CentOS 7 : kernel (CESA-2017:3315)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote CentOS host is missing one or more security updates.

Description :

An update for kernel is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

These updated kernel packages include several security issues and
numerous bug fixes, some of which you can see below. Space precludes
documenting all of these bug fixes in this advisory. To see the
complete list of bug fixes, users are directed to the related
Knowledge Article: https://access.redhat.com/ articles/3253081

Security Fix(es) :

* It was found that the timer functionality in the Linux kernel ALSA
subsystem is prone to a race condition between read and ioctl system
call handlers, resulting in an uninitialized memory disclosure to user
space. A local user could use this flaw to read information belonging
to other users. (CVE-2017-1000380, Moderate)

Red Hat would like to thank Alexander Potapenko (Google) for reporting
this issue.

See also :

http://www.nessus.org/u?8569af15

Solution :

Update the affected kernel packages.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 1.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: CentOS Local Security Checks

Nessus Plugin ID: 105056 ()

Bugtraq ID:

CVE ID: CVE-2017-1000380

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now