| Beschreibung: | Summary:
The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.
Vulnerability Insight:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
* A flaw was found in the way the Linux kernel's XFS file system handled
replacing of remote attributes under certain conditions. A local user with
access to XFS file system mount could potentially use this flaw to escalate
their privileges on the system. (CVE-2015-0274, Important)
* It was found that the Linux kernel's KVM implementation did not ensure
that the host CR4 control register value remained unchanged across VM
entries on the same virtual CPU. A local, unprivileged user could use this
flaw to cause denial of service on the system. (CVE-2014-3690, Moderate)
* A flaw was found in the way Linux kernel's Transparent Huge Pages (THP)
implementation handled non-huge page migration. A local, unprivileged user
could use this flaw to crash the kernel by migrating transparent hugepages.
(CVE-2014-3940, Moderate)
* An out-of-bounds memory access flaw was found in the syscall tracing
functionality of the Linux kernel's perf subsystem. A local, unprivileged
user could use this flaw to crash the system. (CVE-2014-7825, Moderate)
* An out-of-bounds memory access flaw was found in the syscall tracing
functionality of the Linux kernel's ftrace subsystem. On a system with
ftrace syscall tracing enabled, a local, unprivileged user could use this
flaw to crash the system, or escalate their privileges. (CVE-2014-7826,
Moderate)
* A race condition flaw was found in the Linux kernel's ext4 file system
implementation that allowed a local, unprivileged user to crash the system
by simultaneously writing to a file and toggling the O_DIRECT flag using
fcntl(F_SETFL) on that file. (CVE-2014-8086, Moderate)
* A flaw was found in the way the Linux kernel's netfilter subsystem
handled generic protocol tracking. As demonstrated in the Stream Control
Transmission Protocol (SCTP) case, a remote attacker could use this flaw to
bypass intended iptables rule restrictions when the associated connection
tracking module was not loaded on the system. (CVE-2014-8160, Moderate)
* It was found that due to excessive files_lock locking, a soft lockup
could be triggered in the Linux kernel when performing asynchronous I/O
operations. A local, unprivileged user could use this flaw to crash the
system. (CVE-2014-8172, Moderate)
* A NULL pointer dereference flaw was found in the way the Linux kernel's
madvise MADV_WILLNEED functionality handled page table locking. A local,
unprivileged user could use this flaw to crash the system. (CVE-2014-8173,
Moderate)
* An information leak flaw was found in the Linux kernel' ...
Description truncated, please see the referenced URL(s) for more information.
Affected Software/OS:
kernel on Red Hat Enterprise Linux Server (v. 7)
Solution:
Please Install the Updated Packages.
CVSS Score:
7.2
CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
