RHEL 6 : kernel (RHSA-2015:0782)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated kernel packages that fix multiple security issues and several
bugs are now available for Red Hat Enterprise Linux 6.5 Extended
Update Support.

Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* It was found that the Linux kernel's Infiniband subsystem did not
properly sanitize input parameters while registering memory regions
from user space via the (u)verbs API. A local user with access to a
/dev/infiniband/uverbsX device could use this flaw to crash the system
or, potentially, escalate their privileges on the system.
(CVE-2014-8159, Important)

* A use-after-free flaw was found in the way the Linux kernel's SCTP
implementation handled authentication key reference counting during
INIT collisions. A remote attacker could use this flaw to crash the
system or, potentially, escalate their privileges on the system.
(CVE-2015-1421, Important)

* An integer overflow flaw was found in the way the Linux kernel's
Frame Buffer device implementation mapped kernel memory to user space
via the mmap syscall. A local user able to access a frame buffer
device file (/dev/fb*) could possibly use this flaw to escalate their
privileges on the system. (CVE-2013-2596, Important)

* It was found that the Linux kernel's KVM implementation did not
ensure that the host CR4 control register value remained unchanged
across VM entries on the same virtual CPU. A local, unprivileged user
could use this flaw to cause a denial of service on the system.
(CVE-2014-3690, Moderate)

* It was found that the parse_rock_ridge_inode_internal() function of
the Linux kernel's ISOFS implementation did not correctly check
relocated directories when processing Rock Ridge child link (CL) tags.
An attacker with physical access to the system could use a specially
crafted ISO image to crash the system or, potentially, escalate their
privileges on the system. (CVE-2014-5471, CVE-2014-5472, Low)

* A stack-based buffer overflow flaw was found in the
TechnoTrend/Hauppauge DEC USB device driver. A local user with write
access to the corresponding device could use this flaw to crash the
kernel or, potentially, elevate their privileges on the system.
(CVE-2014-8884, Low)

Red Hat would like to thank Mellanox for reporting CVE-2014-8159, and
Andy Lutomirski for reporting CVE-2014-3690. The CVE-2015-1421 issue
was discovered by Sun Baoliang of Red Hat.

This update also fixes the following bugs :

* Previously, a NULL pointer check that is needed to prevent an oops
in the nfs_async_inode_return_delegation() function was removed. As a
consequence, a NFS4 client could terminate unexpectedly. The missing
NULL pointer check has been added back, and NFS4 client no longer
crashes in this situation. (BZ#1187638)

* Due to unbalanced multicast join and leave processing, the attempt
to leave a multicast group that had not previously completed a join
became unresponsive. This update resolves multiple locking issues in
the IPoIB multicast code that allowed multicast groups to be left
before the joining was entirely completed. Now, multicast join and
leave failures or lockups no longer occur in the described situation.
(BZ#1187663)

* A failure to leave a multicast group which had previously been
joined prevented the attempt to unregister from the 'sa' service.
Multiple locking issues in the IPoIB multicast join and leave
processing have been fixed so that leaving a group that has completed
its join process is successful. As a result, attempts to unregister
from the 'sa' service no longer lock up due to leaked resources.
(BZ#1187665)

* Due to a regression, when large reads which partially extended
beyond the end of the underlying device were done, the raw driver
returned the EIO error code instead of returning a short read covering
the valid part of the device. The underlying source code has been
patched, and the raw driver now returns a short read for the remainder
of the device. (BZ#1195746)

All kernel users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. The system
must be rebooted for this update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2013-2596.html
https://www.redhat.com/security/data/cve/CVE-2014-3690.html
https://www.redhat.com/security/data/cve/CVE-2014-5471.html
https://www.redhat.com/security/data/cve/CVE-2014-5472.html
https://www.redhat.com/security/data/cve/CVE-2014-8159.html
https://www.redhat.com/security/data/cve/CVE-2014-8884.html
https://www.redhat.com/security/data/cve/CVE-2015-1421.html
http://rhn.redhat.com/errata/RHSA-2015-0782.html

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Red Hat Local Security Checks

Nessus Plugin ID: 82636 ()

Bugtraq ID:

CVE ID: CVE-2013-2596
CVE-2014-3690
CVE-2014-5471
CVE-2014-5472
CVE-2014-8159
CVE-2014-8884
CVE-2015-1421

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now