New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 3.6
SynopsisThe remote Amazon Linux AMI host is missing a security update.
DescriptionA malicious Network File System version 4 (NFSv4) server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2012-2375 , Moderate)
A divide-by-zero flaw was found in the TCP Illinois congestion control algorithm implementation in the Linux kernel. If the TCP Illinois congestion control algorithm were in use (the sysctl net.ipv4.tcp_congestion_control variable set to 'illinois'), a local, unprivileged user could trigger this flaw and cause a denial of service. (CVE-2012-4565 , Moderate)
A NULL pointer dereference flaw was found in the way a new node's hot added memory was propagated to other nodes' zonelists. By utilizing this newly added memory from one of the remaining nodes, a local, unprivileged user could use this flaw to cause a denial of service.
(CVE-2012-5517 , Moderate)
It was found that a prevoius kernel release did not correctly fix the CVE-2009-4307 issue, a divide-by-zero flaw in the ext4 file system code. A local, unprivileged user with the ability to mount an ext4 file system could use this flaw to cause a denial of service.
(CVE-2012-2100 , Low)
A flaw was found in the way the Linux kernel's IPv6 implementation handled overlapping, fragmented IPv6 packets. A remote attacker could potentially use this flaw to bypass protection mechanisms (such as a firewall or intrusion detection system (IDS)) when sending network packets to a target system. (CVE-2012-4444 , Low)
SolutionRun 'yum update kernel nvidia' to update your system. You will need to reboot your system in order for the new kernel to be running.