http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b7339f4c31ad69c8e9c0b2859276e22cf72176d

http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.4

93591

https://bugzilla.redhat.com/show_bug.cgi?id=1333830

https://github.com/torvalds/linux/commit/6b7339f4c31ad69c8e9c0b2859276e22cf72176d

https://security-tracker.debian.org/tracker/CVE-2015-3288

https://source.android.com/security/bulletin/2017-01-01.html

According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - The kernel package contains the Linux kernel (vmlinuz),     the core of any Linux operating system. The kernel     handles the basic functions of the operating system:
    memory allocation, process allocation, device input and     output, etc.Security Fix(es):A flaw named FragmentSmack     was found in the way the Linux kernel handled     reassembly of fragmented IPv4 and IPv6 packets. A     remote attacker could use this flaw to trigger time and     calculation expensive fragment reassembly algorithm by     sending specially crafted packets which could lead to a     CPU saturation and hence a denial of service on the     system.(CVE-2018-5391)Multiple out-of-bounds write     flaws were found in the way the Cherry Cymotion     keyboard driver, KYE/Genius device drivers, Logitech     device drivers, Monterey Genius KB29E keyboard driver,     Petalynx Maxter remote control driver, and Sunplus     wireless desktop driver handled HID reports with an     invalid report descriptor size. An attacker with     physical access to the system could use either of these     flaws to write data past an allocated memory     buffer.(CVE-2014-3184)The __get_data_block function in     fs/f2fs/data.c in the Linux kernel before 4.11 allows     local users to cause a denial of service (integer     overflow and loop) via crafted use of the open and     fallocate system calls with an FS_IOC_FIEMAP     ioctl.(CVE-2017-18257)netetfilter/xt_osf.c in the Linux     kernel through 4.14.4 does not require the     CAP_NET_ADMIN capability for add_callback and     remove_callback operations. This allows local users to     bypass intended access restrictions because the     xt_osf_fingers data structure is shared across all     network namespaces.(CVE-2017-17450)A denial of service     flaw was discovered in the Linux kernel, where a race     condition caused a NULL pointer dereference in the RDS     socket-creation code. A local attacker could use this     flaw to create a situation in which a NULL pointer     crashed the kernel.(CVE-2015-7990)An issue was     discovered in the Linux kernel before 4.19.9. The USB     subsystem mishandles size checks during the reading of     an extra descriptor, related to
    __usb_get_extra_descriptor in     drivers/usb/core/usb.c.(CVE-2018-20169)mm/memory.c in     the Linux kernel before 4.1.4 mishandles anonymous     pages, which allows local users to gain privileges or     cause a denial of service (page tainting) via a crafted     application that triggers writing to page     zero.(CVE-2015-3288)The ovl_setattr function in     fs/overlayfs/inode.c in the Linux kernel through 4.3.3     attempts to merge distinct setattr operations, which     allows local users to bypass intended access     restrictions and modify the attributes of arbitrary     overlay files via a crafted     application.(CVE-2015-8660)A flaw was found in the     Linux kernel where a local user with a shell account     can abuse the userfaultfd syscall when using hugetlbfs.
    A missing size check in hugetlb_mcopy_atomic_pte could     create an invalid inode variable, leading to a kernel     panic.(CVE-2017-15128)An integer overflow flaw was     found in the way the lzo1x_decompress_safe() function     of the Linux kernel's LZO implementation processed     Literal Runs. A local attacker could, in extremely rare     cases, use this flaw to crash the system or,     potentially, escalate their privileges on the     system.(CVE-2014-4608)It was found that Linux kernel's     ptrace subsystem did not properly sanitize the     address-space-control bits when the program-status word     (PSW) was being set. On IBM S/390 systems, a local,     unprivileged user could use this flaw to set     address-space-control bits to the kernel space, and     thus gain read and write access to kernel     memory.(CVE-2014-3534)A use-after-free flaw was found     in the Linux kernel's file system encryption     implementation. A local user could revoke keyring keys     being used for ext4, f2fs, or ubifs encryption, causing     a denial of service on the system.(CVE-2017-7374)The     usbip_recv_xbuff function in     drivers/usb/usbip/usbip_common.c in the Linux kernel     before 4.5.3 allows remote attackers to cause a denial     of service (out-of-bounds write) or possibly have     unspecified other impact via a crafted length value in     a USB/IP packet.(CVE-2016-3955)A flaw was found in the     patches used to fix the 'dirtycow' vulnerability     (CVE-2016-5195). An attacker, able to run local code,     can exploit a race condition in transparent huge pages     to modify usually read-only huge     pages.(CVE-2017-1000405)The aio_mount function in     fs/aio.c in the Linux kernel does not properly restrict     execute access, which makes it easier for local users     to bypass intended SELinux W^X policy     restrictions.(CVE-2016-10044)The Serial Attached SCSI     (SAS) implementation in the Linux kernel mishandles a     mutex within libsas. This allows local users to cause a     denial of service (deadlock) by triggering certain     error-handling code.(CVE-2017-18232)A use-after-free     vulnerability was found in tcp_xmit_retransmit_queue     and other tcp_* functions. This condition could allow     an attacker to send an incorrect selective     acknowledgment to existing connections, possibly     resetting a connection.(CVE-2016-6828)The instruction     decoder in arch/x86/kvm/emulate.c in the KVM subsystem     in the Linux kernel before 3.18-rc2 does not properly     handle invalid instructions, which allows guest OS     users to cause a denial of service (NULL pointer     dereference and host OS crash) via a crafted     application that triggers (1) an improperly fetched     instruction or (2) an instruction that occupies too     many bytes. NOTE: this vulnerability exists because of     an incomplete fix for CVE-2014-8480.(CVE-2014-8481)The     snd_compress_check_input function in     sound/core/compress_offload.c in the ALSA subsystem in     the Linux kernel before 3.17 does not properly check     for an integer overflow, which allows local users to     cause a denial of service (insufficient memory     allocation) or possibly have unspecified other impact     via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl     call.(CVE-2014-9904)The resv_map_release function in     mm/hugetlb.c in the Linux kernel, through 4.15.7,     allows local users to cause a denial of service (BUG)     via a crafted application that makes mmap system calls     and has a large pgoff argument to the remap_file_pages     system call.(CVE-2018-7740)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - It was found that the Linux kernel's implementation of     vectored pipe read and write functionality did not take     into account the I/O vectors that were already     processed when retrying after a failed atomic access     operation, potentially resulting in memory corruption     due to an I/O vector array overrun. A local,     unprivileged user could use this flaw to crash the     system or, potentially, escalate their privileges on     the system.(CVE-2015-1805)

  - net/llc/sysctl_net_llc.c in the Linux kernel before     3.19 uses an incorrect data type in a sysctl table,     which allows local users to obtain potentially     sensitive information from kernel memory or possibly     have unspecified other impact by accessing a sysctl     entry.(CVE-2015-2041)

  - net/rds/sysctl.c in the Linux kernel before 3.19 uses     an incorrect data type in a sysctl table, which allows     local users to obtain potentially sensitive information     from kernel memory or possibly have unspecified other     impact by accessing a sysctl entry.(CVE-2015-2042)

  - Xen 3.3.x through 4.5.x and the Linux kernel through     3.19.1 do not properly restrict access to PCI command     registers, which might allow local guest OS users to     cause a denial of service (non-maskable interrupt and     host crash) by disabling the (1) memory or (2) I/O     decoding for a PCI Express device and then accessing     the device, which triggers an Unsupported Request (UR)     response.(CVE-2015-2150)

  - A stack-based buffer overflow flaw was found in the     Linux kernel's early load microcode functionality. On a     system with UEFI Secure Boot enabled, a local,     privileged user could use this flaw to increase their     privileges to the kernel (ring0) level, bypassing     intended restrictions in place.(CVE-2015-2666)

  - The xsave/xrstor implementation in     arch/x86/include/asm/xsave.h in the Linux kernel before     3.19.2 creates certain .altinstr_replacement pointers     and consequently does not provide any protection     against instruction faulting, which allows local users     to cause a denial of service (panic) by triggering a     fault, as demonstrated by an unaligned memory operand     or a non-canonical address memory     operand.(CVE-2015-2672)

  - A flaw was found in the way the Linux kernel's 32-bit     emulation implementation handled forking or closing of     a task with an 'int80' entry. A local user could     potentially use this flaw to escalate their privileges     on the system.(CVE-2015-2830)

  - It was found that the Linux kernel's TCP/IP protocol     suite implementation for IPv6 allowed the Hop Limit     value to be set to a smaller value than the default     one. An attacker on a local network could use this flaw     to prevent systems on that network from sending or     receiving network packets.(CVE-2015-2922)

  - A flaw was found in the way the Linux kernel's file     system implementation handled rename operations in     which the source was inside and the destination was     outside of a bind mount. A privileged user inside a     container could use this flaw to escape the bind mount     and, potentially, escalate their privileges on the     system.(CVE-2015-2925)

  - A race condition flaw was found in the way the Linux     kernel's SCTP implementation handled Address     Configuration lists when performing Address     Configuration Change (ASCONF). A local attacker could     use this flaw to crash the system via a race condition     triggered by setting certain ASCONF options on a     socket.(CVE-2015-3212)

  - mm/memory.c in the Linux kernel before 4.1.4 mishandles     anonymous pages, which allows local users to gain     privileges or cause a denial of service (page tainting)     via a crafted application that triggers writing to page     zero.(CVE-2015-3288)

  - A flaw was found in the way the Linux kernel's nested     NMI handler and espfix64 functionalities interacted     during NMI processing. A local, unprivileged user could     use this flaw to crash the system or, potentially,     escalate their privileges on the system.(CVE-2015-3290)

  - It was found that if a Non-Maskable Interrupt (NMI)     occurred immediately after a SYSCALL call or before a     SYSRET call with the user RSP pointing to the NMI IST     stack, the kernel could skip that NMI.(CVE-2015-3291)

  - A buffer overflow flaw was found in the way the Linux     kernel's Intel AES-NI instructions optimized version of     the RFC4106 GCM mode decryption functionality handled     fragmented packets. A remote attacker could use this     flaw to crash, or potentially escalate their privileges     on, a system over a connection with an active AES-GCM     mode IPSec security association.(CVE-2015-3331)

  - A race condition flaw was found between the chown and     execve system calls. When changing the owner of a     setuid user binary to root, the race condition could     momentarily make the binary setuid root. A local,     unprivileged user could potentially use this flaw to     escalate their privileges on the system.(CVE-2015-3339)

  - It was found that the Linux kernel's ping socket     implementation did not properly handle socket unhashing     during spurious disconnects, which could lead to a     use-after-free flaw. On x86-64 architecture systems, a     local user able to create ping sockets could use this     flaw to crash the system. On non-x86-64 architecture     systems, a local user able to create ping sockets could     use this flaw to escalate their privileges on the     system.(CVE-2015-3636)

  - An inode data validation error was found in Linux     kernels built with UDF file system (CONFIG_UDF_FS)     support. An attacker able to mount a     corrupted/malicious UDF file system image could cause     the kernel to crash.(CVE-2015-4167)

  - A flaw was discovered in the way the Linux kernel's TTY     subsystem handled the tty shutdown phase. A local,     unprivileged user could use this flaw to cause denial     of service on the system by holding a reference to the     ldisc lock during tty shutdown, causing a     deadlock.(CVE-2015-4170)

  - A flaw was discovered in the kernel's collect_mounts     function. If the kernel's audit subsystem called     collect_mounts to audit an unmounted path, it could     panic the system. With this flaw, an unprivileged user     could call umount(MNT_DETACH) to launch a     denial-of-service attack.(CVE-2015-4177)

  - A DoS flaw was found for a Linux kernel built for the     x86 architecture which had the KVM virtualization     support(CONFIG_KVM) enabled. The kernel would be     vulnerable to a NULL pointer dereference flaw in Linux     kernel's kvm_apic_has_events() function while doing an     ioctl. An unprivileged user able to access the     '/dev/kvm' device could use this flaw to crash the     system kernel.(CVE-2015-4692)

  - A flaw was found in the kernel's implementation of the     Berkeley Packet Filter (BPF). A local attacker could     craft BPF code to crash the system by creating a     situation in which the JIT compiler would fail to     correctly optimize the JIT image on the last pass. This     would lead to the CPU executing instructions that were     not part of the JIT code.(CVE-2015-4700)

  - A buffer overflow flaw was found in the way the Linux     kernel's virtio-net subsystem handled certain fraglists     when the GRO (Generic Receive Offload) functionality     was enabled in a bridged network configuration. An     attacker on the local network could potentially use     this flaw to crash the system, or, although unlikely,     elevate their privileges on the system.(CVE-2015-5156)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The SUSE Linux Enterprise 11 SP3 kernel was updated to receive various security fixes. The following security bugs were fixed :

  - CVE-2017-1000364: The default stack guard page was too     small and could be 'jumped over' by userland programs     using more than one page of stack in functions and so     lead to memory corruption. This update extends the stack     guard page to 1 MB (for 4k pages) and 16 MB (for 64k     pages) to reduce this attack vector. This is not a     kernel bugfix, but a hardening measure against this kind     of userland attack.(bsc#1039348)

  - CVE-2015-3288: mm/memory.c in the Linux kernel     mishandled anonymous pages, which allowed local users to     gain privileges or cause a denial of service (page     tainting) via a crafted application that triggers     writing to page zero (bnc#979021).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Notable new features :

  - Toleration of newer crypto hardware for z Systems

  - USB 2.0 Link power management for Haswell-ULT The     following security bugs were fixed :

  - CVE-2017-7308: The packet_set_ring function in     net/packet/af_packet.c in the Linux kernel did not     properly validate certain block-size data, which allowed     local users to cause a denial of service (overflow) or     possibly have unspecified other impact via crafted     system calls (bnc#1031579)

  - CVE-2017-2671: The ping_unhash function in     net/ipv4/ping.c in the Linux kernel was too late in     obtaining a certain lock and consequently could not     ensure that disconnect function calls are safe, which     allowed local users to cause a denial of service (panic)     by leveraging access to the protocol value of     IPPROTO_ICMP in a socket system call (bnc#1031003)

  - CVE-2017-7184: The xfrm_replay_verify_len function in     net/xfrm/xfrm_user.c in the Linux kernel did not     validate certain size data after an XFRM_MSG_NEWAE     update, which allowed local users to obtain root     privileges or cause a denial of service (heap-based     out-of-bounds access) by leveraging the CAP_NET_ADMIN     capability (bsc#1030573).

  - CVE-2017-5970: The ipv4_pktinfo_prepare function in     net/ipv4/ip_sockglue.c in the Linux kernel allowed     attackers to cause a denial of service (system crash)     via (1) an application that made crafted system calls or     possibly (2) IPv4 traffic with invalid IP options     (bsc#1024938).

  - CVE-2017-7616: Incorrect error handling in the     set_mempolicy and mbind compat syscalls in     mm/mempolicy.c in the Linux kernel allowed local users     to obtain sensitive information from uninitialized stack     data by triggering failure of a certain bitmap operation     (bsc#1033336).

  - CVE-2017-7294: The vmw_surface_define_ioctl function in     drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux     kernel did not validate addition of certain levels data,     which allowed local users to trigger an integer overflow     and out-of-bounds write, and cause a denial of service     (system hang or crash) or possibly gain privileges, via     a crafted ioctl call for a /dev/dri/renderD* device     (bnc#1031440)

  - CVE-2017-7261: The vmw_surface_define_ioctl function in     drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux     kernel did not check for a zero value of certain levels     data, which allowed local users to cause a denial of     service (ZERO_SIZE_PTR dereference, and GPF and possibly     panic) via a crafted ioctl call for a /dev/dri/renderD*     device (bnc#1031052)

  - CVE-2017-7187: The sg_ioctl function in     drivers/scsi/sg.c in the Linux kernel allowed local     users to cause a denial of service (stack-based buffer     overflow) or possibly have unspecified other impact via     a large command size in an SG_NEXT_CMD_LEN ioctl call,     leading to out-of-bounds write access in the sg_write     function (bnc#1030213)

  - CVE-2017-6348: The hashbin_delete function in     net/irda/irqueue.c in the Linux kernel improperly     managed lock dropping, which allowed local users to     cause a denial of service (deadlock) via crafted     operations on IrDA devices (bnc#1027178)

  - CVE-2017-5669: The do_shmat function in ipc/shm.c in the     Linux kernel did not restrict the address calculated by     a certain rounding operation, which allowed local users     to map page zero, and consequently bypass a protection     mechanism that exists for the mmap system call, by     making crafted shmget and shmat system calls in a     privileged context (bnc#1026914)

  - CVE-2015-3288: mm/memory.c in the Linux kernel     mishandled anonymous pages, which allowed local users to     gain privileges or cause a denial of service (page     tainting) via a crafted application that triggers     writing to page zero (bsc#979021).

  - CVE-2016-10200: Race condition in the L2TPv3 IP     Encapsulation feature in the Linux kernel allowed local     users to gain privileges or cause a denial of service     (use-after-free) by making multiple bind system calls     without properly ascertaining whether a socket has the     SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and     net/l2tp/l2tp_ip6.c (bnc#1028415)

  - CVE-2016-5243: The tipc_nl_compat_link_dump function in     net/tipc/netlink_compat.c in the Linux kernel did not     properly copy a certain string, which allowed local     users to obtain sensitive information from kernel stack     memory by reading a Netlink message (bnc#983212)

  - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did     not properly restrict association peel-off operations     during certain wait states, which allowed local users to     cause a denial of service (invalid unlock and double     free) via a multithreaded application (bnc#1027066)

  - CVE-2017-6214: The tcp_splice_read function in     net/ipv4/tcp.c in the Linux kernel allowed remote     attackers to cause a denial of service (infinite loop     and soft lockup) via vectors involving a TCP packet with     the URG flag (bnc#1026722)

  - CVE-2017-6074: The dccp_rcv_state_process function in     net/dccp/input.c in the Linux kernel mishandled     DCCP_PKT_REQUEST packet data structures in the LISTEN     state, which allowed local users to obtain root     privileges or cause a denial of service (double free)     via an application that made an IPV6_RECVPKTINFO     setsockopt system call (bnc#1026024)

  - CVE-2017-5986: Race condition in the     sctp_wait_for_sndbuf function in net/sctp/socket.c in     the Linux kernel allowed local users to cause a denial     of service (assertion failure and panic) via a     multithreaded application that peels off an association     in a certain buffer-full state (bsc#1025235)

  - CVE-2015-8970: crypto/algif_skcipher.c in the Linux     kernel did not verify that a setkey operation has been     performed on an AF_ALG socket an accept system call is     processed, which allowed local users to cause a denial     of service (NULL pointer dereference and system crash)     via a crafted application that does not supply a key,     related to the lrw_crypt function in crypto/lrw.c     (bsc#1008374).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

USN-3127-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS.

It was discovered that the compression handling code in the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel did not properly check for an integer overflow. A local attacker could use this to cause a denial of service (system crash). (CVE-2014-9904)

Kirill A. Shutemov discovered that memory manager in the Linux kernel did not properly handle anonymous pages. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. (CVE-2015-3288)

Vitaly Kuznetsov discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. An attacker in the guest OS could cause a denial of service (guest system crash).
(CVE-2016-3961)

Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-7042).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that the compression handling code in the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel did not properly check for an integer overflow. A local attacker could use this to cause a denial of service (system crash). (CVE-2014-9904)

Kirill A. Shutemov discovered that memory manager in the Linux kernel did not properly handle anonymous pages. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. (CVE-2015-3288)

Vitaly Kuznetsov discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. An attacker in the guest OS could cause a denial of service (guest system crash).
(CVE-2016-3961)

Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-7042).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The openSUSE 13.2 kernel was updated to fix various bugs and security issues.

The following security bugs were fixed :

  - CVE-2016-1583: Prevent the usage of mmap when the lower     file system does not allow it. This could have lead to     local privilege escalation when ecryptfs-utils was     installed and /sbin/mount.ecryptfs_private was setuid     (bsc#983143).

  - CVE-2016-4913: The get_rock_ridge_filename function in     fs/isofs/rock.c in the Linux kernel mishandles NM (aka     alternate name) entries containing \0 characters, which     allowed local users to obtain sensitive information from     kernel memory or possibly have unspecified other impact     via a crafted isofs filesystem (bnc#980725).

  - CVE-2016-4580: The x25_negotiate_facilities function in     net/x25/x25_facilities.c in the Linux kernel did not     properly initialize a certain data structure, which     allowed attackers to obtain sensitive information from     kernel stack memory via an X.25 Call Request     (bnc#981267).

  - CVE-2016-0758: Tags with indefinite length could have     corrupted pointers in asn1_find_indefinite_length     (bsc#979867).

  - CVE-2016-2053: The asn1_ber_decoder function in     lib/asn1_decoder.c in the Linux kernel allowed attackers     to cause a denial of service (panic) via an ASN.1 BER     file that lacks a public key, leading to mishandling by     the public_key_verify_signature function in     crypto/asymmetric_keys/public_key.c (bnc#963762).

  - CVE-2016-2187: The gtco_probe function in     drivers/input/tablet/gtco.c in the Linux kernel allowed     physically proximate attackers to cause a denial of     service (NULL pointer dereference and system crash) via     a crafted endpoints value in a USB device descriptor     (bnc#971919 971944).

  - CVE-2016-4482: The proc_connectinfo function in     drivers/usb/core/devio.c in the Linux kernel did not     initialize a certain data structure, which allowed local     users to obtain sensitive information from kernel stack     memory via a crafted USBDEVFS_CONNECTINFO ioctl call     (bnc#978401 bsc#978445).

  - CVE-2016-4565: The InfiniBand (aka IB) stack in the     Linux kernel incorrectly relies on the write system     call, which allowed local users to cause a denial of     service (kernel memory write operation) or possibly have     unspecified other impact via a uAPI interface     (bnc#979548 bsc#980363).

  - CVE-2016-3672: The arch_pick_mmap_layout function in     arch/x86/mm/mmap.c in the Linux kernel did not properly     randomize the legacy base address, which made it easier     for local users to defeat the intended restrictions on     the ADDR_NO_RANDOMIZE flag, and bypass the ASLR     protection mechanism for a setuid or setgid program, by     disabling stack-consumption resource limits     (bnc#974308).

  - CVE-2016-4581: fs/pnode.c in the Linux kernel did not     properly traverse a mount propagation tree in a certain     case involving a slave mount, which allowed local users     to cause a denial of service (NULL pointer dereference     and OOPS) via a crafted series of mount system calls     (bnc#979913).

  - CVE-2016-4485: The llc_cmsg_rcv function in     net/llc/af_llc.c in the Linux kernel did not initialize     a certain data structure, which allowed attackers to     obtain sensitive information from kernel stack memory by     reading a message (bnc#978821).

  - CVE-2015-3288: A security flaw was found in the Linux     kernel that there was a way to arbitrary change zero     page memory. (bnc#979021).

  - CVE-2016-4578: sound/core/timer.c in the Linux kernel     did not initialize certain r1 data structures, which     allowed local users to obtain sensitive information from     kernel stack memory via crafted use of the ALSA timer     interface, related to the (1) snd_timer_user_ccallback     and (2) snd_timer_user_tinterrupt functions     (bnc#979879).

  - CVE-2016-3134: The netfilter subsystem in the Linux     kernel did not validate certain offset fields, which     allowed local users to gain privileges or cause a denial     of service (heap memory corruption) via an     IPT_SO_SET_REPLACE setsockopt call (bnc#971126).

  - CVE-2016-4486: The rtnl_fill_link_ifmap function in     net/core/rtnetlink.c in the Linux kernel did not     initialize a certain data structure, which allowed local     users to obtain sensitive information from kernel stack     memory by reading a Netlink message (bnc#978822).

  - CVE-2013-7446: Use-after-free vulnerability in     net/unix/af_unix.c in the Linux kernel allowed local     users to bypass intended AF_UNIX socket permissions or     cause a denial of service (panic) via crafted epoll_ctl     calls (bnc#955654).

  - CVE-2016-4569: The snd_timer_user_params function in     sound/core/timer.c in the Linux kernel did not     initialize a certain data structure, which allowed local     users to obtain sensitive information from kernel stack     memory via crafted use of the ALSA timer interface     (bnc#979213).

  - CVE-2016-2847: fs/pipe.c in the Linux kernel did not     limit the amount of unread data in pipes, which allowed     local users to cause a denial of service (memory     consumption) by creating many pipes with non-default     sizes (bnc#970948 974646).

  - CVE-2016-3136: The mct_u232_msr_to_state function in     drivers/usb/serial/mct_u232.c in the Linux kernel     allowed physically proximate attackers to cause a denial     of service (NULL pointer dereference and system crash)     via a crafted USB device without two interrupt-in     endpoint descriptors (bnc#970955).

  - CVE-2016-2188: The iowarrior_probe function in     drivers/usb/misc/iowarrior.c in the Linux kernel allowed     physically proximate attackers to cause a denial of     service (NULL pointer dereference and system crash) via     a crafted endpoints value in a USB device descriptor     (bnc#970956).

  - CVE-2016-3138: The acm_probe function in     drivers/usb/class/cdc-acm.c in the Linux kernel allowed     physically proximate attackers to cause a denial of     service (NULL pointer dereference and system crash) via     a USB device without both a control and a data endpoint     descriptor (bnc#970911).

  - CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the     Linux kernel allowed physically proximate attackers to     cause a denial of service (NULL pointer dereference and     system crash) via a USB device without both an     interrupt-in and an interrupt-out endpoint descriptor,     related to the cypress_generic_port_probe and     cypress_open functions (bnc#970970).

  - CVE-2016-3951: Double free vulnerability in     drivers/net/usb/cdc_ncm.c in the Linux kernel allowed     physically proximate attackers to cause a denial of     service (system crash) or possibly have unspecified     other impact by inserting a USB device with an invalid     USB descriptor (bnc#974418).

  - CVE-2016-3140: The digi_port_init function in     drivers/usb/serial/digi_acceleport.c in the Linux kernel     allowed physically proximate attackers to cause a denial     of service (NULL pointer dereference and system crash)     via a crafted endpoints value in a USB device descriptor     (bnc#970892).

  - CVE-2016-2186: The powermate_probe function in     drivers/input/misc/powermate.c in the Linux kernel     allowed physically proximate attackers to cause a denial     of service (NULL pointer dereference and system crash)     via a crafted endpoints value in a USB device descriptor     (bnc#970958).

  - CVE-2016-2185: The ati_remote2_probe function in     drivers/input/misc/ati_remote2.c in the Linux kernel     allowed physically proximate attackers to cause a denial     of service (NULL pointer dereference and system crash)     via a crafted endpoints value in a USB device descriptor     (bnc#971124).

  - CVE-2016-3689: The ims_pcu_parse_cdc_data function in     drivers/input/misc/ims-pcu.c in the Linux kernel allowed     physically proximate attackers to cause a denial of     service (system crash) via a USB device without both a     master and a slave interface (bnc#971628).

  - CVE-2016-3156: The IPv4 implementation in the Linux     kernel mishandles destruction of device objects, which     allowed guest OS users to cause a denial of service     (host OS networking outage) by arranging for a large     number of IP addresses (bnc#971360).

  - CVE-2016-2184: The create_fixed_stream_quirk function in     sound/usb/quirks.c in the snd-usb-audio driver in the     Linux kernel allowed physically proximate attackers to     cause a denial of service (NULL pointer dereference or     double free, and system crash) via a crafted endpoints     value in a USB device descriptor (bnc#971125).

  - CVE-2016-3139: The wacom_probe function in     drivers/input/tablet/wacom_sys.c in the Linux kernel     allowed physically proximate attackers to cause a denial     of service (NULL pointer dereference and system crash)     via a crafted endpoints value in a USB device descriptor     (bnc#970909).

  - CVE-2015-8830: Integer overflow in the     aio_setup_single_vector function in fs/aio.c in the     Linux kernel 4.0 allowed local users to cause a denial     of service or possibly have unspecified other impact via     a large AIO iovec. NOTE: this vulnerability exists     because of a CVE-2012-6701 regression (bnc#969354     bsc#969355).

  - CVE-2016-2782: The treo_attach function in     drivers/usb/serial/visor.c in the Linux kernel allowed     physically proximate attackers to cause a denial of     service (NULL pointer dereference and system crash) or     possibly have unspecified other impact by inserting a     USB device that lacks a (1) bulk-in or (2) interrupt-in     endpoint (bnc#968670).

  - CVE-2015-8816: The hub_activate function in     drivers/usb/core/hub.c in the Linux kernel did not     properly maintain a hub-interface data structure, which     allowed physically proximate attackers to cause a denial     of service (invalid memory access and system crash) or     possibly have unspecified other impact by unplugging a     USB hub device (bnc#968010).

  - CVE-2015-7566: The clie_5_attach function in     drivers/usb/serial/visor.c in the Linux kernel allowed     physically proximate attackers to cause a denial of     service (NULL pointer dereference and system crash) or     possibly have unspecified other impact by inserting a     USB device that lacks a bulk-out endpoint (bnc#961512).

  - CVE-2016-2549: sound/core/hrtimer.c in the Linux kernel     did not prevent recursive callback access, which allowed     local users to cause a denial of service (deadlock) via     a crafted ioctl call (bnc#968013).

  - CVE-2016-2547: sound/core/timer.c in the Linux kernel     employs a locking approach that did not consider slave     timer instances, which allowed local users to cause a     denial of service (race condition, use-after-free, and     system crash) via a crafted ioctl call (bnc#968011).

  - CVE-2016-2548: sound/core/timer.c in the Linux kernel     retains certain linked lists after a close or stop     action, which allowed local users to cause a denial of     service (system crash) via a crafted ioctl call, related     to the (1) snd_timer_close and (2) _snd_timer_stop     functions (bnc#968012).

  - CVE-2016-2546: sound/core/timer.c in the Linux kernel     uses an incorrect type of mutex, which allowed local     users to cause a denial of service (race condition,     use-after-free, and system crash) via a crafted ioctl     call (bnc#967975).

  - CVE-2016-2545: The snd_timer_interrupt function in     sound/core/timer.c in the Linux kernel did not properly     maintain a certain linked list, which allowed local     users to cause a denial of service (race condition and     system crash) via a crafted ioctl call (bnc#967974).

  - CVE-2016-2544: Race condition in the queue_delete     function in sound/core/seq/seq_queue.c in the Linux     kernel allowed local users to cause a denial of service     (use-after-free and system crash) by making an ioctl     call at a certain time (bnc#967973).

  - CVE-2016-2543: The snd_seq_ioctl_remove_events function     in sound/core/seq/seq_clientmgr.c in the Linux kernel     did not verify FIFO assignment before proceeding with     FIFO clearing, which allowed local users to cause a     denial of service (NULL pointer dereference and OOPS)     via a crafted ioctl call (bnc#967972).

  - CVE-2015-8709: ** DISPUTED ** kernel/ptrace.c in the     Linux kernel mishandles uid and gid mappings, which     allowed local users to gain privileges by establishing a     user namespace, waiting for a root process to enter that     namespace with an unsafe uid or gid, and then using the     ptrace system call. NOTE: the vendor states 'there is no     kernel bug here (bnc#959709 960561 ).

  - CVE-2015-8812: drivers/infiniband/hw/cxgb3/iwch_cm.c in     the Linux kernel did not properly identify error     conditions, which allowed remote attackers to execute     arbitrary code or cause a denial of service     (use-after-free) via crafted packets (bnc#966437).

  - CVE-2016-2384: Double free vulnerability in the     snd_usbmidi_create function in sound/usb/midi.c in the     Linux kernel allowed physically proximate attackers to     cause a denial of service (panic) or possibly have     unspecified other impact via vectors involving an     invalid USB descriptor (bnc#966693).

  - CVE-2015-8785: The fuse_fill_write_pages function in     fs/fuse/file.c in the Linux kernel allowed local users     to cause a denial of service (infinite loop) via a     writev system call that triggers a zero length for the     first segment of an iov (bnc#963765).

  - CVE-2014-9904: The snd_compress_check_input function in     sound/core/compress_offload.c in the ALSA subsystem in     the Linux kernel did not properly check for an integer     overflow, which allowed local users to cause a denial of     service (insufficient memory allocation) or possibly     have unspecified other impact via a crafted     SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811).

  - CVE-2016-5829: Multiple heap-based buffer overflows in     the hiddev_ioctl_usage function in     drivers/hid/usbhid/hiddev.c in the Linux kernel allow     local users to cause a denial of service or possibly     have unspecified other impact via a crafted (1)     HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call     (bnc#986572 986573).

  - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt     implementation in the netfilter subsystem in the Linux     kernel allowed local users to gain privileges or cause a     denial of service (memory corruption) by leveraging     in-container root access to provide a crafted offset     value that triggers an unintended decrement (bnc#986362     986365 986377).

  - CVE-2016-4805: Use-after-free vulnerability in     drivers/net/ppp/ppp_generic.c in the Linux kernel     allowed local users to cause a denial of service (memory     corruption and system crash, or spinlock) or possibly     have unspecified other impact by removing a network     namespace, related to the ppp_register_net_channel and     ppp_unregister_channel functions (bnc#980371).

  - CVE-2016-4470: The key_reject_and_link function in     security/keys/key.c in the Linux kernel did not ensure     that a certain data structure is initialized, which     allowed local users to cause a denial of service (system     crash) via vectors involving a crafted keyctl request2     command (bnc#984755 984764).

  - CVE-2015-6526: The perf_callchain_user_64 function in     arch/powerpc/perf/callchain.c in the Linux kernel on     ppc64 platforms allowed local users to cause a denial of     service (infinite loop) via a deep 64-bit userspace     backtrace (bnc#942702).

  - CVE-2016-5244: The rds_inc_info_copy function in     net/rds/recv.c in the Linux kernel did not initialize a     certain structure member, which allowed remote attackers     to obtain sensitive information from kernel stack memory     by reading an RDS message (bnc#983213).

The following non-security bugs were fixed :

  - ALSA: hrtimer: Handle start/stop more properly     (bsc#973378).

  - ALSA: pcm: Fix potential deadlock in OSS emulation     (bsc#968018).

  - ALSA: rawmidi: Fix race at copying & updating the     position (bsc#968018).

  - ALSA: rawmidi: Make snd_rawmidi_transmit() race-free     (bsc#968018).

  - ALSA: seq: Fix double port list deletion (bsc#968018).

  - ALSA: seq: Fix incorrect sanity check at     snd_seq_oss_synth_cleanup() (bsc#968018).

  - ALSA: seq: Fix leak of pool buffer at concurrent writes     (bsc#968018).

  - ALSA: seq: Fix lockdep warnings due to double mutex     locks (bsc#968018).

  - ALSA: seq: Fix race at closing in virmidi driver     (bsc#968018).

  - ALSA: seq: Fix yet another races among ALSA timer     accesses (bsc#968018).

  - ALSA: timer: Call notifier in the same spinlock     (bsc#973378).

  - ALSA: timer: Code cleanup (bsc#968018).

  - ALSA: timer: Fix leftover link at closing (bsc#968018).

  - ALSA: timer: Fix link corruption due to double start or     stop (bsc#968018).

  - ALSA: timer: Fix race between stop and interrupt     (bsc#968018).

  - ALSA: timer: Fix wrong instance passed to slave     callbacks (bsc#968018).

  - ALSA: timer: Protect the whole snd_timer_close() with     open race (bsc#973378).

  - ALSA: timer: Sync timer deletion at closing the system     timer (bsc#973378).

  - ALSA: timer: Use mod_timer() for rearming the system     timer (bsc#973378).

  - Bluetooth: vhci: Fix race at creating hci device     (bsc#971799,bsc#966849).

  - Bluetooth: vhci: fix open_timeout vs. hdev race     (bsc#971799,bsc#966849).

  - Bluetooth: vhci: purge unhandled skbs     (bsc#971799,bsc#966849).

  - Btrfs: do not use src fd for printk (bsc#980348).

  - Refresh     patches.drivers/ALSA-hrtimer-Handle-start-stop-more-prop     erly. Fix the build error on 32bit architectures.

  - Refresh patches.xen/xen-netback-coalesce: Restore     copying of SKBs with head exceeding page size     (bsc#978469).

  - Refresh patches.xen/xen3-patch-3.14: Suppress atomic     file position updates on /proc/xen/xenbus (bsc#970275).

  - Subject: [PATCH] USB: xhci: Add broken streams quirk for     Frescologic device id 1009 (bnc#982706).

  - USB: usbip: fix potential out-of-bounds write     (bnc#975945).

  - af_unix: Guard against other == sk in unix_dgram_sendmsg     (bsc#973570).

  - backends: guarantee one time reads of shared ring     contents (bsc#957988).

  - btrfs: do not go readonly on existing qgroup items     (bsc#957052).

  - btrfs: remove error message from search ioctl for     nonexistent tree.

  - drm/i915: Fix missing backlight update during panel     disablement (bsc#941113 boo#901754).

  - enic: set netdev->vlan_features (bsc#966245).

  - ext4: fix races between buffered IO and collapse /     insert range (bsc#972174).

  - ext4: fix races between page faults and hole punching     (bsc#972174).

  - ext4: fix races of writeback with punch hole and zero     range (bsc#972174).

  - ext4: move unlocked dio protection from     ext4_alloc_file_blocks() (bsc#972174).

  - ipv4/fib: do not warn when primary address is missing if     in_dev is dead (bsc#971360).

  - ipvs: count pre-established TCP states as active     (bsc#970114).

  - net: core: Correct an over-stringent device loop     detection (bsc#945219).

  - netback: do not use last request to determine minimum Tx     credit (bsc#957988).

  - pciback: Check PF instead of VF for PCI_COMMAND_MEMORY.

  - pciback: Save the number of MSI-X entries to be copied     later.

  - pciback: guarantee one time reads of shared ring     contents (bsc#957988).

  - series.conf: move cxgb3 patch to network drivers section

  - usb: quirk to stop runtime PM for Intel 7260     (bnc#984464).

  - x86: standardize mmap_rnd() usage (bnc#974308).

Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 7. This is the second regular update.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

* A flaw was found in the way the Linux kernel's file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a container could use this flaw to escape the bind mount and, potentially, escalate their privileges on the system.
(CVE-2015-2925, Important)

* A race condition flaw was found in the way the Linux kernel's IPC subsystem initialized certain fields in an IPC object structure that were later used for permission checking before inserting the object into a globally visible list. A local, unprivileged user could potentially use this flaw to elevate their privileges on the system.
(CVE-2015-7613, Important)

* It was found that reporting emulation failures to user space could lead to either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313) denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. (CVE-2010-5313, CVE-2014-7842, Moderate)

* A flaw was found in the way the Linux kernel's KVM subsystem handled non-canonical addresses when emulating instructions that change the RIP (for example, branches or calls). A guest user with access to an I/O or MMIO region could use this flaw to crash the guest.
(CVE-2014-3647, Moderate)

* It was found that the Linux kernel memory resource controller's (memcg) handling of OOM (out of memory) conditions could lead to deadlocks. An attacker could use this flaw to lock up the system.
(CVE-2014-8171, Moderate)

* A race condition flaw was found between the chown and execve system calls. A local, unprivileged user could potentially use this flaw to escalate their privileges on the system. (CVE-2015-3339, Moderate)

* A flaw was discovered in the way the Linux kernel's TTY subsystem handled the tty shutdown phase. A local, unprivileged user could use this flaw to cause a denial of service on the system. (CVE-2015-4170, Moderate)

* A NULL pointer dereference flaw was found in the SCTP implementation. A local user could use this flaw to cause a denial of service on the system by triggering a kernel panic when creating multiple sockets in parallel while the system did not have the SCTP module loaded. (CVE-2015-5283, Moderate)

* A flaw was found in the way the Linux kernel's perf subsystem retrieved userlevel stack traces on PowerPC systems. A local, unprivileged user could use this flaw to cause a denial of service on the system. (CVE-2015-6526, Moderate)

* A flaw was found in the way the Linux kernel's Crypto subsystem handled automatic loading of kernel modules. A local user could use this flaw to load any installed kernel module, and thus increase the attack surface of the running kernel. (CVE-2013-7421, CVE-2014-9644, Low)

* An information leak flaw was found in the way the Linux kernel changed certain segment registers and thread-local storage (TLS) during a context switch. A local, unprivileged user could use this flaw to leak the user space TLS base address of an arbitrary process.
(CVE-2014-9419, Low)

* It was found that the Linux kernel KVM subsystem's sysenter instruction emulation was not sufficient. An unprivileged guest user could use this flaw to escalate their privileges by tricking the hypervisor to emulate a SYSENTER instruction in 16-bit mode, if the guest OS did not initialize the SYSENTER model-specific registers (MSRs). Note: Certified guest operating systems for Red Hat Enterprise Linux with KVM do initialize the SYSENTER MSRs and are thus not vulnerable to this issue when running on a KVM hypervisor.
(CVE-2015-0239, Low)

* A flaw was found in the way the Linux kernel handled the securelevel functionality after performing a kexec operation. A local attacker could use this flaw to bypass the security mechanism of the securelevel/secureboot combination. (CVE-2015-7837, Low)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-2152 advisory.

  - The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a     bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability     than CVE-2014-9644. (CVE-2013-7421)

  - The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a     bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name     field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-2013-7421.
    (CVE-2014-9644)

  - The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of     service (deadlock) by spawning new processes within a memory-constrained cgroup. (CVE-2014-8171)

  - The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not     ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which     makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that     reads a TLS base address. (CVE-2014-9419)

  - The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS     lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of     service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER     instruction. (CVE-2015-0239)

  - Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local     users to gain privileges by executing a setuid program at a time instant when a chown to root is in     progress, and the ownership is changed but the setuid bit is not yet stripped. (CVE-2015-3339)

  - Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 allows L2 guest OS users to cause a     denial of service (L1 guest OS crash) via a crafted instruction that triggers an L2 emulation failure     report, a similar issue to CVE-2014-7842. (CVE-2010-5313)

  - arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform     RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted     application. (CVE-2014-3647)

  - Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allows guest OS users to cause a     denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO     transaction to trigger a guest userspace emulation error report, a similar issue to CVE-2010-5313.
    (CVE-2014-7842)

  - The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename     actions inside a bind mount, which allows local users to bypass an intended container protection mechanism     by renaming a directory, related to a double-chroot attack. (CVE-2015-2925)

  - Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before     3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and     ldsem_down_write deadlock) by establishing a new tty thread during shutdown of a previous tty thread.
    (CVE-2015-4170)

  - The sctp_init function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence     of protocol-initialization steps, which allows local users to cause a denial of service (panic or memory     corruption) by creating SCTP sockets before all of the steps have finished. (CVE-2015-5283)

  - The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c in the Linux kernel before 4.0.2 on     ppc64 platforms allows local users to cause a denial of service (infinite loop) via a deep 64-bit     userspace backtrace. (CVE-2015-6526)

  - Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to     gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against     uninitialized data, related to msg.c, shm.c, and util.c. (CVE-2015-7613)

  - The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted     with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions     by leveraging improper handling of secure_boot flag across kexec reboot. (CVE-2015-7837)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
124828	EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1505)	Nessus	Huawei Local Security Checks	critical
124811	EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1487)	Nessus	Huawei Local Security Checks	high
100912	SUSE SLES11 Security Update : kernel (SUSE-SU-2017:1613-1) (Stack Clash)	Nessus	SuSE Local Security Checks	high
100214	SUSE SLES11 Security Update : kernel (SUSE-SU-2017:1301-1)	Nessus	SuSE Local Security Checks	high
94732	Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-3127-2)	Nessus	Ubuntu Local Security Checks	high
94731	Ubuntu 14.04 LTS : linux vulnerabilities (USN-3127-1)	Nessus	Ubuntu Local Security Checks	high
93104	openSUSE Security Update : the Linux Kernel (openSUSE-2016-1015)	Nessus	SuSE Local Security Checks	critical
87135	CentOS 7 : kernel (CESA-2015:2152)	Nessus	CentOS Local Security Checks	high
87090	Oracle Linux 7 : kernel (ELSA-2015-2152)	Nessus	Oracle Linux Local Security Checks	high
86972	RHEL 7 : kernel (RHSA-2015:2152)	Nessus	Red Hat Local Security Checks	high

CVE-2015-3288

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

critical

high

high

high

high

high

critical

high

high

high