6.2 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
0.002 Low
EPSS
Percentile
64.5%
CentOS Errata and Security Advisory CESA-2013:0630
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
This update fixes the following security issues:
A flaw was found in the way the xen_iret() function in the Linux kernel
used the DS (the CPU’s Data Segment) register. A local, unprivileged user
in a 32-bit, para-virtualized Xen hypervisor guest could use this flaw to
crash the guest or, potentially, escalate their privileges. (CVE-2013-0228,
Important)
A flaw was found in the way file permission checks for the
“/dev/cpu/[x]/msr” files were performed in restricted root environments
(for example, when using a capability-based security model). A local user
with the ability to write to these files could use this flaw to escalate
their privileges to kernel level, for example, by writing to the
SYSENTER_EIP_MSR register. (CVE-2013-0268, Important)
The CVE-2013-0228 issue was discovered by Andrew Jones of Red Hat.
This update also fixes several bugs. Documentation for these changes will
be available shortly from the Technical Notes document linked to in the
References section.
Users should upgrade to these updated packages, which contain backported
patches to correct these issues, and fix the bugs noted in the Technical
Notes. The system must be rebooted for this update to take effect.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2013-March/081808.html
Affected packages:
kernel
kernel-debug
kernel-debug-devel
kernel-devel
kernel-doc
kernel-firmware
kernel-headers
perf
python-perf
Upstream details at:
https://access.redhat.com/errata/RHSA-2013:0630
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 6 | i686 | kernel | < 2.6.32-358.2.1.el6 | kernel-2.6.32-358.2.1.el6.i686.rpm |
CentOS | 6 | i686 | kernel-debug | < 2.6.32-358.2.1.el6 | kernel-debug-2.6.32-358.2.1.el6.i686.rpm |
CentOS | 6 | i686 | kernel-debug-devel | < 2.6.32-358.2.1.el6 | kernel-debug-devel-2.6.32-358.2.1.el6.i686.rpm |
CentOS | 6 | i686 | kernel-devel | < 2.6.32-358.2.1.el6 | kernel-devel-2.6.32-358.2.1.el6.i686.rpm |
CentOS | 6 | noarch | kernel-doc | < 2.6.32-358.2.1.el6 | kernel-doc-2.6.32-358.2.1.el6.noarch.rpm |
CentOS | 6 | noarch | kernel-firmware | < 2.6.32-358.2.1.el6 | kernel-firmware-2.6.32-358.2.1.el6.noarch.rpm |
CentOS | 6 | i686 | kernel-headers | < 2.6.32-358.2.1.el6 | kernel-headers-2.6.32-358.2.1.el6.i686.rpm |
CentOS | 6 | i686 | perf | < 2.6.32-358.2.1.el6 | perf-2.6.32-358.2.1.el6.i686.rpm |
CentOS | 6 | i686 | python-perf | < 2.6.32-358.2.1.el6 | python-perf-2.6.32-358.2.1.el6.i686.rpm |
CentOS | 6 | x86_64 | kernel | < 2.6.32-358.2.1.el6 | kernel-2.6.32-358.2.1.el6.x86_64.rpm |