Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Update for kernel RHSA-2015:0674-01
Summary:The remote host is missing an update for the 'kernel'; package(s) announced via the referenced advisory.
The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* It was found that the Linux kernel's Infiniband subsystem did not
properly sanitize input parameters while registering memory regions from
user space via the (u)verbs API. A local user with access to a
/dev/infiniband/uverbsX device could use this flaw to crash the system or,
potentially, escalate their privileges on the system. (CVE-2014-8159,

* A flaw was found in the way the Linux kernel's splice() system call
validated its parameters. On certain file systems, a local, unprivileged
user could use this flaw to write past the maximum file size, and thus
crash the system. (CVE-2014-7822, Moderate)

* A flaw was found in the way the Linux kernel's netfilter subsystem
handled generic protocol tracking. As demonstrated in the Stream Control
Transmission Protocol (SCTP) case, a remote attacker could use this flaw to
bypass intended iptables rule restrictions when the associated connection
tracking module was not loaded on the system. (CVE-2014-8160, Moderate)

* It was found that the fix for CVE-2014-3601 was incomplete: the Linux
kernel's kvm_iommu_map_pages() function still handled IOMMU mapping
failures incorrectly. A privileged user in a guest with an assigned host
device could use this flaw to crash the host. (CVE-2014-8369, Moderate)

Red Hat would like to thank Mellanox for reporting CVE-2014-8159, and Akira
Fujita of NEC for reporting CVE-2014-7822.

Bug fixes:

* The maximum amount of entries in the IPv6 route table
(net.ipv6.route.max_size) was 4096, and every route towards this maximum
size limit was counted. Communication to more systems was impossible when
the limit was exceeded. Now, only cached routes are counted, which
guarantees that the kernel does not run out of memory, but the user can now
install as many routes as the memory allows until the kernel indicates it
can no longer handle the amount of memory and returns an error message.

In addition, the default 'net.ipv6.route.max_size' value has been increased
to 16384 for performance improvement reasons. (BZ#1177581)

* When the user attempted to scan for an FCOE-served Logical Unit Number
(LUN), after an initial LUN scan, a kernel panic occurred in
bnx2fc_init_task. System scanning for LUNs is now stable after LUNs have
been added. (BZ#1179098)

* Under certain conditions, such as when attempting to scan the network for
LUNs, a race condition in the bnx2fc driver could trigger a kernel panic in
bnx2fc_init_task. A ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
kernel on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Please Install the Updated Packages.

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-7822
BugTraq ID: 72347
Debian Security Information: DSA-3170 (Google Search)
RedHat Security Advisories: RHSA-2015:0102
RedHat Security Advisories: RHSA-2015:0164
RedHat Security Advisories: RHSA-2015:0674
RedHat Security Advisories: RHSA-2015:0694
SuSE Security Announcement: SUSE-SU-2015:0529 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:0736 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:1488 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:1489 (Google Search)
SuSE Security Announcement: openSUSE-SU-2015:0714 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2014-8159
BugTraq ID: 73060
Debian Security Information: DSA-3237 (Google Search)
RedHat Security Advisories: RHSA-2015:0695
RedHat Security Advisories: RHSA-2015:0726
RedHat Security Advisories: RHSA-2015:0751
RedHat Security Advisories: RHSA-2015:0782
RedHat Security Advisories: RHSA-2015:0783
RedHat Security Advisories: RHSA-2015:0803
RedHat Security Advisories: RHSA-2015:0870
RedHat Security Advisories: RHSA-2015:0919
SuSE Security Announcement: SUSE-SU-2015:1478 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:1487 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:1491 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2014-8160
BugTraq ID: 72061
RedHat Security Advisories: RHSA-2015:0284
RedHat Security Advisories: RHSA-2015:0290
SuSE Security Announcement: SUSE-SU-2015:0652 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2014-8369
BugTraq ID: 70747
BugTraq ID: 70749
Debian Security Information: DSA-3093 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:0481 (Google Search)
SuSE Security Announcement: openSUSE-SU-2015:0566 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2014-3601
BugTraq ID: 69489
XForce ISS Database: linux-kernel-cve20143601-dos(95689)
CopyrightCopyright (C) 2015 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.