The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call.

Updated kernel-rt packages that fix several security issues and multiple bugs are now available for Red Hat Enterprise MRG 2.3.

The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system.

This update fixes the following security issues :

* A heap-based buffer overflow flaw was found in the Linux kernel's iSCSI target subsystem. A remote attacker could use a specially crafted iSCSI request to cause a denial of service on a system or, potentially, escalate their privileges on that system. (CVE-2013-2850, Important)

* A flaw was found in the Linux kernel's Performance Events implementation. On systems with certain Intel processors, a local, unprivileged user could use this flaw to cause a denial of service by leveraging the perf subsystem to write into the reserved bits of the OFFCORE_RSP_0 and OFFCORE_RSP_1 model-specific registers.
(CVE-2013-2146, Moderate)

* An invalid pointer dereference flaw was found in the Linux kernel's TCP/IP protocol suite implementation. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system by using sendmsg() with an IPv6 socket connected to an IPv4 destination. (CVE-2013-2232, Moderate)

* Two flaws were found in the way the Linux kernel's TCP/IP protocol suite implementation handled IPv6 sockets that used the UDP_CORK option. A local, unprivileged user could use these flaws to cause a denial of service. (CVE-2013-4162, CVE-2013-4163, Moderate)

* A flaw was found in the Linux kernel's Chipidea USB driver. A local, unprivileged user could use this flaw to cause a denial of service.
(CVE-2013-2058, Low)

* Information leak flaws in the Linux kernel could allow a privileged, local user to leak kernel memory to user-space. (CVE-2013-2147, CVE-2013-2164, CVE-2013-2234, CVE-2013-2237, Low)

* Information leak flaws in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space. (CVE-2013-2141, CVE-2013-2148, Low)

* A format string flaw was found in the Linux kernel's block layer. A privileged, local user could potentially use this flaw to escalate their privileges to kernel level (ring0). (CVE-2013-2851, Low)

* A format string flaw was found in the b43_do_request_fw() function in the Linux kernel's b43 driver implementation. A local user who is able to specify the 'fwpostfix' b43 module parameter could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-2852, Low)

* A NULL pointer dereference flaw was found in the Linux kernel's ftrace and function tracer implementations. A local user who has the CAP_SYS_ADMIN capability could use this flaw to cause a denial of service. (CVE-2013-3301, Low)

Red Hat would like to thank Kees Cook for reporting CVE-2013-2850, CVE-2013-2851, and CVE-2013-2852; and Hannes Frederic Sowa for reporting CVE-2013-4162 and CVE-2013-4163.

This update also fixes the following bugs :

* The following drivers have been updated, fixing a number of bugs:
myri10ge, bna, enic, mlx4, bgmac, bcma, cxgb3, cxgb4, qlcnic, r8169, be2net, e100, e1000, e1000e, igb, ixgbe, brcm80211, cpsw, pch_gbe, bfin_mac, bnx2x, bnx2, cnic, tg3, and sfc. (BZ#974138)

* The realtime kernel was not built with the CONFIG_NET_DROP_WATCH kernel configuration option enabled. As such, attempting to run the dropwatch command resulted in the following error :

Unable to find NET_DM family, dropwatch can't work Cleaning up on socket creation error

With this update, the realtime kernel is built with the CONFIG_NET_DROP_WATCH option, allowing dropwatch to work as expected.
(BZ#979417)

Users should upgrade to these updated packages, which upgrade the kernel-rt kernel to version kernel-rt-3.6.11.5-rt37, and correct these issues. The system must be rebooted for this update to take effect.

The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application.

The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call.

The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux kernel before 3.8.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.

The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface.

The tcp_read_sock function in net/ipv4/tcp.c in the Linux kernel before 2.6.34 does not properly manage skb consumption, which allows local users to cause a denial of service (system crash) via a crafted splice system call for a TCP socket.

The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message.

The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket.

The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call.

net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.

fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and possibly gain privileges via a crafted application.

net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation.

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-2538 advisory.

  - The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value     of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the     ASLR protection mechanism via a crafted application containing a sigaction system call. (CVE-2013-0914)

  - The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a     certain length variable, which allows local users to obtain sensitive information from kernel stack memory     via a crafted recvmsg or recvfrom system call. (CVE-2013-3222)

  - The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not     properly initialize a certain length variable, which allows local users to obtain sensitive information     from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3224)

  - The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain     structure member, which allows local users to obtain sensitive information from kernel heap memory via a     crafted application. (CVE-2012-6548)

  - net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows     local users to obtain sensitive information from kernel stack memory via a crafted application.
    (CVE-2013-2634)

  - The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux kernel before 3.8.4 does not initialize     a certain structure member, which allows local users to obtain sensitive information from kernel stack     memory via a crafted application. (CVE-2013-2635)

  - Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the     Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by     leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading     to improper construction of an error message. (CVE-2013-2852)

  - The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does     not initialize a certain length variable, which allows local users to obtain sensitive information from     kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3225)

  - The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service     (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the     CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and     then making an lseek system call. (CVE-2013-3301)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

This update fixes the following security issues :

  - A flaw was found in the tcp_read_sock() function in the     Linux kernel's IPv4 TCP/IP protocol suite implementation     in the way socket buffers (skb) were handled. A local,     unprivileged user could trigger this issue via a call to     splice(), leading to a denial of service.
    (CVE-2013-2128, Moderate)

  - Information leak flaws in the Linux kernel could allow a     local, unprivileged user to leak kernel memory to     user-space. (CVE-2012-6548, CVE-2013-2634,     CVE-2013-2635, CVE-2013-3222, CVE-2013-3224,     CVE-2013-3225, Low)

  - An information leak was found in the Linux kernel's     POSIX signals implementation. A local, unprivileged user     could use this flaw to bypass the Address Space Layout     Randomization (ASLR) security feature. (CVE-2013-0914,     Low)

  - A format string flaw was found in the ext3_msg()     function in the Linux kernel's ext3 file system     implementation. A local user who is able to mount an     ext3 file system could use this flaw to cause a denial     of service or, potentially, escalate their privileges.
    (CVE-2013-1848, Low)

  - A format string flaw was found in the     b43_do_request_fw() function in the Linux kernel's b43     driver implementation. A local user who is able to     specify the 'fwpostfix' b43 module parameter could use     this flaw to cause a denial of service or, potentially,     escalate their privileges. (CVE-2013-2852, Low)

  - A NULL pointer dereference flaw was found in the Linux     kernel's ftrace and function tracer implementations. A     local user who has the CAP_SYS_ADMIN capability could     use this flaw to cause a denial of service.
    (CVE-2013-3301, Low)

The system must be rebooted for this update to take effect.

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

This update fixes the following security issues :

* A flaw was found in the tcp_read_sock() function in the Linux kernel's IPv4 TCP/IP protocol suite implementation in the way socket buffers (skb) were handled. A local, unprivileged user could trigger this issue via a call to splice(), leading to a denial of service.
(CVE-2013-2128, Moderate)

* Information leak flaws in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space. (CVE-2012-6548, CVE-2013-2634, CVE-2013-2635, CVE-2013-3222, CVE-2013-3224, CVE-2013-3225, Low)

* An information leak was found in the Linux kernel's POSIX signals implementation. A local, unprivileged user could use this flaw to bypass the Address Space Layout Randomization (ASLR) security feature.
(CVE-2013-0914, Low)

* A format string flaw was found in the ext3_msg() function in the Linux kernel's ext3 file system implementation. A local user who is able to mount an ext3 file system could use this flaw to cause a denial of service or, potentially, escalate their privileges.
(CVE-2013-1848, Low)

* A format string flaw was found in the b43_do_request_fw() function in the Linux kernel's b43 driver implementation. A local user who is able to specify the 'fwpostfix' b43 module parameter could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-2852, Low)

* A NULL pointer dereference flaw was found in the Linux kernel's ftrace and function tracer implementations. A local user who has the CAP_SYS_ADMIN capability could use this flaw to cause a denial of service. (CVE-2013-3301, Low)

Red Hat would like to thank Kees Cook for reporting CVE-2013-2852.

This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section.

Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-1051 advisory.

  - fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain     circumstances related to printk input, which allows local users to conduct format-string attacks and     possibly gain privileges via a crafted application. (CVE-2013-1848)

  - The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value     of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the     ASLR protection mechanism via a crafted application containing a sigaction system call. (CVE-2013-0914)

  - The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a     certain length variable, which allows local users to obtain sensitive information from kernel stack memory     via a crafted recvmsg or recvfrom system call. (CVE-2013-3222)

  - The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not     properly initialize a certain length variable, which allows local users to obtain sensitive information     from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3224)

  - The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain     structure member, which allows local users to obtain sensitive information from kernel heap memory via a     crafted application. (CVE-2012-6548)

  - The tcp_read_sock function in net/ipv4/tcp.c in the Linux kernel before 2.6.34 does not properly manage     skb consumption, which allows local users to cause a denial of service (system crash) via a crafted splice     system call for a TCP socket. (CVE-2013-2128)

  - net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows     local users to obtain sensitive information from kernel stack memory via a crafted application.
    (CVE-2013-2634)

  - The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux kernel before 3.8.4 does not initialize     a certain structure member, which allows local users to obtain sensitive information from kernel stack     memory via a crafted application. (CVE-2013-2635)

  - Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the     Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by     leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading     to improper construction of an error message. (CVE-2013-2852)

  - The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does     not initialize a certain length variable, which allows local users to obtain sensitive information from     kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3225)

  - The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service     (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the     CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and     then making an lseek system call. (CVE-2013-3301)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Multiple vulnerabilities has been found and corrected in the Linux kernel :

net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation.
(CVE-2013-1059)

The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c.
(CVE-2013-2147)

The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c in the Linux kernel through 3.9.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a read operation on the fanotify descriptor. (CVE-2013-2148)

Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name. (CVE-2013-2851)

The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. (CVE-2013-2164)

The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket. (CVE-2013-2237)

The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket.
(CVE-2013-2234)

The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface. (CVE-2013-2232)

The online_pages function in mm/memory_hotplug.c in the Linux kernel before 3.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact in opportunistic circumstances by using memory that was hot-added by an administrator. (CVE-2012-5517)

Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message. (CVE-2013-2852)

The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call. (CVE-2013-3301)

The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages.
NOTE: some of these details are obtained from third-party information.
(CVE-2013-0231)

The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter. (CVE-2013-1774)

Heap-based buffer overflow in the iscsi_add_notunderstood_response function in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote attackers to cause a denial of service (memory corruption and OOPS) or possibly execute arbitrary code via a long key that is not properly handled during construction of an error-response packet.
(CVE-2013-2850)

The updated packages provides a solution for these security issues.

A buffer overflow vulnerability was discovered in the Broadcom tg3 ethernet driver for the Linux kernel. A local user could exploit this flaw to cause a denial of service (crash the system) or potentially escalate privileges on the system. (CVE-2013-1929)

A flaw was discovered in the Linux kernel's ftrace subsystem interface. A local user could exploit this flaw to cause a denial of service (system crash). (CVE-2013-3301).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Andy Lutomirski discover an error in the Linux kernel's credential handling on unix sockets. A local user could exploit this flaw to gain administrative privileges. (CVE-2013-1979)

A buffer overflow vulnerability was discovered in the Broadcom tg3 ethernet driver for the Linux kernel. A local user could exploit this flaw to cause a denial of service (crash the system) or potentially escalate privileges on the system. (CVE-2013-1929)

A flaw was discovered in the Linux kernel's ftrace subsystem interface. A local user could exploit this flaw to cause a denial of service (system crash). (CVE-2013-3301).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems :

  - CVE-2013-0160     vladz reported a timing leak with the /dev/ptmx     character device. A local user could use this to     determine sensitive information such as password length.

  - CVE-2013-1796     Andrew Honig of Google reported an issue in the KVM     subsystem. A user in a guest operating system could     corrupt kernel memory, resulting in a denial of service.

  - CVE-2013-1929     Oded Horovitz and Brad Spengler reported an issue in the     device driver for Broadcom Tigon3 based gigabit     Ethernet. Users with the ability to attach untrusted     devices can create an overflow condition, resulting in a     denial of service or elevated privileges.

  - CVE-2013-1979     Andy Lutomirski reported an issue in the socket level     control message processing subsystem. Local users may be     able to gain eleveated privileges.

  - CVE-2013-2015     Theodore Ts'o provided a fix for an issue in the ext4     filesystem. Local users with the ability to mount a     specially crafted filesystem can cause a denial of     service (infinite loop).

  - CVE-2013-2094     Tommie Rantala discovered an issue in the perf     subsystem. An out-of-bounds access vulnerability allows     local users to gain elevated privileges.

  - CVE-2013-3076     Mathias Krause discovered an issue in the userspace     interface for hash algorithms. Local users can gain     access to sensitive kernel memory.

  - CVE-2013-3222     Mathias Krause discovered an issue in the Asynchronous     Transfer Mode (ATM) protocol support. Local users can     gain access to sensitive kernel memory.

  - CVE-2013-3223     Mathias Krause discovered an issue in the Amateur Radio     AX.25 protocol support. Local users can gain access to     sensitive kernel memory.

  - CVE-2013-3224     Mathias Krause discovered an issue in the Bluetooth     subsystem. Local users can gain access to sensitive     kernel memory.

  - CVE-2013-3225     Mathias Krause discovered an issue in the Bluetooth     RFCOMM protocol support. Local users can gain access to     sensitive kernel memory.

  - CVE-2013-3227     Mathias Krause discovered an issue in the Communication     CPU to Application CPU Interface (CAIF). Local users can     gain access to sensitive kernel memory.

  - CVE-2013-3228     Mathias Krause discovered an issue in the IrDA     (infrared) subsystem support. Local users can gain     access to sensitive kernel memory.

  - CVE-2013-3229     Mathias Krause discovered an issue in the IUCV support     on s390 systems. Local users can gain access to     sensitive kernel memory.

  - CVE-2013-3231     Mathias Krause discovered an issue in the ANSI/IEEE     802.2 LLC type 2 protocol support. Local users can gain     access to sensitive kernel memory.

  - CVE-2013-3234     Mathias Krause discovered an issue in the Amateur Radio     X.25 PLP (Rose) protocol support. Local users can gain     access to sensitive kernel memory.

  - CVE-2013-3235     Mathias Krause discovered an issue in the Transparent     Inter Process Communication (TIPC) protocol support.
    Local users can gain access to sensitive kernel memory.

  - CVE-2013-3301     Namhyung Kim reported an issue in the tracing subsystem.
    A privileged local user could cause a denial of service     (system crash). This vulnerabililty is not applicable to     Debian systems by default.

ID	Name	Product	Family	Severity
76665	RHEL 6 : MRG (RHSA-2013:1264)	Nessus	Red Hat Local Security Checks	high
74878	openSUSE Security Update : kernel (openSUSE-SU-2013:1971-1)	Nessus	SuSE Local Security Checks	high
70222	Amazon Linux AMI : kernel (ALAS-2013-218)	Nessus	Amazon Linux Local Security Checks	medium
70040	SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 8269 / 8270 / 8283)	Nessus	SuSE Local Security Checks	high
68978	Oracle Linux 5 / 6 : unbreakable enterprise kernel (ELSA-2013-2538)	Nessus	Oracle Linux Local Security Checks	high
68945	Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20130716)	Nessus	Scientific Linux Local Security Checks	medium
68940	CentOS 6 : kernel (CESA-2013:1051)	Nessus	CentOS Local Security Checks	medium
68921	RHEL 6 : kernel (RHSA-2013:1051)	Nessus	Red Hat Local Security Checks	medium
68920	Oracle Linux 6 : kernel (ELSA-2013-1051)	Nessus	Oracle Linux Local Security Checks	medium
67254	Mandriva Linux Security Advisory : kernel (MDVSA-2013:194)	Nessus	Mandriva Local Security Checks	high
66589	Ubuntu 12.10 : linux vulnerabilities (USN-1835-1)	Nessus	Ubuntu Local Security Checks	high
66588	Ubuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-1834-1)	Nessus	Ubuntu Local Security Checks	high
66587	Ubuntu 12.04 LTS : linux vulnerabilities (USN-1833-1)	Nessus	Ubuntu Local Security Checks	high
66486	Debian DSA-2669-1 : linux - privilege escalation/denial of service/information leak	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2013-3301

high

Tenable Plugins

high

high

medium

high

high

medium

medium

medium

medium

high

high

high

high

high