Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.812012
Category:Red Hat Local Security Checks
Title:RedHat Update for kernel RHSA-2017:2863-01
Summary:The remote host is missing an update for the 'kernel'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The kernel packages contain the Linux
kernel, the core of any Linux operating system.

Security Fix(es):

* Kernel memory corruption due to a buffer overflow was found in
brcmf_cfg80211_mgmt_tx() function in Linux kernels from v3.9-rc1 to
v4.13-rc1. The vulnerability can be triggered by sending a crafted
NL80211_CMD_FRAME packet via netlink. This flaw is unlikely to be triggered
remotely as certain userspace code is needed for this. An unprivileged
local user could use this flaw to induce kernel memory corruption on the
system, leading to a crash. Due to the nature of the flaw, privilege
escalation cannot be fully ruled out, although it is unlikely.
(CVE-2017-7541, Moderate)

Bug Fix(es):

* Previously, removal of a rport during ISCSI target scanning could cause a
kernel panic. This was happening because addition of STARGET_REMOVE to the
rport state introduced a race condition to the SCSI code. This update adds
the STARGET_CREATED_REMOVE state as a possible state of the rport and
appropriate handling of that state, thus fixing the bug. As a result, the
kernel panic no longer occurs under the described circumstances.
(BZ#1472127)

* Previously, GFS2 contained multiple bugs where the wrong inode was
assigned to GFS2 cluster-wide locks (glocks), or the assigned inode was
cleared incorrectly. Consequently, kernel panic could occur when using
GFS2. With this update, GFS2 has been fixed, and the kernel no longer
panics due to those bugs. (BZ#1479397)

* Previously, VMs with memory larger than 64GB running on Hyper-V with
Windows Server hosts reported potential memory size of 4TB and more, but
could not use more than 64GB. This was happening because the Memory Type
Range Register (MTRR) for memory above 64GB was omitted. With this update,
the /proc/mtrr file has been fixed to show correct base/size if they are
more than 44 bit wide. As a result, the whole size of memory is now
available as expected under the described circumstances. (BZ#1482855)

Affected Software/OS:
kernel on
Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-7541
BugTraq ID: 99955
http://www.securityfocus.com/bid/99955
Debian Security Information: DSA-3927 (Google Search)
http://www.debian.org/security/2017/dsa-3927
Debian Security Information: DSA-3945 (Google Search)
http://www.debian.org/security/2017/dsa-3945
RedHat Security Advisories: RHSA-2017:2863
https://access.redhat.com/errata/RHSA-2017:2863
RedHat Security Advisories: RHSA-2017:2918
https://access.redhat.com/errata/RHSA-2017:2918
RedHat Security Advisories: RHSA-2017:2930
https://access.redhat.com/errata/RHSA-2017:2930
RedHat Security Advisories: RHSA-2017:2931
https://access.redhat.com/errata/RHSA-2017:2931
http://www.securitytracker.com/id/1038981
CopyrightCopyright (C) 2017 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.