New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 8.9
SynopsisThe remote Amazon Linux AMI host is missing a security update.
DescriptionA flaw was discovered in processing setsockopt for 32 bit processes on 64 bit systems. This flaw will allow attackers to alter arbitary kernel memory when unloading a kernel module. This action is usually restricted to root-priveledged users but can also be leveraged if the kernel is compiled with CONFIG_USER_NS and CONFIG_NET_NS.
An out-of-bounds heap memory access leading to a Denial of Service, heap disclosure, or further impact was found in setsockopt(). The function call is normally restricted to root, however some processes with cap_sys_admin may also be able to trigger this flaw in privileged container environments. (CVE-2016-4998)
A vulnerability was found in the Linux kernel. The pointer to the netlink socket attribute is not checked, which could cause a NULL pointer dereference when parsing the nested attributes in function tipc_nl_publ_dump().
This allows local users to cause a DoS. (CVE-2016-4951)
A double free vulnerability was found in netlink_dump, which could cause a denial of service or possibly other unspecified impact.
(Updated on 2016-07-14: CVE-2016-4998 and CVE-2016-4951 were fixed in this version, but was not previously listed in this errata.)
(Updated on 2017-01-19: CVE-2016-9806 was fixed in this release but was previously not part of this errata.)
SolutionRun 'yum update kernel' to update your system.