kernel security update

2014-12-1813:03:54

CentOS Project

lists.centos.org

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON

CentOS Errata and Security Advisory CESA-2014:2008

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

A flaw was found in the way the Linux kernel handled GS segment register
base switching when recovering from a #SS (stack segment) fault on an
erroneous return to user space. A local, unprivileged user could use this
flaw to escalate their privileges on the system. (CVE-2014-9322, Important)

Red Hat would like to thank Andy Lutomirski for reporting this issue.

All kernel users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. The system must be
rebooted for this update to take effect.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2014-December/083004.html

Affected packages:
kernel
kernel-PAE
kernel-PAE-devel
kernel-debug
kernel-debug-devel
kernel-devel
kernel-doc
kernel-headers
kernel-xen
kernel-xen-devel

Upstream details at:
https://access.redhat.com/errata/RHSA-2014:2008

OSVersionArchitecturePackageVersionFilename
CentOS5i686kernel< 2.6.18-400.1.1.el5kernel-2.6.18-400.1.1.el5.i686.rpm
CentOS5i686kernel-debug< 2.6.18-400.1.1.el5kernel-debug-2.6.18-400.1.1.el5.i686.rpm
CentOS5i686kernel-debug-devel< 2.6.18-400.1.1.el5kernel-debug-devel-2.6.18-400.1.1.el5.i686.rpm
CentOS5i686kernel-devel< 2.6.18-400.1.1.el5kernel-devel-2.6.18-400.1.1.el5.i686.rpm
CentOS5noarchkernel-doc< 2.6.18-400.1.1.el5kernel-doc-2.6.18-400.1.1.el5.noarch.rpm
CentOS5i386kernel-headers< 2.6.18-400.1.1.el5kernel-headers-2.6.18-400.1.1.el5.i386.rpm
CentOS5i686kernel-pae< 2.6.18-400.1.1.el5kernel-PAE-2.6.18-400.1.1.el5.i686.rpm
CentOS5i686kernel-pae-devel< 2.6.18-400.1.1.el5kernel-PAE-devel-2.6.18-400.1.1.el5.i686.rpm
CentOS5i686kernel-xen< 2.6.18-400.1.1.el5kernel-xen-2.6.18-400.1.1.el5.i686.rpm
CentOS5i686kernel-xen-devel< 2.6.18-400.1.1.el5kernel-xen-devel-2.6.18-400.1.1.el5.i686.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	5	i686	kernel	< 2.6.18-400.1.1.el5	kernel-2.6.18-400.1.1.el5.i686.rpm
CentOS	5	i686	kernel-debug	< 2.6.18-400.1.1.el5	kernel-debug-2.6.18-400.1.1.el5.i686.rpm
CentOS	5	i686	kernel-debug-devel	< 2.6.18-400.1.1.el5	kernel-debug-devel-2.6.18-400.1.1.el5.i686.rpm
CentOS	5	i686	kernel-devel	< 2.6.18-400.1.1.el5	kernel-devel-2.6.18-400.1.1.el5.i686.rpm
CentOS	5	noarch	kernel-doc	< 2.6.18-400.1.1.el5	kernel-doc-2.6.18-400.1.1.el5.noarch.rpm
CentOS	5	i386	kernel-headers	< 2.6.18-400.1.1.el5	kernel-headers-2.6.18-400.1.1.el5.i386.rpm
CentOS	5	i686	kernel-pae	< 2.6.18-400.1.1.el5	kernel-PAE-2.6.18-400.1.1.el5.i686.rpm
CentOS	5	i686	kernel-pae-devel	< 2.6.18-400.1.1.el5	kernel-PAE-devel-2.6.18-400.1.1.el5.i686.rpm
CentOS	5	i686	kernel-xen	< 2.6.18-400.1.1.el5	kernel-xen-2.6.18-400.1.1.el5.i686.rpm
CentOS	5	i686	kernel-xen-devel	< 2.6.18-400.1.1.el5	kernel-xen-devel-2.6.18-400.1.1.el5.i686.rpm