logo
DATABASE RESOURCES PRICING ABOUT US

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3657)

Description

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-3657 advisory. - The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context- switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause a denial of service (guest OS crash), or obtain sensitive information by leveraging I/O port access. (CVE-2016-3157) - Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing. (CVE-2016-7117) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.


Related