http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c0f5ecee4e741667b2493c742b60b6218d40b3aa

RHSA-2014:0328

RHSA-2014:0339

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4

MDVSA-2013:176

[oss-security] 20130314 Re: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device

58510

USN-1809-1

USN-1811-1

USN-1812-1

USN-1813-1

USN-1814-1

USN-1829-1

https://bugzilla.redhat.com/show_bug.cgi?id=921970

https://github.com/torvalds/linux/commit/c0f5ecee4e741667b2493c742b60b6218d40b3aa

The SUSE Linux Enterprise Server 11 SP1 LTSS received a roll up update to fix several security and non-security issues.

The following security issues have been fixed :

  - CVE-2013-1860: Heap-based buffer overflow in the     wdm_in_callback function in drivers/usb/class/cdc-wdm.c     in the Linux kernel before 3.8.4 allows physically     proximate attackers to cause a denial of service (system     crash) or possibly execute arbitrary code via a crafted     cdc-wdm USB device. (bnc#806431)

  - CVE-2013-4162: The udp_v6_push_pending_frames function     in net/ipv6/udp.c in the IPv6 implementation in the     Linux kernel through 3.10.3 makes an incorrect function     call for pending data, which allows local users to cause     a denial of service (BUG and system crash) via a crafted     application that uses the UDP_CORK option in a     setsockopt system call. (bnc#831058)

  - CVE-2014-0203: The __do_follow_link function in     fs/namei.c in the Linux kernel before 2.6.33 does not     properly handle the last pathname component during use     of certain filesystems, which allows local users to     cause a denial of service (incorrect free operations and     system crash) via an open system call. (bnc#883526)

  - CVE-2014-3144: The (1) BPF_S_ANC_NLATTR and (2)     BPF_S_ANC_NLATTR_NEST extension implementations in the     sk_run_filter function in net/core/filter.c in the Linux     kernel through 3.14.3 do not check whether a certain     length value is sufficiently large, which allows local     users to cause a denial of service (integer underflow     and system crash) via crafted BPF instructions. NOTE:
    the affected code was moved to the __skb_get_nlattr and
    __skb_get_nlattr_nest functions before the vulnerability     was announced. (bnc#877257)

  - CVE-2014-3145: The BPF_S_ANC_NLATTR_NEST extension     implementation in the sk_run_filter function in     net/core/filter.c in the Linux kernel through 3.14.3     uses the reverse order in a certain subtraction, which     allows local users to cause a denial of service     (over-read and system crash) via crafted BPF     instructions. NOTE: the affected code was moved to the
    __skb_get_nlattr_nest function before the vulnerability     was announced. (bnc#877257)

  - CVE-2014-3917: kernel/auditsc.c in the Linux kernel     through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with     certain syscall rules, allows local users to obtain     potentially sensitive single-bit values from kernel     memory or cause a denial of service (OOPS) via a large     value of a syscall number. (bnc#880484)

  - CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux     kernel through 3.15.1 on 32-bit x86 platforms, when     syscall auditing is enabled and the sep CPU feature flag     is set, allows local users to cause a denial of service     (OOPS and system crash) via an invalid syscall number,     as demonstrated by number 1000. (bnc#883724)

  - CVE-2014-4652: Race condition in the tlv handler     functionality in the snd_ctl_elem_user_tlv function in     sound/core/control.c in the ALSA control implementation     in the Linux kernel before 3.15.2 allows local users to     obtain sensitive information from kernel memory by     leveraging /dev/snd/controlCX access. (bnc#883795)

  - CVE-2014-4653: sound/core/control.c in the ALSA control     implementation in the Linux kernel before 3.15.2 does     not ensure possession of a read/write lock, which allows     local users to cause a denial of service     (use-after-free) and obtain sensitive information from     kernel memory by leveraging /dev/snd/controlCX access.
    (bnc#883795)

  - CVE-2014-4654: The snd_ctl_elem_add function in     sound/core/control.c in the ALSA control implementation     in the Linux kernel before 3.15.2 does not check     authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands,     which allows local users to remove kernel controls and     cause a denial of service (use-after-free and system     crash) by leveraging /dev/snd/controlCX access for an     ioctl call. (bnc#883795)

  - CVE-2014-4655: The snd_ctl_elem_add function in     sound/core/control.c in the ALSA control implementation     in the Linux kernel before 3.15.2 does not properly     maintain the user_ctl_count value, which allows local     users to cause a denial of service (integer overflow and     limit bypass) by leveraging /dev/snd/controlCX access     for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl     calls. (bnc#883795)

  - CVE-2014-4656: Multiple integer overflows in     sound/core/control.c in the ALSA control implementation     in the Linux kernel before 3.15.2 allow local users to     cause a denial of service by leveraging     /dev/snd/controlCX access, related to (1) index values     in the snd_ctl_add function and (2) numid values in the     snd_ctl_remove_numid_conflict function. (bnc#883795)

  - CVE-2014-4667: The sctp_association_free function in     net/sctp/associola.c in the Linux kernel before 3.15.2     does not properly manage a certain backlog value, which     allows remote attackers to cause a denial of service     (socket outage) via a crafted SCTP packet. (bnc#885422)

  - CVE-2014-4699: The Linux kernel before 3.15.4 on Intel     processors does not properly restrict use of a     non-canonical value for the saved RIP address in the     case of a system call that does not use IRET, which     allows local users to leverage a race condition and gain     privileges, or cause a denial of service (double fault),     via a crafted application that makes ptrace and fork     system calls. (bnc#885725)

  - CVE-2014-4943: The PPPoL2TP feature in     net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6     allows local users to gain privileges by leveraging     data-structure differences between an l2tp socket and an     inet socket. (bnc#887082)

  - CVE-2014-5077: The sctp_assoc_update function in     net/sctp/associola.c in the Linux kernel through 3.15.8,     when SCTP authentication is enabled, allows remote     attackers to cause a denial of service (NULL pointer     dereference and OOPS) by starting to establish an     association between two endpoints immediately after an     exchange of INIT and INIT ACK chunks to establish an     earlier association between these endpoints in the     opposite direction. (bnc#889173)

  - CVE-2013-7266: The mISDN_sock_recvmsg function in     drivers/isdn/mISDN/socket.c in the Linux kernel before     3.12.4 does not ensure that a certain length value is     consistent with the size of an associated data     structure, which allows local users to obtain sensitive     information from kernel memory via a (1) recvfrom, (2)     recvmmsg, or (3) recvmsg system call. (bnc#854722)

  - CVE-2013-7267: The atalk_recvmsg function in     net/appletalk/ddp.c in the Linux kernel before 3.12.4     updates a certain length value without ensuring that an     associated data structure has been initialized, which     allows local users to obtain sensitive information from     kernel memory via a (1) recvfrom, (2) recvmmsg, or (3)     recvmsg system call. (bnc#854722)

  - CVE-2013-7268: The ipx_recvmsg function in     net/ipx/af_ipx.c in the Linux kernel before 3.12.4     updates a certain length value without ensuring that an     associated data structure has been initialized, which     allows local users to obtain sensitive information from     kernel memory via a (1) recvfrom, (2) recvmmsg, or (3)     recvmsg system call. (bnc#854722)

  - CVE-2013-7269: The nr_recvmsg function in     net/netrom/af_netrom.c in the Linux kernel before 3.12.4     updates a certain length value without ensuring that an     associated data structure has been initialized, which     allows local users to obtain sensitive information from     kernel memory via a (1) recvfrom, (2) recvmmsg, or (3)     recvmsg system call. (bnc#854722)

  - CVE-2013-7270: The packet_recvmsg function in     net/packet/af_packet.c in the Linux kernel before 3.12.4     updates a certain length value before ensuring that an     associated data structure has been initialized, which     allows local users to obtain sensitive information from     kernel memory via a (1) recvfrom, (2) recvmmsg, or (3)     recvmsg system call. (bnc#854722)

  - CVE-2013-7271: The x25_recvmsg function in     net/x25/af_x25.c in the Linux kernel before 3.12.4     updates a certain length value without ensuring that an     associated data structure has been initialized, which     allows local users to obtain sensitive information from     kernel memory via a (1) recvfrom, (2) recvmmsg, or (3)     recvmsg system call. (bnc#854722)

The following bugs have been fixed :

  - mac80211: Fix AP powersave TX vs. wakeup race     (bnc#871797).

  - tcp: Allow to disable cwnd moderation in TCP_CA_Loss     state (bnc#879921).

  - tcp: Adapt selected parts of RFC 5682 and PRR logic     (bnc#879921).

  - flock: Fix allocation and BKL (bnc#882809).

  - sunrpc: Close a rare race in xs_tcp_setup_socket     (bnc#794824, bnc#884530).

  - isofs: Fix unbounded recursion when processing relocated     directories (bnc#892490).

  - bonding: Fix a race condition on cleanup in     bond_send_unsolicited_na() (bnc#856756).

  - block: Fix race between request completion and timeout     handling (bnc#881051).

  - Fix kABI breakage due to addition of user_ctl_lock     (bnc#883795).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An updated rhev-hypervisor6 package that fixes multiple security issues is now available.

The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent.

Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions.

It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker. (CVE-2014-0092)

A flaw was found in the way the get_rx_bufs() function in the vhost_net implementation in the Linux kernel handled error conditions reported by the vhost_get_vq_desc() function. A privileged guest user could use this flaw to crash the host. (CVE-2014-0055)

A heap-based buffer overflow flaw was found in the Linux kernel's cdc-wdm driver, used for USB CDC WCM device management. An attacker with physical access to a system could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1860)

The CVE-2014-0092 issue was discovered by Nikos Mavrogiannopoulos of the Red Hat Security Technologies Team.

This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers :

CVE-2014-0101, and CVE-2014-0069 (kernel issues)

CVE-2010-2596, CVE-2013-1960, CVE-2013-1961, CVE-2013-4231, CVE-2013-4232, CVE-2013-4243, and CVE-2013-4244 (libtiff issues)

Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which corrects these issues.

Updated kernel-rt packages that fix several security issues and multiple bugs are now available for Red Hat Enterprise MRG 2.3.

The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Security fixes :

* It was found that the kernel-rt update RHBA-2012:0044 introduced an integer conversion issue in the Linux kernel's Performance Events implementation. This led to a user-supplied index into the perf_swevent_enabled array not being validated properly, resulting in out-of-bounds kernel memory access. A local, unprivileged user could use this flaw to escalate their privileges. (CVE-2013-2094, Important)

A public exploit for CVE-2013-2094 that affects Red Hat Enterprise MRG 2 is available. Refer to Red Hat Knowledge Solution 373743, linked to in the References, for further information and mitigation instructions for users who are unable to immediately apply this update.

* An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the Intel i915 driver in the Linux kernel handled the allocation of the buffer used for relocation copies. A local user with console access could use this flaw to cause a denial of service or escalate their privileges. (CVE-2013-0913, Important)

* It was found that the Linux kernel used effective user and group IDs instead of real ones when passing messages with SCM_CREDENTIALS ancillary data. A local, unprivileged user could leverage this flaw with a set user ID (setuid) application, allowing them to escalate their privileges. (CVE-2013-1979, Important)

* A race condition in install_user_keyrings(), leading to a NULL pointer dereference, was found in the key management facility. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2013-1792, Moderate)

* A NULL pointer dereference flaw was found in the Linux kernel's XFS file system implementation. A local user who is able to mount an XFS file system could use this flaw to cause a denial of service.
(CVE-2013-1819, Moderate)

* An information leak was found in the Linux kernel's POSIX signals implementation. A local, unprivileged user could use this flaw to bypass the Address Space Layout Randomization (ASLR) security feature.
(CVE-2013-0914, Low)

* A use-after-free flaw was found in the tmpfs implementation. A local user able to mount and unmount a tmpfs file system could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1767, Low)

* A NULL pointer dereference flaw was found in the Linux kernel's USB Inside Out Edgeport Serial Driver implementation. A local user with physical access to a system and with access to a USB device's tty file could use this flaw to cause a denial of service. (CVE-2013-1774, Low)

* A format string flaw was found in the ext3_msg() function in the Linux kernel's ext3 file system implementation. A local user who is able to mount an ext3 file system could use this flaw to cause a denial of service or, potentially, escalate their privileges.
(CVE-2013-1848, Low)

* A heap-based buffer overflow flaw was found in the Linux kernel's cdc-wdm driver, used for USB CDC WCM device management. An attacker with physical access to a system could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1860, Low)

* A heap-based buffer overflow in the way the tg3 Ethernet driver parsed the vital product data (VPD) of devices could allow an attacker with physical access to a system to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1929, Low)

* Information leaks in the Linux kernel's cryptographic API could allow a local user who has the CAP_NET_ADMIN capability to leak kernel stack memory to user-space. (CVE-2013-2546, CVE-2013-2547, CVE-2013-2548, Low)

* Information leaks in the Linux kernel could allow a local, unprivileged user to leak kernel stack memory to user-space.
(CVE-2013-2634, CVE-2013-2635, CVE-2013-3076, CVE-2013-3222, CVE-2013-3224, CVE-2013-3225, CVE-2013-3231, Low)

Red Hat would like to thank Andy Lutomirski for reporting CVE-2013-1979. CVE-2013-1792 was discovered by Mateusz Guzik of Red Hat EMEA GSS SEG Team.

* A flaw was found in the way the get_rx_bufs() function in the vhost_net implementation in the Linux kernel handled error conditions reported by the vhost_get_vq_desc() function. A privileged guest user could use this flaw to crash the host. (CVE-2014-0055, Important)

* A flaw was found in the way the Linux kernel processed an authenticated COOKIE_ECHO chunk during the initialization of an SCTP connection. A remote attacker could use this flaw to crash the system by initiating a specially crafted SCTP handshake in order to trigger a NULL pointer dereference on the system. (CVE-2014-0101, Important)

* A flaw was found in the way the Linux kernel's CIFS implementation handled uncached write operations with specially crafted iovec structures. An unprivileged local user with access to a CIFS share could use this flaw to crash the system, leak kernel memory, or, potentially, escalate their privileges on the system. Note: the default cache settings for CIFS mounts on Scientific Linux 6 prohibit a successful exploitation of this issue. (CVE-2014-0069, Moderate)

* A heap-based buffer overflow flaw was found in the Linux kernel's cdc- wdm driver, used for USB CDC WCM device management. An attacker with physical access to a system could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1860, Low)

The system must be rebooted for this update to take effect.

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

* A flaw was found in the way the get_rx_bufs() function in the vhost_net implementation in the Linux kernel handled error conditions reported by the vhost_get_vq_desc() function. A privileged guest user could use this flaw to crash the host. (CVE-2014-0055, Important)

* A flaw was found in the way the Linux kernel processed an authenticated COOKIE_ECHO chunk during the initialization of an SCTP connection. A remote attacker could use this flaw to crash the system by initiating a specially crafted SCTP handshake in order to trigger a NULL pointer dereference on the system. (CVE-2014-0101, Important)

* A flaw was found in the way the Linux kernel's CIFS implementation handled uncached write operations with specially crafted iovec structures. An unprivileged local user with access to a CIFS share could use this flaw to crash the system, leak kernel memory, or, potentially, escalate their privileges on the system. Note: the default cache settings for CIFS mounts on Red Hat Enterprise Linux 6 prohibit a successful exploitation of this issue. (CVE-2014-0069, Moderate)

* A heap-based buffer overflow flaw was found in the Linux kernel's cdc-wdm driver, used for USB CDC WCM device management. An attacker with physical access to a system could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1860, Low)

Red Hat would like to thank Nokia Siemens Networks for reporting CVE-2014-0101, and Al Viro for reporting CVE-2014-0069.

This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section.

All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

From Red Hat Security Advisory 2014:0328 :

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

* A flaw was found in the way the get_rx_bufs() function in the vhost_net implementation in the Linux kernel handled error conditions reported by the vhost_get_vq_desc() function. A privileged guest user could use this flaw to crash the host. (CVE-2014-0055, Important)

* A flaw was found in the way the Linux kernel processed an authenticated COOKIE_ECHO chunk during the initialization of an SCTP connection. A remote attacker could use this flaw to crash the system by initiating a specially crafted SCTP handshake in order to trigger a NULL pointer dereference on the system. (CVE-2014-0101, Important)

* A flaw was found in the way the Linux kernel's CIFS implementation handled uncached write operations with specially crafted iovec structures. An unprivileged local user with access to a CIFS share could use this flaw to crash the system, leak kernel memory, or, potentially, escalate their privileges on the system. Note: the default cache settings for CIFS mounts on Red Hat Enterprise Linux 6 prohibit a successful exploitation of this issue. (CVE-2014-0069, Moderate)

* A heap-based buffer overflow flaw was found in the Linux kernel's cdc-wdm driver, used for USB CDC WCM device management. An attacker with physical access to a system could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1860, Low)

Red Hat would like to thank Nokia Siemens Networks for reporting CVE-2014-0101, and Al Viro for reporting CVE-2014-0069.

This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section.

All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

The remote Oracle Linux host is missing a security update for the Unbreakable Enterprise Kernel package(s).

Description of changes:


[2.6.32-400.29.1.el6uek]
- KVM: add missing void __user COPYING CREDITS Documentation Kbuild MAINTAINERS Makefile README REPORTING-BUGS arch block crypto drivers firmware fs include init ipc kernel lib mm net samples scripts security sound tools uek-rpm usr virt cast to access_ok() call (Heiko Carstens) [Orabug: 16941620] {CVE-2013-1943}
- KVM: Validate userspace_addr of memslot when registered (Takuya Yoshikawa) [Orabug: 16941620] {CVE-2013-1943}

[2.6.32-400.28.1.el6uek]
- do_add_mount()/umount -l races (Jerry Snitselaar) [Orabug: 16311974]
- tg3: fix length overflow in VPD firmware parsing (Kees Cook) [Orabug: 16837019] {CVE-2013-1929}
- USB: cdc-wdm: fix buffer overflow (Oliver Neukum) [Orabug: 16837003] {CVE-2013-1860}
- bonding: emit event when bonding changes MAC (Weiping Pan) [Orabug: 16579025]
- sched: Fix ancient race in do_exit() (Joe Jin)
- open debug in page_move_anon_rmap by default. (Xiaowei.Hu) [Orabug: 14046035]
- block: default SCSI command filter does not accomodate commands overlap across device classes (Jamie Iles) [Orabug: 16387136] {CVE-2012-4542}
- vma_adjust: fix the copying of anon_vma chains (Linus Torvalds) [Orabug: 14046035]
- xen-netfront: delay gARP until backend switches to Connected (Laszlo Ersek) [Orabug: 16182568]
- svcrpc: don't hold sv_lock over svc_xprt_put() (J. Bruce Fields) [Orabug: 16032824]
- mm/hotplug: correctly add new zone to all other nodes' zone lists (Jiang Liu) [Orabug: 16603569] {CVE-2012-5517}
- ptrace: ptrace_resume() shouldn't wake up !TASK_TRACED thread (Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871}
- ptrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL (Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871}
- ptrace: introduce signal_wake_up_state() and ptrace_signal_wake_up() (Oleg Nesterov) [Orabug: 16405868] {CVE-2013-0871}
- Bluetooth: Fix incorrect strncpy() in hidp_setup_hid() (Anderson Lizardo) [Orabug: 16711062] {CVE-2013-0349}
- dccp: check ccid before dereferencing (Mathias Krause) [Orabug: 16711040] {CVE-2013-1827}
- USB: io_ti: Fix NULL dereference in chase_port() (Wolfgang Frisch) [Orabug: 16425435] {CVE-2013-1774}
- keys: fix race with concurrent install_user_keyrings() (David Howells) [Orabug: 16493369] {CVE-2013-1792}
- KVM: Fix bounds checking in ioapic indirect register reads (CVE-2013-1798) (Andy Honig) [Orabug: 16710937] {CVE-2013-1798}
- KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (CVE-2013-1796) (Jerry Snitselaar) [Orabug: 16710794] {CVE-2013-1796}

[2.6.32-400.27.1.el6uek]
- net/tun: fix ioctl() based info leaks (Mathias Krause) [Orabug: 16675501] {CVE-2012-6547}
- atm: fix info leak via getsockname() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6546}
- atm: fix info leak in getsockopt(SO_ATMPVC) (Mathias Krause) [Orabug: 16675501] {CVE-2012-6546}
- xfrm_user: fix info leak in copy_to_user_tmpl() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6537}
- xfrm_user: fix info leak in copy_to_user_policy() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6537}
- xfrm_user: fix info leak in copy_to_user_state() (Mathias Krause) [Orabug: 16675501] {CVE-2013-6537}
- xfrm_user: return error pointer instead of NULL #2 (Mathias Krause) [Orabug: 16675501] {CVE-2013-1826}
- xfrm_user: return error pointer instead of NULL (Mathias Krause) [Orabug: 16675501] {CVE-2013-1826}
- llc: fix info leak via getsockname() (Mathias Krause) [Orabug: 16675501] {CVE-2012-6542}
- x86/mm: Check if PUD is large when validating a kernel address (Mel Gorman) [Orabug: 14251997]

The remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).

Multiple vulnerabilities has been found and corrected in the Linux kernel :

The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application. (CVE-2013-1979)

The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3232)

net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
(CVE-2013-3235)

The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3234)

The llcp_sock_recvmsg function in net/nfc/llcp/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable and a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3233)

The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3231)

The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
(CVE-2013-3229)

The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
(CVE-2013-3228)

The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3227)

The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3225)

The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3224)

The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3223)

The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3222)

Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program.
(CVE-2013-2596)

arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit. (CVE-2013-2146)

The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call. (CVE-2013-2094)

The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application. (CVE-2013-1798)

Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation. (CVE-2013-1797)

The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application. (CVE-2013-1796)

The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call.
(CVE-2013-2141)

Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure. (CVE-2013-1929)

The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.8-rc1, allows local users to cause a denial of service (daemon exit) via a crafted application that sends a Netlink message. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2669. (CVE-2012-5532)

The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. (CVE-2012-6548)

The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. (CVE-2012-6549)

net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
(CVE-2013-2634)

The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux kernel before 3.8.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (CVE-2013-2635)

fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and possibly gain privileges via a crafted application. (CVE-2013-1848)

The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call. (CVE-2013-0914)

Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted cdc-wdm USB device. (CVE-2013-1860)

Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) via crafted keyctl system calls that trigger keyring operations in simultaneous threads. (CVE-2013-1792)

The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability.
(CVE-2013-2546)

The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. (CVE-2013-2547)

The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. (CVE-2013-2548)

The translate_desc function in drivers/vhost/vhost.c in the Linux kernel before 3.7 does not properly handle cross-region descriptors, which allows guest OS users to obtain host OS privileges by leveraging KVM guest OS privileges. (CVE-2013-0311)

Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message. (CVE-2013-1763)

The __skb_recv_datagram function in net/core/datagram.c in the Linux kernel before 3.8 does not properly handle the MSG_PEEK flag with zero-length data, which allows local users to cause a denial of service (infinite loop and system hang) via a crafted application.
(CVE-2013-0290)

Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel before 3.7.10 allows local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option. (CVE-2013-1767)

The xen_iret function in arch/x86/xen/xen-asm_32.S in the Linux kernel before 3.7.9 on 32-bit Xen paravirt_ops platforms does not properly handle an invalid value in the DS segment register, which allows guest OS users to gain guest OS privileges via a crafted application.
(CVE-2013-0228)

Memory leak in drivers/net/xen-netback/netback.c in the Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (memory consumption) by triggering certain error conditions. (CVE-2013-0217)

The Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (loop) by triggering ring pointer corruption. (CVE-2013-0216)

The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (CVE-2012-6547)

The updated packages provides a solution for these security issues.

Mathias Krause discovered an information leak in the Linux kernel's ISO 9660 CDROM file system driver. A local user could exploit this flaw to examine some of the kernel's heap memory. (CVE-2012-6549)

Mathias Krause discovered a flaw in xfrm_user in the Linux kernel. A local attacker with NET_ADMIN capability could potentially exploit this flaw to escalate privileges. (CVE-2013-1826)

A buffer overflow was discovered in the Linux Kernel's USB subsystem for devices reporting the cdc-wdm class. A specially crafted USB device when plugged-in could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2013-1860)

An information leak was discovered in the Linux kernel's /dev/dvb device. A local user could exploit this flaw to obtain sensitive information from the kernel's stack memory. (CVE-2013-1928)

An information leak in the Linux kernel's dcb netlink interface was discovered. A local user could obtain sensitive information by examining kernel stack memory. (CVE-2013-2634).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems :

  - CVE-2012-2121     Benjamin Herrenschmidt and Jason Baron discovered issues     with the IOMMU mapping of memory slots used in KVM     device assignment. Local users with the ability to     assign devices could cause a denial of service due to a     memory page leak.

  - CVE-2012-3552     Hafid Lin reported an issue in the IP networking     subsystem. A remote user can cause a denial of service     (system crash) on servers running applications that set     options on sockets which are actively being processed.

  - CVE-2012-4461     Jon Howell reported a denial of service issue in the KVM     subsystem. On systems that do not support the XSAVE     feature, local users with access to the /dev/kvm     interface can cause a system crash.

  - CVE-2012-4508     Dmitry Monakhov and Theodore Ts'o reported a race     condition in the ext4 filesystem. Local users could gain     access to sensitive kernel memory.

  - CVE-2012-6537     Mathias Krause discovered information leak issues in the     Transformation user configuration interface. Local users     with the CAP_NET_ADMIN capability can gain access to     sensitive kernel memory.

  - CVE-2012-6539     Mathias Krause discovered an issue in the networking     subsystem. Local users on 64-bit systems can gain access     to sensitive kernel memory.

  - CVE-2012-6540     Mathias Krause discovered an issue in the Linux virtual     server subsystem. Local users can gain access to     sensitive kernel memory. Note: this issue does not     affect Debian provided kernels, but may affect custom     kernels built from Debian's linux-source-2.6.32 package.

  - CVE-2012-6542     Mathias Krause discovered an issue in the LLC protocol     support code. Local users can gain access to sensitive     kernel memory.

  - CVE-2012-6544     Mathias Krause discovered issues in the Bluetooth     subsystem. Local users can gain access to sensitive     kernel memory.

  - CVE-2012-6545     Mathias Krause discovered issues in the Bluetooth RFCOMM     protocol support. Local users can gain access to     sensitive kernel memory.

  - CVE-2012-6546     Mathias Krause discovered issues in the ATM networking     support. Local users can gain access to sensitive kernel     memory.

  - CVE-2012-6548     Mathias Krause discovered an issue in the UDF file     system support. Local users can obtain access to     sensitive kernel memory.

  - CVE-2012-6549     Mathias Krause discovered an issue in the isofs file     system support. Local users can obtain access to     sensitive kernel memory.

  - CVE-2013-0349     Anderson Lizardo discovered an issue in the Bluetooth     Human Interface Device Protocol (HIDP) stack. Local     users can obtain access to sensitive kernel memory.

  - CVE-2013-0914     Emese Revfy discovered an issue in the signal     implementation. Local users may be able to bypass the     address space layout randomization (ASLR) facility due     to a leaking of information to child processes.

  - CVE-2013-1767     Greg Thelen reported an issue in the tmpfs virtual     memory filesystem. Local users with sufficient privilege     to mount filesystems can cause a denial of service or     possibly elevated privileges due to a use-after free     defect.

  - CVE-2013-1773     Alan Stern provided a fix for a defect in the     UTF8->UTF16 string conversion facility used by the VFAT     filesystem. A local user could cause a buffer overflow     condition, resulting in a denial of service or     potentially elevated privileges.

  - CVE-2013-1774     Wolfgang Frisch provided a fix for a NULL pointer     dereference defect in the driver for some serial USB     devices from Inside Out Networks. Local users with     permission to access these devices can create a denial     of service (kernel oops) by causing the device to be     removed while it is in use.

  - CVE-2013-1792     Mateusz Guzik of Red Hat EMEA GSS SEG Team discovered a     race condition in the access key retention support in     the kernel. A local user could cause a denial of service     (NULL pointer dereference).

  - CVE-2013-1796     Andrew Honig of Google reported an issue in the KVM     subsystem. A user in a guest operating system could     corrupt kernel memory, resulting in a denial of service.

  - CVE-2013-1798     Andrew Honig of Google reported an issue in the KVM     subsystem. A user in a guest operating system could     cause a denial of service due to a use after-free     defect.

  - CVE-2013-1826     Mathias Krause discovered an issue in the Transformation     (XFRM) user configuration interface of the networking     stack. A user with the CAP_NET_ADMIN capability may be     able to gain elevated privileges.

  - CVE-2013-1860     Oliver Neukum discovered an issue in the USB CDC WCM     Device Management driver. Local users with the ability     to attach devices can cause a denial of service (kernel     crash) or potentially gain elevated privileges.

  - CVE-2013-1928     Kees Cook provided a fix for an information leak in the     VIDEO_SET_SPU_PALETTE ioctl for 32-bit applications     running on a 64-bit kernel. Local users can gain access     to sensitive kernel memory.

  - CVE-2013-1929     Oded Horovitz and Brad Spengler reported an issue in the     device driver for Broadcom Tigon3 based gigabit     Ethernet. Users with the ability to attach untrusted     devices can create an overflow condition, resulting in a     denial of service or elevated privileges.

  - CVE-2013-2015     Theodore Ts'o provided a fix for an issue in the ext4     filesystem. Local users with the ability to mount a     specially crafted filesystem can cause a denial of     service (infinite loop).

  - CVE-2013-2634     Mathias Krause discovered a few issues in the Data     Center Bridging (DCB) netlink interface. Local users can     gain access to sensitive kernel memory.

  - CVE-2013-3222     Mathias Krause discovered an issue in the Asynchronous     Transfer Mode (ATM) protocol support. Local users can     gain access to sensitive kernel memory.

  - CVE-2013-3223     Mathias Krause discovered an issue in the Amateur Radio     AX.25 protocol support. Local users can gain access to     sensitive kernel memory.

  - CVE-2013-3224     Mathias Krause discovered an issue in the Bluetooth     subsystem. Local users can gain access to sensitive     kernel memory.

  - CVE-2013-3225     Mathias Krause discovered an issue in the Bluetooth     RFCOMM protocol support. Local users can gain access to     sensitive kernel memory.

  - CVE-2013-3228     Mathias Krause discovered an issue in the IrDA     (infrared) subsystem support. Local users can gain     access to sensitive kernel memory.

  - CVE-2013-3229     Mathias Krause discovered an issue in the IUCV support     on s390 systems. Local users can gain access to     sensitive kernel memory.

  - CVE-2013-3231     Mathias Krause discovered an issue in the ANSI/IEEE     802.2 LLC type 2 protocol support. Local users can gain     access to sensitive kernel memory.

  - CVE-2013-3234     Mathias Krause discovered an issue in the Amateur Radio     X.25 PLP (Rose) protocol support. Local users can gain     access to sensitive kernel memory.

  - CVE-2013-3235     Mathias Krause discovered an issue in the Transparent     Inter Process Communication (TIPC) protocol support.
    Local users can gain access to sensitive kernel memory.

Mathias Krause discovered an information leak in the Linux kernel's UDF file system implementation. A local user could exploit this flaw to examine some of the kernel's heap memory. (CVE-2012-6548)

Mathias Krause discovered an information leak in the Linux kernel's ISO 9660 CDROM file system driver. A local user could exploit this flaw to examine some of the kernel's heap memory. (CVE-2012-6549)

An integer overflow was discovered in the Direct Rendering Manager (DRM) subsystem for the i915 video driver in the Linux kernel. A local user could exploit this flaw to cause a denial of service (crash) or potentially escalate privileges. (CVE-2013-0913)

Andrew Honig discovered a flaw in guest OS time updates in the Linux kernel's KVM (Kernel-based Virtual Machine). A privileged guest user could exploit this flaw to cause a denial of service (crash host system) or potential escalate privilege to the host kernel level.
(CVE-2013-1796)

Andrew Honig discovered a use after free error in guest OS time updates in the Linux kernel;s KVM (Kernel-based Virtual Machine). A privileged guest user could exploit this flaw to escalate privilege to the host kernel level. (CVE-2013-1797)

Andrew Honig reported a flaw in the way KVM (Kernel-based Virtual Machine) emulated the IOAPIC. A privileged guest user could exploit this flaw to read host memory or cause a denial of service (crash the host). (CVE-2013-1798)

A format-string bug was discovered in the Linux kernel's ext3 filesystem driver. A local user could exploit this flaw to possibly escalate privileges on the system. (CVE-2013-1848)

A buffer overflow was discovered in the Linux Kernel's USB subsystem for devices reporting the cdc-wdm class. A specially crafted USB device when plugged-in could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2013-1860)

An information leak in the Linux kernel's dcb netlink interface was discovered. A local user could obtain sensitive information by examining kernel stack memory. (CVE-2013-2634)

A kernel stack information leak was discovered in the RTNETLINK component of the Linux kernel. A local user could read sensitive information from the kernel stack. (CVE-2013-2635).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Mathias Krause discovered an information leak in the Linux kernel's UDF file system implementation. A local user could exploit this flaw to examine some of the kernel's heap memory. (CVE-2012-6548)

Mathias Krause discovered an information leak in the Linux kernel's ISO 9660 CDROM file system driver. A local user could exploit this flaw to examine some of the kernel's heap memory. (CVE-2012-6549)

An integer overflow was discovered in the Direct Rendering Manager (DRM) subsystem for the i915 video driver in the Linux kernel. A local user could exploit this flaw to cause a denial of service (crash) or potentially escalate privileges. (CVE-2013-0913)

Andrew Honig discovered a flaw in guest OS time updates in the Linux kernel's KVM (Kernel-based Virtual Machine). A privileged guest user could exploit this flaw to cause a denial of service (crash host system) or potentially escalate privilege to the host kernel level.
(CVE-2013-1796)

Andrew Honig discovered a use after free error in guest OS time updates in the Linux kernel's KVM (Kernel-based Virtual Machine). A privileged guest user could exploit this flaw to escalate privilege to the host kernel level. (CVE-2013-1797)

Andrew Honig reported a flaw in the way KVM (Kernel-based Virtual Machine) emulated the IOAPIC. A privileged guest user could exploit this flaw to read host memory or cause a denial of service (crash the host). (CVE-2013-1798)

A format-string bug was discovered in the Linux kernel's ext3 filesystem driver. A local user could exploit this flaw to possibly escalate privileges on the system. (CVE-2013-1848)

A buffer overflow was discovered in the Linux Kernel's USB subsystem for devices reporting the cdc-wdm class. A specially crafted USB device when plugged-in could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2013-1860)

An information leak in the Linux kernel's dcb netlink interface was discovered. A local user could obtain sensitive information by examining kernel stack memory. (CVE-2013-2634)

A kernel stack information leak was discovered in the RTNETLINK component of the Linux kernel. A local user could read sensitive information from the kernel stack. (CVE-2013-2635).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Update to Linux v3.8.3. Wide variety of fixes across the tree.
Contains reverts from upstream 3.8.3 to fix Intel GM45 graphics.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update fixes the display resolution issues introduced with kernel 3.8.3-201.fc18

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
83640	SUSE SLES11 Security Update : kernel (SUSE-SU-2014:1138-1)	Nessus	SuSE Local Security Checks	medium
79003	RHEL 6 : rhev-hypervisor6 (RHSA-2014:0339)	Nessus	Red Hat Local Security Checks	medium
76660	RHEL 6 : MRG (RHSA-2013:0829)	Nessus	Red Hat Local Security Checks	high
73200	Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20140325)	Nessus	Scientific Linux Local Security Checks	high
73198	RHEL 6 : kernel (RHSA-2014:0328)	Nessus	Red Hat Local Security Checks	high
73196	Oracle Linux 6 : kernel (ELSA-2014-0328)	Nessus	Oracle Linux Local Security Checks	high
73191	CentOS 6 : kernel (CESA-2014:0328)	Nessus	CentOS Local Security Checks	high
69942	Oracle Linux 5 / 6 : Unbreakable Enterprise Kernel (ELSA-2013-2546)	Nessus	Oracle Linux Local Security Checks	high
68856	Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2534)	Nessus	Oracle Linux Local Security Checks	medium
68855	Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2525)	Nessus	Oracle Linux Local Security Checks	high
66975	Mandriva Linux Security Advisory : kernel (MDVSA-2013:176)	Nessus	Mandriva Local Security Checks	high
66494	Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1829-1)	Nessus	Ubuntu Local Security Checks	medium
66467	Ubuntu 10.04 LTS : linux vulnerabilities (USN-1824-1)	Nessus	Ubuntu Local Security Checks	medium
66431	Debian DSA-2668-1 : linux-2.6 - privilege escalation/denial of service/information leak	Nessus	Debian Local Security Checks	medium
66344	SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 7667 / 7669 / 7675)	Nessus	SuSE Local Security Checks	high
66302	Ubuntu 12.10 : linux vulnerabilities (USN-1813-1)	Nessus	Ubuntu Local Security Checks	high
66292	Ubuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-1812-1)	Nessus	Ubuntu Local Security Checks	high
66291	Ubuntu 12.04 LTS : linux vulnerabilities (USN-1809-1)	Nessus	Ubuntu Local Security Checks	high
65650	Fedora 17 : kernel-3.8.3-103.fc17 (2013-3909)	Nessus	Fedora Local Security Checks	high
65622	Fedora 18 : kernel-3.8.3-203.fc18 (2013-4012)	Nessus	Fedora Local Security Checks	medium

CVE-2013-1860

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins

medium

medium

high

high

high

high

high

high

medium

high

high

medium

medium

medium

high

high

high

high

high

medium