Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20160510)

high Nessus Plugin ID 91643
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Scientific Linux host is missing one or more security updates.

Description

Security Fix(es) :

- It was found that reporting emulation failures to user space could lead to either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313) denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port.
Please note that on certain systems, HPET is mapped to userspace as part of vdso (vvar) and thus an unprivileged user may generate MMIO transactions (and enter the emulator) this way. (CVE-2010-5313, CVE-2014-7842, Moderate)

- It was found that the Linux kernel did not properly account file descriptors passed over the unix socket against the process limit. A local user could use this flaw to exhaust all available memory on the system.
(CVE-2013-4312, Moderate)

- A buffer overflow flaw was found in the way the Linux kernel's virtio- net subsystem handled certain fraglists when the GRO (Generic Receive Offload) functionality was enabled in a bridged network configuration. An attacker on the local network could potentially use this flaw to crash the system, or, although unlikely, elevate their privileges on the system. (CVE-2015-5156, Moderate)

- It was found that the Linux kernel's IPv6 network stack did not properly validate the value of the MTU variable when it was set. A remote attacker could potentially use this flaw to disrupt a target system's networking (packet loss) by setting an invalid MTU value, for example, via a NetworkManager daemon that is processing router advertisement packets running on the target system. (CVE-2015-8215, Moderate)

- A NULL pointer dereference flaw was found in the way the Linux kernel's network subsystem handled socket creation with an invalid protocol identifier. A local user could use this flaw to crash the system. (CVE-2015-8543, Moderate)

- It was found that the espfix functionality does not work for 32-bit KVM paravirtualized guests. A local, unprivileged guest user could potentially use this flaw to leak kernel stack addresses. (CVE-2014-8134, Low)

- A flaw was found in the way the Linux kernel's ext4 file system driver handled non-journal file systems with an orphan list. An attacker with physical access to the system could use this flaw to crash the system or, although unlikely, escalate their privileges on the system. (CVE-2015-7509, Low)

- A NULL pointer dereference flaw was found in the way the Linux kernel's ext4 file system driver handled certain corrupted file system images. An attacker with physical access to the system could use this flaw to crash the system. (CVE-2015-8324, Low)

Notes :

- Problems have been reported with this kernel and VirtualBox. More info is available in the notes for the VirtualBox ticket here: <a href='https://www.virtualbox.org/ticket/14866' target='_blank'>https://www.virtualbox.org/ticket/14866< /a>

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?87948e6e

Plugin Details

Severity: High

ID: 91643

File Name: sl_20160510_kernel_on_SL6_x.nasl

Version: 2.6

Type: local

Agent: unix

Published: 6/17/2016

Updated: 1/14/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 7

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:fermilab:scientific_linux:kernel, p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists, p-cpe:/a:fermilab:scientific_linux:kernel-debug, p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo, p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel, p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo, p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686, p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64, p-cpe:/a:fermilab:scientific_linux:kernel-devel, p-cpe:/a:fermilab:scientific_linux:kernel-doc, p-cpe:/a:fermilab:scientific_linux:kernel-firmware, p-cpe:/a:fermilab:scientific_linux:kernel-headers, p-cpe:/a:fermilab:scientific_linux:perf, p-cpe:/a:fermilab:scientific_linux:perf-debuginfo, p-cpe:/a:fermilab:scientific_linux:python-perf, p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo, x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 5/10/2016

Vulnerability Publication Date: 11/30/2014

Reference Information

CVE: CVE-2010-5313, CVE-2013-4312, CVE-2014-7842, CVE-2014-8134, CVE-2015-5156, CVE-2015-7509, CVE-2015-8215, CVE-2015-8324, CVE-2015-8543