New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 9
Synopsis
The remote Oracle Linux host is missing one or more security updates.
Description
Description of changes:
* Improved fix for CVE-2010-2962.
The original upstream fix for CVE-2010-2962 had an overflow bug in its bounds checking.
* CVE-2012-0056: Privilege escalation in /proc/[pid]/mem writing.
It was found that permissions were not checked properly in the Linux kernel when handling the /proc/[pid]/mem writing functionality. A local, unprivileged user could use this flaw to escalate their privileges.
[2.6.32-300.7.1.el6uek]
- Revert 'proc: enable writing to /proc/pid/mem' [orabug 13619701] {CVE-2012-0056}
- [PATCH] x86, tsc: Skip TSC synchronization checks for tsc=reliable (Suresh Siddha)
[2.6.32-300.6.1.el6uek]
- tracing: Fix NULL pointer deref with SEND_SIG_FORCED (Oleg Nesterov) [orabug 13611655]
[2.6.32-300.5.1.el6uek]
- sched, x86: Avoid unnecessary overflow in sched_clock (Salman Qazi) [orabug 13604567]
- [x86]: Don't resume/restore cpu if not of the expected cpu (Joe Jin) [orabug 13492670]
- drm/i915: Rephrase pwrite bounds checking to avoid any potential overflow (Chris Wilson) [CVE-2010-296]
- x2apic: Enable the bios request for x2apic optout (Suresh Siddha) [orabug 13565303]
- fuse: split queues to scale I/O throughput (Srinivas Eeda) [orabug 10004611]
- fuse: break fc spinlock (Srinivas Eeda) [orabug 10004611]
Solution
Update the affected unbreakable enterprise kernel packages.