47754

[oss-security] 20110613 Re: CVE request: kernel: hfs_find_init() sb->ext_tree NULL pointer dereference

48236

USN-1324-1

USN-1328-1

USN-1344-1

https://bugzilla.redhat.com/show_bug.cgi?id=712774

[linux-kernel] 20110608 [BUG] hfs_find_init() sb->ext_tree NULL pointer dereference

The SUSE Linux Enterprise Server 10 SP3 LTSS kernel received a roll up update to fix lots of moderate security issues and several bugs.

The Following security issues have been fixed :

CVE-2012-4530: The load_script function in fs/binfmt_script.c in the Linux kernel did not properly handle recursion, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application.

CVE-2011-2494: kernel/taskstats.c in the Linux kernel allowed local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another users password.

CVE-2013-2234: The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel did not initialize certain structure members, which allowed local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket.

CVE-2013-2237: The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket.

CVE-2013-2147: The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel did not initialize certain data structures, which allowed local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c.

CVE-2013-2141: The do_tkill function in kernel/signal.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call.

CVE-2013-0160: The Linux kernel allowed local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device.

CVE-2012-6537: net/xfrm/xfrm_user.c in the Linux kernel did not initialize certain structures, which allowed local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability.

CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

CVE-2013-3223: The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

CVE-2013-3224: The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel did not properly initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

CVE-2013-3228: The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

CVE-2013-3229: The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

CVE-2013-3231: The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

CVE-2013-3232: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

CVE-2013-3234: The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

CVE-2013-3235: net/tipc/socket.c in the Linux kernel did not initialize a certain data structure and a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

CVE-2013-1827: net/dccp/ccid.h in the Linux kernel allowed local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsockopt call.

CVE-2012-6549: The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel heap memory via a crafted application.

CVE-2012-6547: The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel did not initialize a certain structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application.

CVE-2012-6546: The ATM implementation in the Linux kernel did not initialize certain structures, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application.

CVE-2012-6544: The Bluetooth protocol stack in the Linux kernel did not properly initialize certain structures, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation.

CVE-2012-6545: The Bluetooth RFCOMM implementation in the Linux kernel did not properly initialize certain structures, which allowed local users to obtain sensitive information from kernel memory via a crafted application.

CVE-2012-6542: The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel had an incorrect return value in certain circumstances, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument.

CVE-2012-6541: The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel did not initialize a certain structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application.

CVE-2012-6540: The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel did not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application.

CVE-2013-0914: The flush_signal_handlers function in kernel/signal.c in the Linux kernel preserved the value of the sa_restorer field across an exec operation, which made it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call.

CVE-2011-2492: The bluetooth subsystem in the Linux kernel did not properly initialize certain data structures, which allowed local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c.

CVE-2013-2206: The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel did not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic.

CVE-2012-6539: The dev_ifconf function in net/socket.c in the Linux kernel did not initialize a certain structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application.

CVE-2013-2232: The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel allowed local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface.

CVE-2013-2164: The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.

CVE-2012-4444: The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel allowed remote attackers to bypass intended network restrictions via overlapping IPv6 fragments.

CVE-2013-1928: The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel on unspecified architectures lacked a certain error check, which might have allowed local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device.

CVE-2013-0871: Race condition in the ptrace functionality in the Linux kernel allowed local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death.

CVE-2013-0268: The msr_open function in arch/x86/kernel/msr.c in the Linux kernel allowed local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c.

CVE-2012-3510: Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel allowed local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID command.

CVE-2011-4110: The user_update function in security/keys/user_defined.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and 'updating a negative key into a fully instantiated key.'

CVE-2012-2136: The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel did not properly validate a certain length value, which allowed local users to cause a denial of service (heap-based buffer overflow and system crash) or possibly gain privileges by leveraging access to a TUN/TAP device.

CVE-2009-4020: Stack-based buffer overflow in the hfs subsystem in the Linux kernel allowed remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c.

CVE-2011-2928: The befs_follow_link function in fs/befs/linuxvfs.c in the Linux kernel did not validate the length attribute of long symlinks, which allowed local users to cause a denial of service (incorrect pointer dereference and OOPS) by accessing a long symlink on a malformed Be filesystem.

CVE-2011-4077: Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel, when CONFIG_XFS_DEBUG is disabled, allowed local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname.

CVE-2011-4324: The encode_share_access function in fs/nfs/nfs4xdr.c in the Linux kernel allowed local users to cause a denial of service (BUG and system crash) by using the mknod system call with a pathname on an NFSv4 filesystem.

CVE-2011-4330: Stack-based buffer overflow in the hfs_mac2asc function in fs/hfs/trans.c in the Linux kernel allowed local users to cause a denial of service (crash) and possibly execute arbitrary code via an HFS image with a crafted len field.

CVE-2011-1172: net/ipv6/netfilter/ip6_tables.c in the IPv6 implementation in the Linux kernel did not place the expected 0 character at the end of string data in the values of certain structure members, which allowed local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process.

CVE-2011-2525: The qdisc_notify function in net/sched/sch_api.c in the Linux kernel did not prevent tc_fill_qdisc function calls referencing builtin (aka CQ_F_BUILTIN) Qdisc structures, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted call.

CVE-2011-2699: The IPv6 implementation in the Linux kernel did not generate Fragment Identification values separately for each destination, which made it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets.

CVE-2011-1171: net/ipv4/netfilter/ip_tables.c in the IPv4 implementation in the Linux kernel did not place the expected 0 character at the end of string data in the values of certain structure members, which allowed local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process.

CVE-2011-1170: net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel did not place the expected 0 character at the end of string data in the values of certain structure members, which allowed local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process.

CVE-2011-3209: The div_long_long_rem implementation in include/asm-x86/div64.h in the Linux kernel on the x86 platform allowed local users to cause a denial of service (Divide Error Fault and panic) via a clock_gettime system call.

CVE-2011-2213: The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel did not properly audit INET_DIAG bytecode, which allowed local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880.

CVE-2011-2534: Buffer overflow in the clusterip_proc_write function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel might have allowed local users to cause a denial of service or have unspecified other impact via a crafted write operation, related to string data that lacks a terminating 0 character.

CVE-2011-2699: The IPv6 implementation in the Linux kernel did not generate Fragment Identification values separately for each destination, which made it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets.

CVE-2011-2203: The hfs_find_init function in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and Oops) by mounting an HFS file system with a malformed MDB extent record.

CVE-2009-4067: A USB string descriptor overflow in the auerwald USB driver was fixed, which could be used by physically proximate attackers to cause a kernel crash.

CVE-2011-3363: The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel did not properly handle DFS referrals, which allowed remote CIFS servers to cause a denial of service (system crash) by placing a referral at the root of a share.

CVE-2011-2484: The add_del_listener function in kernel/taskstats.c in the Linux kernel did not prevent multiple registrations of exit handlers, which allowed local users to cause a denial of service (memory and CPU consumption), and bypass the OOM Killer, via a crafted application.

CVE-2011-4132: The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel allowed local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an 'invalid log first block value.'

CVE-2010-4249: The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service (system hang) via crafted use of the socketpair and sendmsg system calls for SOCK_SEQPACKET sockets.

The following bugs have been fixed :

patches.fixes/allow-executables-larger-than-2GB.patch: Allow executables larger than 2GB (bnc#836856).

cio: prevent kernel panic after unexpected I/O interrupt (bnc#649868,LTC#67975).

  - cio: Add timeouts for internal IO     (bnc#701550,LTC#72691). kernel: first time swap use     results in heavy swapping (bnc#701550,LTC#73132).

    qla2xxx: Do not be so verbose on underrun detected

    patches.arch/i386-run-tsc-calibration-5-times.patch: Fix     the patch, the logic was wrong (bnc#537165, bnc#826551).

    xfs: Do not reclaim new inodes in xfs_sync_inodes()     (bnc#770980 bnc#811752).

    kbuild: Fix gcc -x syntax (bnc#773831).

    e1000e: stop cleaning when we reach tx_ring->next_to_use     (bnc#762825).

    Fix race condition about network device name allocation     (bnc#747576).

    kdump: bootmem map over crash reserved region     (bnc#749168, bnc#722400, bnc#742881).

    tcp: fix race condition leading to premature termination     of sockets in FIN_WAIT2 state and connection being reset     (bnc#745760)

    tcp: drop SYN+FIN messages (bnc#765102).

    net/linkwatch: Handle jiffies wrap-around (bnc#740131).

    patches.fixes/vm-dirty-bytes: Provide     /proc/sys/vm/dirty_{background_,}bytes for tuning     (bnc#727597).

    ipmi: Fix deadlock in start_next_msg() (bnc#730749).

    cpu-hotplug: release workqueue_mutex properly on CPU     hot-remove (bnc#733407).

    libiscsi: handle init task failures (bnc#721351).

    NFS/sunrpc: do not use a credential with extra groups     (bnc#725878).

    x86_64: fix reboot hang when 'reboot=b' is passed to the     kernel (bnc#721267).

    nf_nat: do not add NAT extension for confirmed     conntracks (bnc#709213).

    xfs: fix memory reclaim recursion deadlock on locked     inode buffer (bnc#699355 bnc#699354 bnc#721830).

    ipmi: do not grab locks in run-to-completion mode     (bnc#717421).

    cciss: do not attempt to read from a write-only register     (bnc#683101).

    qla2xxx: Disable MSI-X initialization (bnc#693513).

    Allow balance_dirty_pages to help other filesystems     (bnc#709369).

  - nfs: fix congestion control (bnc#709369).

  - NFS: Separate metadata and page cache revalidation     mechanisms (bnc#709369). knfsd: nfsd4: fix laundromat     shutdown race (bnc#752556).

    x87: Do not synchronize TSCs across cores if they     already should be synchronized by HW (bnc#615418     bnc#609220).

    reiserfs: Fix int overflow while calculating free space     (bnc#795075).

    af_unix: limit recursion level (bnc#656153).

    bcm43xx: netlink deadlock fix (bnc#850241).

    jbd: Issue cache flush after checkpointing (bnc#731770).

    cfq: Fix infinite loop in cfq_preempt_queue()     (bnc#724692).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2013-0039 for details.

The openSUSE 11.4 kernel was updated to fix bugs and security issues.

Following security issues have been fixed: CVE-2011-4604: If root does read() on a specific socket, it's possible to corrupt (kernel) memory over network, with an ICMP packet, if the B.A.T.M.A.N. mesh protocol is used.

CVE-2011-2699: Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service.

CVE-2011-1173: A kernel information leak via ip6_tables was fixed.

CVE-2011-1172: A kernel information leak via ip6_tables netfilter was fixed.

CVE-2011-1171: A kernel information leak via ip_tables was fixed.

CVE-2011-1170: A kernel information leak via arp_tables was fixed.

CVE-2011-1080: A kernel information leak via netfilter was fixed.

CVE-2011-2213: The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel did not properly audit INET_DIAG bytecode, which allowed local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880.

CVE-2011-2534: Buffer overflow in the clusterip_proc_write function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel might have allowed local users to cause a denial of service or have unspecified other impact via a crafted write operation, related to string data that lacks a terminating '0' character.

CVE-2011-1770: Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel allowed remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggered a buffer over-read.

CVE-2011-2723: The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel, when Generic Receive Offload (GRO) is enabled, reset certain fields in incorrect situations, which allowed remote attackers to cause a denial of service (system crash) via crafted network traffic.

CVE-2011-2898: A kernel information leak in the AF_PACKET protocol was fixed which might have allowed local attackers to read kernel memory.

CVE-2011-4087: A local denial of service when using bridged networking via a flood ping was fixed.

CVE-2011-2203: A NULL ptr dereference on mounting corrupt hfs filesystems was fixed which could be used by local attackers to crash the kernel.

CVE-2011-4081: Using the crypto interface a local user could Oops the kernel by writing to a AF_ALG socket.

The openSUSE 11.3 kernel was updated to fix various bugs and security issues.

Following security issues have been fixed: CVE-2011-4604: If root does read() on a specific socket, it's possible to corrupt (kernel) memory over network, with an ICMP packet, if the B.A.T.M.A.N. mesh protocol is used.

CVE-2011-2525: A flaw allowed the tc_fill_qdisc() function in the Linux kernels packet scheduler API implementation to be called on built-in qdisc structures. A local, unprivileged user could have used this flaw to trigger a NULL pointer dereference, resulting in a denial of service.

CVE-2011-2699: Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service.

CVE-2011-2213: The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel did not properly audit INET_DIAG bytecode, which allowed local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880.

CVE-2011-1576: The Generic Receive Offload (GRO) implementation in the Linux kernel allowed remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478.

CVE-2011-2534: Buffer overflow in the clusterip_proc_write function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel might have allowed local users to cause a denial of service or have unspecified other impact via a crafted write operation, related to string data that lacks a terminating '\0' character.

CVE-2011-1770: Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel allowed remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggered a buffer over-read.

CVE-2011-2723: The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel, when Generic Receive Offload (GRO) is enabled, reset certain fields in incorrect situations, which allowed remote attackers to cause a denial of service (system crash) via crafted network traffic.

CVE-2011-2898: A kernel information leak in the AF_PACKET protocol was fixed which might have allowed local attackers to read kernel memory.

CVE-2011-2203: A NULL ptr dereference on mounting corrupt hfs filesystems was fixed which could be used by local attackers to crash the kernel.

CVE-2011-4081: Using the crypto interface a local user could Oops the kernel by writing to a AF_ALG socket.

The openSUSE 12.1 kernel was updated to 3.1.9 to fix bugs and security issues. The full list of changes in 3.1.9 is available here :

http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.9 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.8 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.7 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.6 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.5 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.4 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.3 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.2 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.2 

Following security issues have been fixed :

CVE-2011-2203: Missing NULL pointer check in hfs filesystem code

CVE-2011-4604: Fix possible kernel memory corruption if B.A.T.M.A.N.
mesh protocol is being used.

CVE-2012-0056: Local root vulnerability via writing to /proc/pid/mem

CVE-2012-0207: Remote DoS vulnerability via crafted IGMP packages.

Following non-security bug fixes have been added :

  - BTRFS support has been improved with many bug fixes.

From Red Hat Security Advisory 2011:1479 :

Updated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

This update fixes the following security issues :

* Using PCI passthrough without interrupt remapping support allowed Xen hypervisor guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. The fix for this issue can prevent PCI passthrough working and guests starting.
Refer to Red Hat Bugzilla bug 715555 for details. (CVE-2011-1898, Important)

* A flaw was found in the way CIFS (Common Internet File System) shares with DFS referrals at their root were handled. An attacker on the local network who is able to deploy a malicious CIFS server could create a CIFS network share that, when mounted, would cause the client system to crash. (CVE-2011-3363, Moderate)

* A NULL pointer dereference flaw was found in the way the Linux kernel's key management facility handled user-defined key types. A local, unprivileged user could use the keyctl utility to cause a denial of service. (CVE-2011-4110, Moderate)

* A flaw in the way memory containing security-related data was handled in tpm_read() could allow a local, unprivileged user to read the results of a previously run TPM command. (CVE-2011-1162, Low)

* A NULL pointer dereference flaw was found in the Linux kernel's HFS file system implementation. A local attacker could use this flaw to cause a denial of service by mounting a disk that contains a specially crafted HFS file system with a corrupted MDB extent record.
(CVE-2011-2203, Low)

* The I/O statistics from the taskstats subsystem could be read without any restrictions. A local, unprivileged user could use this flaw to gather confidential information, such as the length of a password used in a process. (CVE-2011-2494, Low)

Red Hat would like to thank Yogesh Sharma for reporting CVE-2011-3363;
Peter Huewe for reporting CVE-2011-1162; Clement Lecigne for reporting CVE-2011-2203; and Vasiliy Kulikov of Openwall for reporting CVE-2011-2494.

This update also fixes several bugs and adds one enhancement.
Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section.

Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs and add the enhancement noted in the Technical Notes. The system must be rebooted for this update to take effect.

Updated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

This update fixes the following security issues :

* Using PCI passthrough without interrupt remapping support allowed Xen hypervisor guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. The fix for this issue can prevent PCI passthrough working and guests starting.
Refer to Red Hat Bugzilla bug 715555 for details. (CVE-2011-1898, Important)

* A flaw was found in the way CIFS (Common Internet File System) shares with DFS referrals at their root were handled. An attacker on the local network who is able to deploy a malicious CIFS server could create a CIFS network share that, when mounted, would cause the client system to crash. (CVE-2011-3363, Moderate)

* A NULL pointer dereference flaw was found in the way the Linux kernel's key management facility handled user-defined key types. A local, unprivileged user could use the keyctl utility to cause a denial of service. (CVE-2011-4110, Moderate)

* A flaw in the way memory containing security-related data was handled in tpm_read() could allow a local, unprivileged user to read the results of a previously run TPM command. (CVE-2011-1162, Low)

* A NULL pointer dereference flaw was found in the Linux kernel's HFS file system implementation. A local attacker could use this flaw to cause a denial of service by mounting a disk that contains a specially crafted HFS file system with a corrupted MDB extent record.
(CVE-2011-2203, Low)

* The I/O statistics from the taskstats subsystem could be read without any restrictions. A local, unprivileged user could use this flaw to gather confidential information, such as the length of a password used in a process. (CVE-2011-2494, Low)

Red Hat would like to thank Yogesh Sharma for reporting CVE-2011-3363;
Peter Huewe for reporting CVE-2011-1162; Clement Lecigne for reporting CVE-2011-2203; and Vasiliy Kulikov of Openwall for reporting CVE-2011-2494.

This update also fixes several bugs and adds one enhancement.
Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section.

Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs and add the enhancement noted in the Technical Notes. The system must be rebooted for this update to take effect.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

This update fixes the following security issues :

  - Using PCI passthrough without interrupt remapping     support allowed Xen hypervisor guests to generate MSI     interrupts and thus potentially inject traps. A     privileged guest user could use this flaw to crash the     host or possibly escalate their privileges on the host.
    The fix for this issue can prevent PCI passthrough     working and guests starting.(CVE-2011-1898, Important)

  - A flaw was found in the way CIFS (Common Internet File     System) shares with DFS referrals at their root were     handled. An attacker on the local network who is able to     deploy a malicious CIFS server could create a CIFS     network share that, when mounted, would cause the client     system to crash. (CVE-2011-3363, Moderate)

  - A NULL pointer dereference flaw was found in the way the     Linux kernel's key management facility handled     user-defined key types. A local, unprivileged user could     use the keyctl utility to cause a denial of service.
    (CVE-2011-4110, Moderate)

  - A flaw in the way memory containing security-related     data was handled in tpm_read() could allow a local,     unprivileged user to read the results of a previously     run TPM command. (CVE-2011-1162, Low)

  - A NULL pointer dereference flaw was found in the Linux     kernel's HFS file system implementation. A local     attacker could use this flaw to cause a denial of     service by mounting a disk that contains a specially     crafted HFS file system with a corrupted MDB extent     record. (CVE-2011-2203, Low)

  - The I/O statistics from the taskstats subsystem could be     read without any restrictions. A local, unprivileged     user could use this flaw to gather confidential     information, such as the length of a password used in a     process. (CVE-2011-2494, Low)

This update also fixes several bugs and adds one enhancement.

The system must be rebooted for this update to take effect.

This Linux kernel update fixes various security issues and bugs in the SUSE Linux Enterprise 10 SP4 kernel.

This update fixes the following security issues :

  - X.25 remote DoS. (CVE-2010-3873). (bnc#651219)

  - X.25 remote Dos. (CVE-2010-4164). (bnc#653260)

  - 1 socket local DoS. (CVE-2010-4249). (bnc#655696)

  - ebtables infoleak. (CVE-2011-1080). (bnc#676602)

  - netfilter: arp_tables infoleak to userspace.
    (CVE-2011-1170). (bnc#681180)

  - netfilter: ip_tables infoleak to userspace.
    (CVE-2011-1171). (bnc#681181)

  - netfilter: ip6_tables infoleak to userspace.
    (CVE-2011-1172). (bnc#681185)

  - econet 4 byte infoleak. (CVE-2011-1173). (bnc#681186)

  - hfs NULL pointer dereference. (CVE-2011-2203).
    (bnc#699709)

  - inet_diag infinite loop. (CVE-2011-2213). (bnc#700879)

  - netfilter: ipt_CLUSTERIP buffer overflow.
    (CVE-2011-2534). (bnc#702037)

  - ipv6: make fragment identifications less predictable.
    (CVE-2011-2699). (bnc#707288)

  - clock_gettime() panic. (CVE-2011-3209). (bnc#726064)

  - qdisc NULL dereference (CVE-2011-2525) This update also     fixes the following non-security issues:. (bnc#735612)

  - New timesource for VMware platform. (bnc#671124)

  - usblp crashes after the printer is unplugged for the     second time. (bnc#673343)

  - Data corruption with mpt2sas driver. (bnc#704253)

  - NIC Bond no longer works when booting the XEN kernel.
    (bnc#716437)

  - 'reboot=b' kernel command line hangs system on reboot.
    (bnc#721267)

  - kernel panic at iscsi_xmitwork function. (bnc#721351)

  - NFS supplementary group permissions. (bnc#725878)

  - IBM LTC System z Maintenance Kernel Patches (#59).
    (bnc#726843)

  - NFS slowness. (bnc#727597)

  - IBM LTC System z maintenance kernel patches (#60).
    (bnc#728341)

  - propagate MAC-address to VLAN-interface. (bnc#729117)

  - ipmi deadlock in start_next_msg. (bnc#730749)

  - ext3 filesystem corruption after crash. (bnc#731770)

  - IBM LTC System z maintenance kernel patches (#61).
    (bnc#732375)

  - hangs when offlining a CPU core. (bnc#733407)

Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162)

Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203)

A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203)

A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162)

Dan Rosenberg reported an error in the old ABI compatibility layer of ARM kernels. A local attacker could exploit this flaw to cause a denial of service or gain root privileges. (CVE-2011-1759)

Ben Hutchings reported a flaw in the kernel's handling of corrupt LDM partitions. A local user could exploit this to cause a denial of service or escalate privileges. (CVE-2011-2182)

Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203)

A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203)

A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. (CVE-2011-4077)

A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110)

A flaw was found in the Journaling Block Device (JBD). A local attacker able to mount ext3 or ext4 file systems could exploit this to crash the system, leading to a denial of service. (CVE-2011-4132)

Clement Lecigne discovered a bug in the HFS file system bounds checking. When a malformed HFS file system is mounted a local user could crash the system or gain root privileges. (CVE-2011-4330)

Chen Haogang discovered an integer overflow that could result in memory corruption. A local unprivileged user could use this to crash the system. (CVE-2012-0044).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203)

A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. (CVE-2011-4077)

A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110)

A flaw was found in the Journaling Block Device (JBD). A local attacker able to mount ext3 or ext4 file systems could exploit this to crash the system, leading to a denial of service. (CVE-2011-4132)

Clement Lecigne discovered a bug in the HFS file system bounds checking. When a malformed HFS file system is mounted a local user could crash the system or gain root privileges. (CVE-2011-4330)

Chen Haogang discovered an integer overflow that could result in memory corruption. A local unprivileged user could use this to crash the system. (CVE-2012-0044)

Juri Aedla discovered that the kernel incorrectly handled /proc/<pid>/mem permissions. A local attacker could exploit this and gain root privileges. (CVE-2012-0056).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203)

A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. (CVE-2011-4077)

A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110)

A flaw was found in the Journaling Block Device (JBD). A local attacker able to mount ext3 or ext4 file systems could exploit this to crash the system, leading to a denial of service. (CVE-2011-4132)

Clement Lecigne discovered a bug in the HFS file system bounds checking. When a malformed HFS file system is mounted a local user could crash the system or gain root privileges. (CVE-2011-4330)

Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203)

A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110).

Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162)

Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203)

Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service. (CVE-2011-3353)

A flaw was found in the b43 driver in the Linux kernel. An attacker could use this flaw to cause a denial of service if the system has an active wireless interface using the b43 driver. (CVE-2011-3359)

A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110)

Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162)

Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203)

A flaw was found in the b43 driver in the Linux kernel. An attacker could use this flaw to cause a denial of service if the system has an active wireless interface using the b43 driver. (CVE-2011-3359)

A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Nick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162)

Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203)

Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service. (CVE-2011-3353)

A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110)

Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162)

Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203)

A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110)

The SUSE Linux Enterprise 11 Service Pack 1 kernel has been updated to version 2.6.32.49 and fixes various bugs and security issues.

  - The TCP/IP initial sequence number generation     effectively only used 24 bits of 32 to generate     randomness, making a brute-force man-in-the-middle     attack on TCP/IP connections feasible. The generator was     changed to use full 32bit randomness. (CVE-2011-3188)

  - Fernando Gont discovered that the IPv6 stack used     predictable fragment identification numbers. A remote     attacker could exploit this to exhaust network     resources, leading to a denial of service.
    (CVE-2011-2699)

  - A NULL ptr dereference on mounting corrupt hfs     filesystems was fixed which could be used by local     attackers to crash the kernel. (CVE-2011-2203)

  - Added a kernel option to ensure ecryptfs is mounting     only on paths belonging to the current ui, which would     have allowed local attackers to potentially gain     privileges via symlink attacks. (CVE-2011-1833)

  - The Generic Receive Offload (GRO) implementation in the     Linux kernel allowed remote attackers to cause a denial     of service via crafted VLAN packets that are processed     by the napi_reuse_skb function, leading to (1) a memory     leak or (2) memory corruption, a different vulnerability     than CVE-2011-1478. (CVE-2011-1576)

  - A name overflow in the hfs filesystem was fixed, where     mounting a corrupted hfs filesystem could lead to a     stack overflow and code execution in the kernel. This     requires a local attacker to be able to mount hfs     filesystems. (CVE-2011-4330)

  - A bug was found in the way headroom check was performed     in udp6_ufo_fragment() function. A remote attacker could     use this flaw to crash the system. (CVE-2011-4326)

The following non-security bugs have been fixed :

  - ALSA: hda - Fix S3/S4 problem on machines with VREF-pin     mute-LED. (bnc#732535)

  - patches.xen/xen-pcpu-hotplug: Fix a double kfree().

  - ixgbe: fix bug with vlan strip in promsic mode     (bnc#687049, fate#311821).

  - ixgbe: fix panic when shutting down system with WoL     enabled.

  - fnic: Allow users to modify dev_loss_tmo setting.
    (bnc#719786)

  - x86, intel: Do not mark sched_clock() as stable.
    (bnc#725709)

  - ALSA: hda - Keep vref-LED during power-saving on IDT     codecs. (bnc#731981)

  - cifs: Assume passwords are encoded according to     iocharset. (bnc#731035)

  - scsi_dh: Check queuedata pointer before proceeding.
    (bnc#714744)

  - netback: use correct index for invalidation in     netbk_tx_check_mop().

  - ACPI video: introduce module parameter     video.use_bios_initial_backlight. (bnc#731229)

  - SUNRPC: prevent task_cleanup running on freed xprt.
    (bnc#709671)

  - add device entry for Broadcom Valentine combo card.
    (bnc#722429)

  - quota: Fix WARN_ON in lookup_one_len. (bnc#728626)

  - Update Xen patches to 2.6.32.48.

  - pv-on-hvm/kexec: add xs_reset_watches to shutdown     watches from old kernel. (bnc#694863)

  - x86: undo_limit_pages() must reset page count.

  - mm/vmstat.c: cache align vm_stat. (bnc#729721)

  - s390/ccwgroup: fix uevent vs dev attrs race     (bnc#659101,LTC#69028).

  - Warn on pagecache limit usage (FATE309111).

  - SCSI: st: fix race in st_scsi_execute_end. (bnc#720536)

  - ACPI: introduce 'acpi_rsdp=' parameter for kdump.
    (bnc#717263)

  - elousb: Limit the workaround warning to one per error,     control workaround activity. (bnc#719916)

  - SCSI: libiscsi: reset cmd timer if cmds are making     progress. (bnc#691440)

  - SCSI: fix crash in scsi_dispatch_cmd(). (bnc#724989)

  - NFS/sunrpc: do not use a credential with extra groups.
    (bnc#725878)

  - s390/qdio: EQBS retry after CCQ 96     (bnc#725453,LTC#76117).

  - fcoe: Reduce max_sectors to 1024. (bnc#695898)

  - apparmor: return -ENOENT when there is no profile for a     hat. (bnc#725502)

  - sched, cgroups: disallow attaching kthreadd.
    (bnc#721840)

  - nfs: Check validity of cl_rpcclient in     nfs_server_list_show. (bnc#717884)

  - x86, vt-d: enable x2apic opt out (disabling x2apic     through BIOS flag) (bnc#701183, fate#311989).

  - block: Free queue resources at blk_release_queue().
    (bnc#723815)

  - ALSA: hda - Add post_suspend patch ops. (bnc#724800)

  - ALSA: hda - Allow codec-specific set_power_state ops.
    (bnc#724800)

  - ALSA: hda - Add support for vref-out based mute LED     control on IDT codecs. (bnc#724800)

  - scsi_dh_rdac : Add definitions for different RDAC     operating modes. (bnc#724365)

  - scsi_dh_rdac : Detect the different RDAC operating     modes. (bnc#724365)

  - scsi_dh_rdac : decide whether to send mode select based     on operating mode. (bnc#724365)

  - scsi_dh_rdac: Use WWID from C8 page instead of Subsystem     id from C4 page to identify storage. (bnc#724365)

  - vlan: Match underlying dev carrier on vlan add.
    (bnc#722504)

  - scsi_lib: pause between error retries. (bnc#675127)

  - xfs: use KM_NOFS for allocations during attribute list     operations. (bnc#721830)

  - bootsplash: Do not crash when no fb is set. (bnc#723542)

  - cifs: do not allow cifs_iget to match inodes of the     wrong type. (bnc#711501)

  - cifs: fix noserverino handling when 1 extensions are     enabled. (bnc#711501)

  - cifs: reduce false positives with inode aliasing     serverino autodisable. (bnc#711501)

  - parport_pc: release IO region properly if unsupported     ITE887x card is found. (bnc#721464)

  - writeback: avoid unnecessary calculation of bdi dirty     thresholds. (bnc#721299)

  - 1: Fix bogus it_blocksize in VIO iommu code.
    (bnc#717690)

  - ext4: Fix max file size and logical block counting of     extent format file. (bnc#706374)

  - novfs: Unable to change password in the Novell Client     for Linux. (bnc#713229)

  - xfs: add more ilock tracing.

  - sched: move wakeup tracepoint above out_running.
    (bnc#712002)

  - config.conf: Build KMPs for the -trace flavor as well     (fate#312759, bnc#712404, bnc#712405, bnc#721337).

  - memsw: remove noswapaccount kernel parameter.
    (bnc#719450)

ID	Name	Product	Family	Severity
83603	SUSE SLES10 Security Update : kernel (SUSE-SU-2013:1832-1)	Nessus	SuSE Local Security Checks	high
79507	OracleVM 2.2 : kernel (OVMSA-2013-0039)	Nessus	OracleVM Local Security Checks	critical
75882	openSUSE Security Update : kernel (openSUSE-SU-2012:0236-1)	Nessus	SuSE Local Security Checks	high
75557	openSUSE Security Update : kernel (openSUSE-SU-2012:0206-1)	Nessus	SuSE Local Security Checks	high
74767	openSUSE Security Update : kernel (openSUSE-2012-65)	Nessus	SuSE Local Security Checks	high
68394	Oracle Linux 5 : kernel (ELSA-2011-1479)	Nessus	Oracle Linux Local Security Checks	high
67086	CentOS 5 : kernel (CESA-2011:1479)	Nessus	CentOS Local Security Checks	high
61181	Scientific Linux Security Update : kernel on SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
59161	SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7915)	Nessus	SuSE Local Security Checks	high
57688	Ubuntu 11.04 : linux vulnerabilities (USN-1345-1)	Nessus	Ubuntu Local Security Checks	low
57687	Ubuntu 10.04 LTS : linux vulnerabilities (USN-1344-1)	Nessus	Ubuntu Local Security Checks	low
57665	Ubuntu 10.10 : linux vulnerabilities (USN-1341-1)	Nessus	Ubuntu Local Security Checks	high
57664	Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1340-1)	Nessus	Ubuntu Local Security Checks	high
57661	Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1337-1)	Nessus	Ubuntu Local Security Checks	low
57660	Ubuntu 11.10 : linux vulnerability (USN-1336-1)	Nessus	Ubuntu Local Security Checks	high
57659	SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7918)	Nessus	SuSE Local Security Checks	high
57535	Ubuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1332-1)	Nessus	Ubuntu Local Security Checks	high
57534	USN-1330-1 : linux-ti-omap4 vulnerabilities	Nessus	Ubuntu Local Security Checks	high
57532	Ubuntu 10.10 : linux-mvl-dove vulnerabilities (USN-1328-1)	Nessus	Ubuntu Local Security Checks	low
57497	USN-1325-1 : linux-ti-omap4 vulnerabilities	Nessus	Ubuntu Local Security Checks	medium
57496	Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1324-1)	Nessus	Ubuntu Local Security Checks	low
57495	Ubuntu 8.04 LTS : linux vulnerabilities (USN-1323-1)	Nessus	Ubuntu Local Security Checks	medium
57467	Ubuntu 11.10 : linux vulnerability (USN-1322-1)	Nessus	Ubuntu Local Security Checks	high
57448	USN-1319-1 : linux-ti-omap4 vulnerabilities	Nessus	Ubuntu Local Security Checks	medium
57447	USN-1318-1 : linux-fsl-imx51 vulnerabilities	Nessus	Ubuntu Local Security Checks	low
57297	SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 5493 / 5510 / 5511)	Nessus	SuSE Local Security Checks	high
56974	RHEL 5 : kernel (RHSA-2011:1479)	Nessus	Red Hat Local Security Checks	high

CVE-2011-2203

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins