| Zusammenfassung: | The remote host is missing an update for the 'kernel, kernel-userspace-headers, kmod-broadcom-wl, kmod-fglrx, kmod-nvidia304, kmod-nvidia340, kmod-nvidia-current, kmod-xtables-addons' package(s) announced via the MGASA-2015-0450 advisory. |
| Beschreibung: | Summary:
The remote host is missing an update for the 'kernel, kernel-userspace-headers, kmod-broadcom-wl, kmod-fglrx, kmod-nvidia304, kmod-nvidia340, kmod-nvidia-current, kmod-xtables-addons' package(s) announced via the MGASA-2015-0450 advisory.
Vulnerability Insight:
This kernel update is based on upstream 4.1.13 longterm kernel and fixes
the following security issues:
The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel
before 4.2 attempts to support a FRAGLIST feature without proper memory
allocation, which allows guest OS users to cause a denial of service (buffer
overflow and memory corruption) via a crafted sequence of fragmented packets.
(CVE-2015-5156)
A guest to host DoS issue was found affecting various hypervisors. In that,
a guest can DoS the host by triggering an infinite stream of 'alignment
check' (#AC) exceptions. This causes the microcode to enter an infinite loop
where the core never receives another interrupt. The host kernel panics due
to this effect (CVE-2015-5307).
A guest to host DoS issue was found affecting various hypervisors. In that,
a guest can DoS the host by triggering an infinite stream of 'debug check'
(#DB) exceptions. This causes the microcode to enter an infinite loop where
the core never receives another interrupt. The host kernel panics due to
this effect (CVE-2015-8104).
For other fixes in this update, see the referenced changelog.
Affected Software/OS:
'kernel, kernel-userspace-headers, kmod-broadcom-wl, kmod-fglrx, kmod-nvidia304, kmod-nvidia340, kmod-nvidia-current, kmod-xtables-addons' package(s) on Mageia 5.
Solution:
Please install the updated package(s).
CVSS Score:
6.1
CVSS Vector:
AV:A/AC:L/Au:N/C:N/I:N/A:C
|
