4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.004 Low
EPSS
Percentile
74.7%
CentOS Errata and Security Advisory CESA-2016:1633
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
It was found that the RFC 5961 challenge ACK rate limiting as implemented
in the Linux kernelβs networking subsystem allowed an off-path attacker to
leak certain information about a given connection by creating congestion on
the global challenge ACK rate limit counter and then measuring the changes
by probing packets. An off-path attacker could use this flaw to either
terminate TCP connection and/or inject payload into non-secured TCP
connection between two endpoints on the network. (CVE-2016-5696, Important)
Red Hat would like to thank Yue Cao from Cyber Security Group in the CS department of University of California, Riverside, for reporting this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2016-August/084202.html
Affected packages:
kernel
kernel-abi-whitelists
kernel-debug
kernel-debug-devel
kernel-devel
kernel-doc
kernel-headers
kernel-tools
kernel-tools-libs
kernel-tools-libs-devel
perf
python-perf
Upstream details at:
https://access.redhat.com/errata/RHSA-2016:1633
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 7 | x86_64 | kernel | <Β 3.10.0-327.28.3.el7 | kernel-3.10.0-327.28.3.el7.x86_64.rpm |
CentOS | 7 | noarch | kernel-abi-whitelists | <Β 3.10.0-327.28.3.el7 | kernel-abi-whitelists-3.10.0-327.28.3.el7.noarch.rpm |
CentOS | 7 | x86_64 | kernel-debug | <Β 3.10.0-327.28.3.el7 | kernel-debug-3.10.0-327.28.3.el7.x86_64.rpm |
CentOS | 7 | x86_64 | kernel-debug-devel | <Β 3.10.0-327.28.3.el7 | kernel-debug-devel-3.10.0-327.28.3.el7.x86_64.rpm |
CentOS | 7 | x86_64 | kernel-devel | <Β 3.10.0-327.28.3.el7 | kernel-devel-3.10.0-327.28.3.el7.x86_64.rpm |
CentOS | 7 | noarch | kernel-doc | <Β 3.10.0-327.28.3.el7 | kernel-doc-3.10.0-327.28.3.el7.noarch.rpm |
CentOS | 7 | x86_64 | kernel-headers | <Β 3.10.0-327.28.3.el7 | kernel-headers-3.10.0-327.28.3.el7.x86_64.rpm |
CentOS | 7 | x86_64 | kernel-tools | <Β 3.10.0-327.28.3.el7 | kernel-tools-3.10.0-327.28.3.el7.x86_64.rpm |
CentOS | 7 | x86_64 | kernel-tools-libs | <Β 3.10.0-327.28.3.el7 | kernel-tools-libs-3.10.0-327.28.3.el7.x86_64.rpm |
CentOS | 7 | x86_64 | kernel-tools-libs-devel | <Β 3.10.0-327.28.3.el7 | kernel-tools-libs-devel-3.10.0-327.28.3.el7.x86_64.rpm |
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.004 Low
EPSS
Percentile
74.7%