "category": "external", "summary": "1452679", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452679" }, { "category": "external", "summary": "1452688", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452688" }, { "category": "external", "summary": "1452691", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452691" }, { "category": "external", "summary": "1452744", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452744" }, { "category": "external", "summary": "1466329", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466329" }, { "category": "external", "summary": "1468283", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468283" }, { "category": "external", "summary": "1479016", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1479016" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_2669.json" } ], "title": "Red Hat Security Advisory: kernel-rt security and bug fix update", "tracking": { "current_release_date": "2024-11-05T20:11:00+00:00", "generator": { "date": "2024-11-05T20:11:00+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2017:2669", "initial_release_date": "2017-09-06T20:36:52+00:00", "revision_history": [ { "date": "2017-09-06T20:36:52+00:00", "number": "1", "summary": "Initial version" }, { "date": "2017-09-06T20:36:52+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T20:11:00+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat MRG Realtime for RHEL 6 Server v.2", "product": { "name": "Red Hat MRG Realtime for RHEL 6 Server v.2", "product_id": "6Server-MRG-Realtime-2", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6" } } } ], "category": "product_family", "name": "Red Hat Enterprise MRG for RHEL-6" }, { "branches": [ { "category": "product_version", "name": "kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "product": { "name": "kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "product_id": "kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-vanilla-debuginfo@3.10.0-693.2.1.rt56.585.el6rt?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "product": { "name": "kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "product_id": "kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-vanilla@3.10.0-693.2.1.rt56.585.el6rt?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "product": { "name": "kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "product_id": "kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@3.10.0-693.2.1.rt56.585.el6rt?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "product": { "name": "kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "product_id": "kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-trace-devel@3.10.0-693.2.1.rt56.585.el6rt?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "product": { "name": "kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "product_id": "kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-trace-debuginfo@3.10.0-693.2.1.rt56.585.el6rt?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "product": { "name": "kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "product_id": "kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug@3.10.0-693.2.1.rt56.585.el6rt?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "product": { "name": "kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "product_id": "kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-devel@3.10.0-693.2.1.rt56.585.el6rt?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "product": { "name": "kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "product_id": "kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt@3.10.0-693.2.1.rt56.585.el6rt?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "product": { "name": "kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "product_id": "kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-devel@3.10.0-693.2.1.rt56.585.el6rt?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "product": { "name": "kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "product_id": "kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debuginfo@3.10.0-693.2.1.rt56.585.el6rt?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "product": { "name": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "product_id": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@3.10.0-693.2.1.rt56.585.el6rt?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "product": { "name": "kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "product_id": "kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-vanilla-devel@3.10.0-693.2.1.rt56.585.el6rt?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "product": { "name": "kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "product_id": "kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-trace@3.10.0-693.2.1.rt56.585.el6rt?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "product": { "name": "kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "product_id": "kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-doc@3.10.0-693.2.1.rt56.585.el6rt?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "product": { "name": "kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "product_id": "kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-firmware@3.10.0-693.2.1.rt56.585.el6rt?arch=noarch\u0026epoch=1" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "product": { "name": "kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "product_id": "kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt@3.10.0-693.2.1.rt56.585.el6rt?arch=src\u0026epoch=1" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src as a component of Red Hat MRG Realtime for RHEL 6 Server v.2", "product_id": "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src" }, "product_reference": "kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "relates_to_product_reference": "6Server-MRG-Realtime-2" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2", "product_id": "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" }, "product_reference": "kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "relates_to_product_reference": "6Server-MRG-Realtime-2" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2", "product_id": "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" }, "product_reference": "kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "relates_to_product_reference": "6Server-MRG-Realtime-2" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2", "product_id": "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" }, "product_reference": "kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "relates_to_product_reference": "6Server-MRG-Realtime-2" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2", "product_id": "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" }, "product_reference": "kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "relates_to_product_reference": "6Server-MRG-Realtime-2" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2", "product_id": "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" }, "product_reference": "kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "relates_to_product_reference": "6Server-MRG-Realtime-2" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2", "product_id": "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" }, "product_reference": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "relates_to_product_reference": "6Server-MRG-Realtime-2" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2", "product_id": "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" }, "product_reference": "kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "relates_to_product_reference": "6Server-MRG-Realtime-2" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch as a component of Red Hat MRG Realtime for RHEL 6 Server v.2", "product_id": "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch" }, "product_reference": "kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "relates_to_product_reference": "6Server-MRG-Realtime-2" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch as a component of Red Hat MRG Realtime for RHEL 6 Server v.2", "product_id": "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch" }, "product_reference": "kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "relates_to_product_reference": "6Server-MRG-Realtime-2" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2", "product_id": "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" }, "product_reference": "kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "relates_to_product_reference": "6Server-MRG-Realtime-2" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2", "product_id": "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" }, "product_reference": "kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "relates_to_product_reference": "6Server-MRG-Realtime-2" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2", "product_id": "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" }, "product_reference": "kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "relates_to_product_reference": "6Server-MRG-Realtime-2" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2", "product_id": "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" }, "product_reference": "kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "relates_to_product_reference": "6Server-MRG-Realtime-2" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2", "product_id": "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" }, "product_reference": "kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "relates_to_product_reference": "6Server-MRG-Realtime-2" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2", "product_id": "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" }, "product_reference": "kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "relates_to_product_reference": "6Server-MRG-Realtime-2" } ] }, "vulnerabilities": [ { "cve": "CVE-2015-8839", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)" }, "discovery_date": "2016-04-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1323577" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel when attempting to \"punch a hole\" in files existing on an ext4 filesystem. When punching holes into a file races with the page fault of the same area, it is possible that freed blocks remain referenced from page cache pages mapped to process\u0027 address space.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: ext4 filesystem page fault race condition with fallocate call.", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5 and 6.\n\nThis issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 7 and MRG-2 kernels.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-8839" }, { "category": "external", "summary": "RHBZ#1323577", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1323577" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-8839", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8839" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-8839", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8839" } ], "release_date": "2016-03-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-06T20:36:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2669" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.7, "confidentialityImpact": "NONE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:N", "version": "2.0" }, "products": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: ext4 filesystem page fault race condition with fallocate call." }, { "acknowledgments": [ { "names": [ "Ondrej Kozina" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2016-7042", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "discovery_date": "2016-09-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1373966" } ], "notes": [ { "category": "description", "text": "It was found that when the gcc stack protector was enabled, reading the /proc/keys file could cause a panic in the Linux kernel due to stack corruption. This happened because an incorrect buffer size was used to hold a 64-bit timeout value rendered as weeks.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Stack corruption while reading /proc/keys when gcc stack protector is enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-7042" }, { "category": "external", "summary": "RHBZ#1373966", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373966" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-7042", "url": "https://www.cve.org/CVERecord?id=CVE-2016-7042" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-7042", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7042" } ], "release_date": "2016-10-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-06T20:36:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2669" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: Stack corruption while reading /proc/keys when gcc stack protector is enabled" }, { "acknowledgments": [ { "names": [ "Andreas Gruenbacher" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." }, { "names": [ "Jan Kara" ], "organization": "SUSE" } ], "cve": "CVE-2016-7097", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2016-08-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1368938" } ], "notes": [ { "category": "description", "text": "It was found that when file permissions were modified via chmod and the user modifying them was not in the owning group or capable of CAP_FSETID, the setgid bit would be cleared. Setting a POSIX ACL via setxattr sets the file permissions as well as the new ACL, but doesn\u0027t clear the setgid bit in a similar way. This could allow a local user to gain group privileges via certain setgid applications.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Setting a POSIX ACL via setxattr doesn\u0027t clear the setgid bit", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-7097" }, { "category": "external", "summary": "RHBZ#1368938", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1368938" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-7097", "url": "https://www.cve.org/CVERecord?id=CVE-2016-7097" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-7097", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7097" } ], "release_date": "2016-05-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-06T20:36:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2669" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: Setting a POSIX ACL via setxattr doesn\u0027t clear the setgid bit" }, { "acknowledgments": [ { "names": [ "Marco Grassi" ] } ], "cve": "CVE-2016-8645", "cwe": { "id": "CWE-617", "name": "Reachable Assertion" }, "discovery_date": "2016-11-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1393904" } ], "notes": [ { "category": "description", "text": "It was discovered that the Linux kernel since 3.6-rc1 with \u0027net.ipv4.tcp_fastopen\u0027 set to 1 can hit BUG() statement in tcp_collapse() function after making a number of certain syscalls leading to a possible system crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: a BUG() statement can be hit in net/ipv4/tcp_input.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code which can trigger the flaw is not present in the products listed.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-8645" }, { "category": "external", "summary": "RHBZ#1393904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1393904" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-8645", "url": "https://www.cve.org/CVERecord?id=CVE-2016-8645" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8645", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8645" } ], "release_date": "2016-11-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-06T20:36:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2669" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: a BUG() statement can be hit in net/ipv4/tcp_input.c" }, { "cve": "CVE-2016-9576", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2016-12-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1403145" } ], "notes": [ { "category": "description", "text": "It was found that the blk_rq_map_user_iov() function in the Linux kernel\u0027s block device implementation did not properly restrict the type of iterator, which could allow a local attacker to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging write access to a /dev/sg device.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Use after free in SCSI generic device interface", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code which can trigger the flaw is not present in the products listed.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-9576" }, { "category": "external", "summary": "RHBZ#1403145", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1403145" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-9576", "url": "https://www.cve.org/CVERecord?id=CVE-2016-9576" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-9576", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9576" } ], "release_date": "2016-11-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-06T20:36:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2669" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: Use after free in SCSI generic device interface" }, { "acknowledgments": [ { "names": [ "David Howells" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2016-9604", "cwe": { "id": "CWE-732", "name": "Incorrect Permission Assignment for Critical Resource" }, "discovery_date": "2016-10-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1389433" } ], "notes": [ { "category": "description", "text": "It was discovered that root can gain direct access to an internal keyring, such as \u0027.dns_resolver\u0027 in RHEL-7 or \u0027.builtin_trusted_keys\u0027 upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: security: The built-in keyrings for security tokens can be joined as a session and then modified by the root user", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code with the flaw is not present in this product.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-9604" }, { "category": "external", "summary": "RHBZ#1389433", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1389433" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-9604", "url": "https://www.cve.org/CVERecord?id=CVE-2016-9604" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-9604", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9604" } ], "release_date": "2017-04-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-06T20:36:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2669" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.2, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: security: The built-in keyrings for security tokens can be joined as a session and then modified by the root user" }, { "acknowledgments": [ { "names": [ "Qian Cai" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2016-9685", "cwe": { "id": "CWE-772", "name": "Missing Release of Resource after Effective Lifetime" }, "discovery_date": "2016-11-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1396941" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel\u0027s implementation of XFS file attributes. Two memory leaks were detected in xfs_attr_shortform_list and xfs_attr3_leaf_list_int when running a docker container backed by xfs/overlay2. A dedicated attacker could possible exhaust all memory and create a denial of service situation.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Memory leaks in xfs_attr_list.c error paths", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6 and 7. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-9685" }, { "category": "external", "summary": "RHBZ#1396941", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396941" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-9685", "url": "https://www.cve.org/CVERecord?id=CVE-2016-9685" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-9685", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9685" } ], "release_date": "2016-12-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-06T20:36:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2669" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.0" }, "products": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: Memory leaks in xfs_attr_list.c error paths" }, { "cve": "CVE-2016-9806", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2016-12-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1401502" } ], "notes": [ { "category": "description", "text": "A double free vulnerability was found in netlink_dump, which could cause a denial of service or possibly other unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: netlink: double-free in netlink_dump", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code with the flaw is not present in the products listed.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-9806" }, { "category": "external", "summary": "RHBZ#1401502", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1401502" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-9806", "url": "https://www.cve.org/CVERecord?id=CVE-2016-9806" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-9806", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9806" } ], "release_date": "2016-05-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-06T20:36:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2669" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: netlink: double-free in netlink_dump" }, { "cve": "CVE-2016-10088", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2016-12-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1412210" } ], "notes": [ { "category": "description", "text": "It was found that the fix for CVE-2016-9576 was incomplete: the Linux kernel\u0027s sg implementation did not properly restrict write operations in situations where the KERNEL_DS option is set. A local attacker to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging write access to a /dev/sg device.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Use after free in SCSI generic device interface (CVE-2016-9576 regression)", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code which can trigger the flaw is not present in the products listed.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-10088" }, { "category": "external", "summary": "RHBZ#1412210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412210" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-10088", "url": "https://www.cve.org/CVERecord?id=CVE-2016-10088" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-10088", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10088" } ], "release_date": "2017-01-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-06T20:36:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2669" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: Use after free in SCSI generic device interface (CVE-2016-9576 regression)" }, { "cve": "CVE-2016-10741", "cwe": { "id": "CWE-369", "name": "Divide By Zero" }, "discovery_date": "2016-02-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1671869" } ], "notes": [ { "category": "description", "text": "It was found that the Linux kernel can hit a BUG_ON() statement in the __xfs_get_blocks() in the fs/xfs/xfs_aops.c because of a race condition between direct and memory-mapped I/O associated with a hole in a file that is handled with BUG_ON() instead of an I/O failure. This allows a local unprivileged attacker to cause a system crash and a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: race condition between direct and memory-mapped I/O in fs/xfs/xfs_aops.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-10741" }, { "category": "external", "summary": "RHBZ#1671869", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671869" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-10741", "url": "https://www.cve.org/CVERecord?id=CVE-2016-10741" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-10741", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10741" } ], "release_date": "2016-11-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-06T20:36:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2669" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: race condition between direct and memory-mapped I/O in fs/xfs/xfs_aops.c" }, { "cve": "CVE-2017-2671", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)" }, "discovery_date": "2017-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1436649" } ], "notes": [ { "category": "description", "text": "A race condition leading to a NULL pointer dereference was found in the Linux kernel\u0027s Link Layer Control implementation. A local attacker with access to ping sockets could use this flaw to crash the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: ping socket / AF_LLC connect() sin_family race", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code with the flaw is not present in the products listed.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases may address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-2671" }, { "category": "external", "summary": "RHBZ#1436649", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1436649" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2671", "url": "https://www.cve.org/CVERecord?id=CVE-2017-2671" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2671", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2671" } ], "release_date": "2017-03-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-06T20:36:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2669" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: ping socket / AF_LLC connect() sin_family race" }, { "cve": "CVE-2017-5551", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2017-01-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1416126" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the Linux kernel in \u0027tmpfs\u0027 file system. When file permissions are modified via \u0027chmod\u0027 and the user is not in the owning group or capable of CAP_FSETID, the setgid bit is cleared in inode_change_ok(). Setting a POSIX ACL via \u0027setxattr\u0027 sets the file permissions as well as the new ACL, but doesn\u0027t clear the setgid bit in a similar way; this allows to bypass the check in \u0027chmod\u0027.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: S_ISGD is not cleared when setting posix ACLs in tmpfs (CVE-2016-7097 incomplete fix)", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.\n\nThis flaw was fixed in the Red Hat products as a part of the CVE-2016-7097 fix.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-5551" }, { "category": "external", "summary": "RHBZ#1416126", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416126" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-5551", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5551" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5551", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5551" } ], "release_date": "2017-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-06T20:36:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2669" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: S_ISGD is not cleared when setting posix ACLs in tmpfs (CVE-2016-7097 incomplete fix)" }, { "cve": "CVE-2017-5970", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2017-02-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1421638" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the Linux kernel where having malicious IP options present would cause the ipv4_pktinfo_prepare() function to drop/free the dst. This could result in a system crash or possible privilege escalation.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: ipv4: Invalid IP options could cause skb-\u003edst drop", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code which can trigger the flaw is not present in the products listed.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-5970" }, { "category": "external", "summary": "RHBZ#1421638", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1421638" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-5970", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5970" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5970", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5970" } ], "release_date": "2017-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-06T20:36:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2669" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: ipv4: Invalid IP options could cause skb-\u003edst drop" }, { "cve": "CVE-2017-6001", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)" }, "discovery_date": "2017-02-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1422825" } ], "notes": [ { "category": "description", "text": "It was found that the original fix for CVE-2016-6786 was incomplete. There exist a race between two concurrent sys_perf_event_open() calls when both try and move the same pre-existing software group into a hardware context.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Race condition between multiple sys_perf_event_open() calls", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the perf subsystem where the flaw was found is not present in this product.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-6001" }, { "category": "external", "summary": "RHBZ#1422825", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422825" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-6001", "url": "https://www.cve.org/CVERecord?id=CVE-2017-6001" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-6001", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6001" } ], "release_date": "2017-01-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-06T20:36:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2669" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: Race condition between multiple sys_perf_event_open() calls" }, { "cve": "CVE-2017-6951", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2017-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1433252" } ], "notes": [ { "category": "description", "text": "The keyring_search_aux function in security/keys/keyring.c in the Linux kernel allows local users to cause a denial of service via a request_key system call for the \"dead\" key type.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: NULL pointer dereference in keyring_search_aux function", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2.\n\nFuture Linux kernel updates for the respective releases may address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-6951" }, { "category": "external", "summary": "RHBZ#1433252", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1433252" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-6951", "url": "https://www.cve.org/CVERecord?id=CVE-2017-6951" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-6951", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6951" } ], "release_date": "2017-03-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-06T20:36:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2669" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: NULL pointer dereference in keyring_search_aux function" }, { "cve": "CVE-2017-7187", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "discovery_date": "2017-03-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1434327" } ], "notes": [ { "category": "description", "text": "The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impacts via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: scsi: Stack-based buffer overflow in sg_ioctl function", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, as the change that introduced the flaw is not present in the code of these products. \n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases may address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-7187" }, { "category": "external", "summary": "RHBZ#1434327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1434327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-7187", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7187" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7187", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7187" } ], "release_date": "2017-03-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-06T20:36:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2669" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: scsi: Stack-based buffer overflow in sg_ioctl function" }, { "acknowledgments": [ { "names": [ "Takeshi Nishimura" ], "organization": "NEC" } ], "cve": "CVE-2017-7495", "cwe": { "id": "CWE-665", "name": "Improper Initialization" }, "discovery_date": "2017-01-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1450261" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the Linux kernel where filesystems mounted with data=ordered mode may allow an attacker to read stale data from recently allocated blocks in new files after a system \u0027reset\u0027 by abusing ext4 mechanics of delayed allocation.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: ext4: power failure during write(2) causes on-disk information leak", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases may address this issue.\nfs", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-7495" }, { "category": "external", "summary": "RHBZ#1450261", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1450261" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-7495", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7495" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7495", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7495" }, { "category": "external", "summary": "http://seclists.org/oss-sec/2017/q2/259", "url": "http://seclists.org/oss-sec/2017/q2/259" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=06bd3c36a733ac27962fea7d6f47168841376824", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=06bd3c36a733ac27962fea7d6f47168841376824" } ], "release_date": "2017-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-06T20:36:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2669" }, { "category": "workaround", "details": "Alternative filesystems may be used in place of ext4 in case of sensitive data leak. Alternatively, don\u0027t hard reset the system.", "product_ids": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: ext4: power failure during write(2) causes on-disk information leak" }, { "acknowledgments": [ { "names": [ "Andrew Aday", "Shankara Pailoor" ], "organization": "Columbia University" }, { "names": [ "Fan Wu", "Shixiong Zhao" ], "organization": "The University of Hong Kong" }, { "names": [ "Leilei Lin" ], "organization": "Alibaba Group" } ], "cve": "CVE-2017-7533", "cwe": { "id": "CWE-642", "name": "External Control of Critical State Data" }, "discovery_date": "2017-07-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1468283" } ], "notes": [ { "category": "description", "text": "A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab\u0027s free list pointer can be corrupted with attacker-controlled data, which may lead to the privilege escalation.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: a race between inotify_handle_event() and sys_rename()", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7.0 and 7.1 as the code with the flaw is not present in the products listed.\n\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7.2 and newer and Red Hat Enterprise MRG 2. Future kernel updates for these products may address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-7533" }, { "category": "external", "summary": "RHBZ#1468283", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468283" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-7533", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7533" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7533", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7533" } ], "release_date": "2017-08-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-06T20:36:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2669" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "kernel: a race between inotify_handle_event() and sys_rename()" }, { "cve": "CVE-2017-7889", "cwe": { "id": "CWE-391", "name": "Unchecked Error Condition" }, "discovery_date": "2017-04-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1444493" } ], "notes": [ { "category": "description", "text": "The mm subsystem in the Linux kernel through 4.10.10 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This is not currently planned to be addressed in future updates of the product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of the Linux kernel as shipped with\nRed Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel\nupdates for Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 may\naddress this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-7889" }, { "category": "external", "summary": "RHBZ#1444493", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1444493" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-7889", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7889" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7889", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7889" } ], "release_date": "2017-04-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-06T20:36:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2669" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism" }, { "cve": "CVE-2017-8797", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2017-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1466329" } ], "notes": [ { "category": "description", "text": "It was found that the NFSv4 server in the Linux kernel did not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote attacker could use this flaw to soft-lockup the system and thus cause denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: NFSv4 server does not properly validate layout type when processing NFSv4 pNFS LAYOUTGET operand", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 as the code with the flaw is not present in the products listed.\n\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates for these products may address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-8797" }, { "category": "external", "summary": "RHBZ#1466329", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466329" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-8797", "url": "https://www.cve.org/CVERecord?id=CVE-2017-8797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-8797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8797" } ], "release_date": "2017-06-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-06T20:36:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2669" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "kernel: NFSv4 server does not properly validate layout type when processing NFSv4 pNFS LAYOUTGET operand" }, { "cve": "CVE-2017-8890", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2017-05-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1450972" } ], "notes": [ { "category": "description", "text": "The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Double free in the inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of this product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 may address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-8890" }, { "category": "external", "summary": "RHBZ#1450972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1450972" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-8890", "url": "https://www.cve.org/CVERecord?id=CVE-2017-8890" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-8890", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8890" } ], "release_date": "2017-05-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-06T20:36:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2669" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0" }, "products": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: Double free in the inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c" }, { "cve": "CVE-2017-9074", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2017-05-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1452679" } ], "notes": [ { "category": "description", "text": "The IPv6 fragmentation implementation in the Linux kernel does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: net: IPv6 fragmentation implementation of nexthdr field may be associated with an invalid option", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of this product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 may address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-9074" }, { "category": "external", "summary": "RHBZ#1452679", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452679" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-9074", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9074" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9074", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9074" } ], "release_date": "2017-05-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-06T20:36:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2669" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: net: IPv6 fragmentation implementation of nexthdr field may be associated with an invalid option" }, { "cve": "CVE-2017-9075", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2017-05-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1452691" } ], "notes": [ { "category": "description", "text": "The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: net: sctp_v6_create_accept_sk function mishandles inheritance", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of this product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 may address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-9075" }, { "category": "external", "summary": "RHBZ#1452691", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452691" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-9075", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9075" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9075", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9075" } ], "release_date": "2017-05-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-06T20:36:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2669" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0" }, "products": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: net: sctp_v6_create_accept_sk function mishandles inheritance" }, { "cve": "CVE-2017-9076", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2017-05-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1452688" } ], "notes": [ { "category": "description", "text": "The IPv6 DCCP implementation in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: net: IPv6 DCCP implementation mishandles inheritance", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of this product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 may address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-9076" }, { "category": "external", "summary": "RHBZ#1452688", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452688" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-9076", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9076" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9076", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9076" } ], "release_date": "2017-05-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-06T20:36:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2669" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0" }, "products": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: net: IPv6 DCCP implementation mishandles inheritance" }, { "cve": "CVE-2017-9077", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2017-05-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1452744" } ], "notes": [ { "category": "description", "text": "The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: net: tcp_v6_syn_recv_sock function mishandles inheritance", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of this product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 may address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-9077" }, { "category": "external", "summary": "RHBZ#1452744", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452744" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-9077", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9077" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9077", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9077" } ], "release_date": "2017-05-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-06T20:36:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2669" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0" }, "products": [ "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.src", "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt.noarch", "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64", "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: net: tcp_v6_syn_recv_sock function mishandles inheritance" } ] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.