New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 7.4
Synopsis
The remote Amazon Linux AMI host is missing a security update.
Description
The Linux kernel did not properly suppress hugetlbfs support in x86 PV guests, which could allow local PV guest users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area. (CVE-2016-3961 / XSA-174)
A flaw was found in the way the Linux kernel's ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 certificate DER file to crash the system or, potentially, escalate their privileges on the system. (CVE-2016-0758)
Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault handling. (CVE-2015-8839)
The following flaws were also fixed in this version :
CVE-2016-4557 : Use after free vulnerability via double fdput
CVE-2016-4581 : Slave being first propagated copy causes oops in propagate_mnt
CVE-2016-4486 : Information leak in rtnetlink
CVE-2016-4485 : Information leak in llc module
CVE-2016-4558 : bpf: refcnt overflow
CVE-2016-4565 : infiniband: Unprivileged process can overwrite kernel memory using rdma_ucm.ko
CVE-2016-0758 : tags with indefinite length can corrupt pointers in asn1_find_indefinite_length()
CVE-2015-8839 : ext4 filesystem page fault race condition with fallocate call.
Solution
Run 'yum update kernel' to update your system.