http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9842df62004f366b9fed2423e24df10542ee0dc5

http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.1

[oss-security] 20160516 CVE-2016-3713 Linux kernel: kvm: OOB r/w access issue with MSR 0x2F8

https://bugzilla.redhat.com/show_bug.cgi?id=1332139

https://github.com/torvalds/linux/commit/9842df62004f366b9fed2423e24df10542ee0dc5

According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - The NFSv2 and NFSv3 server implementations in the Linux     kernel through 4.10.13 lacked certain checks for the     end of a buffer. A remote attacker could trigger a     pointer-arithmetic error or possibly cause other     unspecified impacts using crafted requests related to     fs/nfsd/nfs3xdr.c and     fs/nfsd/nfsxdr.c.(CVE-2017-7895i1/4%0

  - A flaw was found in the Linux kernel's ACPI subsystem     where a function does not flush the operand cache and     causes a kernel stack dump. This allows local users to     obtain sensitive information from kernel memory and     bypass the KASLR protection mechanism when using a     specially crafted ACPI table.(CVE-2017-13695i1/4%0

  - It was found that fanout_add() in     'net/packet/af_packet.c' in the Linux kernel, before     version 4.13.6, allows local users to gain privileges     via crafted system calls that trigger mishandling of     packet_fanout data structures, because of a race     condition (involving fanout_add and packet_do_bind)     that leads to a use-after-free bug.(CVE-2017-15649i1/4%0

  - Race condition in kernel/ucount.c in the Linux kernel     through 4.10.2 allows local users to cause a denial of     service (use-after-free and system crash) or possibly     have unspecified other impact via crafted system calls     that leverage certain decrement behavior that causes     incorrect interaction between put_ucounts and     get_ucounts.(CVE-2017-6874i1/4%0

  - An out-of-bounds memory access flaw, CVE-2014-7825, was     found in the syscall tracing functionality of the Linux     kernel's perf subsystem. A local, unprivileged user     could use this flaw to crash the system. Additionally,     an out-of-bounds memory access flaw, CVE-2014-7826, was     found in the syscall tracing functionality of the Linux     kernel's ftrace subsystem. On a system with ftrace     syscall tracing enabled, a local, unprivileged user     could use this flaw to crash the system, or escalate     their privileges.(CVE-2014-7825i1/4%0

  - The Salsa20 encryption algorithm in the Linux kernel,     before 4.14.8, does not correctly handle zero-length     inputs. This allows a local attacker the ability to use     the AF_ALG-based skcipher interface to cause a denial     of service (uninitialized-memory free and kernel crash)     or have an unspecified other impact by executing a     crafted sequence of system calls that use the     blkcipher_walk API. Both the generic implementation     (crypto/salsa20_generic.c) and x86 implementation     (arch/x86/crypto/salsa20_glue.c) of Salsa20 are     vulnerable.(CVE-2017-17805i1/4%0

  - The msm_ipc_router_bind_control_port function in     net/ipc_router/ipc_router_core.c in the IPC router     kernel module for the Linux kernel 3.x, as used in     Qualcomm Innovation Center (QuIC) Android contributions     for MSM devices and other products, does not verify     that a port is a client port, which allows attackers to     gain privileges or cause a denial of service (race     condition and list corruption) by making many     BIND_CONTROL_PORT ioctl calls.(CVE-2016-2059i1/4%0

  - The do_remount function in fs/namespace.c in the Linux     kernel through 3.16.1 does not maintain the     MNT_LOCK_READONLY bit across a remount of a bind mount,     which allows local users to bypass an intended     read-only restriction and defeat certain sandbox     protection mechanisms via a 'mount -o remount' command     within a user namespace.(CVE-2014-5206i1/4%0

  - The ati_remote2_probe function in     drivers/input/misc/ati_remote2.c in the Linux kernel     before 4.5.1 allows physically proximate attackers to     cause a denial of service (NULL pointer dereference and     system crash) via a crafted endpoints value in a USB     device descriptor.(CVE-2016-2185i1/4%0

  - It was found that the fix for CVE-2014-3601 was     incomplete: the Linux kernel's kvm_iommu_map_pages()     function still handled IOMMU mapping failures     incorrectly. A privileged user in a guest with an     assigned host device could use this flaw to crash the     host.(CVE-2014-8369i1/4%0

  - A NULL pointer dereference was found in     net/rds/rdma.c:__rds_rdma_map() function in the Linux     kernel allowing local attackers to cause a system panic     and a denial-of-service.(CVE-2018-7492i1/4%0

  - An issue was discovered in the XFS filesystem in     fs/xfs/xfs_icache.c in the Linux kernel. There is a     NULL pointer dereference leading to a system panic in     lookup_slow() on a NULL inode-i1/4zi_ops pointer when     doing pathwalks on a corrupted xfs image. This occurs     because of a lack of proper validation that cached     inodes are free during an allocation.(CVE-2018-13093i1/4%0

  - The iowarrior_probe function in     drivers/usb/misc/iowarrior.c in the Linux kernel before     4.5.1 allows physically proximate attackers to cause a     denial of service (NULL pointer dereference and system     crash) via a crafted endpoints value in a USB device     descriptor.(CVE-2016-2188i1/4%0

  - Linux kernel built with the 802.1Q/802.1ad     VLAN(CONFIG_VLAN_8021Q) OR Virtual eXtensible Local     Area Network(CONFIG_VXLAN) with Transparent Ethernet     Bridging(TEB) GRO support, is vulnerable to a stack     overflow issue. It could occur while receiving large     packets via GRO path, as an unlimited recursion could     unfold in both VLAN and TEB modules, leading to a stack     corruption in the kernel.(CVE-2016-7039i1/4%0

  - The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in     the Linux kernel before 4.6.1 supports MSR 0x2f8, which     allows guest OS users to read or write to the     kvm_arch_vcpu data structure, and consequently obtain     sensitive information or cause a denial of service     (system crash), via a crafted ioctl     call.(CVE-2016-3713i1/4%0

  - A flaw was found in the way the Linux kernel's VFS     subsystem handled reference counting when performing     unmount operations on symbolic links. A local,     unprivileged user could use this flaw to exhaust all     available memory on the system or, potentially, trigger     a use-after-free error, resulting in a system crash or     privilege escalation.(CVE-2014-5045i1/4%0

  - The KEYS subsystem in the Linux kernel before 4.13.10     does not correctly synchronize the actions of updating     versus finding a key in the 'negative' state to avoid a     race condition, which allows local users to cause a     denial of service or possibly have unspecified other     impact via crafted system calls.(CVE-2017-15951i1/4%0

  - The skb_flow_dissect function in     net/core/flow_dissector.c in the Linux kernel through     3.12 allows remote attackers to cause a denial of     service (infinite loop) via a small value in the IHL     field of a packet with IPIP     encapsulation.(CVE-2013-4348i1/4%0

  - The Linux kernel through 3.17.4 does not properly     restrict dropping of supplemental group memberships in     certain namespace scenarios, which allows local users     to bypass intended file permissions by leveraging a     POSIX ACL containing an entry for the group category     that is more restrictive than the entry for the other     category, aka a 'negative groups' issue, related to     kernel/groups.c, kernel/uid16.c, and     kernel/user_namespace.c.(CVE-2014-8989i1/4%0

  - An infinite-loop flaw was found in the kernel. When a     local user calls the sys_writev syscall with a     specially crafted sequence of iov structs, the     fuse_fill_write_pages kernel function might never     terminate, instead continuing in a tight loop. This     process cannot be terminated and requires a     reboot.(CVE-2015-8785i1/4%0

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the kvm package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in     the Linux kernel before 4.6.1 supports MSR 0x2f8, which     allows guest OS users to read or write to the     kvm_arch_vcpu data structure, and consequently obtain     sensitive information or cause a denial of service     (system crash), via a crafted ioctl     call.(CVE-2016-3713)

  - Linux kernel built with the Kernel-based Virtual     Machine (CONFIG_KVM) support is vulnerable to a null     pointer dereference flaw. It could occur on x86     platform, when emulating an undefined instruction. An     attacker could use this flaw to crash the host kernel     resulting in DoS.(CVE-2016-8630)

  - Linux kernel built with the Kernel-based Virtual     Machine (CONFIG_KVM) support was vulnerable to an     incorrect segment selector(SS) value error. The error     could occur while loading values into the SS register     in long mode. A user or process inside a guest could     use this flaw to crash the guest, resulting in DoS or     potentially escalate their privileges inside the     guest.(CVE-2017-2583)

  - arch/x86/kvm/emulate.c in the Linux kernel through     4.9.3 allows local users to obtain sensitive     information from kernel memory or cause a denial of     service (use-after-free) via a crafted application that     leverages instruction emulation for fxrstor, fxsave,     sgdt, and sidt.(CVE-2017-2584)

  - A reachable assertion failure flaw was found in the     Linux kernel built with KVM virtualisation(CONFIG_KVM)     support with Virtual Function I/O feature (CONFIG_VFIO)     enabled. This failure could occur if a malicious guest     device sent a virtual interrupt (guest IRQ) with a     larger (i1/4z1024) index value.(CVE-2017-1000252)

  - An industry-wide issue was found in the way many modern     microprocessor designs have implemented speculative     execution of instructions (a commonly used performance     optimization). There are three primary variants of the     issue which differ in the way the speculative execution     can be exploited. Variant CVE-2017-5715 triggers the     speculative execution by utilizing branch target     injection. It relies on the presence of a     precisely-defined instruction sequence in the     privileged code as well as the fact that memory     accesses may cause allocation into the microprocessor's     data cache even for speculatively executed instructions     that never actually commit (retire). As a result, an     unprivileged attacker could use this flaw to cross the     syscall and guest/host boundaries and read privileged     memory by conducting targeted cache side-channel     attacks.(CVE-2017-5715)

  - A flaw was found in the way the Linux KVM module     processed the trap flag(TF) bit in EFLAGS during     emulation of the syscall instruction, which leads to a     debug exception(#DB) being raised in the guest stack. A     user/process inside a guest could use this flaw to     potentially escalate their privileges inside the guest.
    Linux guests are not affected by this.(CVE-2017-7518)

  - Linux kernel compiled with the KVM virtualization     (CONFIG_KVM) support is vulnerable to an out-of-bounds     read access issue. It could occur when emulating vmcall     instructions invoked by a guest. A guest user/process     could use this flaw to disclose kernel memory     bytes.(CVE-2017-17741)

  - Systems with microprocessors utilizing speculative     execution and speculative execution of memory reads     before the addresses of all prior memory writes are     known may allow unauthorized disclosure of information     to an attacker with local user access via a     side-channel analysis, aka Speculative Store Bypass     (SSB), Variant 4.(CVE-2018-3639)

  - kernel: kvm: guest userspace to guest kernel     write(CVE-2018-10853)

  - In the Linux kernel before 4.20.8,     kvm_ioctl_create_device in virt/kvm/kvm_main.c     mishandles reference counting because of a race     condition, leading to a use-after-free.(CVE-2019-6974)

  - The KVM implementation in the Linux kernel through     4.20.5 has an Information Leak.(CVE-2019-7222)

  - The KVM implementation in the Linux kernel through     4.20.5 has a Use-after-Free.(CVE-2019-7221)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4301 advisory.

  - The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly     interact with certain locations of a chroot directory, which allows local users to cause a denial of     service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call.
    (CVE-2014-7970)

  - The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation     to /dev/snd/seq by a local user. (CVE-2018-7566)

  - The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length     inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface     (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel     crash) or have unspecified other impact by executing a crafted sequence of system calls that use the     blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation     (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable. (CVE-2017-17805)

  - ** DISPUTED ** Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with     dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel     heap pages to the userspace. This has been fixed upstream in     https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824 already. The problem has     limited scope, as users don't usually have permissions to access SCSI devices. On the other hand, e.g. the     Nero user manual suggests doing `chmod o+r+w /dev/sg*` to make the devices accessible. NOTE: third parties     dispute the relevance of this report, noting that the requirement for an attacker to have both the     CAP_SYS_ADMIN and CAP_SYS_RAWIO capabilities makes it virtually impossible to exploit.
    (CVE-2018-1000204)

  - An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc     in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from     unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and     CVE-2018-16658. (CVE-2018-18710)

  - The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths,     which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted     filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c. (CVE-2014-9728)

  - The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in the Linux kernel before 4.6.1 supports MSR 0x2f8,     which allows guest OS users to read or write to the kvm_arch_vcpu data structure, and consequently obtain     sensitive information or cause a denial of service (system crash), via a crafted ioctl call.
    (CVE-2016-3713)

  - The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the     underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based     hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a     kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing     SHA-3 initialization. (CVE-2017-17806)

  - An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel     through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM     ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the     location of kernel code and data and bypass kernel security protections such as KASLR. (CVE-2018-7755)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4300 advisory.

  - The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length     inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface     (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel     crash) or have unspecified other impact by executing a crafted sequence of system calls that use the     blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation     (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable. (CVE-2017-17805)

  - It was found that the raw midi kernel driver does not protect against concurrent access which leads to a     double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part     of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for     privilege escalation. (CVE-2018-10902)

  - An elevation of privilege vulnerability in the kernel scsi driver. Product: Android. Versions: Android     kernel. Android ID A-65023233. (CVE-2017-13168)

  - ** DISPUTED ** Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with     dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel     heap pages to the userspace. This has been fixed upstream in     https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824 already. The problem has     limited scope, as users don't usually have permissions to access SCSI devices. On the other hand, e.g. the     Nero user manual suggests doing `chmod o+r+w /dev/sg*` to make the devices accessible. NOTE: third parties     dispute the relevance of this report, noting that the requirement for an attacker to have both the     CAP_SYS_ADMIN and CAP_SYS_RAWIO capabilities makes it virtually impossible to exploit.
    (CVE-2018-1000204)

  - An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc     in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from     unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and     CVE-2018-16658. (CVE-2018-18710)

  - The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths,     which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted     filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c. (CVE-2014-9728)

  - The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in the Linux kernel before 4.6.1 supports MSR 0x2f8,     which allows guest OS users to read or write to the kvm_arch_vcpu data structure, and consequently obtain     sensitive information or cause a denial of service (system crash), via a crafted ioctl call.
    (CVE-2016-3713)

  - The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the     underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based     hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a     kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing     SHA-3 initialization. (CVE-2017-17806)

  - An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel     through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM     ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the     location of kernel code and data and bypass kernel security protections such as KASLR. (CVE-2018-7755)

  - ** DISPUTED ** drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel before 4.16 allows local users to     cause a denial of service (ata qc leak) by triggering certain failure conditions. NOTE: a third party     disputes the relevance of this report because the failure can only occur for physically proximate     attackers who unplug SAS Host Bus Adapter cables. (CVE-2018-10021)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux host is missing a security update for the kernel package(s).

The 4.5.5 stable update contains a number of important fixes across the tree.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The 4.4.11 update contains a number of important fixes across the tree

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The 4.5.5 stable update contains a number of important fixes across the tree.

----

The 4.5.4 stable update contains a number of important fixes across the tree.

----

The 4.5.3 stable rebase contains enhanced hardware support, additional features, and a number of important fixes across the tree.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

USN-2979-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.

David Matlack discovered that the Kernel-based Virtual Machine (KVM) implementation in the Linux kernel did not properly restrict variable Memory Type Range Registers (MTRR) in KVM guests. A privileged user in a guest VM could use this to cause a denial of service (system crash) in the host, expose sensitive information from the host, or possibly gain administrative privileges in the host. (CVE-2016-3713)

Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-0758).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

David Matlack discovered that the Kernel-based Virtual Machine (KVM) implementation in the Linux kernel did not properly restrict variable Memory Type Range Registers (MTRR) in KVM guests. A privileged user in a guest VM could use this to cause a denial of service (system crash) in the host, expose sensitive information from the host, or possibly gain administrative privileges in the host. (CVE-2016-3713)

Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-0758).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

USN-2978-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10.
This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 15.10 for Ubuntu 14.04 LTS.

David Matlack discovered that the Kernel-based Virtual Machine (KVM) implementation in the Linux kernel did not properly restrict variable Memory Type Range Registers (MTRR) in KVM guests. A privileged user in a guest VM could use this to cause a denial of service (system crash) in the host, expose sensitive information from the host, or possibly gain administrative privileges in the host. (CVE-2016-3713)

Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-0758).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
127146	NewStart CGSL MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0004)	Nessus	NewStart CGSL Local Security Checks	critical
124974	EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1521)	Nessus	Huawei Local Security Checks	critical
124953	EulerOS Virtualization 3.0.1.0 : kvm (EulerOS-SA-2019-1450)	Nessus	Huawei Local Security Checks	high
119567	Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2018-4301)	Nessus	Oracle Linux Local Security Checks	high
119535	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4300)	Nessus	Oracle Linux Local Security Checks	high
102511	Oracle Linux 7 : kernel (ELSA-2017-1842-1) (Stack Clash)	Nessus	Oracle Linux Local Security Checks	critical
92211	Fedora 24 : kernel (2016-f8739a80b0)	Nessus	Fedora Local Security Checks	high
92067	Fedora 22 : kernel (2016-2363b37a98)	Nessus	Fedora Local Security Checks	high
92055	Fedora 23 : kernel (2016-06f1572324)	Nessus	Fedora Local Security Checks	high
91189	Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-2979-2)	Nessus	Ubuntu Local Security Checks	high
91188	Ubuntu 16.04 LTS : linux vulnerabilities (USN-2979-1)	Nessus	Ubuntu Local Security Checks	high
91186	Ubuntu 14.04 LTS : linux-lts-wily vulnerabilities (USN-2978-2)	Nessus	Ubuntu Local Security Checks	high
91185	Ubuntu 15.10 : linux vulnerabilities (USN-2978-1)	Nessus	Ubuntu Local Security Checks	high

CVE-2016-3713

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

critical

critical

high

high

high

critical

high

high

high

high

high

high

high