{"id": "ELSA-2017-0817", "type": "oraclelinux", "bulletinFamily": "unix", "title": "kernel security, bug fix, and enhancement update", "description": "[2.6.32-696.OL6]\n- Update genkey [bug 25599697]\n[2.6.32-696]\n- [net] dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Hannes Frederic Sowa) [1424628] {CVE-2017-6074}\n[2.6.32-695]\n- [block] nvme: Dont poll device being removed (David Milburn) [1422521]\n[2.6.32-694]\n- [fs] posix_acl: Clear SGID bit when setting file permissions (Andreas Grunbacher) [1371252] {CVE-2016-7097}\n- [fs] switch posix_acl_equiv_mode() to umode_t * (Andreas Grunbacher) [1371252] {CVE-2016-7097}\n- [perf] sched latency: Fix thread pid reuse issue (Jiri Olsa) [1400743]\n- [fs] ext4: fix races of writeback with punch hole and zero range (Lukas Czerner) [1394786]\n- [fs] ext4: validate s_reserved_gdt_blocks on mount (Lukas Czerner) [1394786]\n- [fs] ext4: release bh in make_indexed_dir (Lukas Czerner) [1394786]\n- [fs] ext4: reinforce check of i_dtime when clearing high fields of uid and gid (Lukas Czerner) [1394786]\n- [fs] ext4: validate that metadata blocks do not overlap superblock (Lukas Czerner) [1394786]\n- [fs] ext4: short-cut orphan cleanup on error (Lukas Czerner) [1394786]\n- [fs] ext4: fix reference counting bug on block allocation error (Lukas Czerner) [1394786]\n- [fs] ext4: check for extents that wrap around (Lukas Czerner) [1394786]\n- [fs] ext4: silence UBSAN in ext4_mb_init() (Lukas Czerner) [1394786]\n- [fs] ext4: address UBSAN warning in mb_find_order_for_block() (Lukas Czerner) [1394786]\n- [fs] ext4: clean up error handling when orphan list is corrupted (Lukas Czerner) [1394786]\n- [fs] ext4: fix hang when processing corrupted orphaned inode list (Lukas Czerner) [1394786]\n- [fs] jbd2: Fix unreclaimed pages after truncate in data=journal mode (Lukas Czerner) [1394786]\n- [fs] ext4: Fix handling of extended tv_sec (Lukas Czerner) [1394786]\n- [fs] create and use seq_show_option for escaping (Lukas Czerner) [1394786]\n- [fs] ext4: replace open coded nofail allocation in ext4_free_blocks() (Lukas Czerner) [1394786]\n- [fs] ext4: Introduce EFSBADCRC and EFSCORRUPTED error codes (Lukas Czerner) [1394786]\n- [block] ensure request->part is valid (Jeff Moyer) [1416341]\n- [sound] alsa: hda - fix Lewisburg audio issue (Jaroslav Kysela) [1413134]\n[2.6.32-693]\n- [netdrv] sfc: Add efx_nic member with fixed netdev features (Jarod Wilson) [1419396]\n- [netdrv] sfc: Take mac_lock before calling efx_ef10_filter_table_probe (Jarod Wilson) [1419396]\n- [netdrv] sfc: Fix VLAN filtering feature if vPort has VLAN_RESTRICT flag (Jarod Wilson) [1419396]\n- [netdrv] sfc: clean fallbacks between promisc/normal in efx_ef10_filter_sync_rx_mode (Jarod Wilson) [1419396]\n- [netdrv] sfc: support cascaded multicast filters (Jarod Wilson) [1419396]\n- [netdrv] sfc: Make failed filter removal less noisy (Jarod Wilson) [1410750]\n- [netdrv] sfc: re-factor efx_ef10_filter_sync_rx_mode() (Jarod Wilson) [1410750]\n- [netdrv] sfc: refactor debug-or-warnings printks (Jarod Wilson) [1410750]\n- [net] implement netif_cond_dbg macro (Jarod Wilson) [1410750]\n[2.6.32-692]\n- [fs] gfs2: Limit number of transaction blocks requested for truncates (Robert S Peterson) [1401058]\n- [fs] revert 'sunrpc: make AF_LOCAL connect synchronous' (Benjamin Coddington) [1420044]\n[2.6.32-691]\n- [net] tcp: correct memory barrier usage in tcp_check_space() (Oleg Nesterov) [1386136]\n- [fs] epoll: prevent missed events on EPOLL_CTL_MOD (Oleg Nesterov) [1386136]\n- [acpi] acpica: Fix regression in FADT revision checks (Lenny Szubowicz) [1418339]\n- [net] ipv6: stop sending PTB packets for MTU < 1280 (Hannes Frederic Sowa) [1415931] {CVE-2016-10142}\n- [net] fix dst_ops_extend leaks (Sabrina Dubroca) [1399633]\n[2.6.32-690]\n- [drm] core: Do not preserve framebuffer on rmfb, v4 (Rob Clark) [1405267]\n- [scsi] mpt3sas: Fix for block device of raid exists even after deleting raid disk (Tomas Henzl) [1416552]\n[2.6.32-689]\n- [netdrv] be2net: fix initial MAC setting (Ivan Vecera) [1415905]\n[2.6.32-688]\n- [netdrv] sfc: fix missing mc_promisc setting (Jarod Wilson) [1410750]\n[2.6.32-687]\n- [netdrv] sfc: reduce severity of PIO buffer alloc failures (Jarod Wilson) [1410750]\n- [netdrv] sfc: avoid division by zero (Jarod Wilson) [1410750]\n- [netdrv] sfc: Insert multicast filters as well as mismatch filters in promiscuous mode (Jarod Wilson) [1410750]\n- [netdrv] sfc: get timer configuration from adapter (Jarod Wilson) [1410750]\n- [netdrv] sfc: warn if other functions have been reset by MCFW (Jarod Wilson) [1410750]\n- [netdrv] sfc: add output flag decoding to efx_mcdi_set_workaround (Jarod Wilson) [1410750]\n- [netdrv] sfc: get PIO buffer size from the NIC (Jarod Wilson) [1410750]\n- [netdrv] sfc: set interrupt moderation via MCDI (Jarod Wilson) [1410750]\n- [netdrv] sfc: allow asynchronous MCDI without completion function (Jarod Wilson) [1410750]\n- [netdrv] sfc: on MC reset, clear PIO buffer linkage in TXQs (Jarod Wilson) [1410750]\n- [netdrv] sfc: Downgrade EPERM messages from MCDI to debug (Jarod Wilson) [1410750]\n- [netdrv] sfc: cope with ENOSYS from efx_mcdi_get_workarounds() (Jarod Wilson) [1410750]\n- [netdrv] sfc: enable cascaded multicast filters in MCFW (Jarod Wilson) [1410750]\n- [netdrv] sfc: work around TRIGGER_INTERRUPT command not working on SFC9140 (Jarod Wilson) [1410750]\n- [dm] raid: fix transient device failure processing (Mike Snitzer) [1404425]\n[2.6.32-686]\n- [scsi] Add intermediate STARGET_REMOVE state to scsi_target_state (Ewan Milne) [1349623]\n- [scsi] restart list search after unlock in scsi_remove_target (Ewan Milne) [1349623]\n- [powerpc] pci: Support per-aperture memory offset (Laurent Vivier) [1413448]\n- [powerpc] pci: Dont add bogus empty resources to PHBs (Laurent Vivier) [1413448]\n- [mm] mmap.c: fix arithmetic overflow in __vm_enough_memory() (Jerome Marchand) [1413500]\n- [net] ping: check minimum size on ICMP header length (Mateusz Guzik) [1414202] {CVE-2016-8399}\n- [scsi] sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Ewan Milne) [1414823] {CVE-2016-10088 CVE-2016-9576}\n[2.6.32-685]\n- [kernel] ftrace: Do not function trace inlined functions (Pratyush Anand) [1413456]\n- [x86] paravirt: Do not trace _paravirt_ident_*() functions (Pratyush Anand) [1413456]\n- [netdrv] i40e: Fix for long link down notification time (Stefan Assmann) [1414274]\n- [scsi] megaraid_sas: fix done in queue_command (Tomas Henzl) [1415192]\n- [scsi] megaraid: fixes (Tomas Henzl) [1415192]\n- [netdrv] ixgbe: Add support for new X557 device (Ken Cox) [1408509]\n- [netdrv] ixgbe: Add KR backplane support for x550em_a (Ken Cox) [1408509]\n- [netdrv] ixgbe: Add support for SGMII backplane interface (Ken Cox) [1408509]\n- [netdrv] ixgbe: Add support for SFPs with retimer (Ken Cox) [1408509]\n- [netdrv] ixgbe: Introduce function to control MDIO speed (Ken Cox) [1408509]\n- [netdrv] ixgbe: Read and set instance id (Ken Cox) [1408509]\n- [netdrv] ixgbe: Add support for x550em_a 10G MAC type (Ken Cox) [1408509]\n- [netdrv] ixgbe: Use method pointer to access IOSF devices (Ken Cox) [1408509]\n- [netdrv] ixgbe: Add support for single-port X550 device (Ken Cox) [1408509]\n- [netdrv] ixgbe: Clean up interface for firmware commands (Ken Cox) [1408509]\n- [netdrv] ixgbe: Change the lan_id and func fields to a u8 to avoid casts (Ken Cox) [1408509]\n- [netdrv] ixgbe: Fix flow control for Xeon D KR backplane (Ken Cox) [1408509]\n- [netdrv] ixgbe: Make all unchanging ops structures const (Ken Cox) [1408509]\n- [netdrv] ixgbe: Update PTP to support X550EM_x devices (Ken Cox) [1408509]\n- [netdrv] ixgbe: convert to CYCLECOUNTER_MASK macro (Ken Cox) [1408509]\n- [netdrv] ixgbevf: add VF support for new hardware (Ken Cox) [1408507]\n- [netdrv] ixgbevf: Support Windows hosts (Hyper-V) (Ken Cox) [1408507]\n- [netdrv] ixgbevf: Add the device IDs presented while running on Hyper-V (Ken Cox) [1408507]\n- [netdrv] ixgbevf: Move API negotiation function into mac_ops (Ken Cox) [1408507]\n- [x86] tsc: Reset cycle_last after resume from S3/S4 (Lenny Szubowicz) [1406468]\n- [kernel] hung_task: allow hung_task_panic when hung_task_warnings is 0 (Waiman Long) [1410297]\n[2.6.32-684]\n- [s390] kernel/ap: Fix hang condition on crypto card config-off (Hendrik Brueckner) [1413552]\n- [s390] zcrypt: Improved invalid domain response handling (Hendrik Brueckner) [1406389]\n- [infiniband] ucm: Fix bitmap wrap when devnum > IB_UCM_MAX_DEVICES (Slava Shwartsman) [1413476]\n- [netdrv] mlx5e: Copy all L2 headers into inline segment (Kamal Heib) [1408937]\n- [netdrv] be2net: fix MAC addr setting on privileged BE3 VFs (Ivan Vecera) [1406659]\n- [netdrv] be2net: dont delete MAC on close on unprivileged BE3 VFs (Ivan Vecera) [1406659]\n- [netdrv] be2net: fix status check in be_cmd_pmac_add() (Ivan Vecera) [1406659]\n- [acpi] acpica: Tables: Update FADT handling (Lenny Szubowicz) [1408401]\n- [acpi] acpica: ACPI 6.0: Add changes for FADT table (Lenny Szubowicz) [1408401]\n- [acpi] acpica: Basic support for FADT version 5 (Lenny Szubowicz) [1408401]\n- [acpi] acpica: Remove use of unreliable FADT revision field (Lenny Szubowicz) [1408401]\n[2.6.32-683]\n- [netdrv] sfc: include size-binned TX stats on sfn8542q (Jarod Wilson) [1411279]\n- [netdrv] sfc: retrieve second word of datapath capabilities (Jarod Wilson) [1411279]\n- [netdrv] sfc: update MCDI protocol headers (Jarod Wilson) [1411279]\n- [netdrv] sfc: Update MCDI protocol definitions (Jarod Wilson) [1411279]\n- [net] mlx4_en: Fix type mismatch for 32-bit systems (Slava Shwartsman) [1399239]\n- [net] mlx4_en: Resolve dividing by zero in 32-bit system (Slava Shwartsman) [1399239]\n- [netdrv] e1000e: Initial support for KabeLake (Jarod Wilson) [1406917]\n- [netdrv] e1000e: Clear ULP configuration register on ULP exit (Jarod Wilson) [1406917]\n- [netdrv] e1000e: Set HW FIFO minimum pointer gap for non-gig speeds (Jarod Wilson) [1406917]\n- [netdrv] e1000e: Increase PHY PLL clock gate timing (Jarod Wilson) [1406917]\n- [netdrv] e1000e: Increase ULP timer (Jarod Wilson) [1406917]\n- [netdrv] e1000e: initial support for i219-LM (3) (Jarod Wilson) [1406917]\n- [netdrv] be2net: fix unicast list filling (Ivan Vecera) [1408247]\n- [netdrv] be2net: fix accesses to unicast list (Ivan Vecera) [1408247]\n- [netdrv] sfc: Downgrade or remove some error messages (Jarod Wilson) [1410750]\n- [netdrv] be2net: call be_set_uc_list() unconditionally (Ivan Vecera) [1402679]\n- [netdrv] mlx5e: Use hw_features through netdev_extended macro (Kamal Heib) [1385318]\n- [block] nvme: Dont stop kthread while clearing queues (David Milburn) [1399431]\n- [fs] dlm: Fix saving of NULL callbacks (Robert S Peterson) [1264492]\n[2.6.32-682]\n- [x86] kdump: Fix several bound checking error of crashkernel reserving (Baoquan He) [1349069]\n- [x86] kdump: Crashkernel auto reservation failed on large system (Baoquan He) [1349069]\n- [kdump] Fix wrong dmi_present argument in case efi_smbios_addr being used (Dave Young) [1404984]\n- [kdump] Add error check in case dmi_get_system_info return null (Dave Young) [1404984]\n- [netdrv] bnxt_en: Improve the delay logic for firmware response (John Linville) [1406129]\n- [netdrv] bnxt_en: Implement proper firmware message padding (John Linville) [1406129]\n- [netdrv] bnxt_en: Refactor _hwrm_send_message() (John Linville) [1406129]\n- [netdrv] bnxt_en: Fix dmesg log firmware error messages (John Linville) [1406129]\n- [netdrv] bnxt_en: Use firmware provided message timeout value (John Linville) [1406129]\n- [fs] nfs: Allow getattr to also report readdirplus cache hits (Scott Mayhew) [1325766]\n- [fs] nfs: Be more targeted about readdirplus use when doing lookup/revalidation (Scott Mayhew) [1325766]\n- [fs] nfs: Fix a performance regression in readdir (Scott Mayhew) [1325766]\n[2.6.32-681]\n- [net] udplite: fast-path computation of checksum coverage (Hangbin Liu) [1404127]\n- [ata] libata: fix sff host state machine locking while polling (Cathy Avery) [1390972]\n- [ata] libata-sff: use WARN instead of BUG on illegal host state machine state (Cathy Avery) [1390972]\n- [x86] hyperv: Handle unknown NMIs on one CPU when unknown_nmi_panic (Vitaly Kuznetsov) [1400428]\n- [fs] nfsd4: zero op arguments beyond the 8th compound op (J. Bruce Fields) [1409002]\n- [fs] nfsd: fix deadlock secinfo+readdir compound (J. Bruce Fields) [1314505]\n- [fs] nfsd4: fix recovery-dir leak on nfsd startup failure (J. Bruce Fields) [1266405]\n- [x86] Mark Skylake processors with Kaby Lake PCH as unsupported (David Arcari) [1405459]\n- [infiniband] ipoib: Remove cant use GFP_NOIO warning (Slava Shwartsman) [1321529]\n- [netdrv] veth: allow changing the mac address while interface is up (David Arcari) [1402696]\n- [kernel] tracing: Protect tracer flags with trace_types_lock (Steven Rostedt) [1397661]\n- [acpi] acpica: Prevent circular object list in acpi_ns_exec_module_code (Lenny Szubowicz) [1401776]\n- [acpi] acpica: Fix possible memory leak for module-level code execution (Lenny Szubowicz) [1401776]\n- [acpi] acpica: Add additional module-level code support (Lenny Szubowicz) [1401776]\n- [fs] xfs: growfs: use uncached buffers for new headers (Bill ODonnell) [1134314]\n- [fs] xfs: catch invalid negative blknos in _xfs_buf_find() (Bill ODonnell) [1134314]\n- [fs] xfs: fix _xfs_buf_find oops on blocks beyond the filesystem end (Bill ODonnell) [1134314]\n[2.6.32-680]\n- [scsi] be2iscsi: Add checks to validate completions (Maurizio Lombardi) [1397807]\n[2.6.32-679]\n- [mm] Revert 'mm: Fix slab growing out of bound within a cpuset' (Larry Woodman) [1402713]\n- [netdrv] cxgb4: update latest firmware version supported (Sai Vemuri) [1381382]\n- [kernel] audit: correctly record file names with different path name types (Paul Moore) [1305103]\n- [scsi] megaraid_sas: driver version upgrade (Tomas Henzl) [1306457]\n- [scsi] megaraid_sas: Implement the PD Map support for SAS3.5 Generic Megaraid Controllers (Tomas Henzl) [1306457]\n- [scsi] megaraid_sas: ldio_outstanding variable is not decremented in completion path (Tomas Henzl) [1306457]\n- [scsi] megaraid_sas: Enable or Disable Fast path based on the PCI Threshold Bandwidth (Tomas Henzl) [1306457]\n- [scsi] megaraid_sas: Add the Support for SAS3.5 Generic Megaraid Controllers Capabilities (Tomas Henzl) [1306457]\n- [scsi] megaraid_sas: Dynamic Raid Map Changes for SAS3.5 Generic Megaraid Controllers (Tomas Henzl) [1306457]\n- [scsi] megaraid_sas: SAS3.5 Generic Megaraid Controllers Fast Path for RAID 1/10 Writes (Tomas Henzl) [1306457]\n- [scsi] megaraid_sas: SAS3.5 Generic Megaraid Controllers Stream Detection and IO Coalescing (Tomas Henzl) [1306457]\n- [scsi] megaraid_sas: EEDP Escape Mode Support for SAS3.5 Generic Megaraid Controllers (Tomas Henzl) [1306457]\n- [scsi] megaraid_sas: 128 MSIX Support (Tomas Henzl) [1306457]\n- [scsi] megaraid_sas: Add new pci device Ids for SAS3.5 Generic Megaraid Controllers (Tomas Henzl) [1306457]\n[2.6.32-678]\n- [netdrv] RDMA/iw_cxgb4: Fix bar2 virt addr calculation for T4 chips (Sai Vemuri) [1381382]\n- [netdrv] cxgb4: Stop Rx Queues before freeing it up (Sai Vemuri) [1381382]\n- [netdrv] iw_cxgb4 : Added 'Fail' column in debug iw_cxgb4 stats (Sai Vemuri) [1381382]\n- [netdrv] cxgb4: Add info print to display number of MSI-X vectors allocated (Sai Vemuri) [1381382]\n- [netdrv] iwpm: crash fix for large connections test (Sai Vemuri) [1381382]\n- [netdrv] cxgb4/cxgb4vf : Use vlan_gro_frags_gr() for VLANs (Sai Vemuri) [1381382]\n- [netdrv] cxgb4vf : Using RHEL6 provided napi_gro_frags_gr() API which returns (enum gro_result) values (Sai Vemuri) [1381382]\n- [serial] 8250_pci: Detach low-level driver during PCI error recovery (Gustavo Duarte) [1400508]\n- [drm] reservation: Remove shadowing local variable 'ret' (Rob Clark) [1398084]\n- [net] sctp: validate chunk len before actually using it (Hangbin Liu) [1399457] {CVE-2016-9555}\n- [net] ipv6: add mtu lock check in __ip6_rt_update_pmtu (Xin Long) [1397295]\n- [net] Reduce queue allocation to one in kdump kernel (Sai Vemuri) [1321315]\n- [netdrv] cxgb4: Force cxgb4 driver as MASTER in kdump kernel (Sai Vemuri) [1321315]\n[2.6.32-677]\n- [netdrv] cxgb4 : Add cxgb4 T4/T5 firmware version 1.15.37.0 (Sai Vemuri) [1349112]\n- [netdrv] be2net: fix locking (Ivan Vecera) [1397915]\n- [perf] tools: Initialize reference counts in map__clone() (Jiri Olsa) [1359100]\n- [perf] tools: Replace map->referenced & maps->removed_maps with map->refcnt (Jiri Olsa) [1359100]\n- [md] raid10: add rcu protection to rdev access in raid10_sync_request (Xiao Ni) [1395048]\n- [md] raid10: add rcu protection in raid10_status (Xiao Ni) [1395048]\n- [md] raid10: fix refounct imbalance when resyncing an array with a replacement device (Xiao Ni) [1395048]\n- [netdrv] qlcnic: add wmb() call in transmit data path (Harish Patil) [1342659]\n- [x86] ACPI: add dynamic_debug support (Prarit Bhargava) [1252674]\n- [mm] hugetlb: fix huge_pte_alloc BUG_ON (Dave Anderson) [1397250]\n[2.6.32-676]\n- [scsi] megaraid_sas: driver version upgrade (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: add in missing white spaces in error messages text (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: Do not set MPI2_TYPE_CUDA for JBOD FP path for FW which does not support JBOD sequence map (Tomas Henzl) [1397873]\n- [scsi] megaraid_sas: Send SYNCHRONIZE_CACHE for VD to firmware (Tomas Henzl) [1392499]\n- [scsi] megaraid_sas: Do not fire DCMDs during PCI shutdown/detach (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: Send correct PhysArm to FW for R1 VD downgrade (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: For SRIOV enabled firmware, ensure VF driver waits for 30secs before reset (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: Fix data integrity failure for JBOD (passthrough) devices (Tomas Henzl) [1392499]\n- [scsi] megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression (Tomas Henzl) [1392499]\n- [scsi] megaraid_sas: clean function declarations in megaraid_sas_base.c up (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: add in missing white space in error message text (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: Fix the search of first memory bar (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: Use memdup_user() rather than duplicating its implementation (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: Fix probing cards without io port (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: Downgrade two success messages to info (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: driver version upgrade (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: task management code optimizations (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: call ISR function to clean up pending replies in OCR path (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: reduce memory footprints in kdump mode (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: add missing curly braces in ioctl handler (Tomas Henzl) [1396567]\n- [scsi] mpt3sas: Bump driver version as '14.101.00.00' (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Fix for Endianness issue (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Use the new MPI 2.6 32-bit Atomic Request Descriptors for SAS35 devices (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: set EEDP-escape-flags for SAS35 devices (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Increased/Additional MSIX support for SAS35 devices (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Added Device IDs for SAS35 devices and updated MPI header (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Dont spam logs if logging level is 0 (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Fix warnings exposed by W=1 (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Eliminate dead sleep_flag code (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Eliminate conditional locking in mpt3sas_scsih_issue_tm() (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Ensure the connector_name string is NUL-terminated (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Bump driver version as '14.100.00.00' (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Remove unused macro 'MPT_DEVICE_TLR_ON' (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Implement device_remove_in_progress check in IOCTL path (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Fix for incorrect numbers for MSIX vectors enabled when non RDPQ card is enumerated first (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Fix for improper info displayed in var log, while blocking or unblocking the device (Tomas Henzl) [1306469]\n- [net] increase xmit RECURSION_LIMIT to 10 (Sabrina Dubroca) [1392660]\n- [net] add a recursion limit in xmit path (Sabrina Dubroca) [1392660]\n- [net] netfilter: ebtables: put module reference when an incorrect extension is found (Sabrina Dubroca) [1390061]\n- [net] netfilter: ebtables: Fix extension lookup with identical name (Sabrina Dubroca) [1390061]\n- [net] ipv6: ipv6_find_hdr restore prev functionality (Paolo Abeni) [1392975]\n[2.6.32-675]\n- [kernel] audit: fix a double fetch in audit_log_single_execve_arg() (Paul Moore) [1359304] {CVE-2016-6136}\n- [fs] nfs: Kill fscache warnings when mounting without -ofsc (David Howells) [1353844]\n- [fs] nfs: Fix a compile issue when CONFIG_NFS_FSCACHE was undefined (David Howells) [1353844]\n- [fs] nfs: Dont pass mount data to nfs_fscache_get_super_cookie() (David Howells) [1353844]\n- [fs] dlm: Dont save callbacks after accept (Robert S Peterson) [1264492]\n- [fs] dlm: Save and restore socket callbacks properly (Robert S Peterson) [1264492]\n- [fs] dlm: Replace nodeid_to_addr with kernel_getpeername (Robert S Peterson) [1264492]\n- [fs] dlm: print kernel message when we get an error from kernel_sendpage (Robert S Peterson) [1264492]\n- [fs] nfsd: handle fileid wraparound (Dave Wysochanski) [1397552]\n- [hv] storvsc: Payload buffer incorrectly sized for 32 bit kernels (Cathy Avery) [1394756]\n- [fs] xfs: fix unbalanced inode reclaim flush locking (Brian Foster) [1384564]\n- [scsi] hpsa: correct logical resets (Joseph Szczypek) [1083110]\n- [scsi] hpsa: generate a controller NMI (Joseph Szczypek) [1083110]\n- [scsi] hpsa: update driver version to 3.4.10-0-RH3 (Joseph Szczypek) [1083110]\n- [scsi] hpsa: Check for null devices in ioaccel submission patch (Joseph Szczypek) [1083110]\n- [scsi] hpsa: check for null device pointers (Joseph Szczypek) [1083110]\n- [scsi] hpsa: correct skipping masked peripherals (Joseph Szczypek) [1083110]\n- [scsi] hpsa: generalize external arrays (Joseph Szczypek) [1083110]\n- [scsi] vmw_pvscsi: return SUCCESS for successful command aborts (Ewan Milne) [1372465]\n[2.6.32-674]\n- [fs] ext4: fix extent tree corruption caused by hole punch (Lukas Czerner) [1351798]\n- [x86] Mark Intel Purley supported (Steve Best) [1271866]\n- [pnp] Prevent attaching to ACPI IPMI device (Charles Rose) [857150]\n[2.6.32-673]\n- [netdrv] ehea: fix operation state report (Gustavo Duarte) [1089134]\n- [block] nvme: Always use MSI/MSI-x interrupts (David Milburn) [1372023]\n- [fs] aio: aio_nr decrements dont need to be delayed (Jiri Olsa) [1386216]\n- [fs] aio: dont bother with async freeing on failure in ioctx_alloc() (Jiri Olsa) [1386216]\n- [fs] epoll: ep_unregister_pollwait() can use the freed pwq->whead (Lauro Ramos Venancio) [1392372]\n- [fs] epoll: introduce POLLFREE to flush ->signalfd_wqh before kfree() (Lauro Ramos Venancio) [1392372]\n[2.6.32-672]\n- [sched] Fix rq->nr_uninterruptible update race (Aaron Tomlin) [1377292]\n- [security] keys: Fix short sprintf buffer in /proc/keys show function (Frantisek Hrbata) [1375208] {CVE-2016-7042}\n- [net] bridge: fix switched interval for MLD Query types (Hangbin Liu) [1392327]\n- [net] netfilter: ipv6: move POSTROUTING invocation before fragmentation (Eric Garver) [1391240]\n- [net] Fix use after free in the recvmmsg exit path (Davide Caratti) [1390046] {CVE-2016-7117}\n- [net] vlan: Propagate MAC address to VLANs (Jarod Wilson) [1381585]\n- [net] tcp: fix use after free in tcp_xmit_retransmit_queue() (Mateusz Guzik) [1379529] {CVE-2016-6828}\n- [net] netfilter: x_tables: check for bogus target offset (Mateusz Guzik) [1351422] {CVE-2016-4998}\n- [net] netfilter: x_tables: validate e->target_offset early (Mateusz Guzik) [1351422] {CVE-2016-4998}\n- [net] netfilter: x_tables: make sure e->next_offset covers remaining blob size (Mateusz Guzik) [1351422] {CVE-2016-4998}\n- [net] tcp: enable per-socket rate limiting of all 'challenge acks' (Florian Westphal) [1388287]\n- [net] tcp: uninline tcp_oow_rate_limited() (Florian Westphal) [1388287]\n- [net] tcp: mitigate ACK loops for connections as tcp_timewait_sock (Florian Westphal) [1388287]\n- [net] tcp: mitigate ACK loops for connections as tcp_sock (Florian Westphal) [1388287]\n- [net] tcp: mitigate ACK loops for connections as tcp_request_sock (Florian Westphal) [1388287]\n- [net] tcp: helpers to mitigate ACK loops by rate-limiting out-of-window dupacks (Florian Westphal) [1388287]\n- [net] ipv6: Dont change dst->flags using assignments (Marcelo Leitner) [1389478]\n- [scsi] megaraid-sas: request irqs later (Tomas Henzl) [1385088]\n[2.6.32-671]\n- [perf] list: Fix rNNNN list output to appear only once (Jiri Olsa) [1291256 1374411]\n- [perf] symbols: Check kptr_restrict for root (Jiri Olsa) [1291256 1374411]\n- [fs] SUNRPC: Fix a regression when reconnecting (Benjamin Coddington) [1323801]\n- [fs] SUNRPC: Clear the request rq_bytes_sent field in xprt_release_write (Benjamin Coddington) [1323801]\n- [fs] SUNRPC: Lock the transport layer on shutdown (Benjamin Coddington) [1323801]\n- [virt] kvm: x86 emulator: implement IMUL REG, R/M (opcode 0F AF) (Radim Krcmar) [1313468]\n- [virt] kvm: x86 emulator: implement IMUL REG, R/M, IMM (opcode 69) (Radim Krcmar) [1313468]\n- [virt] kvm: x86 emulator: implement IMUL REG, R/M, imm8 (opcode 6B) (Radim Krcmar) [1313468]\n- [virt] kvm: x86 emulator: Use a register for ____emulate_2op() destination (Radim Krcmar) [1313468]\n- [virt] kvm: x86 emulator: pass destination type to ____emulate_2op() (Radim Krcmar) [1313468]\n- [virt] kvm: x86 emulator: add Src2Imm decoding (Radim Krcmar) [1313468]\n- [virt] kvm: x86 emulator: consolidate immediate decode into a function (Radim Krcmar) [1313468]\n- [hv] netvsc: fix incorrect receive checksum offloading (Vitaly Kuznetsov) [1388701]\n- [hv] do not lose pending heartbeat vmbus packets (Vitaly Kuznetsov) [1378614]\n- [hv] vmbus: Fix signaling logic in hv_need_to_signal_on_read() (Vitaly Kuznetsov) [1319054]\n- [hv] vmbus: Eliminate the spin lock on the read path (Vitaly Kuznetsov) [1319054]\n- [hv] ring_buffer: eliminate hv_ringbuffer_peek() (Vitaly Kuznetsov) [1319054]\n- [hv] remove code duplication between vmbus_recvpacket()/vmbus_recvpacket_raw() (Vitaly Kuznetsov) [1319054]\n- [hv] ring_buffer: remove code duplication from hv_ringbuffer_peek/read() (Vitaly Kuznetsov) [1319054]\n- [hv] ring_buffer.c: fix comment style (Vitaly Kuznetsov) [1319054]\n- [hv] netvsc: set nvdev link after populating chn_table (Vitaly Kuznetsov) [1320094 1335926]\n- [hv] netvsc: synchronize netvsc_change_mtu()/netvsc_set_channels() with netvsc_remove() (Vitaly Kuznetsov) [1320094 1335926]\n- [hv] netvsc: get rid of struct net_device pointer in struct netvsc_device (Vitaly Kuznetsov) [1320094 1335926]\n- [hv] netvsc: untangle the pointer mess (Vitaly Kuznetsov) [1320094 1335926]\n- [hv] netvsc: use start_remove flag to protect netvsc_link_change() (Vitaly Kuznetsov) [1320094 1335926]\n- [hv] netvsc: move start_remove flag to net_device_context (Vitaly Kuznetsov) [1320094 1335926]\n- [hv] netvsc: Move subchannel waiting to rndis_filter_device_remove() (Vitaly Kuznetsov) [1320094 1335926]\n- [hv] netvsc: Wait for sub-channels to be processed during probe (Vitaly Kuznetsov) [1320094 1335926]\n- [hv] netvsc: Properly size the vrss queues (Vitaly Kuznetsov) [1320094 1335926]\n- [hv] netvsc: Add close of RNDIS filter into change mtu call (Vitaly Kuznetsov) [1320094 1335926]\n- [hv] hv_netvsc: Add support to set MTU reservation from guest side (Vitaly Kuznetsov) [1352105]\n- [perf] probe: Clear probe_trace_event when add_probe_trace_event() fails (Jiri Olsa) [1291510]\n- [perf] probe: Move ftrace probe-event operations to probe-file.c (Jiri Olsa) [1291510]\n- [block] loop: fix comment typo in loop_config_discard (Lukas Czerner) [818597]\n- [block] loop: Limit the number of requests in the bio list (Lukas Czerner) [818597]\n- [fs] ext4: optimize test_root() (Lukas Czerner) [1236047]\n- [fs] ext4: verify group number in verify_group_input() before using it (Lukas Czerner) [1236047]\n- [fs] nfsd: use short read as well as i_size to set eof (Benjamin Coddington) [1302415]\n- [fs] xfs: xfs_alloc_fix_minleft can underflow near ENOSPC (Carlos Maiolino) [1259493]\n- [fs] xfs: Fix rounding in xfs_alloc_fix_len() (Carlos Maiolino) [1259493]\n- [fs] jbd: dont BUG but return ENOSPC if a handle runs out of space (Lukas Czerner) [1291015]\n- [fs] jbd2: dont BUG but return ENOSPC if a handle runs out of space (Lukas Czerner) [1291015]\n[2.6.32-670]\n- [powerpc] ppc64: Fix incorrect return value from __copy_tofrom_user (Gustavo Duarte) [1387243]\n- [misc] hpilo: Changes to support new security states in iLO5 FW (Joseph Szczypek) [1376584]\n- [misc] hpilo: Change e-mail address from hp.com to hpe.com (Joseph Szczypek) [1376584]\n- [misc] hpilo: cleanup hpilo (Joseph Szczypek) [1376584]\n- [mm] memory_hotplug.c: change normal message to use pr_debug (Jeremy McNicoll) [1255272]\n- [acpi] mem_hotplug: set memory info correctly when problems forcing mem online (Jeremy McNicoll) [1255272]\n- [fs] bio: Need to free integrity payload if the split bio gets memory by itself (Xiao Ni) [1268434]\n- [md] add rdev reference for super write (Xiao Ni) [1365718]\n- [netdrv] rtlwifi: fix memory leak for USB device (Stanislaw Gruszka) [1364597]\n- [fs] NFSv4: Fix a use-after-free situation in _nfs4_proc_getlk() (Benjamin Coddington) [1353272]\n- [drm] nouveau/kms: take mode_config mutex in connector hotplug path (Ben Skeggs) [1349978]\n- [kernel] clocksource: Defer override invalidation unless clock is unstable (Prarit Bhargava) [1356231]\n- [kernel] clocksource: Reselect clocksource when watchdog validated high-res capability (Prarit Bhargava) [1356231]\n- [fs] nfs4: clnt: respect noresvport when establishing connections to DSes (Benjamin Coddington) [1346041]\n- [fs] nfs: Add nfs_client behavior flags (Benjamin Coddington) [1346041]\n- [block] fix /proc/diskstats in-flight - kABI workaround (Jerome Marchand) [1273339 1306879]\n- [block] add internal hd part table references (Jerome Marchand) [1273339 1306879]\n- [block] fix accounting bug on cross partition merges (Jerome Marchand) [1273339 1306879]\n- [block] kref: add kref_test_and_get (Jerome Marchand) [1273339 1306879]\n- [block] Revert 'block: fix accounting bug on cross partition merges' (Jerome Marchand) [1273339 1306879]\n- [perf] thread: Fix reference count initial state (Jiri Olsa) [1359100]\n- [perf] tools: Reference count struct map (Jiri Olsa) [1359100]\n- [perf] tools: Check if a map is still in use when deleting it (Jiri Olsa) [1359100]\n- [perf] tools: Protect accesses the map rbtrees with a rw lock (Jiri Olsa) [1359100]\n- [perf] tools: Introduce struct maps (Jiri Olsa) [1359100]\n- [perf] tools: Assign default value for some pointers (Jiri Olsa) [1359100]\n- [perf] tools: Use maps__first()/map__next() (Jiri Olsa) [1359100]\n- [perf] tools: Leave DSO destruction to the map destruction (Jiri Olsa) [1359100]\n- [perf] machine: Mark removed threads as such (Jiri Olsa) [1359100]\n- [perf] tools: Import rb_erase_init from block/ in the kernel sources (Jiri Olsa) [1359100]\n- [perf] tools: Nuke unused map_groups__flush() (Jiri Olsa) [1359100]\n- [perf] tools: Remove redundant initialization of thread linkage members (Jiri Olsa) [1359100]\n- [perf] tools: Rename maps__next (Jiri Olsa) [1359100]\n- [perf] machine: Do not call map_groups__delete(), drop refcnt instead (Jiri Olsa) [1359100]\n- [perf] hists: Rename add_hist_entry to hists__findnew_entry (Jiri Olsa) [1359100]\n- [perf] tools: Use atomic.h for the map_groups refcount (Jiri Olsa) [1359100]\n- [perf] tests: Fix map_groups refcount test (Jiri Olsa) [1359100]\n- [perf] machine: No need to keep a refcnt for last_match (Jiri Olsa) [1359100]\n- [perf] tests: Show refcounting broken expectations in thread-mg-share test (Jiri Olsa) [1359100]\n- [perf] machine: Protect the machine->threads with a rwlock (Jiri Olsa) [1359100]\n- [video] efifb: prevent null-deref when iterating dmi_list (Rob Clark) [1360982]\n- [video] configs: updates for fb backport (Rob Clark) [1360982]\n- [video] fbdev: efifb: bind to efi-framebuffer (Rob Clark) [1360982]\n- [video] fbdev: vesafb: bind to platform-framebuffer device (Rob Clark) [1360982]\n- [video] fbdev: simplefb: add common x86 RGB formats (Rob Clark) [1360982]\n- [video] x86: sysfb: move EFI quirks from efifb to sysfb (Rob Clark) [1360982]\n- [video] x86: provide platform-devices for boot-framebuffers (Rob Clark) [1360982]\n- [video] fbdev: simplefb: mark as fw and allocate apertures (Rob Clark) [1360982]\n- [video] fbdev: simplefb: add init through platform_data (Rob Clark) [1360982]\n- [video] drivers/video: implement a simple framebuffer driver (Rob Clark) [1360982]\n- [video] vesafb: fix memory leak (Rob Clark) [1360982]\n- [video] uvesafb,vesafb: create WC or WB PAT-entries (Rob Clark) [1360982]\n- [video] vesafb: fix comment a typo (Rob Clark) [1360982]\n- [video] vesafb: use platform_driver_probe() instead of platform_driver_register() (Rob Clark) [1360982]\n- [video] efifb: Fix call to wrong unregister function (Rob Clark) [1360982]\n- [video] efifb: Disallow manual bind and unbind (Rob Clark) [1360982]\n- [video] efifb: Fix mismatched request/release_mem_region (Rob Clark) [1360982]\n- [video] efifb: fix int to pointer cast warning (Rob Clark) [1360982]\n- [video] efifb: Add override for 11 Macbook Air 3,1 (Rob Clark) [1360982]\n- [video] efifb: Support overriding fields FW tells us with the DMI data (Rob Clark) [1360982]\n- [video] efifb: support AMD Radeon HD 6490 (Rob Clark) [1360982]\n- [video] efifb: support the EFI framebuffer on more Apple hardware (Rob Clark) [1360982]\n- [video] efifb: check that the base address is plausible on pci systems (Rob Clark) [1360982]\n- [video] drivers/video/efifb.c: support framebuffer for NVIDIA 9400M in MacBook Pro 5, 1 (Rob Clark) [1360982]\n[2.6.32-669]\n- [netdrv] sfc: fix potential stack corruption from running past stat bitmask (Jarod Wilson) [1374067]\n- [netdrv] cxgb4: Enable SR-IOV configuration via PCI sysfs interface (Sai Vemuri) [1222751]\n- [netdrv] bnx2x: dont wait for Tx completion on recovery (Michal Schmidt) [1300681]\n- [pm] hibernate: Only crash if necessary in create/free_basic_memory_bitmaps() (Jerry Snitselaar) [1374378]\n- [netdrv] ixgbe: add WoL support for some 82599 subdevice IDs (Ken Cox) [1316845]\n- [kernel] cgroup: improve old cgroup handling in cgroup_attach_proc() (Lauro Ramos Venancio) [1372085]\n- [watchdog] hpwdt: add support for iLO5 (Linda Knippers) [1382496]\n- [watchdog] hpwdt: HP rebranding (Linda Knippers) [1388170]\n- [documentation] Fix hpwdt documentation to match RHEL6 (Linda Knippers) [1388170]\n- [acpi] acpica: Fix for a Store->ArgX when ArgX contains a reference to a field (Lenny Szubowicz) [1324697]\n- [acpi] acpica: Standardize all switch() blocks (Lenny Szubowicz) [1324697]\n- [acpi] acpica: Interpreter: Fix Store() when implicit conversion is not possible (Lenny Szubowicz) [1324697]\n- [fs] backing-dev: fix wakeup timer races with bdi_unregister() (Jeff Moyer) [1111683]\n- [fs] backing-dev: ensure wakeup_timer is deleted (Jeff Moyer) [1111683]\n- [fs] writeback: Fix lost wake-up shutting down writeback thread (Jeff Moyer) [1111683]\n- [fs] writeback: do not lose wakeup events when forking bdi threads (Jeff Moyer) [1111683]\n- [fs] writeback: fix bad _bh spinlock nesting (Jeff Moyer) [1111683]\n- [fs] writeback: cleanup bdi_register (Jeff Moyer) [1111683]\n- [fs] writeback: remove unnecessary init_timer call (Jeff Moyer) [1111683]\n- [fs] writeback: optimize periodic bdi thread wakeups (Jeff Moyer) [1111683]\n- [fs] writeback: prevent unnecessary bdi threads wakeups (Jeff Moyer) [1111683]\n- [fs] writeback: move bdi threads exiting logic to the forker thread (Jeff Moyer) [1111683]\n- [fs] writeback: restructure bdi forker loop a little (Jeff Moyer) [1111683]\n- [fs] writeback: move last_active to bdi (Jeff Moyer) [1111683]\n- [fs] writeback: do not remove bdi from bdi_list (Jeff Moyer) [1111683]\n- [fs] writeback: simplify bdi code a little (Jeff Moyer) [1111683]\n- [fs] writeback: do not lose wake-ups in bdi threads (Jeff Moyer) [1111683]\n- [fs] writeback: do not lose wake-ups in the forker thread - 2 (Jeff Moyer) [1111683]\n- [fs] writeback: do not lose wake-ups in the forker thread - 1 (Jeff Moyer) [1111683]\n- [fs] writeback: fix possible race when creating bdi threads (Jeff Moyer) [1111683]\n- [fs] writeback: harmonize writeback threads naming (Jeff Moyer) [1111683]\n- [fs] writeback: merge bdi_writeback_task and bdi_start_fn (Jeff Moyer) [1111683]\n- [fs] writeback: bdi_writeback_task() must set task state before calling schedule() (Jeff Moyer) [1111683]\n- [fs] writeback: remove wb_list (Jeff Moyer) [1111683]\n- [s390] zfcp: close window with unblocked rport during rport gone (Hendrik Brueckner) [1383980]\n- [s390] zfcp: fix ELS/GS request&response length for hardware data router (Hendrik Brueckner) [1383981]\n- [s390] zfcp: fix fc_host port_type with NPIV (Hendrik Brueckner) [1383982]\n- [s390] zcrypt: toleration of new crypto adapter hardware with type 12 (Hendrik Brueckner) [1344041]\n- [s390] time: LPAR offset handling (Hendrik Brueckner) [1381564]\n- [s390] time: move PTFF definitions (Hendrik Brueckner) [1381564]\n- [scsi] libfc: Dont have fc_exch_find log errors on a new exchange (Chris Leech) [1368175]\n- [scsi] libfc: Revert: use offload EM instance again (Chris Leech) [1383078]\n- [scsi] libfc: dont advance state machine for incoming FLOGI (Chris Leech) [1368175]\n- [scsi] libfc: Do not login if the port is already started (Chris Leech) [1368175]\n- [scsi] libfc: Do not drop down to FLOGI for fc_rport_login() (Chris Leech) [1368175]\n- [scsi] libfc: Do not take rdata->rp_mutex when processing a (Chris Leech) [1368175]\n- [scsi] libfc: Fixup disc_mutex handling (Chris Leech) [1368175]\n- [scsi] libfc: Revisit kref handling (Chris Leech) [1368175]\n- [scsi] fcoe: Stop fc_rport_priv structure leak (Chris Leech) [1368175]\n- [scsi] libfc: do not send ABTS when resetting exchanges (Chris Leech) [1368175]\n- [scsi] libfc: reset exchange manager during LOGO handling (Chris Leech) [1368175]\n- [scsi] libfc: send LOGO for PLOGI failure (Chris Leech) [1368175]\n- [scsi] libfc: Issue PRLI after a PRLO has been received (Chris Leech) [1368175]\n- [scsi] libfc: fix seconds_since_last_reset calculation (Chris Leech) [1368175]\n- [scsi] libfc: Update rport reference counting (Chris Leech) [1368175]\n- [scsi] libfc: XenServer fails to mount root filesystem (Chris Leech) [1368175]\n[2.6.32-668]\n- [netdrv] mlx5e: Fix minimum MTU (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx5e: Devices mtu field is u16 and not int (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_en: Fix endianness bug in IPV6 csum calculation (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_core: Allow resetting VF admin mac to zero (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx5e: Correctly handle RSS indirection table when changing number of channels (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx5e: Fix ethtool RX hash func configuration change (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx5e: Fix LRO modify (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx5e: Remove wrong poll CQ optimization (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_core: Do not BUG_ON during reset when PCI is offline (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_en: Count HW buffer overrun only once (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx5: Fix RC transport send queue overhead computation (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: fix some error handling in mlx4_multi_func_init() (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Remove unused macro (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Initialize hop_limit when creating address handle (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx5: Expose correct maximum number of CQE capacity (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Replace kfree with kvfree in mlx4_ib_destroy_srq (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_core: fix handling return value of mlx4_slave_convert_port (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Use vmalloc for WR buffers when needed (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Use correct order of variables in log message (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Expose correct max_sge_rd limit (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_core: Avoid returning success in case of an error flow (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_core: Replace VF zero mac with random mac in mlx4_core (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_core: Fix resource tracker error flow in add_res_range (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Copy/set only sizeof struct mlx4_eqe bytes (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_en: really allow to change RSS key (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx5: Fix incorrect wc pkey_index assignment for GSI messages (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Fix incorrect cq flushing in error state (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Use correct SL on AH query under RoCE (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Forbid using sysfs to change RoCE pkeys (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Demote mcg message from warning to debug (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Fix potential deadlock when sending mad to wire (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4, mlx5, mthca: Expose max_sge_rd correctly (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_core: Add extra check for total vfs for SRIOV (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_en: Remove BUG_ON assert when checking if ring is full (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_core: Relieve cpu load average on the port sending flow (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_core: Fix wrong index in propagating port change event to VFs (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Fix memory leak in do_slave_init (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Disable HA for SRIOV PF RoCE devices (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_en: Release TX QP when destroying TX ring (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_core: Disable Granular QoS per VF under IB/Eth VPI configuration (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_core: fix typo in mlx4_set_vf_mac (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_core: need to call close fw if alloc icm is called twice (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_core: double free of dev_vfs (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] bnx2x: dont reset chip on cleanup if PCI function is offline (Michal Schmidt) [1386199]\n- [netdrv] bnx2x: allow adding VLANs while interface is down (Michal Schmidt) [1386199]\n- [netdrv] bnx2x: avoid leaking memory on bnx2x_init_one() failures (Michal Schmidt) [1386199]\n- [netdrv] bnx2x: Prevent false warning for lack of FC NPIV (Michal Schmidt) [1386199]\n- [netdrv] bnx2x: fix receive of VF->PF mailbox messages by the PF on big-endian (Michal Schmidt) [1386199]\n- [netdrv] bnx2x: fix sending VF->PF messages on big-endian (Michal Schmidt) [1386199]\n- [netdrv] bnx2x: Fix 84833 phy command handler (Michal Schmidt) [1386199]\n- [netdrv] bnx2x: Fix led setting for 84858 phy (Michal Schmidt) [1386199]\n- [netdrv] bnx2x: Correct 84858 PHY fw version (Michal Schmidt) [1386199]\n- [netdrv] bnx2x: Fix 84833 RX CRC (Michal Schmidt) [1386199]\n- [netdrv] bnx2x: Fix link-forcing for KR2 (Michal Schmidt) [1386199]\n- [netdrv] bnx2x: Warn about grc timeouts in register dump (Michal Schmidt) [1386199]\n- [netdrv] be2net: Enable VF link state setting for BE3 (Ivan Vecera) [1347812]\n- [netdrv] be2net: Fix TX stats for TSO packets (Ivan Vecera) [1347812]\n- [netdrv] be2net: NCSI FW section should be properly updated with ethtool for BE3 (Ivan Vecera) [1347812]\n- [netdrv] be2net: Provide an alternate way to read pf_num for BEx chips (Ivan Vecera) [1347812]\n- [netdrv] be2net: Fix mac address collision in some configurations (Ivan Vecera) [1347812]\n- [netdrv] be2net: Avoid redundant addition of mac address in HW (Ivan Vecera) [1347812]\n- [netdrv] be2net: Add privilege level check for OPCODE_COMMON_GET_EXT_FAT_CAPABILITIES SLI cmd (Ivan Vecera) [1347812]\n- [netdrv] be2net: Issue COMMON_RESET_FUNCTION cmd during driver unload (Ivan Vecera) [1347812]\n- [netdrv] be2net: Support UE recovery in BEx/Skyhawk adapters (Ivan Vecera) [1347812]\n- [netdrv] be2net: replace polling with sleeping in the FW completion path (Ivan Vecera) [1347812]\n- [netdrv] be2net: do not remove vids from driver table if be_vid_config() fails (Ivan Vecera) [1347812]\n- [netdrv] be2net: clear vlan-promisc setting before programming the vlan list (Ivan Vecera) [1347812]\n- [netdrv] be2net: perform temperature query in adapter regardless of its interface state (Ivan Vecera) [1347812]\n- [netdrv] be2net: Fix broadcast echoes from EVB in BE3 (Ivan Vecera) [1347812]\n- [netdrv] be2net: fix definition of be_max_eqs() (Ivan Vecera) [1347812]\n- [netdrv] be2net: Fix provisioning of RSS for VFs in multi-partition configurations (Ivan Vecera) [1347812]\n- [netdrv] be2net: Enable Wake-On-LAN from shutdown for Skyhawk (Ivan Vecera) [1347812]\n- [netdrv] be2net: use max-TXQs limit too while provisioning VF queue pairs (Ivan Vecera) [1347812]\n- [netdrv] benet: be_resume needs to protect be_open with rtnl_lock (Ivan Vecera) [1347812]\n- [netdrv] be2net: Dont leak iomapped memory on removal (Ivan Vecera) [1347812]\n- [netdrv] be2net: Fix a UE caused by passing large frames to the ASIC (Ivan Vecera) [1347812]\n- [netdrv] be2net: Fix pcie error recovery in case of NIC+RoCE adapters (Ivan Vecera) [1347812]\n- [netdrv] be2net: Interpret and log new data thats added to the port misconfigure async event (Ivan Vecera) [1347812]\n- [netdrv] be2net: Request RSS capability of Rx interface depending on number of Rx rings (Ivan Vecera) [1347812]\n- [netdrv] be2net: Fix interval calculation in interrupt moderation (Ivan Vecera) [1347812]\n- [netdrv] be2net: Add retry in case of error recovery failure (Ivan Vecera) [1347812]\n- [netdrv] be2net: Fix Lancer error recovery (Ivan Vecera) [1347812]\n- [netdrv] be2net: Dont run ethtool self-tests for VFs (Ivan Vecera) [1347812]\n- [netdrv] be2net: SRIOV Queue distribution should factor in EQ-count of VFs (Ivan Vecera) [1347812]\n- [netdrv] be2net: Fix be_vlan_rem_vid() to check vlan id being removed (Ivan Vecera) [1347812]\n- [netdrv] be2net: check for INSUFFICIENT_PRIVILEGES error (Ivan Vecera) [1347812]\n- [netdrv] be2net: return error status from be_set_phys_id() (Ivan Vecera) [1347812]\n- [netdrv] be2net: fix port-res desc query of GET_PROFILE_CONFIG FW cmd (Ivan Vecera) [1347812]\n- [netdrv] be2net: fix VF link state transition from disabled to auto (Ivan Vecera) [1347812]\n- [netdrv] bnx2: fix locking when netconsole is used (Ivan Vecera) [1291369]\n- [netdrv] tg3: Avoid NULL pointer dereference in tg3_io_error_detected() (Ivan Vecera) [1347828]\n- [netdrv] tg3: Fix for disallow tx coalescing time to be 0 (Ivan Vecera) [1347828]\n- [netdrv] tg3: Report the correct number of RSS queues through tg3_get_rxnfc (Ivan Vecera) [1347828]\n- [netdrv] tg3: Fix for diasllow rx coalescing time to be 0 (Ivan Vecera) [1347828]\n- [netdrv] net: tg3: avoid uninitialized variable warning (Ivan Vecera) [1347828]\n- [net] ipv6: restrict hop_limit sysctl setting to range (1; 255) (Paolo Abeni) [1314305]\n- [net] ipv4: add limits to ip_default_ttl (Paolo Abeni) [1314305]\n- [net] route: enforce hoplimit max value (Paolo Abeni) [1313899]\nfor userland (Sabrina Dubroca) [1317697]\n- [net] sctp: use the same clock as if sock source timestamps were on (Xin Long) [1334561]\n- [net] sctp: update the netstamp_needed counter when copying sockets (Xin Long) [1334561]\n- [net] sctp: fix the transports round robin issue when init is retransmitted (Xin Long) [1312728]\n- [net] pppoe: fix memory corruption in padt work structure (Beniamino Galvani) [1317900]\n- [net] pppoe: drop pppoe device in pppoe_unbind_sock_work (Beniamino Galvani) [1317900]\n- [net] pppoe: Use workqueue to die properly when a PADT is received (Beniamino Galvani) [1317900]\n- [net] ipv6: Skip XFRM lookup if dst_entry in socket cache is valid (Jakub Sitnicki) [1327680]\n- [net] ipv6: Consolidate route lookup sequences (Jakub Sitnicki) [1327680]\n- [net] macvtap: Add support of packet capture on macvtap device (Sabrina Dubroca) [1373100]\n- [scsi] fnic: pci_dma_mapping_error() doesnt return an error code (Maurizio Lombardi) [1364593]\n- [scsi] fnic: Using rport->dd_data to check rport online instead of rport_lookup (Maurizio Lombardi) [1364593]\n- [scsi] fnic: Cleanup the I/O pending with fw and has timed out and is used to issue LUN reset (Maurizio Lombardi) [1364593]\n- [scsi] fnic: move printk()s outside of the critical code section (Maurizio Lombardi) [1364593]\n- [scsi] fnic: check pci_map_single() return value (Maurizio Lombardi) [1364593]\n- [scsi] be2iscsi: Driver version: 11.1.0.0 (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Replace _bh with _irqsave/irqrestore (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Remove redundant iscsi_wrb desc memset (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix bad WRB index error (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix async PDU handling path (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Add lock to protect WRB alloc and free (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: _bh for io_sgl_lock and mgmt_sgl_lock (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Reduce driver load/unload time (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix ExpStatSn in management tasks (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Update the driver version (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix WRB leak in login/logout path (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix async link event processing (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix to process 25G link speed info from FW (Maurizio Lombardi) [1347815]\n- [scsi] scsi_transport_iscsi: Add 25G and 40G speed definition (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix IOPOLL implementation (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix return value for MCC completion (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Add FW config validation (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix to handle misconfigured optics events (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix VLAN support for IPv6 network (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix to remove shutdown entry point (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Added return value check for mgmt_get_all_if_id (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Set mbox timeout to 30s (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix to synchronize tag allocation using spin_lock (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix to use atomic bit operations for tag_state (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix mbox synchronization replacing spinlock with mutex (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix soft lockup in mgmt_get_all_if_id path using bmbx (Maurizio Lombardi) [1347815]\n- [scsi] scsi_debug: fix logical block provisioning support when unmap_alignment != 0 (Maurizio Lombardi) [1388096]\n- [scsi] scsi_debug: fix logical block provisioning support (Maurizio Lombardi) [1388096]\n- [scsi] mpt3sas: Fix resume on WarpDrive flash cards (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: avoid mpt3sas_transport_port_add NULL parent_dev (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: set num_phys after allocating phy space (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: add missing curly braces (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Used 'synchronize_irq()'API to synchronize timed-out IO & TMs (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Set maximum transfer length per IO to 4MB for VDs (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Updating mpt3sas driver version to 13.100.00.00 (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Handle active cable exception event (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Update MPI header to 2.00.42 (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: remove unused fw_event_work elements (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Remove usage of 'struct timeval' (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Dont overreach ioc->reply_post during initialization (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Remove unnecessary synchronize_irq() before free_irq() (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Free memory pools before retrying to allocate with different value (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Remove cpumask_clear for zalloc_cpumask_var and dont free free_cpu_mask_var before reply_q (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Updating mpt3sas driver version to 12.100.00.00 (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Fix for Asynchronous completion of timedout IO and task abort of timedout IO (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Updated MPI Header to 2.00.42 (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Add support for configurable Chain Frame Size (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Added smp_affinity_enable module parameter (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Make use of additional HighPriority credit message frames for sending SCSI IOs (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Never block the Enclosure device (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Fix static analyzer(coverity) tool identified defects (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Used IEEE SGL instead of MPI SGL while framing a SMP Passthrough request message (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Added support for high port count HBA variants (Tomas Henzl) [1329353]\n- [scsi] bnx2fc: Update version number to 2.10.3 (Maurizio Lombardi) [1380385]\n- [scsi] bnx2fc: Check sc_cmd device and host pointer before returning the command to the mid-layer (Maurizio Lombardi) [1380385]\n- [scsi] bnx2fc: Print netdev device name when FCoE is successfully initialized (Maurizio Lombardi) [1380385]\n- [scsi] bnx2fc: Print when we send a fip keep alive (Maurizio Lombardi) [1380385]\n- [scsi] bnx2fc: bnx2fc_eh_abort(): fix wrong return code (Maurizio Lombardi) [1380385]\n- [scsi] bnx2fc: Show information about log levels in 'modinfo' (Maurizio Lombardi) [1380385]\n- [scsi] hpsa: update driver revision to 3.4.10-0-RH2 (Joseph Szczypek) [1377892]\n- [scsi] hpsa: correct scsi 6byte lba calculation (Joseph Szczypek) [1377892]\n- [scsi] lpfc: remove unknown ELS message warnings for RDP (Maurizio Lombardi) [1347811]\n- [scsi] smartpqi: add to config-generic (Scott Benesh) [1343743]\n- [scsi] smartpqi: raid bypass lba calculation fix (Scott Benesh) [1343743]\n- [scsi] smartpqi: bump driver version (Scott Benesh) [1343743]\n- [scsi] smartpqi: add smartpqi.txt (Scott Benesh) [1343743]\n- [scsi] smartpqi: update Kconfig (Scott Benesh) [1343743]\n- [scsi] smartpqi: remove timeout for cache flush operations (Scott Benesh) [1343743]\n- [scsi] smartpqi: scsi queuecommand cleanup (Scott Benesh) [1343743]\n- [scsi] smartpqi: minor tweaks to update time support (Scott Benesh) [1343743]\n- [scsi] smartpqi: minor function reformating (Scott Benesh) [1343743]\n- [scsi] smartpqi: correct event acknowledgement timeout issue (Scott Benesh) [1343743]\n- [scsi] smartpqi: correct controller offline issue (Scott Benesh) [1343743]\n- [scsi] smartpqi: add kdump support (Scott Benesh) [1343743]\n- [scsi] smartpqi: enhance reset logic (Scott Benesh) [1343743]\n- [scsi] smartpqi: enhance drive offline informational message (Scott Benesh) [1343743]\n- [scsi] smartpqi: simplify spanning (Scott Benesh) [1343743]\n- [scsi] smartpqi: change tmf macro names (Scott Benesh) [1343743]\n- [scsi] smartpqi: change aio sg processing (Scott Benesh) [1343743]\n- [scsi] aacraid: remove wildcard for series 9 controllers (Scott Benesh) [1343743]\n- [scsi] smartpqi: initial commit of Microsemi smartpqi driver (Scott Benesh) [1343743]\n[2.6.32-667]\n- [hv] get rid of id in struct vmbus_channel (Vitaly Kuznetsov) [1322802]\n- [hv] make VMBus bus ids persistent (Vitaly Kuznetsov) [1322802]\n- [hv] storvsc: Fix potential memory leak (Cathy Avery) [1322928 1352824]\n- [hv] storvsc: Filter out storvsc messages CD-ROM medium not present (Cathy Avery) [1322928 1352824]\n- [hv] storvsc: fix SRB_STATUS_ABORTED handling (Cathy Avery) [1322928 1352824]\n- [hv] storvsc: add logging for error/warning messages (Cathy Avery) [1322928 1352824]\n- [hv] storvsc: Fix a bug in the handling of SRB status flags (Cathy Avery) [1322928 1352824]\n- [hv] storvsc: Dont set the SRB_FLAGS_QUEUE_ACTION_ENABLE flag (Cathy Avery) [1322928 1352824]\n- [hv] storvsc: Set the tablesize based on the information given by the host (Cathy Avery) [1322928 1352824]\n- [hv] storvsc: Dont assume that the scatterlist is not chained (Cathy Avery) [1322928 1352824]\n- [hv] storvsc: Retrieve information about the capability of the target (Cathy Avery) [1322928 1352824]\n- [hv] storvsc: Always send on the selected outgoing channel (Cathy Avery) [1322928 1352824]\n- [hv] vmbus: Support a vmbus API for efficiently sending page arrays (Cathy Avery) [1322928 1352824]\n- [hv] balloon: replace ha_region_mutex with spinlock (Vitaly Kuznetsov) [1326999 1381617]\n- [hv] balloon: account for gaps in hot add regions (Vitaly Kuznetsov) [1326999 1381617]\n- [hv] balloon: keep track of where ha_region starts (Vitaly Kuznetsov) [1326999 1381617]\n- [hv] balloon: reset host_specified_ha_region (Vitaly Kuznetsov) [1326999 1381617]\n- [hv] balloon: dont crash when memory is added in non-sorted order (Vitaly Kuznetsov) [1326999 1381617]\n- [hv] balloon: check if ha_region_mutex was acquired in MEM_CANCEL_ONLINE case (Vitaly Kuznetsov) [1326999 1381617]\n- [hv] dont leak memory in vmbus_establish_gpadl() (Vitaly Kuznetsov) [1376860]\n- [hv] get rid of redundant messagecount in create_gpadl_header() (Vitaly Kuznetsov) [1376860]\n- [hv] vmbus: dont manipulate with clocksources on crash (Cathy Avery) [1365049]\n- [hv] correct tsc page sequence invalid value (Cathy Avery) [1365049]\n- [hv] vmbus: fix build warning (Cathy Avery) [1365049]\n- [hv] vmbus: Implement a clocksource based on the TSC page (Cathy Avery) [1365049]\n- [hv] kvp: cancel kvp_host_handshake_work on module unload (Vitaly Kuznetsov) [1321259]\n- [x86] mm/xen: Suppress hugetlbfs in PV guests (Vitaly Kuznetsov) [1312331]\n- [mm] hugetlb: allow hugepages_supported to be architecture specific (Vitaly Kuznetsov) [1312331]\n[2.6.32-666]\n- [netdrv] i40e/i40evf : Bump driver version from 1.5.5 to 1.5.10 (Stefan Assmann) [1360179]\n- [netdrv] i40evf: RSS Hash Option parameters (Stefan Assmann) [1360179]\n- [netdrv] i40e: Remove HMC AQ API implementation (Stefan Assmann) [1360179]\n- [netdrv] i40evf: Add driver support for promiscuous mode (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Only offload VLAN tag if enabled (Stefan Assmann) [1360179]\n- [netdrv] i40e: Add DeviceID for X722 QSFP+ (Stefan Assmann) [1360179]\n- [netdrv] i40e: Add device capability which defines if update is available (Stefan Assmann) [1360179]\n- [netdrv] i40evf: Allow PF driver to configure RSS (Stefan Assmann) [1360179]\n- [netdrv] i40e: Specify AQ event opcode to wait for (Stefan Assmann) [1360179]\n- [netdrv] i40evf: Dont Panic (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Limit TSO to 7 descriptors for payload instead of 8 per packet (Stefan Assmann) [1360179]\n- [netdrv] i40evf: properly handle VLAN features (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Bump patch from 1.5.2 to 1.5.5 (Stefan Assmann) [1360179]\n- [netdrv] i40e: Input set mask constants for RSS, flow director, and flex bytes (Stefan Assmann) [1360179]\n- [netdrv] i40e: Add RSS configuration to virtual channel (Stefan Assmann) [1360179]\n- [netdrv] i40e: Move NVM variable out of AQ struct (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Faster RX via avoiding FCoE (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Drop unused tx_ring argument (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Bump patch from 1.5.1 to 1.5.2 (Stefan Assmann) [1360179]\n- [netdrv] i40evf: Fix get_rss_aq (Stefan Assmann) [1360179]\n- [netdrv] i40evf: Add longer wait after remove module (Stefan Assmann) [1360179]\n- [netdrv] i40e: Add new device ID for X722 (Stefan Assmann) [1360179]\n- [netdrv] i40evf: Fix VLAN features (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Bump patch from 1.4.25 to 1.5.1 (Stefan Assmann) [1360179]\n- [netdrv] i40evf: Add additional check for reset (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Fix handling of boolean logic in polling routines (Stefan Assmann) [1360179]\n- [netdrv] i40evf: remove dead code (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Allow up to 12K bytes of data per Tx descriptor instead of 8K (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Bump i40e to 1.4.25 and i40evf to 1.4.15 (Stefan Assmann) [1360179]\n- [netdrv] i40e: implement and use Rx CTL helper functions (Stefan Assmann) [1360179]\n- [netdrv] i40e: add adminq commands for Rx CTL registers (Stefan Assmann) [1360179]\n- [netdrv] i40e: Add functions to blink led on 10GBaseT PHY (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Rewrite logic for 8 descriptor per packet check (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Break up xmit_descriptor_count from maybe_stop_tx (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Use u64 values instead of casting them in TSO function (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Drop outer checksum offload that was not requested (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Bump i40e to 1.4.15 and i40evf to 1.4.11 (Stefan Assmann) [1360179]\n- [netdrv] i40e: When in promisc mode apply promisc mode to Tx Traffic as well (Stefan Assmann) [1360179]\n- [netdrv] i40e: clean event descriptor before use (Stefan Assmann) [1360179]\n- [netdrv] i40evf: set adapter state on reset failure (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: avoid atomics (Stefan Assmann) [1360179]\n- [netdrv] i40e: Add a SW workaround for lost interrupts (Stefan Assmann) [1360179]\n- [netdrv] i40evf: support packet split receive (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Bump version (Stefan Assmann) [1360179]\n- [netdrv] i40e: properly show packet split status in debugfs (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: use logical operators, not bitwise (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: use __GFP_NOWARN (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: try again after failure (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: dont lose interrupts (Stefan Assmann) [1360179]\n- [netdrv] i40evf: Change vf driver string to reflect all products i40evf supports (Stefan Assmann) [1360179]\n- [netdrv] i40e: Refactor force_wb and WB_ON_ITR functionality code (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: bump version to 1.4.12/1.4.8 (Stefan Assmann) [1360179]\n- [netdrv] i40e: do TSO only if CHECKSUM_PARTIAL is set (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Bump i40e to 1.4.11 and i40evf to 1.4.7 (Stefan Assmann) [1360179]\n- [netdrv] i40evf: enable bus master after reset (Stefan Assmann) [1360179]\n- [netdrv] i40e: fix write-back-on-itr to work with legacy itr (Stefan Assmann) [1360179]\n- [netdrv] i40e: Bump AQ minor version to 1.5 for new FW features (Stefan Assmann) [1360179]\n- [netdrv] i40e: AQ thermal sensor control struct (Stefan Assmann) [1360179]\n- [netdrv] i40e: AQ Add VXLAN-GPE tunnel type (Stefan Assmann) [1360179]\n- [netdrv] i40e: AQ Add set_switch_config (Stefan Assmann) [1360179]\n- [netdrv] i40e: AQ Shared resource flags (Stefan Assmann) [1360179]\n- [netdrv] i40e: AQ Add external power class to get link status (Stefan Assmann) [1360179]\n- [netdrv] i40e: AQ Geneve cloud tunnel type (Stefan Assmann) [1360179]\n- [netdrv] i40e: AQ Add Run PHY Activity struct (Stefan Assmann) [1360179]\n- [netdrv] i40e: add new proxy-wol bit for X722 (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Use private workqueue (Stefan Assmann) [1360179]\n- [netdrv] i40evf: add new write-back mode (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Fix for UDP/TCP RSS for X722 (Stefan Assmann) [1360179]\n- [netdrv] i40evf: null out ring pointers on free (Stefan Assmann) [1360179]\n- [netdrv] i40e: define function capabilities in only one place (Stefan Assmann) [1360179]\n- [netdrv] i40evf: allow channel bonding of VFs (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Fix RSS rx-flow-hash configuration through ethtool (Stefan Assmann) [1360179]\n- [netdrv] treewide: Fix typos in printk (Stefan Assmann) [1360179]\n- [netdrv] i40e: remove forever unused ID (Stefan Assmann) [1360179]\n- [netdrv] i40e: Fix Rx hash reported to the stack by our driver (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Bump i40e to 1.4.8 and i40evf to 1.4.4 (Stefan Assmann) [1360179]\n- [netdrv] i40evf: change version string generation (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Add a new offload for RSS PCTYPE V2 for X722 (Stefan Assmann) [1360179]\n- [netdrv] i40e: Opcode and structures required by OEM Post Update AQ command and add new NVM arq message (Stefan Assmann) [1360179]\n- [netdrv] i40evf: check rings before freeing resources (Stefan Assmann) [1360179]\n- [netdrv] i40e: Fix errors resulted while turning off TSO (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: use configured RSS key and lookup table in i40e_vsi_config_rss (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: fix broken i40e_config_rss_aq function (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: move i40e_vsi_config_rss below i40e_get_rss_aq (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Remove redundant memset (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: check for and deal with non-contiguous TCs (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf : Bump driver version from 1.5.5 to 1.5.10 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Update device ids for X722 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Drop extra copy of function (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Use consistent type for vf_id (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: PTP - avoid aggregate return warnings (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Fix uninitialized variable (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Remove HMC AQ API implementation (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40evf: Add driver support for promiscuous mode (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Add VF promiscuous mode driver support (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Add promiscuous on VLAN support (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Only offload VLAN tag if enabled (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Remove zero check (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Add DeviceID for X722 QSFP+ (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Add device capability which defines if update is available (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Specify AQ event opcode to wait for (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Code cleanup in i40e_add_fdir_ethtool (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Limit TSO to 7 descriptors for payload instead of 8 per packet (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: fix errant PCIe bandwidth message (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Bump patch from 1.5.2 to 1.5.5 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Input set mask constants for RSS, flow director, and flex bytes (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Move NVM event wait check to NVM code (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Add RSS configuration to virtual channel (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Move NVM variable out of AQ struct (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Restrict VF poll mode to only single function mode devices (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Faster RX via avoiding FCoE (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Drop unused tx_ring argument (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Move HW flush (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Leave debug_mask cleared at init (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Inserting a HW capability display info (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Bump patch from 1.5.1 to 1.5.2 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Request PHY media event at reset time (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Lower some message levels (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Fix for supported link modes in 10GBaseT PHYs (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Disable link polling (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Make VF resets more reliable (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Add new device ID for X722 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Remove unused variable (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: remove redundant check on vsi->active_vlans (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Bump patch from 1.4.25 to 1.5.1 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Change comment to reflect correct function name (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Change unknown event error msg to ignore message (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Added code to prevent double resets (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Notify VFs of all resets (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Remove timer and task only if created (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Assure that adminq is alive in debug mode (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Remove MSIx only if created (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Fix up return code (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Save off VSI resource count when updating VSI (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Remove I40E_MAX_USER_PRIORITY define (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Fix handling of boolean logic in polling routines (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Allow up to 12K bytes of data per Tx descriptor instead of 8K (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: call ndo_stop() instead of dev_close() when running offline selftest (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: queue-specific settings for interrupt moderation (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Bump i40e to 1.4.25 and i40evf to 1.4.15 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: let go of the past (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: suspend scheduling during driver unload (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Use the new rx ctl register helpers. Dont use AQ calls from clear_hw (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: implement and use Rx CTL helper functions (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: add adminq commands for Rx CTL registers (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: add check for null VSI (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Expose some registers to program parser, FD and RSS logic (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Fix for unexpected messaging (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Do not wait for Rx queue disable in DCB reconfig (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Increase timeout when checking GLGEN_RSTAT_DEVSTATE bit (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Fix led blink capability for 10GBaseT PHY (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Add functions to blink led on 10GBaseT PHY (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Rewrite logic for 8 descriptor per packet check (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Break up xmit_descriptor_count from maybe_stop_tx (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Clean-up Rx packet checksum handling (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Set skb->csum_level for encapsulated checksum (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Add exception handling for Tx checksum (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Use u64 values instead of casting them in TSO function (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Drop outer checksum offload that was not requested (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Bump i40e to 1.4.15 and i40evf to 1.4.11 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: When in promisc mode apply promisc mode to Tx Traffic as well (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: clean event descriptor before use (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: better error reporting for nvmupdate (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: expand comment (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Do not disable queues in the Legacy/MSI Interrupt handler (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: avoid atomics (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Removal of code which relies on BASE VEB SEID (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Fix PROMISC mode for Multi-function per port (MFP) devices (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Add a SW workaround for lost interrupts (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: trivial: cleanup use of pf->hw (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: drop unused debugfs file 'dump' (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: get rid of magic number (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Bump version (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: properly show packet split status in debugfs (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: use logical operators, not bitwise (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: use __GFP_NOWARN (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: dump descriptor indexes in hex (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: try again after failure (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: dont lose interrupts (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Refactor force_wb and WB_ON_ITR functionality code (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: use new add_veb calling with VEB stats control (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: add VEB stat control and remove L2 cloud filter (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: set shared bit for multicast filters (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Make the DCB firmware checks for X710/XL710 only (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: move sync_vsi_filters up in service_task (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: add priv flag for automatic rule eviction (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: bump version to 1.4.12/1.4.8 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: avoid large memcpy by assigning struct (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: count allocation errors (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: drop unused function (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: negate PHY int mask bits (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: APIs to Add/remove port mirroring rules (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: fix: do not sleep in netdev_ops (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: allocate memory safer (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: do TSO only if CHECKSUM_PARTIAL is set (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: trivial: fix missing space (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: trivial: drop duplicate definition (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Bump i40e to 1.4.11 and i40evf to 1.4.7 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: trivial: remove unnecessary local var (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: remove VF device IDs from PF (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: add netdev info to VSI dump (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: add a little more to an NVM update debug message (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: refactor DCB function (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: add 20G speed for Tx bandwidth calculations (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: add counter for arq overflows (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: fix write-back-on-itr to work with legacy itr (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Store lan_vsi_idx and lan_vsi_id in the right size (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Bump AQ minor version to 1.5 for new FW features (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: AQ thermal sensor control struct (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: AQ Add VXLAN-GPE tunnel type (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: AQ Add set_switch_config (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: AQ Shared resource flags (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: add 100Mb ethtool reporting (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: AQ Add Run PHY Activity struct (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Limit DCB FW version checks to X710/XL710 devices (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: add new proxy-wol bit for X722 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Use private workqueue (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40evf: add new write-back mode (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Fix for UDP/TCP RSS for X722 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Extend ethtool RSS hooks for X722 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: add new device IDs for X722 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: bump version to 1.4.10 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Cleanup the code with respect to restarting autoneg (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: define function capabilities in only one place (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Replace X722 mac check in ethtool get_settings (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Fix RSS rx-flow-hash configuration through ethtool (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Add mac_filter_element at the end of the list instead of HEAD (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: remove forever unused ID (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Fix Rx hash reported to the stack by our driver (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: allow zero MAC address for VFs (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: change log messages and error returns (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Bump i40e to 1.4.8 and i40evf to 1.4.4 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: clean whole mac filter list (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Add a new offload for RSS PCTYPE V2 for X722 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: hush little warnings (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Opcode and structures required by OEM Post Update AQ command and add new NVM arq message (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: use explicit cast from u16 to u8 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: dont add zero MAC filter (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: properly delete VF MAC filters (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: chomp the BIT(_ULL) (Stefan Assmann) [1249250 1310402 1346978]", "published": "2017-03-27T00:00:00", "modified": "2017-03-27T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "http://linux.oracle.com/errata/ELSA-2017-0817.html", "reporter": "OracleLinux", "references": [], "cvelist": ["CVE-2016-10088", "CVE-2016-10142", "CVE-2016-2069", "CVE-2016-2384", "CVE-2016-4998", "CVE-2016-6136", "CVE-2016-6480", "CVE-2016-6828", "CVE-2016-7042", "CVE-2016-7097", "CVE-2016-7117", "CVE-2016-8399", "CVE-2016-9555", "CVE-2016-9576", "CVE-2017-6074"], "immutableFields": [], "lastseen": "2021-07-28T14:24:57", "viewCount": 49, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["ORACLELINUX_ELSA-2017-0086.NASL", "CENTOS_RHSA-2017-0817.NASL", "SL_20170321_KERNEL_ON_SL6_X.NASL", "UBUNTU_USN-3097-1.NASL", "SL_20170117_KERNEL_ON_SL7_X.NASL", "REDHAT-RHSA-2017-0817.NASL", "VIRTUOZZO_VZA-2017-025.NASL", "CENTOS_RHSA-2017-0086.NASL", "ORACLELINUX_ELSA-2017-0817.NASL", "REDHAT-RHSA-2017-0091.NASL"]}, {"type": "virtuozzo", "idList": ["VZA-2017-025", "VZA-2017-024"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310882629", "OPENVAS:1361412562310871742", "OPENVAS:1361412562310871747", "OPENVAS:1361412562310842907", "OPENVAS:1361412562310882638", "OPENVAS:1361412562310842916", "OPENVAS:1361412562310871783"]}, {"type": "centos", "idList": ["CESA-2017:0036", "CESA-2017:0086", "CESA-2017:0817"]}, {"type": "redhat", "idList": ["RHSA-2017:0086", "RHSA-2017:0036", "RHSA-2017:0091", "RHSA-2017:0817"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-6136", "RH:CVE-2016-6828", "RH:CVE-2016-9576", "RH:CVE-2016-6480", "RH:CVE-2016-9555", "RH:CVE-2016-10142", "RH:CVE-2016-7042", "RH:CVE-2016-4998", "RH:CVE-2016-10088", "RH:CVE-2016-7097"]}, {"type": "f5", "idList": ["F5:K31603170", "F5:K90803619", "F5:K51201255", "F5:K74171196", "F5:K05513373", "F5:K62442245", "F5:K57211290", "F5:K37046163", "F5:K54610514", "F5:K54095660"]}, {"type": "cve", "idList": ["CVE-2016-7097", "CVE-2016-10088", "CVE-2016-6136", "CVE-2016-7117", "CVE-2016-9555", "CVE-2016-4998", "CVE-2016-10142", "CVE-2016-9576", "CVE-2016-7042", "CVE-2016-6480"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-9555", "UB:CVE-2016-7117", "UB:CVE-2016-6480", "UB:CVE-2016-6136", "UB:CVE-2016-7097", "UB:CVE-2016-7042", "UB:CVE-2016-10142", "UB:CVE-2016-10088", "UB:CVE-2016-4998", "UB:CVE-2016-9576"]}, {"type": "android", "idList": ["ANDROID:CVE-2016-7117", "ANDROID:CVE-2016-6828"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/SUSE-CVE-2016-7097/", "MSF:ILITIES/F5-BIG-IP-CVE-2016-7097/", "MSF:ILITIES/F5-BIG-IP-CVE-2017-6074/"]}, {"type": "ubuntu", "idList": ["USN-3097-2", "USN-3097-1"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-0036", "ELSA-2017-0307", "ELSA-2017-0086"]}], "modified": "2021-07-28T14:24:57", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2021-07-28T14:24:57", "rev": 2}, "vulnersScore": 6.4}, "affectedPackage": [{"OS": "oracle linux", "OSVersion": "6", "arch": "src", "packageVersion": "2.6.32-696.el6", "packageFilename": "kernel-2.6.32-696.el6.src.rpm", "operator": "lt", "packageName": "kernel"}, {"OS": "oracle linux", "OSVersion": "6", "arch": "i686", "packageVersion": "2.6.32-696.el6", "packageFilename": "kernel-2.6.32-696.el6.i686.rpm", "operator": "lt", "packageName": "kernel"}, {"OS": "oracle linux", "OSVersion": "6", "arch": "noarch", "packageVersion": "2.6.32-696.el6", "packageFilename": "kernel-abi-whitelists-2.6.32-696.el6.noarch.rpm", "operator": "lt", "packageName": "kernel-abi-whitelists"}, {"OS": "oracle linux", "OSVersion": "6", "arch": "i686", "packageVersion": "2.6.32-696.el6", "packageFilename": "kernel-debug-2.6.32-696.el6.i686.rpm", "operator": "lt", "packageName": "kernel-debug"}, {"OS": "oracle linux", "OSVersion": "6", "arch": "i686", "packageVersion": "2.6.32-696.el6", "packageFilename": "kernel-debug-devel-2.6.32-696.el6.i686.rpm", "operator": "lt", "packageName": "kernel-debug-devel"}, {"OS": "oracle linux", "OSVersion": "6", "arch": "i686", "packageVersion": "2.6.32-696.el6", "packageFilename": "kernel-devel-2.6.32-696.el6.i686.rpm", "operator": "lt", "packageName": "kernel-devel"}, {"OS": "oracle linux", "OSVersion": "6", "arch": "noarch", "packageVersion": "2.6.32-696.el6", "packageFilename": "kernel-doc-2.6.32-696.el6.noarch.rpm", "operator": "lt", "packageName": "kernel-doc"}, {"OS": "oracle linux", "OSVersion": "6", "arch": "noarch", "packageVersion": "2.6.32-696.el6", "packageFilename": "kernel-firmware-2.6.32-696.el6.noarch.rpm", "operator": "lt", "packageName": "kernel-firmware"}, {"OS": "oracle linux", "OSVersion": "6", "arch": "i686", "packageVersion": "2.6.32-696.el6", "packageFilename": "kernel-headers-2.6.32-696.el6.i686.rpm", "operator": "lt", "packageName": "kernel-headers"}, {"OS": "oracle linux", "OSVersion": "6", "arch": "i686", "packageVersion": "2.6.32-696.el6", "packageFilename": "perf-2.6.32-696.el6.i686.rpm", "operator": "lt", "packageName": "perf"}, {"OS": "oracle linux", "OSVersion": "6", "arch": "i686", "packageVersion": "2.6.32-696.el6", "packageFilename": "python-perf-2.6.32-696.el6.i686.rpm", "operator": "lt", "packageName": "python-perf"}, {"OS": "oracle linux", "OSVersion": "6", "arch": "src", "packageVersion": "2.6.32-696.el6", "packageFilename": "kernel-2.6.32-696.el6.src.rpm", "operator": "lt", "packageName": "kernel"}, {"OS": "oracle linux", "OSVersion": "6", "arch": "x86_64", "packageVersion": "2.6.32-696.el6", "packageFilename": "kernel-2.6.32-696.el6.x86_64.rpm", "operator": "lt", "packageName": "kernel"}, {"OS": "oracle linux", "OSVersion": "6", "arch": "noarch", "packageVersion": "2.6.32-696.el6", "packageFilename": "kernel-abi-whitelists-2.6.32-696.el6.noarch.rpm", "operator": "lt", "packageName": "kernel-abi-whitelists"}, {"OS": "oracle linux", "OSVersion": "6", "arch": "x86_64", "packageVersion": "2.6.32-696.el6", "packageFilename": "kernel-debug-2.6.32-696.el6.x86_64.rpm", "operator": "lt", "packageName": "kernel-debug"}, {"OS": "oracle linux", "OSVersion": "6", "arch": "i686", "packageVersion": "2.6.32-696.el6", "packageFilename": "kernel-debug-devel-2.6.32-696.el6.i686.rpm", "operator": "lt", "packageName": "kernel-debug-devel"}, {"OS": "oracle linux", "OSVersion": "6", "arch": "x86_64", "packageVersion": "2.6.32-696.el6", "packageFilename": "kernel-debug-devel-2.6.32-696.el6.x86_64.rpm", "operator": "lt", "packageName": "kernel-debug-devel"}, {"OS": "oracle linux", "OSVersion": "6", "arch": "x86_64", "packageVersion": "2.6.32-696.el6", "packageFilename": "kernel-devel-2.6.32-696.el6.x86_64.rpm", "operator": "lt", "packageName": "kernel-devel"}, {"OS": "oracle linux", "OSVersion": "6", "arch": "noarch", "packageVersion": "2.6.32-696.el6", "packageFilename": "kernel-doc-2.6.32-696.el6.noarch.rpm", "operator": "lt", "packageName": "kernel-doc"}, {"OS": "oracle linux", "OSVersion": "6", "arch": "noarch", "packageVersion": "2.6.32-696.el6", "packageFilename": "kernel-firmware-2.6.32-696.el6.noarch.rpm", "operator": "lt", "packageName": "kernel-firmware"}, {"OS": "oracle linux", "OSVersion": "6", "arch": "x86_64", "packageVersion": "2.6.32-696.el6", "packageFilename": "kernel-headers-2.6.32-696.el6.x86_64.rpm", "operator": "lt", "packageName": "kernel-headers"}, {"OS": "oracle linux", "OSVersion": "6", "arch": "x86_64", "packageVersion": "2.6.32-696.el6", "packageFilename": "perf-2.6.32-696.el6.x86_64.rpm", "operator": "lt", "packageName": "perf"}, {"OS": "oracle linux", "OSVersion": "6", "arch": "x86_64", "packageVersion": "2.6.32-696.el6", "packageFilename": "python-perf-2.6.32-696.el6.x86_64.rpm", "operator": "lt", "packageName": "python-perf"}]}

{"nessus": [{"lastseen": "2021-07-28T22:23:20", "description": "According to the versions of the parallels-server-bm-release /\nvzkernel / etc packages installed, the Virtuozzo installation on the\nremote host is affected by the following vulnerabilities :\n\n - A flaw was found in the Linux kernel's handling of\n packets with the URG flag. Applications using the\n splice() and tcp_splice_read() functionality can allow\n a remote attacker to force the kernel to enter a\n condition in which it can loop indefinitely.\n\n - It was discovered that a remote attacker could leverage\n the generation of IPv6 atomic fragments to trigger the\n use of fragmentation in an arbitrary IPv6 flow (in\n scenarios in which actual fragmentation of packets is\n not needed) and could subsequently perform any type of\n a fragmentation-based attack against legacy IPv6 nodes\n that do not implement RFC6946.\n\n - It was found that the blk_rq_map_user_iov() function in\n the Linux kernel's block device implementation did not\n properly restrict the type of iterator, which could\n allow a local attacker to read or write to arbitrary\n kernel memory locations or cause a denial of service\n (use-after-free) by leveraging write access to a\n /dev/sg device.\n\n - A flaw was found in the Linux kernel's implementation\n of the SCTP protocol. A remote attacker could trigger\n an out-of-bounds read with an offset of up to 64kB\n potentially causing the system to crash.\n\n - A flaw was found in the Linux networking subsystem\n where a local attacker with CAP_NET_ADMIN capabilities\n could cause an out-of-bounds memory access by creating\n a smaller-than-expected ICMP header and sending to its\n destination via sendto().\n\n - It was found that when file permissions were modified\n via chmod and the user modifying them was not in the\n owning group or capable of CAP_FSETID, the setgid bit\n would be cleared. Setting a POSIX ACL via setxattr sets\n the file permissions as well as the new ACL, but\n doesn't clear the setgid bit in a similar way. This\n could allow a local user to gain group privileges via\n certain setgid applications.\n\n - It was found that when the gcc stack protector was\n enabled, reading the /proc/keys file could cause a\n panic in the Linux kernel due to stack corruption. This\n happened because an incorrect buffer size was used to\n hold a 64-bit timeout value rendered as weeks.\n\n - A race condition flaw was found in the ioctl_send_fib()\n function in the Linux kernel's aacraid implementation.\n A local attacker could use this flaw to cause a denial\n of service (out-of-bounds access or system crash) by\n changing a certain size value.\n\n - When creating audit records for parameters to executed\n children processes, an attacker can convince the Linux\n kernel audit subsystem can create corrupt records which\n may allow an attacker to misrepresent or evade logging\n of executing commands.\n\n - A flaw was discovered in the way the Linux kernel dealt\n with paging structures. When the kernel invalidated a\n paging structure that was not in use locally, it could,\n in principle, race against another CPU that is\n switching to a process that uses the paging structure\n in question. A local user could use a thread running\n with a stale cached virtual->physical translation to\n potentially escalate their privileges if the\n translation in question were writable and the physical\n page got reused for something critical (for example, a\n page table).\n\n - A flaw was found in the USB-MIDI Linux kernel driver: a\n double-free error could be triggered for the 'umidi'\n object. An attacker with physical access to the system\n could use this flaw to escalate their privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 33, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-31T00:00:00", "title": "Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2017-025)", "type": "nessus", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2384", "CVE-2016-7097", "CVE-2016-8399", "CVE-2016-6480", "CVE-2016-2069", "CVE-2016-10088", "CVE-2016-9555", "CVE-2016-6136", "CVE-2016-6828", "CVE-2017-6214", "CVE-2016-9576", "CVE-2016-10142", "CVE-2016-7042"], "modified": "2017-03-31T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:vzkernel", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel-devel", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel-firmware", "p-cpe:/a:virtuozzo:virtuozzo:vzmodules", "cpe:/o:virtuozzo:virtuozzo:6", "p-cpe:/a:virtuozzo:virtuozzo:parallels-server-bm-release", "p-cpe:/a:virtuozzo:virtuozzo:vzmodules-devel"], "id": "VIRTUOZZO_VZA-2017-025.NASL", "href": "https://www.tenable.com/plugins/nessus/99106", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99106);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2016-10088\",\n \"CVE-2016-10142\",\n \"CVE-2016-2069\",\n \"CVE-2016-2384\",\n \"CVE-2016-6136\",\n \"CVE-2016-6480\",\n \"CVE-2016-6828\",\n \"CVE-2016-7042\",\n \"CVE-2016-7097\",\n \"CVE-2016-8399\",\n \"CVE-2016-9555\",\n \"CVE-2016-9576\",\n \"CVE-2017-6214\"\n );\n\n script_name(english:\"Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2017-025)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the parallels-server-bm-release /\nvzkernel / etc packages installed, the Virtuozzo installation on the\nremote host is affected by the following vulnerabilities :\n\n - A flaw was found in the Linux kernel's handling of\n packets with the URG flag. Applications using the\n splice() and tcp_splice_read() functionality can allow\n a remote attacker to force the kernel to enter a\n condition in which it can loop indefinitely.\n\n - It was discovered that a remote attacker could leverage\n the generation of IPv6 atomic fragments to trigger the\n use of fragmentation in an arbitrary IPv6 flow (in\n scenarios in which actual fragmentation of packets is\n not needed) and could subsequently perform any type of\n a fragmentation-based attack against legacy IPv6 nodes\n that do not implement RFC6946.\n\n - It was found that the blk_rq_map_user_iov() function in\n the Linux kernel's block device implementation did not\n properly restrict the type of iterator, which could\n allow a local attacker to read or write to arbitrary\n kernel memory locations or cause a denial of service\n (use-after-free) by leveraging write access to a\n /dev/sg device.\n\n - A flaw was found in the Linux kernel's implementation\n of the SCTP protocol. A remote attacker could trigger\n an out-of-bounds read with an offset of up to 64kB\n potentially causing the system to crash.\n\n - A flaw was found in the Linux networking subsystem\n where a local attacker with CAP_NET_ADMIN capabilities\n could cause an out-of-bounds memory access by creating\n a smaller-than-expected ICMP header and sending to its\n destination via sendto().\n\n - It was found that when file permissions were modified\n via chmod and the user modifying them was not in the\n owning group or capable of CAP_FSETID, the setgid bit\n would be cleared. Setting a POSIX ACL via setxattr sets\n the file permissions as well as the new ACL, but\n doesn't clear the setgid bit in a similar way. This\n could allow a local user to gain group privileges via\n certain setgid applications.\n\n - It was found that when the gcc stack protector was\n enabled, reading the /proc/keys file could cause a\n panic in the Linux kernel due to stack corruption. This\n happened because an incorrect buffer size was used to\n hold a 64-bit timeout value rendered as weeks.\n\n - A race condition flaw was found in the ioctl_send_fib()\n function in the Linux kernel's aacraid implementation.\n A local attacker could use this flaw to cause a denial\n of service (out-of-bounds access or system crash) by\n changing a certain size value.\n\n - When creating audit records for parameters to executed\n children processes, an attacker can convince the Linux\n kernel audit subsystem can create corrupt records which\n may allow an attacker to misrepresent or evade logging\n of executing commands.\n\n - A flaw was discovered in the way the Linux kernel dealt\n with paging structures. When the kernel invalidated a\n paging structure that was not in use locally, it could,\n in principle, race against another CPU that is\n switching to a process that uses the paging structure\n in question. A local user could use a thread running\n with a stale cached virtual->physical translation to\n potentially escalate their privileges if the\n translation in question were writable and the physical\n page got reused for something critical (for example, a\n page table).\n\n - A flaw was found in the USB-MIDI Linux kernel driver: a\n double-free error could be triggered for the 'umidi'\n object. An attacker with physical access to the system\n could use this flaw to escalate their privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://help.virtuozzo.com/customer/portal/articles/2777857\");\n script_set_attribute(attribute:\"see_also\", value:\"https://rhn.redhat.com/errata/RHSA-2016-2766.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://rhn.redhat.com/errata/RHSA-2017-0036.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://rhn.redhat.com/errata/RHSA-2017-0293.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://rhn.redhat.com/errata/RHSA-2017-0307.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://rhn.redhat.com/errata/RHSA-2017-0817.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected parallels-server-bm-release / vzkernel / etc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:parallels-server-bm-release\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzmodules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzmodules-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 6.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"parallels-server-bm-release-6.0.12-3674\",\n \"vzkernel-2.6.32-042stab123.1\",\n \"vzkernel-devel-2.6.32-042stab123.1\",\n \"vzkernel-firmware-2.6.32-042stab123.1\",\n \"vzmodules-2.6.32-042stab123.1\",\n \"vzmodules-devel-2.6.32-042stab123.1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-6\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"parallels-server-bm-release / vzkernel / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-29T03:40:43", "description": "Security Fix(es) :\n\n - It was discovered that a remote attacker could leverage\n the generation of IPv6 atomic fragments to trigger the\n use of fragmentation in an arbitrary IPv6 flow (in\n scenarios in which actual fragmentation of packets is\n not needed) and could subsequently perform any type of a\n fragmentation- based attack against legacy IPv6 nodes\n that do not implement RFC6946. (CVE-2016-10142,\n Moderate)\n\n - A flaw was discovered in the way the Linux kernel dealt\n with paging structures. When the kernel invalidated a\n paging structure that was not in use locally, it could,\n in principle, race against another CPU that is switching\n to a process that uses the paging structure in question.\n A local user could use a thread running with a stale\n cached virtual->physical translation to potentially\n escalate their privileges if the translation in question\n were writable and the physical page got reused for\n something critical (for example, a page table).\n (CVE-2016-2069, Moderate)\n\n - A race condition flaw was found in the ioctl_send_fib()\n function in the Linux kernel's aacraid implementation. A\n local attacker could use this flaw to cause a denial of\n service (out-of-bounds access or system crash) by\n changing a certain size value. (CVE-2016-6480, Moderate)\n\n - It was found that when the gcc stack protector was\n enabled, reading the /proc/keys file could cause a panic\n in the Linux kernel due to stack corruption. This\n happened because an incorrect buffer size was used to\n hold a 64-bit timeout value rendered as weeks.\n (CVE-2016-7042, Moderate)\n\n - It was found that when file permissions were modified\n via chmod and the user modifying them was not in the\n owning group or capable of CAP_FSETID, the setgid bit\n would be cleared. Setting a POSIX ACL via setxattr sets\n the file permissions as well as the new ACL, but doesn't\n clear the setgid bit in a similar way. This could allow\n a local user to gain group privileges via certain setgid\n applications. (CVE-2016-7097, Moderate)\n\n - A flaw was found in the Linux networking subsystem where\n a local attacker with CAP_NET_ADMIN capabilities could\n cause an out-of-bounds memory access by creating a\n smaller-than-expected ICMP header and sending to its\n destination via sendto(). (CVE-2016-8399, Moderate)\n\n - It was found that the blk_rq_map_user_iov() function in\n the Linux kernel's block device implementation did not\n properly restrict the type of iterator, which could\n allow a local attacker to read or write to arbitrary\n kernel memory locations or cause a denial of service\n (use-after-free) by leveraging write access to a /dev/sg\n device. (CVE-2016-9576, CVE-2016-10088, Moderate)\n\n - A flaw was found in the USB-MIDI Linux kernel driver: a\n double-free error could be triggered for the 'umidi'\n object. An attacker with physical access to the system\n could use this flaw to escalate their privileges.\n (CVE-2016-2384, Low)", "edition": 18, "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-04-06T00:00:00", "title": "Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20170321)", "type": "nessus", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2384", "CVE-2016-7097", "CVE-2016-8399", "CVE-2016-6480", "CVE-2016-2069", "CVE-2016-10088", "CVE-2016-9576", "CVE-2016-10142", "CVE-2016-7042"], "modified": "2017-04-06T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686", "p-cpe:/a:fermilab:scientific_linux:kernel-firmware", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:perf"], "id": "SL_20170321_KERNEL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/99218", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99218);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-10088\", \"CVE-2016-10142\", \"CVE-2016-2069\", \"CVE-2016-2384\", \"CVE-2016-6480\", \"CVE-2016-7042\", \"CVE-2016-7097\", \"CVE-2016-8399\", \"CVE-2016-9576\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20170321)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - It was discovered that a remote attacker could leverage\n the generation of IPv6 atomic fragments to trigger the\n use of fragmentation in an arbitrary IPv6 flow (in\n scenarios in which actual fragmentation of packets is\n not needed) and could subsequently perform any type of a\n fragmentation- based attack against legacy IPv6 nodes\n that do not implement RFC6946. (CVE-2016-10142,\n Moderate)\n\n - A flaw was discovered in the way the Linux kernel dealt\n with paging structures. When the kernel invalidated a\n paging structure that was not in use locally, it could,\n in principle, race against another CPU that is switching\n to a process that uses the paging structure in question.\n A local user could use a thread running with a stale\n cached virtual->physical translation to potentially\n escalate their privileges if the translation in question\n were writable and the physical page got reused for\n something critical (for example, a page table).\n (CVE-2016-2069, Moderate)\n\n - A race condition flaw was found in the ioctl_send_fib()\n function in the Linux kernel's aacraid implementation. A\n local attacker could use this flaw to cause a denial of\n service (out-of-bounds access or system crash) by\n changing a certain size value. (CVE-2016-6480, Moderate)\n\n - It was found that when the gcc stack protector was\n enabled, reading the /proc/keys file could cause a panic\n in the Linux kernel due to stack corruption. This\n happened because an incorrect buffer size was used to\n hold a 64-bit timeout value rendered as weeks.\n (CVE-2016-7042, Moderate)\n\n - It was found that when file permissions were modified\n via chmod and the user modifying them was not in the\n owning group or capable of CAP_FSETID, the setgid bit\n would be cleared. Setting a POSIX ACL via setxattr sets\n the file permissions as well as the new ACL, but doesn't\n clear the setgid bit in a similar way. This could allow\n a local user to gain group privileges via certain setgid\n applications. (CVE-2016-7097, Moderate)\n\n - A flaw was found in the Linux networking subsystem where\n a local attacker with CAP_NET_ADMIN capabilities could\n cause an out-of-bounds memory access by creating a\n smaller-than-expected ICMP header and sending to its\n destination via sendto(). (CVE-2016-8399, Moderate)\n\n - It was found that the blk_rq_map_user_iov() function in\n the Linux kernel's block device implementation did not\n properly restrict the type of iterator, which could\n allow a local attacker to read or write to arbitrary\n kernel memory locations or cause a denial of service\n (use-after-free) by leveraging write access to a /dev/sg\n device. (CVE-2016-9576, CVE-2016-10088, Moderate)\n\n - A flaw was found in the USB-MIDI Linux kernel driver: a\n double-free error could be triggered for the 'umidi'\n object. An attacker with physical access to the system\n could use this flaw to escalate their privileges.\n (CVE-2016-2384, Low)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1704&L=scientific-linux-errata&F=&S=&P=2945\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a733115e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kernel-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-abi-whitelists-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-debuginfo-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-devel-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-common-i686-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-devel-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-doc-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-firmware-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-headers-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-debuginfo-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-debuginfo-2.6.32-696.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T22:46:42", "description": "An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* It was discovered that a remote attacker could leverage the\ngeneration of IPv6 atomic fragments to trigger the use of\nfragmentation in an arbitrary IPv6 flow (in scenarios in which actual\nfragmentation of packets is not needed) and could subsequently perform\nany type of a fragmentation-based attack against legacy IPv6 nodes\nthat do not implement RFC6946. (CVE-2016-10142, Moderate)\n\n* A flaw was discovered in the way the Linux kernel dealt with paging\nstructures. When the kernel invalidated a paging structure that was\nnot in use locally, it could, in principle, race against another CPU\nthat is switching to a process that uses the paging structure in\nquestion. A local user could use a thread running with a stale cached\nvirtual->physical translation to potentially escalate their privileges\nif the translation in question were writable and the physical page got\nreused for something critical (for example, a page table).\n(CVE-2016-2069, Moderate)\n\n* A race condition flaw was found in the ioctl_send_fib() function in\nthe Linux kernel's aacraid implementation. A local attacker could use\nthis flaw to cause a denial of service (out-of-bounds access or system\ncrash) by changing a certain size value. (CVE-2016-6480, Moderate)\n\n* It was found that when the gcc stack protector was enabled, reading\nthe /proc/keys file could cause a panic in the Linux kernel due to\nstack corruption. This happened because an incorrect buffer size was\nused to hold a 64-bit timeout value rendered as weeks. (CVE-2016-7042,\nModerate)\n\n* It was found that when file permissions were modified via chmod and\nthe user modifying them was not in the owning group or capable of\nCAP_FSETID, the setgid bit would be cleared. Setting a POSIX ACL via\nsetxattr sets the file permissions as well as the new ACL, but doesn't\nclear the setgid bit in a similar way. This could allow a local user\nto gain group privileges via certain setgid applications.\n(CVE-2016-7097, Moderate)\n\n* A flaw was found in the Linux networking subsystem where a local\nattacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds\nmemory access by creating a smaller-than-expected ICMP header and\nsending to its destination via sendto(). (CVE-2016-8399, Moderate)\n\n* It was found that the blk_rq_map_user_iov() function in the Linux\nkernel's block device implementation did not properly restrict the\ntype of iterator, which could allow a local attacker to read or write\nto arbitrary kernel memory locations or cause a denial of service\n(use-after-free) by leveraging write access to a /dev/sg device.\n(CVE-2016-9576, CVE-2016-10088, Moderate)\n\n* A flaw was found in the USB-MIDI Linux kernel driver: a double-free\nerror could be triggered for the 'umidi' object. An attacker with\nphysical access to the system could use this flaw to escalate their\nprivileges. (CVE-2016-2384, Low)\n\nThe CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat) and\nthe CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red\nHat) and Jan Kara (SUSE).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9\nTechnical Notes linked from the References section.", "edition": 27, "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-27T00:00:00", "title": "CentOS 6 : kernel (CESA-2017:0817)", "type": "nessus", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2384", "CVE-2016-7097", "CVE-2016-8399", "CVE-2016-6480", "CVE-2016-2069", "CVE-2016-10088", "CVE-2016-9576", "CVE-2016-10142", "CVE-2016-7042"], "modified": "2017-03-27T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-firmware", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug-devel"], "id": "CENTOS_RHSA-2017-0817.NASL", "href": "https://www.tenable.com/plugins/nessus/97962", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0817 and \n# CentOS Errata and Security Advisory 2017:0817 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97962);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-10088\", \"CVE-2016-10142\", \"CVE-2016-2069\", \"CVE-2016-2384\", \"CVE-2016-6480\", \"CVE-2016-7042\", \"CVE-2016-7097\", \"CVE-2016-8399\", \"CVE-2016-9576\");\n script_xref(name:\"RHSA\", value:\"2017:0817\");\n\n script_name(english:\"CentOS 6 : kernel (CESA-2017:0817)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* It was discovered that a remote attacker could leverage the\ngeneration of IPv6 atomic fragments to trigger the use of\nfragmentation in an arbitrary IPv6 flow (in scenarios in which actual\nfragmentation of packets is not needed) and could subsequently perform\nany type of a fragmentation-based attack against legacy IPv6 nodes\nthat do not implement RFC6946. (CVE-2016-10142, Moderate)\n\n* A flaw was discovered in the way the Linux kernel dealt with paging\nstructures. When the kernel invalidated a paging structure that was\nnot in use locally, it could, in principle, race against another CPU\nthat is switching to a process that uses the paging structure in\nquestion. A local user could use a thread running with a stale cached\nvirtual->physical translation to potentially escalate their privileges\nif the translation in question were writable and the physical page got\nreused for something critical (for example, a page table).\n(CVE-2016-2069, Moderate)\n\n* A race condition flaw was found in the ioctl_send_fib() function in\nthe Linux kernel's aacraid implementation. A local attacker could use\nthis flaw to cause a denial of service (out-of-bounds access or system\ncrash) by changing a certain size value. (CVE-2016-6480, Moderate)\n\n* It was found that when the gcc stack protector was enabled, reading\nthe /proc/keys file could cause a panic in the Linux kernel due to\nstack corruption. This happened because an incorrect buffer size was\nused to hold a 64-bit timeout value rendered as weeks. (CVE-2016-7042,\nModerate)\n\n* It was found that when file permissions were modified via chmod and\nthe user modifying them was not in the owning group or capable of\nCAP_FSETID, the setgid bit would be cleared. Setting a POSIX ACL via\nsetxattr sets the file permissions as well as the new ACL, but doesn't\nclear the setgid bit in a similar way. This could allow a local user\nto gain group privileges via certain setgid applications.\n(CVE-2016-7097, Moderate)\n\n* A flaw was found in the Linux networking subsystem where a local\nattacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds\nmemory access by creating a smaller-than-expected ICMP header and\nsending to its destination via sendto(). (CVE-2016-8399, Moderate)\n\n* It was found that the blk_rq_map_user_iov() function in the Linux\nkernel's block device implementation did not properly restrict the\ntype of iterator, which could allow a local attacker to read or write\nto arbitrary kernel memory locations or cause a denial of service\n(use-after-free) by leveraging write access to a /dev/sg device.\n(CVE-2016-9576, CVE-2016-10088, Moderate)\n\n* A flaw was found in the USB-MIDI Linux kernel driver: a double-free\nerror could be triggered for the 'umidi' object. An attacker with\nphysical access to the system could use this flaw to escalate their\nprivileges. (CVE-2016-2384, Low)\n\nThe CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat) and\nthe CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red\nHat) and Jan Kara (SUSE).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9\nTechnical Notes linked from the References section.\"\n );\n # http://lists.centos.org/pipermail/centos-cr-announce/2017-March/003811.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?57420c8b\"\n );\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages. Note that the updated packages\nmay not be immediately available from the package repository and its\nmirrors.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-abi-whitelists-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-devel-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-devel-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-doc-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-firmware-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-headers-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perf-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"python-perf-2.6.32-696.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-01T11:22:27", "description": "An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* It was discovered that a remote attacker could leverage the\ngeneration of IPv6 atomic fragments to trigger the use of\nfragmentation in an arbitrary IPv6 flow (in scenarios in which actual\nfragmentation of packets is not needed) and could subsequently perform\nany type of a fragmentation-based attack against legacy IPv6 nodes\nthat do not implement RFC6946. (CVE-2016-10142, Moderate)\n\n* A flaw was discovered in the way the Linux kernel dealt with paging\nstructures. When the kernel invalidated a paging structure that was\nnot in use locally, it could, in principle, race against another CPU\nthat is switching to a process that uses the paging structure in\nquestion. A local user could use a thread running with a stale cached\nvirtual->physical translation to potentially escalate their privileges\nif the translation in question were writable and the physical page got\nreused for something critical (for example, a page table).\n(CVE-2016-2069, Moderate)\n\n* A race condition flaw was found in the ioctl_send_fib() function in\nthe Linux kernel's aacraid implementation. A local attacker could use\nthis flaw to cause a denial of service (out-of-bounds access or system\ncrash) by changing a certain size value. (CVE-2016-6480, Moderate)\n\n* It was found that when the gcc stack protector was enabled, reading\nthe / proc/keys file could cause a panic in the Linux kernel due to\nstack corruption. This happened because an incorrect buffer size was\nused to hold a 64-bit timeout value rendered as weeks. (CVE-2016-7042,\nModerate)\n\n* It was found that when file permissions were modified via chmod and\nthe user modifying them was not in the owning group or capable of\nCAP_FSETID, the setgid bit would be cleared. Setting a POSIX ACL via\nsetxattr sets the file permissions as well as the new ACL, but doesn't\nclear the setgid bit in a similar way. This could allow a local user\nto gain group privileges via certain setgid applications.\n(CVE-2016-7097, Moderate)\n\n* A flaw was found in the Linux networking subsystem where a local\nattacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds\nmemory access by creating a smaller-than-expected ICMP header and\nsending to its destination via sendto(). (CVE-2016-8399, Moderate)\n\n* It was found that the blk_rq_map_user_iov() function in the Linux\nkernel's block device implementation did not properly restrict the\ntype of iterator, which could allow a local attacker to read or write\nto arbitrary kernel memory locations or cause a denial of service\n(use-after-free) by leveraging write access to a /dev/sg device.\n(CVE-2016-9576, CVE-2016-10088, Moderate)\n\n* A flaw was found in the USB-MIDI Linux kernel driver: a double-free\nerror could be triggered for the 'umidi' object. An attacker with\nphysical access to the system could use this flaw to escalate their\nprivileges. (CVE-2016-2384, Low)\n\nThe CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat) and\nthe CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red\nHat) and Jan Kara (SUSE).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9\nTechnical Notes linked from the References section.", "edition": 39, "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-22T00:00:00", "title": "RHEL 6 : kernel (RHSA-2017:0817)", "type": "nessus", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2384", "CVE-2016-7097", "CVE-2016-8399", "CVE-2016-6480", "CVE-2016-2069", "CVE-2016-10088", "CVE-2017-5551", "CVE-2016-9576", "CVE-2016-10142", "CVE-2016-7042"], "modified": "2021-08-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:python-perf", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686"], "id": "REDHAT-RHSA-2017-0817.NASL", "href": "https://www.tenable.com/plugins/nessus/97886", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0817. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97886);\n script_version(\"3.14\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2016-10088\", \"CVE-2016-10142\", \"CVE-2016-2069\", \"CVE-2016-2384\", \"CVE-2016-6480\", \"CVE-2016-7042\", \"CVE-2016-7097\", \"CVE-2016-8399\", \"CVE-2016-9576\", \"CVE-2017-5551\");\n script_xref(name:\"RHSA\", value:\"2017:0817\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2017:0817)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* It was discovered that a remote attacker could leverage the\ngeneration of IPv6 atomic fragments to trigger the use of\nfragmentation in an arbitrary IPv6 flow (in scenarios in which actual\nfragmentation of packets is not needed) and could subsequently perform\nany type of a fragmentation-based attack against legacy IPv6 nodes\nthat do not implement RFC6946. (CVE-2016-10142, Moderate)\n\n* A flaw was discovered in the way the Linux kernel dealt with paging\nstructures. When the kernel invalidated a paging structure that was\nnot in use locally, it could, in principle, race against another CPU\nthat is switching to a process that uses the paging structure in\nquestion. A local user could use a thread running with a stale cached\nvirtual->physical translation to potentially escalate their privileges\nif the translation in question were writable and the physical page got\nreused for something critical (for example, a page table).\n(CVE-2016-2069, Moderate)\n\n* A race condition flaw was found in the ioctl_send_fib() function in\nthe Linux kernel's aacraid implementation. A local attacker could use\nthis flaw to cause a denial of service (out-of-bounds access or system\ncrash) by changing a certain size value. (CVE-2016-6480, Moderate)\n\n* It was found that when the gcc stack protector was enabled, reading\nthe / proc/keys file could cause a panic in the Linux kernel due to\nstack corruption. This happened because an incorrect buffer size was\nused to hold a 64-bit timeout value rendered as weeks. (CVE-2016-7042,\nModerate)\n\n* It was found that when file permissions were modified via chmod and\nthe user modifying them was not in the owning group or capable of\nCAP_FSETID, the setgid bit would be cleared. Setting a POSIX ACL via\nsetxattr sets the file permissions as well as the new ACL, but doesn't\nclear the setgid bit in a similar way. This could allow a local user\nto gain group privileges via certain setgid applications.\n(CVE-2016-7097, Moderate)\n\n* A flaw was found in the Linux networking subsystem where a local\nattacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds\nmemory access by creating a smaller-than-expected ICMP header and\nsending to its destination via sendto(). (CVE-2016-8399, Moderate)\n\n* It was found that the blk_rq_map_user_iov() function in the Linux\nkernel's block device implementation did not properly restrict the\ntype of iterator, which could allow a local attacker to read or write\nto arbitrary kernel memory locations or cause a denial of service\n(use-after-free) by leveraging write access to a /dev/sg device.\n(CVE-2016-9576, CVE-2016-10088, Moderate)\n\n* A flaw was found in the USB-MIDI Linux kernel driver: a double-free\nerror could be triggered for the 'umidi' object. An attacker with\nphysical access to the system could use this flaw to escalate their\nprivileges. (CVE-2016-2384, Low)\n\nThe CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat) and\nthe CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red\nHat) and Jan Kara (SUSE).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9\nTechnical Notes linked from the References section.\"\n );\n # https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b5caa05f\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:0817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-7042\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-7097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-10088\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-10142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5551\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-10088\", \"CVE-2016-10142\", \"CVE-2016-2069\", \"CVE-2016-2384\", \"CVE-2016-6480\", \"CVE-2016-7042\", \"CVE-2016-7097\", \"CVE-2016-8399\", \"CVE-2016-9576\", \"CVE-2017-5551\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2017:0817\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:0817\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-abi-whitelists-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-doc-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-firmware-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-debuginfo-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-debuginfo-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-debuginfo-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-debuginfo-2.6.32-696.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-2.6.32-696.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-29T02:30:37", "description": "From Red Hat Security Advisory 2017:0817 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* It was discovered that a remote attacker could leverage the\ngeneration of IPv6 atomic fragments to trigger the use of\nfragmentation in an arbitrary IPv6 flow (in scenarios in which actual\nfragmentation of packets is not needed) and could subsequently perform\nany type of a fragmentation-based attack against legacy IPv6 nodes\nthat do not implement RFC6946. (CVE-2016-10142, Moderate)\n\n* A flaw was discovered in the way the Linux kernel dealt with paging\nstructures. When the kernel invalidated a paging structure that was\nnot in use locally, it could, in principle, race against another CPU\nthat is switching to a process that uses the paging structure in\nquestion. A local user could use a thread running with a stale cached\nvirtual->physical translation to potentially escalate their privileges\nif the translation in question were writable and the physical page got\nreused for something critical (for example, a page table).\n(CVE-2016-2069, Moderate)\n\n* A race condition flaw was found in the ioctl_send_fib() function in\nthe Linux kernel's aacraid implementation. A local attacker could use\nthis flaw to cause a denial of service (out-of-bounds access or system\ncrash) by changing a certain size value. (CVE-2016-6480, Moderate)\n\n* It was found that when the gcc stack protector was enabled, reading\nthe / proc/keys file could cause a panic in the Linux kernel due to\nstack corruption. This happened because an incorrect buffer size was\nused to hold a 64-bit timeout value rendered as weeks. (CVE-2016-7042,\nModerate)\n\n* It was found that when file permissions were modified via chmod and\nthe user modifying them was not in the owning group or capable of\nCAP_FSETID, the setgid bit would be cleared. Setting a POSIX ACL via\nsetxattr sets the file permissions as well as the new ACL, but doesn't\nclear the setgid bit in a similar way. This could allow a local user\nto gain group privileges via certain setgid applications.\n(CVE-2016-7097, Moderate)\n\n* A flaw was found in the Linux networking subsystem where a local\nattacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds\nmemory access by creating a smaller-than-expected ICMP header and\nsending to its destination via sendto(). (CVE-2016-8399, Moderate)\n\n* It was found that the blk_rq_map_user_iov() function in the Linux\nkernel's block device implementation did not properly restrict the\ntype of iterator, which could allow a local attacker to read or write\nto arbitrary kernel memory locations or cause a denial of service\n(use-after-free) by leveraging write access to a /dev/sg device.\n(CVE-2016-9576, CVE-2016-10088, Moderate)\n\n* A flaw was found in the USB-MIDI Linux kernel driver: a double-free\nerror could be triggered for the 'umidi' object. An attacker with\nphysical access to the system could use this flaw to escalate their\nprivileges. (CVE-2016-2384, Low)\n\nThe CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat) and\nthe CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red\nHat) and Jan Kara (SUSE).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9\nTechnical Notes linked from the References section.", "edition": 30, "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-30T00:00:00", "title": "Oracle Linux 6 : kernel (ELSA-2017-0817)", "type": "nessus", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2384", "CVE-2016-7097", "CVE-2016-8399", "CVE-2016-6480", "CVE-2016-2069", "CVE-2016-10088", "CVE-2017-5551", "CVE-2016-9576", "CVE-2016-10142", "CVE-2016-7042"], "modified": "2017-03-30T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-firmware", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2017-0817.NASL", "href": "https://www.tenable.com/plugins/nessus/99074", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:0817 and \n# Oracle Linux Security Advisory ELSA-2017-0817 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99074);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-10088\", \"CVE-2016-10142\", \"CVE-2016-2069\", \"CVE-2016-2384\", \"CVE-2016-6480\", \"CVE-2016-7042\", \"CVE-2016-7097\", \"CVE-2016-8399\", \"CVE-2016-9576\", \"CVE-2017-5551\");\n script_xref(name:\"RHSA\", value:\"2017:0817\");\n\n script_name(english:\"Oracle Linux 6 : kernel (ELSA-2017-0817)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2017:0817 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* It was discovered that a remote attacker could leverage the\ngeneration of IPv6 atomic fragments to trigger the use of\nfragmentation in an arbitrary IPv6 flow (in scenarios in which actual\nfragmentation of packets is not needed) and could subsequently perform\nany type of a fragmentation-based attack against legacy IPv6 nodes\nthat do not implement RFC6946. (CVE-2016-10142, Moderate)\n\n* A flaw was discovered in the way the Linux kernel dealt with paging\nstructures. When the kernel invalidated a paging structure that was\nnot in use locally, it could, in principle, race against another CPU\nthat is switching to a process that uses the paging structure in\nquestion. A local user could use a thread running with a stale cached\nvirtual->physical translation to potentially escalate their privileges\nif the translation in question were writable and the physical page got\nreused for something critical (for example, a page table).\n(CVE-2016-2069, Moderate)\n\n* A race condition flaw was found in the ioctl_send_fib() function in\nthe Linux kernel's aacraid implementation. A local attacker could use\nthis flaw to cause a denial of service (out-of-bounds access or system\ncrash) by changing a certain size value. (CVE-2016-6480, Moderate)\n\n* It was found that when the gcc stack protector was enabled, reading\nthe / proc/keys file could cause a panic in the Linux kernel due to\nstack corruption. This happened because an incorrect buffer size was\nused to hold a 64-bit timeout value rendered as weeks. (CVE-2016-7042,\nModerate)\n\n* It was found that when file permissions were modified via chmod and\nthe user modifying them was not in the owning group or capable of\nCAP_FSETID, the setgid bit would be cleared. Setting a POSIX ACL via\nsetxattr sets the file permissions as well as the new ACL, but doesn't\nclear the setgid bit in a similar way. This could allow a local user\nto gain group privileges via certain setgid applications.\n(CVE-2016-7097, Moderate)\n\n* A flaw was found in the Linux networking subsystem where a local\nattacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds\nmemory access by creating a smaller-than-expected ICMP header and\nsending to its destination via sendto(). (CVE-2016-8399, Moderate)\n\n* It was found that the blk_rq_map_user_iov() function in the Linux\nkernel's block device implementation did not properly restrict the\ntype of iterator, which could allow a local attacker to read or write\nto arbitrary kernel memory locations or cause a denial of service\n(use-after-free) by leveraging write access to a /dev/sg device.\n(CVE-2016-9576, CVE-2016-10088, Moderate)\n\n* A flaw was found in the USB-MIDI Linux kernel driver: a double-free\nerror could be triggered for the 'umidi' object. An attacker with\nphysical access to the system could use this flaw to escalate their\nprivileges. (CVE-2016-2384, Low)\n\nThe CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat) and\nthe CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red\nHat) and Jan Kara (SUSE).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9\nTechnical Notes linked from the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-March/006808.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-10088\", \"CVE-2016-10142\", \"CVE-2016-2069\", \"CVE-2016-2384\", \"CVE-2016-6480\", \"CVE-2016-7042\", \"CVE-2016-7097\", \"CVE-2016-8399\", \"CVE-2016-9576\", \"CVE-2017-5551\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2017-0817\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-2.6.32-696.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-abi-whitelists-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-abi-whitelists-2.6.32-696.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-2.6.32-696.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-devel-2.6.32-696.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-devel-2.6.32-696.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-doc-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-doc-2.6.32-696.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-firmware-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-firmware-2.6.32-696.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-headers-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-headers-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perf-2.6.32-696.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"python-perf-2.6.32-696.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-31T21:32:05", "description": "Marco Grassi discovered a use-after-free condition could occur in the\nTCP retransmit queue handling code in the Linux kernel. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2016-6828)\n\nPengfei Wang discovered a race condition in the audit subsystem in the\nLinux kernel. A local attacker could use this to corrupt audit logs or\ndisrupt system-call auditing. (CVE-2016-6136)\n\nPengfei Wang discovered a race condition in the Adaptec AAC RAID\ncontroller driver in the Linux kernel when handling ioctl()s. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2016-6480).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 41, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-10-11T00:00:00", "title": "Ubuntu 12.04 LTS : linux vulnerabilities (USN-3097-1)", "type": "nessus", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6480", "CVE-2016-6136", "CVE-2016-6828"], "modified": "2021-08-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-3097-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93953", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3097-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93953);\n script_version(\"2.14\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2016-6136\", \"CVE-2016-6480\", \"CVE-2016-6828\");\n script_xref(name:\"USN\", value:\"3097-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux vulnerabilities (USN-3097-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Marco Grassi discovered a use-after-free condition could occur in the\nTCP retransmit queue handling code in the Linux kernel. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2016-6828)\n\nPengfei Wang discovered a race condition in the audit subsystem in the\nLinux kernel. A local attacker could use this to corrupt audit logs or\ndisrupt system-call auditing. (CVE-2016-6136)\n\nPengfei Wang discovered a race condition in the Adaptec AAC RAID\ncontroller driver in the Linux kernel when handling ioctl()s. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2016-6480).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3097-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-6136\", \"CVE-2016-6480\", \"CVE-2016-6828\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3097-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-111-generic\", pkgver:\"3.2.0-111.153\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-111-generic-pae\", pkgver:\"3.2.0-111.153\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-111-highbank\", pkgver:\"3.2.0-111.153\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-111-virtual\", pkgver:\"3.2.0-111.153\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.2-generic / linux-image-3.2-generic-pae / etc\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-29T02:30:24", "description": "From Red Hat Security Advisory 2017:0036 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A use-after-free vulnerability was found in the kernels socket\nrecvmmsg subsystem. This may allow remote attackers to corrupt memory\nand may allow execution of arbitrary code. This corruption takes place\nduring the error handling routines within __sys_recvmmsg() function.\n(CVE-2016-7117, Important)\n\n* An out-of-bounds heap memory access leading to a Denial of Service,\nheap disclosure, or further impact was found in setsockopt(). The\nfunction call is normally restricted to root, however some processes\nwith cap_sys_admin may also be able to trigger this flaw in privileged\ncontainer environments. (CVE-2016-4998, Moderate)\n\n* A use-after-free vulnerability was found in\ntcp_xmit_retransmit_queue and other tcp_* functions. This condition\ncould allow an attacker to send an incorrect selective acknowledgment\nto existing connections, possibly resetting a connection.\n(CVE-2016-6828, Moderate)\n\nBug Fix(es) :\n\n* When parallel NFS returned a file layout, a kernel crash sometimes\noccurred. This update removes the call to the BUG_ON() function from a\ncode path of a client that returns the file layout. As a result, the\nkernel no longer crashes in the described situation. (BZ#1385480)\n\n* When a guest virtual machine (VM) on Microsoft Hyper-V was set to\ncrash on a Nonmaskable Interrupt (NMI) that was injected from the\nhost, this VM became unresponsive and did not create the vmcore dump\nfile. This update applies a set of patches to the Virtual Machine Bus\nkernel driver (hv_vmbus) that fix this bug. As a result, the VM now\nfirst creates and saves the vmcore dump file and then reboots.\n(BZ#1385482)\n\n* From Red Hat Enterprise Linux 6.6 to 6.8, the IPv6 routing cache\noccasionally showed incorrect values. This update fixes the\nDST_NOCOUNT mechanism, and the IPv6 routing cache now shows correct\nvalues. (BZ# 1391974)\n\n* When using the ixgbe driver and the software Fibre Channel over\nEthernet (FCoE) stack, suboptimal performance in some cases occurred\non systems with a large number of CPUs. This update fixes the\nfc_exch_alloc() function to try all the available exchange managers in\nthe list for an available exchange ID. This change avoids failing\nallocations, which previously led to the host busy status.\n(BZ#1392818)\n\n* When the vmwgfx kernel module loads, it overrides the boot\nresolution automatically. Consequently, users were not able to change\nthe resolution by manual setting of the kernel's 'vga=' parameter in\nthe /boot/grub/ grub.conf file. This update adds the 'nomodeset'\nparameter, which can be set in the /boot/grub/grub.conf file. The\n'nomodeset' parameter allows the users to prevent the vmwgfx driver\nfrom loading. As a result, the setting of the 'vga=' parameter works\nas expected, in case that vmwgfx does not load. (BZ#1392875)\n\n* When Red Hat Enterprise Linux 6.8 was booted on SMBIOS 3.0 based\nsystems, Desktop Management Interface (DMI) information, which is\nreferenced by several applications, such as NEC server's memory RAS\nutility, was missing entries in the sysfs virtual file system. This\nupdate fixes the underlying source code, and sysfs now shows the DMI\ninformation as expected. (BZ# 1393464)\n\n* Previously, bonding mode active backup and the propagation of the\nmedia access control (MAC) address to a VLAN interface did not work in\nRed Hat Enterprise Linux 6.8, when the fail_over_mac bonding parameter\nwas set to fail_over_mac=active. With this update, the underlying\nsource code has been fixed so that the VLANs continue inheriting the\nMAC address of the active physical interface until the VLAN MAC\naddress is explicitly set to any value. As a result, IPv6 EUI64\naddresses for the VLAN can reflect any changes to the MAC address of\nthe physical interface, and Duplicate Address Detection (DAD) behaves\nas expected. (BZ#1396479)", "edition": 29, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-11T00:00:00", "title": "Oracle Linux 6 : kernel (ELSA-2017-0036)", "type": "nessus", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7117", "CVE-2016-6828", "CVE-2016-4998"], "modified": "2017-01-11T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-firmware", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2017-0036.NASL", "href": "https://www.tenable.com/plugins/nessus/96401", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:0036 and \n# Oracle Linux Security Advisory ELSA-2017-0036 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96401);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-4998\", \"CVE-2016-6828\", \"CVE-2016-7117\");\n script_xref(name:\"RHSA\", value:\"2017:0036\");\n\n script_name(english:\"Oracle Linux 6 : kernel (ELSA-2017-0036)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2017:0036 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A use-after-free vulnerability was found in the kernels socket\nrecvmmsg subsystem. This may allow remote attackers to corrupt memory\nand may allow execution of arbitrary code. This corruption takes place\nduring the error handling routines within __sys_recvmmsg() function.\n(CVE-2016-7117, Important)\n\n* An out-of-bounds heap memory access leading to a Denial of Service,\nheap disclosure, or further impact was found in setsockopt(). The\nfunction call is normally restricted to root, however some processes\nwith cap_sys_admin may also be able to trigger this flaw in privileged\ncontainer environments. (CVE-2016-4998, Moderate)\n\n* A use-after-free vulnerability was found in\ntcp_xmit_retransmit_queue and other tcp_* functions. This condition\ncould allow an attacker to send an incorrect selective acknowledgment\nto existing connections, possibly resetting a connection.\n(CVE-2016-6828, Moderate)\n\nBug Fix(es) :\n\n* When parallel NFS returned a file layout, a kernel crash sometimes\noccurred. This update removes the call to the BUG_ON() function from a\ncode path of a client that returns the file layout. As a result, the\nkernel no longer crashes in the described situation. (BZ#1385480)\n\n* When a guest virtual machine (VM) on Microsoft Hyper-V was set to\ncrash on a Nonmaskable Interrupt (NMI) that was injected from the\nhost, this VM became unresponsive and did not create the vmcore dump\nfile. This update applies a set of patches to the Virtual Machine Bus\nkernel driver (hv_vmbus) that fix this bug. As a result, the VM now\nfirst creates and saves the vmcore dump file and then reboots.\n(BZ#1385482)\n\n* From Red Hat Enterprise Linux 6.6 to 6.8, the IPv6 routing cache\noccasionally showed incorrect values. This update fixes the\nDST_NOCOUNT mechanism, and the IPv6 routing cache now shows correct\nvalues. (BZ# 1391974)\n\n* When using the ixgbe driver and the software Fibre Channel over\nEthernet (FCoE) stack, suboptimal performance in some cases occurred\non systems with a large number of CPUs. This update fixes the\nfc_exch_alloc() function to try all the available exchange managers in\nthe list for an available exchange ID. This change avoids failing\nallocations, which previously led to the host busy status.\n(BZ#1392818)\n\n* When the vmwgfx kernel module loads, it overrides the boot\nresolution automatically. Consequently, users were not able to change\nthe resolution by manual setting of the kernel's 'vga=' parameter in\nthe /boot/grub/ grub.conf file. This update adds the 'nomodeset'\nparameter, which can be set in the /boot/grub/grub.conf file. The\n'nomodeset' parameter allows the users to prevent the vmwgfx driver\nfrom loading. As a result, the setting of the 'vga=' parameter works\nas expected, in case that vmwgfx does not load. (BZ#1392875)\n\n* When Red Hat Enterprise Linux 6.8 was booted on SMBIOS 3.0 based\nsystems, Desktop Management Interface (DMI) information, which is\nreferenced by several applications, such as NEC server's memory RAS\nutility, was missing entries in the sysfs virtual file system. This\nupdate fixes the underlying source code, and sysfs now shows the DMI\ninformation as expected. (BZ# 1393464)\n\n* Previously, bonding mode active backup and the propagation of the\nmedia access control (MAC) address to a VLAN interface did not work in\nRed Hat Enterprise Linux 6.8, when the fail_over_mac bonding parameter\nwas set to fail_over_mac=active. With this update, the underlying\nsource code has been fixed so that the VLANs continue inheriting the\nMAC address of the active physical interface until the VLAN MAC\naddress is explicitly set to any value. As a result, IPv6 EUI64\naddresses for the VLAN can reflect any changes to the MAC address of\nthe physical interface, and Duplicate Address Detection (DAD) behaves\nas expected. (BZ#1396479)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-January/006622.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel 4.6.3 Netfilter Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-4998\", \"CVE-2016-6828\", \"CVE-2016-7117\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2017-0036\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-2.6.32-642.13.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-abi-whitelists-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-abi-whitelists-2.6.32-642.13.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-2.6.32-642.13.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-devel-2.6.32-642.13.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-devel-2.6.32-642.13.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-doc-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-doc-2.6.32-642.13.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-firmware-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-firmware-2.6.32-642.13.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-headers-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-headers-2.6.32-642.13.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perf-2.6.32-642.13.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"python-perf-2.6.32-642.13.1.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-01T11:22:06", "description": "An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A use-after-free vulnerability was found in the kernels socket\nrecvmmsg subsystem. This may allow remote attackers to corrupt memory\nand may allow execution of arbitrary code. This corruption takes place\nduring the error handling routines within __sys_recvmmsg() function.\n(CVE-2016-7117, Important)\n\n* An out-of-bounds heap memory access leading to a Denial of Service,\nheap disclosure, or further impact was found in setsockopt(). The\nfunction call is normally restricted to root, however some processes\nwith cap_sys_admin may also be able to trigger this flaw in privileged\ncontainer environments. (CVE-2016-4998, Moderate)\n\n* A use-after-free vulnerability was found in\ntcp_xmit_retransmit_queue and other tcp_* functions. This condition\ncould allow an attacker to send an incorrect selective acknowledgment\nto existing connections, possibly resetting a connection.\n(CVE-2016-6828, Moderate)\n\nBug Fix(es) :\n\n* When parallel NFS returned a file layout, a kernel crash sometimes\noccurred. This update removes the call to the BUG_ON() function from a\ncode path of a client that returns the file layout. As a result, the\nkernel no longer crashes in the described situation. (BZ#1385480)\n\n* When a guest virtual machine (VM) on Microsoft Hyper-V was set to\ncrash on a Nonmaskable Interrupt (NMI) that was injected from the\nhost, this VM became unresponsive and did not create the vmcore dump\nfile. This update applies a set of patches to the Virtual Machine Bus\nkernel driver (hv_vmbus) that fix this bug. As a result, the VM now\nfirst creates and saves the vmcore dump file and then reboots.\n(BZ#1385482)\n\n* From Red Hat Enterprise Linux 6.6 to 6.8, the IPv6 routing cache\noccasionally showed incorrect values. This update fixes the\nDST_NOCOUNT mechanism, and the IPv6 routing cache now shows correct\nvalues. (BZ# 1391974)\n\n* When using the ixgbe driver and the software Fibre Channel over\nEthernet (FCoE) stack, suboptimal performance in some cases occurred\non systems with a large number of CPUs. This update fixes the\nfc_exch_alloc() function to try all the available exchange managers in\nthe list for an available exchange ID. This change avoids failing\nallocations, which previously led to the host busy status.\n(BZ#1392818)\n\n* When the vmwgfx kernel module loads, it overrides the boot\nresolution automatically. Consequently, users were not able to change\nthe resolution by manual setting of the kernel's 'vga=' parameter in\nthe /boot/grub/ grub.conf file. This update adds the 'nomodeset'\nparameter, which can be set in the /boot/grub/grub.conf file. The\n'nomodeset' parameter allows the users to prevent the vmwgfx driver\nfrom loading. As a result, the setting of the 'vga=' parameter works\nas expected, in case that vmwgfx does not load. (BZ#1392875)\n\n* When Red Hat Enterprise Linux 6.8 was booted on SMBIOS 3.0 based\nsystems, Desktop Management Interface (DMI) information, which is\nreferenced by several applications, such as NEC server's memory RAS\nutility, was missing entries in the sysfs virtual file system. This\nupdate fixes the underlying source code, and sysfs now shows the DMI\ninformation as expected. (BZ# 1393464)\n\n* Previously, bonding mode active backup and the propagation of the\nmedia access control (MAC) address to a VLAN interface did not work in\nRed Hat Enterprise Linux 6.8, when the fail_over_mac bonding parameter\nwas set to fail_over_mac=active. With this update, the underlying\nsource code has been fixed so that the VLANs continue inheriting the\nMAC address of the active physical interface until the VLAN MAC\naddress is explicitly set to any value. As a result, IPv6 EUI64\naddresses for the VLAN can reflect any changes to the MAC address of\nthe physical interface, and Duplicate Address Detection (DAD) behaves\nas expected. (BZ#1396479)", "edition": 37, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-11T00:00:00", "title": "RHEL 6 : kernel (RHSA-2017:0036)", "type": "nessus", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7117", "CVE-2016-6828", "CVE-2016-4998"], "modified": "2021-08-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:python-perf", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686"], "id": "REDHAT-RHSA-2017-0036.NASL", "href": "https://www.tenable.com/plugins/nessus/96403", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0036. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96403);\n script_version(\"3.12\");\n script_cvs_date(\"Date: 2019/12/16\");\n\n script_cve_id(\"CVE-2016-4998\", \"CVE-2016-6828\", \"CVE-2016-7117\");\n script_xref(name:\"RHSA\", value:\"2017:0036\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2017:0036)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A use-after-free vulnerability was found in the kernels socket\nrecvmmsg subsystem. This may allow remote attackers to corrupt memory\nand may allow execution of arbitrary code. This corruption takes place\nduring the error handling routines within __sys_recvmmsg() function.\n(CVE-2016-7117, Important)\n\n* An out-of-bounds heap memory access leading to a Denial of Service,\nheap disclosure, or further impact was found in setsockopt(). The\nfunction call is normally restricted to root, however some processes\nwith cap_sys_admin may also be able to trigger this flaw in privileged\ncontainer environments. (CVE-2016-4998, Moderate)\n\n* A use-after-free vulnerability was found in\ntcp_xmit_retransmit_queue and other tcp_* functions. This condition\ncould allow an attacker to send an incorrect selective acknowledgment\nto existing connections, possibly resetting a connection.\n(CVE-2016-6828, Moderate)\n\nBug Fix(es) :\n\n* When parallel NFS returned a file layout, a kernel crash sometimes\noccurred. This update removes the call to the BUG_ON() function from a\ncode path of a client that returns the file layout. As a result, the\nkernel no longer crashes in the described situation. (BZ#1385480)\n\n* When a guest virtual machine (VM) on Microsoft Hyper-V was set to\ncrash on a Nonmaskable Interrupt (NMI) that was injected from the\nhost, this VM became unresponsive and did not create the vmcore dump\nfile. This update applies a set of patches to the Virtual Machine Bus\nkernel driver (hv_vmbus) that fix this bug. As a result, the VM now\nfirst creates and saves the vmcore dump file and then reboots.\n(BZ#1385482)\n\n* From Red Hat Enterprise Linux 6.6 to 6.8, the IPv6 routing cache\noccasionally showed incorrect values. This update fixes the\nDST_NOCOUNT mechanism, and the IPv6 routing cache now shows correct\nvalues. (BZ# 1391974)\n\n* When using the ixgbe driver and the software Fibre Channel over\nEthernet (FCoE) stack, suboptimal performance in some cases occurred\non systems with a large number of CPUs. This update fixes the\nfc_exch_alloc() function to try all the available exchange managers in\nthe list for an available exchange ID. This change avoids failing\nallocations, which previously led to the host busy status.\n(BZ#1392818)\n\n* When the vmwgfx kernel module loads, it overrides the boot\nresolution automatically. Consequently, users were not able to change\nthe resolution by manual setting of the kernel's 'vga=' parameter in\nthe /boot/grub/ grub.conf file. This update adds the 'nomodeset'\nparameter, which can be set in the /boot/grub/grub.conf file. The\n'nomodeset' parameter allows the users to prevent the vmwgfx driver\nfrom loading. As a result, the setting of the 'vga=' parameter works\nas expected, in case that vmwgfx does not load. (BZ#1392875)\n\n* When Red Hat Enterprise Linux 6.8 was booted on SMBIOS 3.0 based\nsystems, Desktop Management Interface (DMI) information, which is\nreferenced by several applications, such as NEC server's memory RAS\nutility, was missing entries in the sysfs virtual file system. This\nupdate fixes the underlying source code, and sysfs now shows the DMI\ninformation as expected. (BZ# 1393464)\n\n* Previously, bonding mode active backup and the propagation of the\nmedia access control (MAC) address to a VLAN interface did not work in\nRed Hat Enterprise Linux 6.8, when the fail_over_mac bonding parameter\nwas set to fail_over_mac=active. With this update, the underlying\nsource code has been fixed so that the VLANs continue inheriting the\nMAC address of the active physical interface until the VLAN MAC\naddress is explicitly set to any value. As a result, IPv6 EUI64\naddresses for the VLAN can reflect any changes to the MAC address of\nthe physical interface, and Duplicate Address Detection (DAD) behaves\nas expected. (BZ#1396479)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:0036\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6828\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-7117\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel 4.6.3 Netfilter Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-4998\", \"CVE-2016-6828\", \"CVE-2016-7117\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2017:0036\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:0036\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-abi-whitelists-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-doc-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-firmware-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-debuginfo-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-debuginfo-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-debuginfo-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-debuginfo-2.6.32-642.13.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-2.6.32-642.13.1.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-29T03:40:33", "description": "Security Fix(es) :\n\n - A use-after-free vulnerability was found in the kernels\n socket recvmmsg subsystem. This may allow remote\n attackers to corrupt memory and may allow execution of\n arbitrary code. This corruption takes place during the\n error handling routines within __sys_recvmmsg()\n function. (CVE-2016-7117, Important)\n\n - An out-of-bounds heap memory access leading to a Denial\n of Service, heap disclosure, or further impact was found\n in setsockopt(). The function call is normally\n restricted to root, however some processes with\n cap_sys_admin may also be able to trigger this flaw in\n privileged container environments. (CVE-2016-4998,\n Moderate)\n\n - A use-after-free vulnerability was found in\n tcp_xmit_retransmit_queue and other tcp_* functions.\n This condition could allow an attacker to send an\n incorrect selective acknowledgment to existing\n connections, possibly resetting a connection.\n (CVE-2016-6828, Moderate)\n\nBug Fix(es) :\n\n - When parallel NFS returned a file layout, a kernel crash\n sometimes occurred. This update removes the call to the\n BUG_ON() function from a code path of a client that\n returns the file layout. As a result, the kernel no\n longer crashes in the described situation.\n\n - When a guest virtual machine (VM) on Microsoft Hyper-V\n was set to crash on a Nonmaskable Interrupt (NMI) that\n was injected from the host, this VM became unresponsive\n and did not create the vmcore dump file. This update\n applies a set of patches to the Virtual Machine Bus\n kernel driver (hv_vmbus) that fix this bug. As a result,\n the VM now first creates and saves the vmcore dump file\n and then reboots.\n\n - From Scientific Linux 6.6 to 6.8, the IPv6 routing cache\n occasionally showed incorrect values. This update fixes\n the DST_NOCOUNT mechanism, and the IPv6 routing cache\n now shows correct values.\n\n - When using the ixgbe driver and the software Fibre\n Channel over Ethernet (FCoE) stack, suboptimal\n performance in some cases occurred on systems with a\n large number of CPUs. This update fixes the\n fc_exch_alloc() function to try all the available\n exchange managers in the list for an available exchange\n ID. This change avoids failing allocations, which\n previously led to the host busy status.\n\n - When the vmwgfx kernel module loads, it overrides the\n boot resolution automatically. Consequently, users were\n not able to change the resolution by manual setting of\n the kernel's 'vga=' parameter in the\n /boot/grub/grub.conf file. This update adds the\n 'nomodeset' parameter, which can be set in the\n /boot/grub/grub.conf file. The 'nomodeset' parameter\n allows the users to prevent the vmwgfx driver from\n loading. As a result, the setting of the 'vga='\n parameter works as expected, in case that vmwgfx does\n not load.\n\n - When Scientific Linux 6.8 was booted on SMBIOS 3.0 based\n systems, Desktop Management Interface (DMI) information,\n which is referenced by several applications, such as NEC\n server's memory RAS utility, was missing entries in the\n sysfs virtual file system. This update fixes the\n underlying source code, and sysfs now shows the DMI\n information as expected.\n\n - Previously, bonding mode active backup and the\n propagation of the media access control (MAC) address to\n a VLAN interface did not work in Scientific Linux 6.8,\n when the fail_over_mac bonding parameter was set to\n fail_over_mac=active. With this update, the underlying\n source code has been fixed so that the VLANs continue\n inheriting the MAC address of the active physical\n interface until the VLAN MAC address is explicitly set\n to any value. As a result, IPv6 EUI64 addresses for the\n VLAN can reflect any changes to the MAC address of the\n physical interface, and Duplicate Address Detection\n (DAD) behaves as expected.", "edition": 17, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-13T00:00:00", "title": "Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20170110)", "type": "nessus", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7117", "CVE-2016-6828", "CVE-2016-4998"], "modified": "2017-01-13T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686", "p-cpe:/a:fermilab:scientific_linux:kernel-firmware", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:perf"], "id": "SL_20170110_KERNEL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/96481", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96481);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-4998\", \"CVE-2016-6828\", \"CVE-2016-7117\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20170110)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - A use-after-free vulnerability was found in the kernels\n socket recvmmsg subsystem. This may allow remote\n attackers to corrupt memory and may allow execution of\n arbitrary code. This corruption takes place during the\n error handling routines within __sys_recvmmsg()\n function. (CVE-2016-7117, Important)\n\n - An out-of-bounds heap memory access leading to a Denial\n of Service, heap disclosure, or further impact was found\n in setsockopt(). The function call is normally\n restricted to root, however some processes with\n cap_sys_admin may also be able to trigger this flaw in\n privileged container environments. (CVE-2016-4998,\n Moderate)\n\n - A use-after-free vulnerability was found in\n tcp_xmit_retransmit_queue and other tcp_* functions.\n This condition could allow an attacker to send an\n incorrect selective acknowledgment to existing\n connections, possibly resetting a connection.\n (CVE-2016-6828, Moderate)\n\nBug Fix(es) :\n\n - When parallel NFS returned a file layout, a kernel crash\n sometimes occurred. This update removes the call to the\n BUG_ON() function from a code path of a client that\n returns the file layout. As a result, the kernel no\n longer crashes in the described situation.\n\n - When a guest virtual machine (VM) on Microsoft Hyper-V\n was set to crash on a Nonmaskable Interrupt (NMI) that\n was injected from the host, this VM became unresponsive\n and did not create the vmcore dump file. This update\n applies a set of patches to the Virtual Machine Bus\n kernel driver (hv_vmbus) that fix this bug. As a result,\n the VM now first creates and saves the vmcore dump file\n and then reboots.\n\n - From Scientific Linux 6.6 to 6.8, the IPv6 routing cache\n occasionally showed incorrect values. This update fixes\n the DST_NOCOUNT mechanism, and the IPv6 routing cache\n now shows correct values.\n\n - When using the ixgbe driver and the software Fibre\n Channel over Ethernet (FCoE) stack, suboptimal\n performance in some cases occurred on systems with a\n large number of CPUs. This update fixes the\n fc_exch_alloc() function to try all the available\n exchange managers in the list for an available exchange\n ID. This change avoids failing allocations, which\n previously led to the host busy status.\n\n - When the vmwgfx kernel module loads, it overrides the\n boot resolution automatically. Consequently, users were\n not able to change the resolution by manual setting of\n the kernel's 'vga=' parameter in the\n /boot/grub/grub.conf file. This update adds the\n 'nomodeset' parameter, which can be set in the\n /boot/grub/grub.conf file. The 'nomodeset' parameter\n allows the users to prevent the vmwgfx driver from\n loading. As a result, the setting of the 'vga='\n parameter works as expected, in case that vmwgfx does\n not load.\n\n - When Scientific Linux 6.8 was booted on SMBIOS 3.0 based\n systems, Desktop Management Interface (DMI) information,\n which is referenced by several applications, such as NEC\n server's memory RAS utility, was missing entries in the\n sysfs virtual file system. This update fixes the\n underlying source code, and sysfs now shows the DMI\n information as expected.\n\n - Previously, bonding mode active backup and the\n propagation of the media access control (MAC) address to\n a VLAN interface did not work in Scientific Linux 6.8,\n when the fail_over_mac bonding parameter was set to\n fail_over_mac=active. With this update, the underlying\n source code has been fixed so that the VLANs continue\n inheriting the MAC address of the active physical\n interface until the VLAN MAC address is explicitly set\n to any value. As a result, IPv6 EUI64 addresses for the\n VLAN can reflect any changes to the MAC address of the\n physical interface, and Duplicate Address Detection\n (DAD) behaves as expected.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1701&L=scientific-linux-errata&F=&S=&P=3224\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6d1f3c8c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel 4.6.3 Netfilter Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kernel-2.6.32-642.13.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-abi-whitelists-2.6.32-642.13.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-2.6.32-642.13.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-debuginfo-2.6.32-642.13.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-devel-2.6.32-642.13.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-2.6.32-642.13.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-common-i686-2.6.32-642.13.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-642.13.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-devel-2.6.32-642.13.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-doc-2.6.32-642.13.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-firmware-2.6.32-642.13.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-headers-2.6.32-642.13.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-2.6.32-642.13.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-debuginfo-2.6.32-642.13.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-2.6.32-642.13.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-debuginfo-2.6.32-642.13.1.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T22:24:10", "description": "An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A use-after-free vulnerability was found in the kernels socket\nrecvmmsg subsystem. This may allow remote attackers to corrupt memory\nand may allow execution of arbitrary code. This corruption takes place\nduring the error handling routines within __sys_recvmmsg() function.\n(CVE-2016-7117, Important)\n\n* An out-of-bounds heap memory access leading to a Denial of Service,\nheap disclosure, or further impact was found in setsockopt(). The\nfunction call is normally restricted to root, however some processes\nwith cap_sys_admin may also be able to trigger this flaw in privileged\ncontainer environments. (CVE-2016-4998, Moderate)\n\n* A use-after-free vulnerability was found in\ntcp_xmit_retransmit_queue and other tcp_* functions. This condition\ncould allow an attacker to send an incorrect selective acknowledgment\nto existing connections, possibly resetting a connection.\n(CVE-2016-6828, Moderate)\n\nBug Fix(es) :\n\n* When parallel NFS returned a file layout, a kernel crash sometimes\noccurred. This update removes the call to the BUG_ON() function from a\ncode path of a client that returns the file layout. As a result, the\nkernel no longer crashes in the described situation. (BZ#1385480)\n\n* When a guest virtual machine (VM) on Microsoft Hyper-V was set to\ncrash on a Nonmaskable Interrupt (NMI) that was injected from the\nhost, this VM became unresponsive and did not create the vmcore dump\nfile. This update applies a set of patches to the Virtual Machine Bus\nkernel driver (hv_vmbus) that fix this bug. As a result, the VM now\nfirst creates and saves the vmcore dump file and then reboots.\n(BZ#1385482)\n\n* From Red Hat Enterprise Linux 6.6 to 6.8, the IPv6 routing cache\noccasionally showed incorrect values. This update fixes the\nDST_NOCOUNT mechanism, and the IPv6 routing cache now shows correct\nvalues. (BZ# 1391974)\n\n* When using the ixgbe driver and the software Fibre Channel over\nEthernet (FCoE) stack, suboptimal performance in some cases occurred\non systems with a large number of CPUs. This update fixes the\nfc_exch_alloc() function to try all the available exchange managers in\nthe list for an available exchange ID. This change avoids failing\nallocations, which previously led to the host busy status.\n(BZ#1392818)\n\n* When the vmwgfx kernel module loads, it overrides the boot\nresolution automatically. Consequently, users were not able to change\nthe resolution by manual setting of the kernel's 'vga=' parameter in\nthe /boot/grub/ grub.conf file. This update adds the 'nomodeset'\nparameter, which can be set in the /boot/grub/grub.conf file. The\n'nomodeset' parameter allows the users to prevent the vmwgfx driver\nfrom loading. As a result, the setting of the 'vga=' parameter works\nas expected, in case that vmwgfx does not load. (BZ#1392875)\n\n* When Red Hat Enterprise Linux 6.8 was booted on SMBIOS 3.0 based\nsystems, Desktop Management Interface (DMI) information, which is\nreferenced by several applications, such as NEC server's memory RAS\nutility, was missing entries in the sysfs virtual file system. This\nupdate fixes the underlying source code, and sysfs now shows the DMI\ninformation as expected. (BZ# 1393464)\n\n* Previously, bonding mode active backup and the propagation of the\nmedia access control (MAC) address to a VLAN interface did not work in\nRed Hat Enterprise Linux 6.8, when the fail_over_mac bonding parameter\nwas set to fail_over_mac=active. With this update, the underlying\nsource code has been fixed so that the VLANs continue inheriting the\nMAC address of the active physical interface until the VLAN MAC\naddress is explicitly set to any value. As a result, IPv6 EUI64\naddresses for the VLAN can reflect any changes to the MAC address of\nthe physical interface, and Duplicate Address Detection (DAD) behaves\nas expected. (BZ#1396479)\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.", "edition": 34, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-07-13T00:00:00", "title": "Virtuozzo 6 : kernel / kernel-abi-whitelists / kernel-debug / etc (VZLSA-2017-0036)", "type": "nessus", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7117", "CVE-2016-6828", "CVE-2016-4998"], "modified": "2017-07-13T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:kernel-devel", "p-cpe:/a:virtuozzo:virtuozzo:kernel-headers", "p-cpe:/a:virtuozzo:virtuozzo:kernel-abi-whitelists", "p-cpe:/a:virtuozzo:virtuozzo:kernel-firmware", "p-cpe:/a:virtuozzo:virtuozzo:kernel", "p-cpe:/a:virtuozzo:virtuozzo:kernel-debug-devel", "p-cpe:/a:virtuozzo:virtuozzo:python-perf", "cpe:/o:virtuozzo:virtuozzo:6", "p-cpe:/a:virtuozzo:virtuozzo:kernel-doc", "p-cpe:/a:virtuozzo:virtuozzo:kernel-debug", "p-cpe:/a:virtuozzo:virtuozzo:perf"], "id": "VIRTUOZZO_VZLSA-2017-0036.NASL", "href": "https://www.tenable.com/plugins/nessus/101405", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101405);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2016-4998\",\n \"CVE-2016-6828\",\n \"CVE-2016-7117\"\n );\n\n script_name(english:\"Virtuozzo 6 : kernel / kernel-abi-whitelists / kernel-debug / etc (VZLSA-2017-0036)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A use-after-free vulnerability was found in the kernels socket\nrecvmmsg subsystem. This may allow remote attackers to corrupt memory\nand may allow execution of arbitrary code. This corruption takes place\nduring the error handling routines within __sys_recvmmsg() function.\n(CVE-2016-7117, Important)\n\n* An out-of-bounds heap memory access leading to a Denial of Service,\nheap disclosure, or further impact was found in setsockopt(). The\nfunction call is normally restricted to root, however some processes\nwith cap_sys_admin may also be able to trigger this flaw in privileged\ncontainer environments. (CVE-2016-4998, Moderate)\n\n* A use-after-free vulnerability was found in\ntcp_xmit_retransmit_queue and other tcp_* functions. This condition\ncould allow an attacker to send an incorrect selective acknowledgment\nto existing connections, possibly resetting a connection.\n(CVE-2016-6828, Moderate)\n\nBug Fix(es) :\n\n* When parallel NFS returned a file layout, a kernel crash sometimes\noccurred. This update removes the call to the BUG_ON() function from a\ncode path of a client that returns the file layout. As a result, the\nkernel no longer crashes in the described situation. (BZ#1385480)\n\n* When a guest virtual machine (VM) on Microsoft Hyper-V was set to\ncrash on a Nonmaskable Interrupt (NMI) that was injected from the\nhost, this VM became unresponsive and did not create the vmcore dump\nfile. This update applies a set of patches to the Virtual Machine Bus\nkernel driver (hv_vmbus) that fix this bug. As a result, the VM now\nfirst creates and saves the vmcore dump file and then reboots.\n(BZ#1385482)\n\n* From Red Hat Enterprise Linux 6.6 to 6.8, the IPv6 routing cache\noccasionally showed incorrect values. This update fixes the\nDST_NOCOUNT mechanism, and the IPv6 routing cache now shows correct\nvalues. (BZ# 1391974)\n\n* When using the ixgbe driver and the software Fibre Channel over\nEthernet (FCoE) stack, suboptimal performance in some cases occurred\non systems with a large number of CPUs. This update fixes the\nfc_exch_alloc() function to try all the available exchange managers in\nthe list for an available exchange ID. This change avoids failing\nallocations, which previously led to the host busy status.\n(BZ#1392818)\n\n* When the vmwgfx kernel module loads, it overrides the boot\nresolution automatically. Consequently, users were not able to change\nthe resolution by manual setting of the kernel's 'vga=' parameter in\nthe /boot/grub/ grub.conf file. This update adds the 'nomodeset'\nparameter, which can be set in the /boot/grub/grub.conf file. The\n'nomodeset' parameter allows the users to prevent the vmwgfx driver\nfrom loading. As a result, the setting of the 'vga=' parameter works\nas expected, in case that vmwgfx does not load. (BZ#1392875)\n\n* When Red Hat Enterprise Linux 6.8 was booted on SMBIOS 3.0 based\nsystems, Desktop Management Interface (DMI) information, which is\nreferenced by several applications, such as NEC server's memory RAS\nutility, was missing entries in the sysfs virtual file system. This\nupdate fixes the underlying source code, and sysfs now shows the DMI\ninformation as expected. (BZ# 1393464)\n\n* Previously, bonding mode active backup and the propagation of the\nmedia access control (MAC) address to a VLAN interface did not work in\nRed Hat Enterprise Linux 6.8, when the fail_over_mac bonding parameter\nwas set to fail_over_mac=active. With this update, the underlying\nsource code has been fixed so that the VLANs continue inheriting the\nMAC address of the active physical interface until the VLAN MAC\naddress is explicitly set to any value. As a result, IPv6 EUI64\naddresses for the VLAN can reflect any changes to the MAC address of\nthe physical interface, and Duplicate Address Detection (DAD) behaves\nas expected. (BZ#1396479)\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-0036.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b93f0c8f\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017-0036\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel / kernel-abi-whitelists / kernel-debug / etc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel 4.6.3 Netfilter Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 6.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-2.6.32-642.13.1.vl6\",\n \"kernel-abi-whitelists-2.6.32-642.13.1.vl6\",\n \"kernel-debug-2.6.32-642.13.1.vl6\",\n \"kernel-debug-devel-2.6.32-642.13.1.vl6\",\n \"kernel-devel-2.6.32-642.13.1.vl6\",\n \"kernel-doc-2.6.32-642.13.1.vl6\",\n \"kernel-firmware-2.6.32-642.13.1.vl6\",\n \"kernel-headers-2.6.32-642.13.1.vl6\",\n \"perf-2.6.32-642.13.1.vl6\",\n \"python-perf-2.6.32-642.13.1.vl6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-6\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "virtuozzo": [{"lastseen": "2021-07-28T14:21:24", "description": "This update provides a new Virtuozzo 6.0 kernel 2.6.32-042stab123.1 as well as internal stability bug fixes. The new kernel is based on the Red Hat Enterprise Linux 6.9 kernel 2.6.32-696.el6 and provides security fixes.\n**Vulnerability id:** CVE-2017-6214\nA flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality can allow a remote attacker to force the kernel to enter a condition in which it can loop indefinitely.\n\n**Vulnerability id:** CVE-2016-10142\nIt was discovered that a remote attacker could leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in scenarios in which actual fragmentation of packets is not needed) and could subsequently perform any type of a fragmentation-based attack against legacy IPv6 nodes that do not implement RFC6946.\n\n**Vulnerability id:** CVE-2016-10088, CVE-2016-9576\nIt was found that the blk_rq_map_user_iov() function in the Linux kernel's block device implementation did not properly restrict the type of iterator, which could allow a local attacker to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging write access to a /dev/sg device.\n\n**Vulnerability id:** CVE-2016-9555\nA flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash.\n\n**Vulnerability id:** CVE-2016-8399\nA flaw was found in the Linux networking subsystem where a local attacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds memory access by creating a smaller-than-expected ICMP header and sending to its destination via sendto().\n\n**Vulnerability id:** CVE-2016-7097\nIt was found that when file permissions were modified via chmod and the user modifying them was not in the owning group or capable of CAP_FSETID, the setgid bit would be cleared. Setting a POSIX ACL via setxattr sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way. This could allow a local user to gain group privileges via certain setgid applications.\n\n**Vulnerability id:** CVE-2016-7042\nIt was found that when the gcc stack protector was enabled, reading the /proc/keys file could cause a panic in the Linux kernel due to stack corruption. This happened because an incorrect buffer size was used to hold a 64-bit timeout value rendered as weeks.\n\n**Vulnerability id:** CVE-2016-6480\nA race condition flaw was found in the ioctl_send_fib() function in the Linux kernel's aacraid implementation. A local attacker could use this flaw to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value.\n\n**Vulnerability id:** CVE-2016-6136\nWhen creating audit records for parameters to executed children processes, an attacker can convince the Linux kernel audit subsystem can create corrupt records which may allow an attacker to misrepresent or evade logging of executing commands.\n\n**Vulnerability id:** CVE-2016-2069\nA flaw was discovered in the way the Linux kernel dealt with paging structures. When the kernel invalidated a paging structure that was not in use locally, it could, in principle, race against another CPU that is switching to a process that uses the paging structure in question. A local user could use a thread running with a stale cached virtual->physical translation to potentially escalate their privileges if the translation in question were writable and the physical page got reused for something critical (for example, a page table).\n\n**Vulnerability id:** CVE-2016-2384\nA flaw was found in the USB-MIDI Linux kernel driver: a double-free error could be triggered for the 'umidi' object. An attacker with physical access to the system could use this flaw to escalate their privileges.\n\n", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-30T00:00:00", "title": "Kernel security update: new kernel 2.6.32-042stab123.1, Virtuozzo 6.0 Update 12 Hotfix 7 (6.0.12-)", "type": "virtuozzo", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2384", "CVE-2016-7097", "CVE-2016-8399", "CVE-2016-6480", "CVE-2016-2069", "CVE-2016-10088", "CVE-2016-9555", "CVE-2016-6136", "CVE-2016-6828", "CVE-2017-6214", "CVE-2016-9576", "CVE-2016-10142", "CVE-2016-7042"], "modified": "2017-03-30T00:00:00", "id": "VZA-2017-025", "href": "https://help.virtuozzo.com/customer/portal/articles/2777857", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:21:23", "description": "This update provides a new kernel 2.6.32-042stab123.1 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0. The new kernel is based on the Red Hat Enterprise Linux 6.9 kernel 2.6.32-696.el6 and provides security fixes.\n**Vulnerability id:** CVE-2017-6214\nA flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality can allow a remote attacker to force the kernel to enter a condition in which it can loop indefinitely.\n\n**Vulnerability id:** CVE-2016-10142\nIt was discovered that a remote attacker could leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in scenarios in which actual fragmentation of packets is not needed) and could subsequently perform any type of a fragmentation-based attack against legacy IPv6 nodes that do not implement RFC6946.\n\n**Vulnerability id:** CVE-2016-10088, CVE-2016-9576\nIt was found that the blk_rq_map_user_iov() function in the Linux kernel's block device implementation did not properly restrict the type of iterator, which could allow a local attacker to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging write access to a /dev/sg device.\n\n**Vulnerability id:** CVE-2016-9555\nA flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash.\n\n**Vulnerability id:** CVE-2016-8399\nA flaw was found in the Linux networking subsystem where a local attacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds memory access by creating a smaller-than-expected ICMP header and sending to its destination via sendto().\n\n**Vulnerability id:** CVE-2016-7097\nIt was found that when file permissions were modified via chmod and the user modifying them was not in the owning group or capable of CAP_FSETID, the setgid bit would be cleared. Setting a POSIX ACL via setxattr sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way. This could allow a local user to gain group privileges via certain setgid applications.\n\n**Vulnerability id:** CVE-2016-7042\nIt was found that when the gcc stack protector was enabled, reading the /proc/keys file could cause a panic in the Linux kernel due to stack corruption. This happened because an incorrect buffer size was used to hold a 64-bit timeout value rendered as weeks.\n\n**Vulnerability id:** CVE-2016-6480\nA race condition flaw was found in the ioctl_send_fib() function in the Linux kernel's aacraid implementation. A local attacker could use this flaw to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value.\n\n**Vulnerability id:** CVE-2016-6136\nWhen creating audit records for parameters to executed children processes, an attacker can convince the Linux kernel audit subsystem can create corrupt records which may allow an attacker to misrepresent or evade logging of executing commands.\n\n**Vulnerability id:** CVE-2016-2069\nA flaw was discovered in the way the Linux kernel dealt with paging structures. When the kernel invalidated a paging structure that was not in use locally, it could, in principle, race against another CPU that is switching to a process that uses the paging structure in question. A local user could use a thread running with a stale cached virtual->physical translation to potentially escalate their privileges if the translation in question were writable and the physical page got reused for something critical (for example, a page table).\n\n**Vulnerability id:** CVE-2016-2384\nA flaw was found in the USB-MIDI Linux kernel driver: a double-free error could be triggered for the 'umidi' object. An attacker with physical access to the system could use this flaw to escalate their privileges.\n\n", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-30T00:00:00", "title": "Kernel security update: new kernel 2.6.32-042stab123.1 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0", "type": "virtuozzo", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2384", "CVE-2016-7097", "CVE-2016-8399", "CVE-2016-6480", "CVE-2016-2069", "CVE-2016-10088", "CVE-2016-9555", "CVE-2016-6136", "CVE-2016-6828", "CVE-2017-6214", "CVE-2016-9576", "CVE-2016-10142", "CVE-2016-7042"], "modified": "2017-03-30T00:00:00", "id": "VZA-2017-024", "href": "https://help.virtuozzo.com/customer/portal/articles/2777856", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:34:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2384", "CVE-2016-7097", "CVE-2016-8399", "CVE-2016-6480", "CVE-2016-2069", "CVE-2016-10088", "CVE-2016-9576", "CVE-2016-10142", "CVE-2016-7042"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2017-03-22T00:00:00", "id": "OPENVAS:1361412562310871783", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871783", "type": "openvas", "title": "RedHat Update for kernel RHSA-2017:0817-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2017:0817-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871783\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-22 05:48:26 +0100 (Wed, 22 Mar 2017)\");\n script_cve_id(\"CVE-2016-10088\", \"CVE-2016-10142\", \"CVE-2016-2069\", \"CVE-2016-2384\",\n \"CVE-2016-6480\", \"CVE-2016-7042\", \"CVE-2016-7097\", \"CVE-2016-8399\",\n \"CVE-2016-9576\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for kernel RHSA-2017:0817-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux\nkernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n * It was discovered that a remote attacker could leverage the generation of\nIPv6 atomic fragments to trigger the use of fragmentation in an arbitrary\nIPv6 flow (in scenarios in which actual fragmentation of packets is not\nneeded) and could subsequently perform any type of a fragmentation-based\nattack against legacy IPv6 nodes that do not implement RFC6946.\n(CVE-2016-10142, Moderate)\n\n * A flaw was discovered in the way the Linux kernel dealt with paging\nstructures. When the kernel invalidated a paging structure that was not in\nuse locally, it could, in principle, race against another CPU that is\nswitching to a process that uses the paging structure in question. A local\nuser could use a thread running with a stale cached virtual- physical\ntranslation to potentially escalate their privileges if the translation in\nquestion were writable and the physical page got reused for something\ncritical (for example, a page table). (CVE-2016-2069, Moderate)\n\n * A race condition flaw was found in the ioctl_send_fib() function in the\nLinux kernel's aacraid implementation. A local attacker could use this flaw\nto cause a denial of service (out-of-bounds access or system crash) by\nchanging a certain size value. (CVE-2016-6480, Moderate)\n\n * It was found that when the gcc stack protector was enabled, reading the\n/proc/keys file could cause a panic in the Linux kernel due to stack\ncorruption. This happened because an incorrect buffer size was used to hold\na 64-bit timeout value rendered as weeks. (CVE-2016-7042, Moderate)\n\n * It was found that when file permissions were modified via chmod and the\nuser modifying them was not in the owning group or capable of CAP_FSETID,\nthe setgid bit would be cleared. Setting a POSIX ACL via setxattr sets the\nfile permissions as well as the new ACL, but doesn't clear the setgid bit\nin a similar way. This could allow a local user to gain group privileges\nvia certain setgid applications. (CVE-2016-7097, Moderate)\n\n * A flaw was found in the Linux networking subsystem where a local attacker\nwith CAP_NET_ADMIN capabilities could cause an out-of-bounds memory access\nby creating a smaller-than-expected ICMP header and sending to its\ndestination via sendto(). (CVE-2016-8399, Moderate)\n\n * It was found that the blk_rq_map_user_iov() function in the Linux\nkernel's block device implementation did not properly restrict the type of\niterator, which could allow a local attacker to re ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:0817-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-March/msg00055.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~696.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~696.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.32~696.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~696.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.32~696.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~2.6.32~696.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~696.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~696.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~696.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~2.6.32~696.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf-debuginfo\", rpm:\"python-perf-debuginfo~2.6.32~696.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~2.6.32~696.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~696.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~696.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~2.6.32~696.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:34", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-10-14T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-3097-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6480", "CVE-2016-6136", "CVE-2016-6828"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842916", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842916", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-ti-omap4 USN-3097-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842916\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-10-14 05:54:21 +0200 (Fri, 14 Oct 2016)\");\n script_cve_id(\"CVE-2016-6828\", \"CVE-2016-6136\", \"CVE-2016-6480\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-3097-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-ti-omap4'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Marco Grassi discovered a use-after-free\n condition could occur in the TCP retransmit queue handling code in the Linux\n kernel. A local attacker could use this to cause a denial of service (system\n crash) or possibly execute arbitrary code. (CVE-2016-6828)\n\nPengfei Wang discovered a race condition in the audit subsystem in the\nLinux kernel. A local attacker could use this to corrupt audit logs or\ndisrupt system-call auditing. (CVE-2016-6136)\n\nPengfei Wang discovered a race condition in the Adaptec AAC RAID controller\ndriver in the Linux kernel when handling ioctl()s. A local attacker could\nuse this to cause a denial of service (system crash). (CVE-2016-6480)\");\n script_tag(name:\"affected\", value:\"linux-ti-omap4 on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3097-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3097-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-1489-omap4\", ver:\"3.2.0-1489.116\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:12", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-10-12T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3097-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6480", "CVE-2016-6136", "CVE-2016-6828"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842907", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842907", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3097-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842907\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-10-12 05:45:19 +0200 (Wed, 12 Oct 2016)\");\n script_cve_id(\"CVE-2016-6828\", \"CVE-2016-6136\", \"CVE-2016-6480\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3097-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Marco Grassi discovered a use-after-free\n condition could occur in the TCP retransmit queue handling code in the Linux\n kernel. A local attacker could use this to cause a denial of service (system\n crash) or possibly execute arbitrary code. (CVE-2016-6828)\n\nPengfei Wang discovered a race condition in the audit subsystem in the\nLinux kernel. A local attacker could use this to corrupt audit logs or\ndisrupt system-call auditing. (CVE-2016-6136)\n\nPengfei Wang discovered a race condition in the Adaptec AAC RAID controller\ndriver in the Linux kernel when handling ioctl()s. A local attacker could\nuse this to cause a denial of service (system crash). (CVE-2016-6480)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3097-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3097-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-111-generic\", ver:\"3.2.0-111.153\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-111-generic-pae\", ver:\"3.2.0-111.153\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-111-highbank\", ver:\"3.2.0-111.153\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-111-omap\", ver:\"3.2.0-111.153\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-111-powerpc-smp\", ver:\"3.2.0-111.153\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-111-powerpc64-smp\", ver:\"3.2.0-111.153\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-111-virtual\", ver:\"3.2.0-111.153\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-01-11T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2017:0036-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7117", "CVE-2016-6828", "CVE-2016-4998"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871742", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871742", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2017:0036-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871742\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-11 05:38:12 +0100 (Wed, 11 Jan 2017)\");\n script_cve_id(\"CVE-2016-4998\", \"CVE-2016-6828\", \"CVE-2016-7117\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for kernel RHSA-2017:0036-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux\nkernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n * A use-after-free vulnerability was found in the kernels socket recvmmsg\nsubsystem. This may allow remote attackers to corrupt memory and may allow\nexecution of arbitrary code. This corruption takes place during the error\nhandling routines within __sys_recvmmsg() function. (CVE-2016-7117,\nImportant)\n\n * An out-of-bounds heap memory access leading to a Denial of Service, heap\ndisclosure, or further impact was found in setsockopt(). The function call\nis normally restricted to root, however some processes with cap_sys_admin\nmay also be able to trigger this flaw in privileged container environments.\n(CVE-2016-4998, Moderate)\n\n * A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and\nother tcp_* functions. This condition could allow an attacker to send an\nincorrect selective acknowledgment to existing connections, possibly\nresetting a connection. (CVE-2016-6828, Moderate)\n\nBug Fix(es):\n\n * When parallel NFS returned a file layout, a kernel crash sometimes\noccurred. This update removes the call to the BUG_ON() function from a code\npath of a client that returns the file layout. As a result, the kernel no\nlonger crashes in the described situation. (BZ#1385480)\n\n * When a guest virtual machine (VM) on Microsoft Hyper-V was set to crash\non a Nonmaskable Interrupt (NMI) that was injected from the host, this VM\nbecame unresponsive and did not create the vmcore dump file. This update\napplies a set of patches to the Virtual Machine Bus kernel driver\n(hv_vmbus) that fix this bug. As a result, the VM now first creates and\nsaves the vmcore dump file and then reboots. (BZ#1385482)\n\n * From Red Hat Enterprise Linux 6.6 to 6.8, the IPv6 routing cache\noccasionally showed incorrect values. This update fixes the DST_NOCOUNT\nmechanism, and the IPv6 routing cache now shows correct values.\n(BZ#1391974)\n\n * When using the ixgbe driver and the software Fibre Channel over Ethernet\n(FCoE) stack, suboptimal performance in some cases occurred on systems with\na large number of CPUs. This update fixes the fc_exch_alloc() function to\ntry all the available exchange managers in the list for an available\nexchange ID. This change avoids failing allocations, which previously led\nto the host busy status. (BZ#1392818)\n\n * When the vmwgfx kernel module loads, it overrides the boot resolution\nautomatically. Consequently, users were not able to change the resolution\nby manual setting of the kernel's 'vga=' ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:0036-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-January/msg00012.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~642.13.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~642.13.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.32~642.13.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~642.13.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.32~642.13.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~2.6.32~642.13.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~642.13.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~642.13.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~642.13.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~2.6.32~642.13.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf-debuginfo\", rpm:\"python-perf-debuginfo~2.6.32~642.13.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~2.6.32~642.13.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~642.13.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~642.13.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~2.6.32~642.13.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:09", "description": "Check the version of kernel", "cvss3": {}, "published": "2017-01-13T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2017:0036 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7117", "CVE-2016-6828", "CVE-2016-4998"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882629", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882629", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2017:0036 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882629\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-13 05:42:33 +0100 (Fri, 13 Jan 2017)\");\n script_cve_id(\"CVE-2016-4998\", \"CVE-2016-6828\", \"CVE-2016-7117\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for kernel CESA-2017:0036 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of kernel\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux\nkernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n * A use-after-free vulnerability was found in the kernels socket recvmmsg\nsubsystem. This may allow remote attackers to corrupt memory and may allow\nexecution of arbitrary code. This corruption takes place during the error\nhandling routines within __sys_recvmmsg() function. (CVE-2016-7117,\nImportant)\n\n * An out-of-bounds heap memory access leading to a Denial of Service, heap\ndisclosure, or further impact was found in setsockopt(). The function call\nis normally restricted to root, however some processes with cap_sys_admin\nmay also be able to trigger this flaw in privileged container environments.\n(CVE-2016-4998, Moderate)\n\n * A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and\nother tcp_* functions. This condition could allow an attacker to send an\nincorrect selective acknowledgment to existing connections, possibly\nresetting a connection. (CVE-2016-6828, Moderate)\n\nBug Fix(es):\n\n * When parallel NFS returned a file layout, a kernel crash sometimes\noccurred. This update removes the call to the BUG_ON() function from a code\npath of a client that returns the file layout. As a result, the kernel no\nlonger crashes in the described situation. (BZ#1385480)\n\n * When a guest virtual machine (VM) on Microsoft Hyper-V was set to crash\non a Nonmaskable Interrupt (NMI) that was injected from the host, this VM\nbecame unresponsive and did not create the vmcore dump file. This update\napplies a set of patches to the Virtual Machine Bus kernel driver\n(hv_vmbus) that fix this bug. As a result, the VM now first creates and\nsaves the vmcore dump file and then reboots. (BZ#1385482)\n\n * From Red Hat Enterprise Linux 6.6 to 6.8, the IPv6 routing cache\noccasionally showed incorrect values. This update fixes the DST_NOCOUNT\nmechanism, and the IPv6 routing cache now shows correct values.\n(BZ#1391974)\n\n * When using the ixgbe driver and the software Fibre Channel over Ethernet\n(FCoE) stack, suboptimal performance in some cases occurred on systems with\na large number of CPUs. This update fixes the fc_exch_alloc() function to\ntry all the available exchange managers in the list for an available\nexchange ID. This change avoids failing allocations, which previously led\nto the host busy status. (BZ#1392818)\n\n * When the vmwgfx kernel module loads, it overrides the boot resolution\nautomatically. Consequently, users were not able to change the resolution\nby manual setting of the kernel's 'vga=' parameter in the\n/boot/grub/grub.conf file. This update adds the 'nomodeset' parameter,\nwhich can be set in the /boot/gr ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:0036\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-January/022206.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~642.13.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~2.6.32~642.13.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~642.13.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~642.13.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~642.13.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~642.13.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~642.13.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~642.13.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~642.13.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~2.6.32~642.13.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:00", "description": "Check the version of kernel", "cvss3": {}, "published": "2017-01-20T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2017:0086 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7117", "CVE-2016-9555", "CVE-2016-6828"], "modified": "2019-03-11T00:00:00", "id": "OPENVAS:1361412562310882638", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882638", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2017:0086 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882638\");\n script_version(\"$Revision: 14095 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-11 14:54:56 +0100 (Mon, 11 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-20 05:39:39 +0100 (Fri, 20 Jan 2017)\");\n script_cve_id(\"CVE-2016-6828\", \"CVE-2016-7117\", \"CVE-2016-9555\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for kernel CESA-2017:0086 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of kernel\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel,\nthe core of any Linux operating system.\n\nThese updated kernel packages include several security issues and numerous\nbug fixes, some of which you can see below. Space precludes documenting all\nof these bug fixes in this advisory. To see the complete list of bug fixes,\nusers are directed to the linked Knowledge Article.\n\nSecurity Fix(es):\n\n * A use-after-free vulnerability was found in the kernel's socket recvmmsg\nsubsystem. This may allow remote attackers to corrupt memory and may allow\nexecution of arbitrary code. This corruption takes place during the error\nhandling routines within __sys_recvmmsg() function. (CVE-2016-7117,\nImportant)\n\n * A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and\nother tcp_* functions. This condition could allow an attacker to send an\nincorrect selective acknowledgment to existing connections, possibly\nresetting a connection. (CVE-2016-6828, Moderate)\n\n * A flaw was found in the Linux kernel's implementation of the SCTP\nprotocol. A remote attacker could trigger an out-of-bounds read with an\noffset of up to 64kB potentially causing the system to crash.\n(CVE-2016-9555, Moderate)\n\nBug Fix(es):\n\n * Previously, the performance of Internet Protocol over InfiniBand (IPoIB)\nwas suboptimal due to a conflict of IPoIB with the Generic Receive Offload\n(GRO) infrastructure. With this update, the data cached by the IPoIB driver\nhas been moved from a control block into the IPoIB hard header, thus\navoiding the GRO problem and the corruption of IPoIB address information.\nAs a result, the performance of IPoIB has been improved. (BZ#1390668)\n\n * Previously, when a virtual machine (VM) with PCI-Passthrough interfaces\nwas recreated, a race condition between the eventfd daemon and the virqfd\ndaemon occurred. Consequently, the operating system rebooted. This update\nfixes the race condition. As a result, the operating system no longer\nreboots in the described situation. (BZ#1391611)\n\n * Previously, a packet loss occurred when the team driver in round-robin\nmode was sending a large number of packets. This update fixes counting of\nthe packets in the round-robin runner of the team driver, and the packet\nloss no longer occurs in the described situation. (BZ#1392023)\n\n * Previously, the virtual network devices contained in the deleted\nnamespace could be deleted in any order. If the loopback device was not\ndeleted as the last item, other netns devices, such as vxlan devices, could\nend up with dangling references to the loop ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:0086\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-January/022246.html\");\n script_xref(name:\"URL\", value:\"https://access.redhat.com/articles/2857831\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~514.6.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~514.6.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~514.6.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~514.6.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~514.6.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~514.6.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~514.6.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~514.6.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~514.6.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~514.6.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~514.6.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~514.6.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-01-18T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2017:0086-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7117", "CVE-2016-9555", "CVE-2016-6828"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310871747", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871747", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2017:0086-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871747\");\n script_version(\"$Revision: 12380 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:03:48 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-18 05:45:51 +0100 (Wed, 18 Jan 2017)\");\n script_cve_id(\"CVE-2016-6828\", \"CVE-2016-7117\", \"CVE-2016-9555\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for kernel RHSA-2017:0086-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux\nkernel, the core of any Linux operating system.\n\nThese updated kernel packages include several security issues and numerous\nbug fixes, some of which you can see below. Space precludes documenting all\nof these bug fixes in this advisory. To see the complete list of bug fixes,\nusers are directed to the related Knowledge Article.\n\nSecurity Fix(es):\n\n * A use-after-free vulnerability was found in the kernel's socket recvmmsg\nsubsystem. This may allow remote attackers to corrupt memory and may allow\nexecution of arbitrary code. This corruption takes place during the error\nhandling routines within __sys_recvmmsg() function. (CVE-2016-7117,\nImportant)\n\n * A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and\nother tcp_* functions. This condition could allow an attacker to send an\nincorrect selective acknowledgment to existing connections, possibly\nresetting a connection. (CVE-2016-6828, Moderate)\n\n * A flaw was found in the Linux kernel's implementation of the SCTP\nprotocol. A remote attacker could trigger an out-of-bounds read with an\noffset of up to 64kB potentially causing the system to crash.\n(CVE-2016-9555, Moderate)\n\nBug Fix(es):\n\n * Previously, the performance of Internet Protocol over InfiniBand (IPoIB)\nwas suboptimal due to a conflict of IPoIB with the Generic Receive Offload\n(GRO) infrastructure. With this update, the data cached by the IPoIB driver\nhas been moved from a control block into the IPoIB hard header, thus\navoiding the GRO problem and the corruption of IPoIB address information.\nAs a result, the performance of IPoIB has been improved. (BZ#1390668)\n\n * Previously, when a virtual machine (VM) with PCI-Passthrough interfaces\nwas recreated, a race condition between the eventfd daemon and the virqfd\ndaemon occurred. Consequently, the operating system rebooted. This update\nfixes the race condition. As a result, the operating system no longer\nreboots in the described situation. (BZ#1391611)\n\n * Previously, a packet loss occurred when the team driver in round-robin\nmode was sending a large number of packets. This update fixes counting of\nthe packets in the round-robin runner of the team driver, and the packet\nloss no longer occurs in the described situation. (BZ#1392023)\n\n * Previously, the virtual network devices contained in the deleted\nnamespace could be deleted in any order. If the loopback device was not\ndeleted as the last item, other netns devices, such as vxlan devices, could\nend up with ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"kernel on\n Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:0086-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-January/msg00021.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n script_xref(name:\"URL\", value:\"https://access.redhat.com/articles/2857831\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~514.6.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~514.6.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~514.6.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~514.6.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~3.10.0~514.6.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~514.6.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~514.6.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~514.6.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~514.6.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~514.6.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~514.6.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-debuginfo\", rpm:\"kernel-tools-debuginfo~3.10.0~514.6.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~514.6.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~514.6.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~3.10.0~514.6.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~514.6.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf-debuginfo\", rpm:\"python-perf-debuginfo~3.10.0~514.6.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2021-07-30T06:34:45", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* It was discovered that a remote attacker could leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in scenarios in which actual fragmentation of packets is not needed) and could subsequently perform any type of a fragmentation-based attack against legacy IPv6 nodes that do not implement RFC6946. (CVE-2016-10142, Moderate)\n\n* A flaw was discovered in the way the Linux kernel dealt with paging structures. When the kernel invalidated a paging structure that was not in use locally, it could, in principle, race against another CPU that is switching to a process that uses the paging structure in question. A local user could use a thread running with a stale cached virtual->physical translation to potentially escalate their privileges if the translation in question were writable and the physical page got reused for something critical (for example, a page table). (CVE-2016-2069, Moderate)\n\n* A race condition flaw was found in the ioctl_send_fib() function in the Linux kernel's aacraid implementation. A local attacker could use this flaw to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value. (CVE-2016-6480, Moderate)\n\n* It was found that when the gcc stack protector was enabled, reading the /proc/keys file could cause a panic in the Linux kernel due to stack corruption. This happened because an incorrect buffer size was used to hold a 64-bit timeout value rendered as weeks. (CVE-2016-7042, Moderate)\n\n* It was found that when file permissions were modified via chmod and the user modifying them was not in the owning group or capable of CAP_FSETID, the setgid bit would be cleared. Setting a POSIX ACL via setxattr sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way. This could allow a local user to gain group privileges via certain setgid applications. (CVE-2016-7097, Moderate)\n\n* A flaw was found in the Linux networking subsystem where a local attacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds memory access by creating a smaller-than-expected ICMP header and sending to its destination via sendto(). (CVE-2016-8399, Moderate)\n\n* It was found that the blk_rq_map_user_iov() function in the Linux kernel's block device implementation did not properly restrict the type of iterator, which could allow a local attacker to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging write access to a /dev/sg device. (CVE-2016-9576, CVE-2016-10088, Moderate)\n\n* A flaw was found in the USB-MIDI Linux kernel driver: a double-free error could be triggered for the 'umidi' object. An attacker with physical access to the system could use this flaw to escalate their privileges. (CVE-2016-2384, Low)\n\nThe CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat) and the CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red Hat) and Jan Kara (SUSE).\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 8.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2017-03-21T12:09:43", "type": "redhat", "title": "(RHSA-2017:0817) Moderate: kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10088", "CVE-2016-10142", "CVE-2016-2069", "CVE-2016-2384", "CVE-2016-6480", "CVE-2016-7042", "CVE-2016-7097", "CVE-2016-8399", "CVE-2016-9576", "CVE-2017-5551"], "modified": "2018-09-03T16:56:21", "id": "RHSA-2017:0817", "href": "https://access.redhat.com/errata/RHSA-2017:0817", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:36:56", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A use-after-free vulnerability was found in the kernels socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function. (CVE-2016-7117, Important)\n\n* An out-of-bounds heap memory access leading to a Denial of Service, heap disclosure, or further impact was found in setsockopt(). The function call is normally restricted to root, however some processes with cap_sys_admin may also be able to trigger this flaw in privileged container environments. (CVE-2016-4998, Moderate)\n\n* A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions. This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection. (CVE-2016-6828, Moderate)\n\nBug Fix(es):\n\n* When parallel NFS returned a file layout, a kernel crash sometimes occurred. This update removes the call to the BUG_ON() function from a code path of a client that returns the file layout. As a result, the kernel no longer crashes in the described situation. (BZ#1385480)\n\n* When a guest virtual machine (VM) on Microsoft Hyper-V was set to crash on a Nonmaskable Interrupt (NMI) that was injected from the host, this VM became unresponsive and did not create the vmcore dump file. This update applies a set of patches to the Virtual Machine Bus kernel driver (hv_vmbus) that fix this bug. As a result, the VM now first creates and saves the vmcore dump file and then reboots. (BZ#1385482)\n\n* From Red Hat Enterprise Linux 6.6 to 6.8, the IPv6 routing cache occasionally showed incorrect values. This update fixes the DST_NOCOUNT mechanism, and the IPv6 routing cache now shows correct values. (BZ#1391974)\n\n* When using the ixgbe driver and the software Fibre Channel over Ethernet (FCoE) stack, suboptimal performance in some cases occurred on systems with a large number of CPUs. This update fixes the fc_exch_alloc() function to try all the available exchange managers in the list for an available exchange ID. This change avoids failing allocations, which previously led to the host busy status. (BZ#1392818)\n\n* When the vmwgfx kernel module loads, it overrides the boot resolution automatically. Consequently, users were not able to change the resolution by manual setting of the kernel's 'vga=' parameter in the /boot/grub/grub.conf file. This update adds the 'nomodeset' parameter, which can be set in the /boot/grub/grub.conf file. The 'nomodeset' parameter allows the users to prevent the vmwgfx driver from loading. As a result, the setting of the 'vga=' parameter works as expected, in case that vmwgfx does not load. (BZ#1392875)\n\n* When Red Hat Enterprise Linux 6.8 was booted on SMBIOS 3.0 based systems, Desktop Management Interface (DMI) information, which is referenced by several applications, such as NEC server's memory RAS utility, was missing entries in the sysfs virtual file system. This update fixes the underlying source code, and sysfs now shows the DMI information as expected. (BZ#1393464)\n\n* Previously, bonding mode active backup and the propagation of the media access control (MAC) address to a VLAN interface did not work in Red Hat Enterprise Linux 6.8, when the fail_over_mac bonding parameter was set to fail_over_mac=active. With this update, the underlying source code has been fixed so that the VLANs continue inheriting the MAC address of the active physical interface until the VLAN MAC address is explicitly set to any value. As a result, IPv6 EUI64 addresses for the VLAN can reflect any changes to the MAC address of the physical interface, and Duplicate Address Detection (DAD) behaves as expected. (BZ#1396479)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-10T21:12:05", "type": "redhat", "title": "(RHSA-2017:0036) Important: kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4998", "CVE-2016-6828", "CVE-2016-7117"], "modified": "2018-06-06T20:24:07", "id": "RHSA-2017:0036", "href": "https://access.redhat.com/errata/RHSA-2017:0036", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:37:04", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function. (CVE-2016-7117, Important)\n\n* A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions. This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection. (CVE-2016-6828, Moderate)\n\n* A flaw was found in the Linux kernel's implementation of sctp protocol in which a remote attacker can trigger an out of bounds read with an offset of up to 64kB. This may panic the machine with a page-fault. (CVE-2016-9555, Moderate)\n\nBug Fix(es):\n\n* The kernel-rt packages have been upgraded to the 3.10.0-514.6.1 source tree, which provides a number of bug fixes over the previous version. (BZ#1401863)\n\n* Previously, the device mapper (DM) subsystem was not notified that the real-time kernel changes the way preemption works with spinlocks. This caused a kernel panic when the dm-multipath kernel module was loaded because the interrupt request (IRQ) check was invalid on the real-time kernel. This check has been corrected enabling the system to boot correctly with the dm-multipath module enabled. (BZ#1400930)\n\n* Unlike the standard Linux kernel, the real-time kernel does not disable interrupts inside the Interrupt Service Routines driver. Because of this difference, a New API (NAPI) function for turning interrupt requests (IRQ) off was actually being called with IRQs enabled. Consequently, the NAPI poll list was being corrupted, causing improper networking card operation and potential kernel hangs. With this update, the NAPI function has been corrected to force modifications of the poll list to be protected allowing proper operation of the networking card drivers. (BZ#1402837)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-17T20:24:41", "type": "redhat", "title": "(RHSA-2017:0091) Important: kernel-rt security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6828", "CVE-2016-7117", "CVE-2016-9555"], "modified": "2018-03-19T16:29:53", "id": "RHSA-2017:0091", "href": "https://access.redhat.com/errata/RHSA-2017:0091", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:35:52", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThese updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory. To see the complete list of bug fixes, users are directed to the related Knowledge Article: https://access.redhat.com/articles/2857831.\n\nSecurity Fix(es):\n\n* A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function. (CVE-2016-7117, Important)\n\n* A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions. This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection. (CVE-2016-6828, Moderate)\n\n* A flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash. (CVE-2016-9555, Moderate)\n\nBug Fix(es):\n\n* Previously, the performance of Internet Protocol over InfiniBand (IPoIB) was suboptimal due to a conflict of IPoIB with the Generic Receive Offload (GRO) infrastructure. With this update, the data cached by the IPoIB driver has been moved from a control block into the IPoIB hard header, thus avoiding the GRO problem and the corruption of IPoIB address information. As a result, the performance of IPoIB has been improved. (BZ#1390668)\n\n* Previously, when a virtual machine (VM) with PCI-Passthrough interfaces was recreated, a race condition between the eventfd daemon and the virqfd daemon occurred. Consequently, the operating system rebooted. This update fixes the race condition. As a result, the operating system no longer reboots in the described situation. (BZ#1391611)\n\n* Previously, a packet loss occurred when the team driver in round-robin mode was sending a large number of packets. This update fixes counting of the packets in the round-robin runner of the team driver, and the packet loss no longer occurs in the described situation. (BZ#1392023)\n\n* Previously, the virtual network devices contained in the deleted namespace could be deleted in any order. If the loopback device was not deleted as the last item, other netns devices, such as vxlan devices, could end up with dangling references to the loopback device. Consequently, deleting a network namespace (netns) occasionally ended by a kernel oops. With this update, the underlying source code has been fixed to ensure the correct order when deleting the virtual network devices on netns deletion. As a result, the kernel oops no longer occurs under the described circumstances. (BZ#1392024)\n\n* Previously, a Kabylake system with a Sunrise Point Platform Controller Hub (PCH) with a PCI device ID of 0xA149 showed the following warning messages during the boot:\n\n \"Unknown Intel PCH (0xa149) detected.\"\n \"Warning: Intel Kabylake processor with unknown PCH - this hardware has not undergone testing by Red Hat and might not be certified. Please consult https://hardware.redhat.com for certified hardware.\"\n\nThe messages were shown because this PCH was not properly recognized. With this update, the problem has been fixed, and the operating system now boots without displaying the warning messages. (BZ#1392033)\n\n* Previously, the operating system occasionally became unresponsive after a long run. This was caused by a race condition between the try_to_wake_up() function and a woken up task in the core scheduler. With this update, the race condition has been fixed, and the operating system no longer locks up in the described scenario. (BZ#1393719)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-17T20:24:29", "type": "redhat", "title": "(RHSA-2017:0086) Important: kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6828", "CVE-2016-7117", "CVE-2016-9555"], "modified": "2018-04-12T03:33:13", "id": "RHSA-2017:0086", "href": "https://access.redhat.com/errata/RHSA-2017:0086", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:29:21", "description": "**CentOS Errata and Security Advisory** CESA-2017:0817\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* It was discovered that a remote attacker could leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in scenarios in which actual fragmentation of packets is not needed) and could subsequently perform any type of a fragmentation-based attack against legacy IPv6 nodes that do not implement RFC6946. (CVE-2016-10142, Moderate)\n\n* A flaw was discovered in the way the Linux kernel dealt with paging structures. When the kernel invalidated a paging structure that was not in use locally, it could, in principle, race against another CPU that is switching to a process that uses the paging structure in question. A local user could use a thread running with a stale cached virtual->physical translation to potentially escalate their privileges if the translation in question were writable and the physical page got reused for something critical (for example, a page table). (CVE-2016-2069, Moderate)\n\n* A race condition flaw was found in the ioctl_send_fib() function in the Linux kernel's aacraid implementation. A local attacker could use this flaw to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value. (CVE-2016-6480, Moderate)\n\n* It was found that when the gcc stack protector was enabled, reading the /proc/keys file could cause a panic in the Linux kernel due to stack corruption. This happened because an incorrect buffer size was used to hold a 64-bit timeout value rendered as weeks. (CVE-2016-7042, Moderate)\n\n* It was found that when file permissions were modified via chmod and the user modifying them was not in the owning group or capable of CAP_FSETID, the setgid bit would be cleared. Setting a POSIX ACL via setxattr sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way. This could allow a local user to gain group privileges via certain setgid applications. (CVE-2016-7097, Moderate)\n\n* A flaw was found in the Linux networking subsystem where a local attacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds memory access by creating a smaller-than-expected ICMP header and sending to its destination via sendto(). (CVE-2016-8399, Moderate)\n\n* It was found that the blk_rq_map_user_iov() function in the Linux kernel's block device implementation did not properly restrict the type of iterator, which could allow a local attacker to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging write access to a /dev/sg device. (CVE-2016-9576, CVE-2016-10088, Moderate)\n\n* A flaw was found in the USB-MIDI Linux kernel driver: a double-free error could be triggered for the 'umidi' object. An attacker with physical access to the system could use this flaw to escalate their privileges. (CVE-2016-2384, Low)\n\nThe CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat) and the CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red Hat) and Jan Kara (SUSE).\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2017-March/003811.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-firmware\nkernel-headers\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2017-0817.html", "edition": 5, "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-24T15:34:16", "title": "kernel, perf, python security update", "type": "centos", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2384", "CVE-2016-7097", "CVE-2016-8399", "CVE-2016-6480", "CVE-2016-2069", "CVE-2016-10088", "CVE-2017-5551", "CVE-2016-9576", "CVE-2016-10142", "CVE-2016-7042"], "modified": "2017-03-24T15:34:16", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2017-March/003811.html", "id": "CESA-2017:0817", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-08T03:40:21", "description": "**CentOS Errata and Security Advisory** CESA-2017:0036\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A use-after-free vulnerability was found in the kernels socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function. (CVE-2016-7117, Important)\n\n* An out-of-bounds heap memory access leading to a Denial of Service, heap disclosure, or further impact was found in setsockopt(). The function call is normally restricted to root, however some processes with cap_sys_admin may also be able to trigger this flaw in privileged container environments. (CVE-2016-4998, Moderate)\n\n* A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions. This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection. (CVE-2016-6828, Moderate)\n\nBug Fix(es):\n\n* When parallel NFS returned a file layout, a kernel crash sometimes occurred. This update removes the call to the BUG_ON() function from a code path of a client that returns the file layout. As a result, the kernel no longer crashes in the described situation. (BZ#1385480)\n\n* When a guest virtual machine (VM) on Microsoft Hyper-V was set to crash on a Nonmaskable Interrupt (NMI) that was injected from the host, this VM became unresponsive and did not create the vmcore dump file. This update applies a set of patches to the Virtual Machine Bus kernel driver (hv_vmbus) that fix this bug. As a result, the VM now first creates and saves the vmcore dump file and then reboots. (BZ#1385482)\n\n* From Red Hat Enterprise Linux 6.6 to 6.8, the IPv6 routing cache occasionally showed incorrect values. This update fixes the DST_NOCOUNT mechanism, and the IPv6 routing cache now shows correct values. (BZ#1391974)\n\n* When using the ixgbe driver and the software Fibre Channel over Ethernet (FCoE) stack, suboptimal performance in some cases occurred on systems with a large number of CPUs. This update fixes the fc_exch_alloc() function to try all the available exchange managers in the list for an available exchange ID. This change avoids failing allocations, which previously led to the host busy status. (BZ#1392818)\n\n* When the vmwgfx kernel module loads, it overrides the boot resolution automatically. Consequently, users were not able to change the resolution by manual setting of the kernel's 'vga=' parameter in the /boot/grub/grub.conf file. This update adds the 'nomodeset' parameter, which can be set in the /boot/grub/grub.conf file. The 'nomodeset' parameter allows the users to prevent the vmwgfx driver from loading. As a result, the setting of the 'vga=' parameter works as expected, in case that vmwgfx does not load. (BZ#1392875)\n\n* When Red Hat Enterprise Linux 6.8 was booted on SMBIOS 3.0 based systems, Desktop Management Interface (DMI) information, which is referenced by several applications, such as NEC server's memory RAS utility, was missing entries in the sysfs virtual file system. This update fixes the underlying source code, and sysfs now shows the DMI information as expected. (BZ#1393464)\n\n* Previously, bonding mode active backup and the propagation of the media access control (MAC) address to a VLAN interface did not work in Red Hat Enterprise Linux 6.8, when the fail_over_mac bonding parameter was set to fail_over_mac=active. With this update, the underlying source code has been fixed so that the VLANs continue inheriting the MAC address of the active physical interface until the VLAN MAC address is explicitly set to any value. As a result, IPv6 EUI64 addresses for the VLAN can reflect any changes to the MAC address of the physical interface, and Duplicate Address Detection (DAD) behaves as expected. (BZ#1396479)\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2017-January/034244.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-firmware\nkernel-headers\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2017-0036.html", "edition": 5, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-12T15:47:38", "title": "kernel, perf, python security update", "type": "centos", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7117", "CVE-2016-6828", "CVE-2016-4998"], "modified": "2017-01-12T15:47:38", "href": "http://lists.centos.org/pipermail/centos-announce/2017-January/034244.html", "id": "CESA-2017:0036", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-08T03:33:11", "description": "**CentOS Errata and Security Advisory** CESA-2017:0086\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThese updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory. To see the complete list of bug fixes, users are directed to the related Knowledge Article: https://access.redhat.com/articles/2857831.\n\nSecurity Fix(es):\n\n* A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function. (CVE-2016-7117, Important)\n\n* A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions. This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection. (CVE-2016-6828, Moderate)\n\n* A flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash. (CVE-2016-9555, Moderate)\n\nBug Fix(es):\n\n* Previously, the performance of Internet Protocol over InfiniBand (IPoIB) was suboptimal due to a conflict of IPoIB with the Generic Receive Offload (GRO) infrastructure. With this update, the data cached by the IPoIB driver has been moved from a control block into the IPoIB hard header, thus avoiding the GRO problem and the corruption of IPoIB address information. As a result, the performance of IPoIB has been improved. (BZ#1390668)\n\n* Previously, when a virtual machine (VM) with PCI-Passthrough interfaces was recreated, a race condition between the eventfd daemon and the virqfd daemon occurred. Consequently, the operating system rebooted. This update fixes the race condition. As a result, the operating system no longer reboots in the described situation. (BZ#1391611)\n\n* Previously, a packet loss occurred when the team driver in round-robin mode was sending a large number of packets. This update fixes counting of the packets in the round-robin runner of the team driver, and the packet loss no longer occurs in the described situation. (BZ#1392023)\n\n* Previously, the virtual network devices contained in the deleted namespace could be deleted in any order. If the loopback device was not deleted as the last item, other netns devices, such as vxlan devices, could end up with dangling references to the loopback device. Consequently, deleting a network namespace (netns) occasionally ended by a kernel oops. With this update, the underlying source code has been fixed to ensure the correct order when deleting the virtual network devices on netns deletion. As a result, the kernel oops no longer occurs under the described circumstances. (BZ#1392024)\n\n* Previously, a Kabylake system with a Sunrise Point Platform Controller Hub (PCH) with a PCI device ID of 0xA149 showed the following warning messages during the boot:\n\n \"Unknown Intel PCH (0xa149) detected.\"\n \"Warning: Intel Kabylake processor with unknown PCH - this hardware has not undergone testing by Red Hat and might not be certified. Please consult https://hardware.redhat.com for certified hardware.\"\n\nThe messages were shown because this PCH was not properly recognized. With this update, the problem has been fixed, and the operating system now boots without displaying the warning messages. (BZ#1392033)\n\n* Previously, the operating system occasionally became unresponsive after a long run. This was caused by a race condition between the try_to_wake_up() function and a woken up task in the core scheduler. With this update, the race condition has been fixed, and the operating system no longer locks up in the described scenario. (BZ#1393719)\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2017-January/034284.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-tools\nkernel-tools-libs\nkernel-tools-libs-devel\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2017-0086.html", "edition": 5, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-19T13:30:14", "title": "kernel, perf, python security update", "type": "centos", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7117", "CVE-2016-9555", "CVE-2016-6828"], "modified": "2017-01-19T13:30:14", "href": "http://lists.centos.org/pipermail/centos-announce/2017-January/034284.html", "id": "CESA-2017:0086", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhatcve": [{"lastseen": "2021-07-29T04:46:25", "description": "It was found that the fix for CVE-2016-9576 was incomplete: the Linux kernel's sg implementation did not properly restrict write operations in situations where the KERNEL_DS option is set. A local attacker to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging write access to a /dev/sg device.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-11T14:47:35", "type": "redhatcve", "title": "CVE-2016-10088", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10088", "CVE-2016-9576"], "modified": "2020-08-21T18:58:18", "id": "RH:CVE-2016-10088", "href": "https://access.redhat.com/security/cve/cve-2016-10088", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-29T10:38:37", "description": "It was discovered that a remote attacker could leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in scenarios in which actual fragmentation of packets is not needed) and could subsequently perform any type of a fragmentation-based attack against legacy IPv6 nodes that do not implement RFC6946.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 8.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2017-01-24T04:47:24", "type": "redhatcve", "title": "CVE-2016-10142", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10142"], "modified": "2021-05-28T01:14:10", "id": "RH:CVE-2016-10142", "href": "https://access.redhat.com/security/cve/cve-2016-10142", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-29T04:46:52", "description": "A flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-11-23T17:19:15", "type": "redhatcve", "title": "CVE-2016-9555", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9555"], "modified": "2021-01-24T22:05:34", "id": "RH:CVE-2016-9555", "href": "https://access.redhat.com/security/cve/cve-2016-9555", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-29T04:46:39", "description": "It was found that the blk_rq_map_user_iov() function in the Linux kernel's block device implementation did not properly restrict the type of iterator, which could allow a local attacker to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging write access to a /dev/sg device.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-09T08:47:27", "type": "redhatcve", "title": "CVE-2016-9576", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9576"], "modified": "2020-08-18T19:32:03", "id": "RH:CVE-2016-9576", "href": "https://access.redhat.com/security/cve/cve-2016-9576", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-29T04:47:18", "description": "A race condition flaw was found in the ioctl_send_fib() function in the Linux kernel's aacraid implementation. A local attacker could use this flaw to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value.\n", "cvss3": {"exploitabilityScore": 1.4, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-12-15T20:20:54", "type": "redhatcve", "title": "CVE-2016-6480", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6480"], "modified": "2020-08-18T18:59:33", "id": "RH:CVE-2016-6480", "href": "https://access.redhat.com/security/cve/cve-2016-6480", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-29T04:47:30", "description": "An out-of-bounds heap memory access leading to a Denial of Service, heap disclosure, or further impact was found in setsockopt(). The function call is normally restricted to root, however some processes with cap_sys_admin may also be able to trigger this flaw in privileged container environments.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.1, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2016-06-27T06:49:23", "type": "redhatcve", "title": "CVE-2016-4998", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 5.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4998"], "modified": "2021-07-02T07:44:55", "id": "RH:CVE-2016-4998", "href": "https://access.redhat.com/security/cve/cve-2016-4998", "cvss": {"score": 5.6, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2021-07-29T04:47:28", "description": "When creating audit records for parameters to executed children processes, an attacker can convince the Linux kernel audit subsystem can create corrupt records which may allow an attacker to misrepresent or evade logging of executing commands.\n", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 4.7, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-12-15T20:23:25", "type": "redhatcve", "title": "CVE-2016-6136", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6136"], "modified": "2020-08-18T18:58:47", "id": "RH:CVE-2016-6136", "href": "https://access.redhat.com/security/cve/cve-2016-6136", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-07-29T10:40:38", "description": "It was found that when file permissions were modified via chmod and the user modifying them was not in the owning group or capable of CAP_FSETID, the setgid bit would be cleared. Setting a POSIX ACL via setxattr sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way. This could allow a local user to gain group privileges via certain setgid applications.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 4.4, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 2.5}, "published": "2020-04-08T17:15:12", "type": "redhatcve", "title": "CVE-2016-7097", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7097"], "modified": "2020-08-20T19:59:36", "id": "RH:CVE-2016-7097", "href": "https://access.redhat.com/security/cve/CVE-2016-7097", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-07-29T13:47:38", "description": "It was found that when the gcc stack protector was enabled, reading the /proc/keys file could cause a panic in the Linux kernel due to stack corruption. This happened because an incorrect buffer size was used to hold a 64-bit timeout value rendered as weeks.\n", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.2, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-10-13T13:17:40", "type": "redhatcve", "title": "CVE-2016-7042", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7042"], "modified": "2020-08-18T19:31:59", "id": "RH:CVE-2016-7042", "href": "https://access.redhat.com/security/cve/cve-2016-7042", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-29T04:47:15", "description": "A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions. This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-08-18T21:03:31", "type": "redhatcve", "title": "CVE-2016-6828", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6828"], "modified": "2020-08-20T19:59:36", "id": "RH:CVE-2016-6828", "href": "https://access.redhat.com/security/cve/CVE-2016-6828", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "f5": [{"lastseen": "2019-10-03T02:28:22", "description": "\nF5 Product Development has assigned IDs 640766 and 640768 (BIG-IP) and IDs 640766 and 640768 (BIG-IQ, Enterprise Manager, and iWorkflow) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H54610514 on the **Diagnostics** &gt; **Identified** &gt; **Low** page.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 | 13.1.0.4 \n13.0.1 \n12.1.3 \n11.6.2 - 11.6.3 \n11.5.5 | Low | Linux kernel \nBIG-IP AAM | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.1.0.4 \n13.0.1 \n12.1.3 \n11.6.2 - 11.6.3 \n11.5.5 | Low | Linux kernel \nBIG-IP AFM | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.1.0.4 \n13.0.1 \n12.1.3 \n11.6.2 - 11.6.3 \n11.5.5 | Low | Linux kernel \nBIG-IP Analytics | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 | 13.1.0.4 \n13.0.1 \n12.1.3 \n11.6.2 - 11.6.3 \n11.5.5 | Low | Linux kernel \nBIG-IP APM | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 | 13.1.0.4 \n13.0.1 \n12.1.3 \n11.6.2 - 11.6.3 \n11.5.5 | Low | Linux kernel \nBIG-IP ASM | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 | 13.1.0.4 \n13.0.1 \n12.1.3 \n11.6.2 - 11.6.3 \n11.5.5 | Low | Linux kernel \nBIG-IP DNS | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.2 | 13.1.0.4 \n13.0.1 \n12.1.3 | Low | Linux kernel \nBIG-IP Edge Gateway | 11.2.1 | None | Low | Linux kernel \nBIG-IP GTM | 11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 | 11.6.2 - 11.6.3 \n11.5.5 | Low | Linux kernel \nBIG-IP Link Controller | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 | 13.1.0.4 \n13.0.1 \n12.1.3 \n11.6.2 - 11.6.3 \n11.5.5 | Low | Linux kernel \nBIG-IP PEM | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.1.0.4 \n13.0.1 \n12.1.3 \n11.6.2 - 11.6.3 \n11.5.5 | Low | Linux kernel \nBIG-IP PSM | 11.4.0 - 11.4.1 | None | Low | Linux kernel \nBIG-IP WebAccelerator | 11.2.1 | None | Low | Linux kernel \nBIG-IP WebSafe | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 | 13.1.0.4 \n13.0.1 \n12.1.3 \n11.6.2 - 11.6.3 | Low \n\n \n\n| Linux kernel \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | 3.1.1 | None | Low | Linux kernel \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Low | Linux kernel \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | Low | Linux kernel \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | Low | Linux kernel \nBIG-IQ ADC | 4.5.0 | None | Low | Linux kernel \nBIG-IQ Centralized Management | 5.0.0 - 5.3.0 \n4.6.0 | 5.4.0 | Low | Linux kernel \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | Low | Linux kernel \nF5 iWorkflow | 2.0.0 - 2.3.0 | None | Low | Linux kernel \nLineRate | None | 3.0.0 - 3.1.1 | Not vulnerable | None \nTraffix SDC | None | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | Not vulnerable | None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>).\n\nMitigation\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K9502: BIG-IP hotfix and point release matrix](<https://support.f5.com/csp/article/K9502>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K15113: BIG-IQ hotfix matrix](<https://support.f5.com/csp/article/K15113>)\n", "edition": 2, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-28T02:39:00", "title": "Linux kernel vulnerability CVE-2016-10088", "type": "f5", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10088", "CVE-2016-9576"], "modified": "2018-03-29T17:44:00", "id": "F5:K54610514", "href": "https://support.f5.com/csp/article/K54610514", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-06T22:40:07", "description": "\nF5 Product Development has assigned IDs 652516 (BIG-IP - control plane) and 671813 (BIG-IP - data plane), ID 669855 (BIG-IQ), ID 673039 (F5 iWorkflow), and ID 669854 (Enterprise Manager) to this vulnerability. Additionally, [F5 iHealth](<https://www.f5.com/services/support/support-offerings/big-ip-ihealth-diagnostic-tool>) may list Heuristic H57211290-1 and H57211290-2 on the **Diagnostics** &gt; **Identified** &gt; **High** page.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases, point releases, or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.1 - 11.5.4 \n11.2.1 | 13.0.0 - 13.1.1 \n12.1.3 - 12.1.4 \n11.6.2 - 11.6.3 \n11.5.5 - 11.5.8 | High | Linux kernel - **Control Plane** (Management IPv6 addresses) \n11.4.1 - 11.5.8 \n11.2.1 | 13.0.0 - 13.1.1 \n12.0.0 - 12.1.4 \n11.6.0 - 11.6.3 \n11.5.9 | High | Linux kernel - **Data Plane** (TMM IPv6 addresses) \nBIG-IP AAM | 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.1 - 11.5.4 | 13.0.0 - 13.1.1 \n12.1.3 - 12.1.4 \n11.6.2 - 11.6.3 \n11.5.5 - 11.5.8 | High | Linux kernel - **Control Plane** (Management IPv6 addresses) \n11.4.1 - 11.5.8 | 13.0.0 - 13.1.1 \n12.0.0 - 12.1.4 \n11.6.0 - 11.6.3 \n11.5.9 | High | Linux kernel - **Data Plane** (TMM IPv6 addresses) \nBIG-IP AFM | 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.1 - 11.5.4 | 13.0.0 - 13.1.1 \n12.1.3 - 12.1.4 \n11.6.2 - 11.6.3 \n11.5.5 - 11.5.8 | High | Linux kernel - **Control Plane** (Management IPv6 addresses) \n11.4.1 - 11.5.8 | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.3 \n11.6.0 - 11.6.3 \n11.5.9 | High | Linux kernel - **Data Plane** (TMM IPv6 addresses) \nBIG-IP Analytics | 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.1 - 11.5.4 \n11.2.1 | 13.0.0 - 13.1.1 \n12.1.3 - 12.1.4 \n11.6.2 - 11.6.3 \n11.5.5 - 11.5.8 | High | Linux kernel - **Control Plane** (Management IPv6 addresses) \n11.4.1 - 11.5.8 \n11.2.1 | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.3 \n11.6.0 - 11.6.3 \n11.5.9 | High | Linux kernel - **Data Plane** (TMM IPv6 addresses) \nBIG-IP APM | 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.1 - 11.5.4 \n11.2.1 | 13.0.0 - 13.1.1 \n12.1.3 - 12.1.4 \n11.6.2 - 11.6.3 \n11.5.5 - 11.5.8 | High | Linux kernel - **Control Plane** (Management IPv6 addresses) \n11.4.1 - 11.5.8 \n11.2.1 | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.3 \n11.6.0 - 11.6.3 \n11.5.9 | High | Linux kernel - **Data Plane** (TMM IPv6 addresses) \nBIG-IP ASM | 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.1 - 11.5.4 \n11.2.1 | 13.0.0 - 13.1.1 \n12.1.3 - 12.1.4 \n11.6.2 - 11.6.3 \n11.5.5 - 11.5.8 | High | Linux kernel - **Control Plane** (Management IPv6 addresses) \n11.4.1 - 11.5.8 \n11.2.1 | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.3 \n11.6.0 - 11.6.3 \n11.5.9 | High | Linux kernel - **Data Plane** (TMM IPv6 addresses) \nBIG-IP DNS | 12.0.0 - 12.1.2 | 13.0.0 - 13.1.1 \n12.1.3 - 12.1.4 | High | Linux kernel - **Control Plane** (Management IPv6 addresses) \nNone | 13.0.0 - 13.1.1 \n12.0.0 - 12.1.4 | Not vulnerable | None \nBIG-IP Edge Gateway | 11.2.1 | None | High | Linux kernel - **Control Plane** (Management IPv6 addresses) \n11.2.1 | None | High | Linux kernel - **Data Plane** (TMM IPv6 addresses) \nBIG-IP GTM | 11.6.0 - 11.6.1 \n11.4.1 - 11.5.4 \n11.2.1 | 11.6.2 - 11.6.3 \n11.5.5 - 11.5.8 \n | High | Linux kernel - **Control Plane** (Management IPv6 addresses) \n11.4.1 - 11.5.8 \n11.2.1 | 11.6.0 - 11.6.3 \n11.5.9 | High | Linux kernel - **Data Plane** (TMM IPv6 addresses) \nBIG-IP Link Controller | 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.1 - 11.5.4 \n11.2.1 | 13.0.0 - 13.1.1 \n12.1.3 - 12.1.4 \n11.6.2 - 11.6.3 \n11.5.5 - 11.5.8 | High | Linux kernel - **Control Plane** (Management IPv6 addresses) \n11.4.1 - 11.5.8 \n11.2.1 | 13.0.0 - 13.1.1 \n12.0.0 - 12.1.4 \n11.6.0 - 11.6.3 \n11.5.9 | High | Linux kernel - **Data Plane** (TMM IPv6 addresses) \nBIG-IP PEM | 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.0.0 - 13.1.1 \n12.1.3 - 12.1.4 \n11.6.2 - 11.6.3 \n11.5.5 - 11.5.8 | High | Linux kernel - **Control Plane** (Management IPv6 addresses) \n11.4.1 - 11.5.8 | 13.0.0 - 13.1.1 \n12.0.0 - 12.1.4 \n11.6.0 - 11.6.3 \n11.5.9 | High | Linux kernel - **Data Plane** (TMM IPv6 addresses) \nBIG-IP PSM | 11.4.1 | None | High | Linux kernel - **Control Plane** (Management IPv6 addresses) \n11.4.1 | None | High | Linux kernel - **Data Plane** (TMM IPv6 addresses) \nBIG-IP WebAccelerator | 11.2.1 | None | High | Linux kernel - **Control Plane** (Management IPv6 addresses) \n11.2.1 | None | High | Linux kernel - **Data Plane** (TMM IPv6 addresses) \nBIG-IP WebSafe | 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 | 13.0.0 - 13.1.1 \n12.1.3 - 12.1.4 \n11.6.2 - 11.6.3 | High | Linux kernel - **Control Plane** (Management IPv6 addresses) \nNone \n | 13.0.0 - 13.1.1 \n12.0.0 - 12.1.4 \n11.6.0 - 11.6.3 | Not vulnerable | None \nARX | None | 6.4.0 | Not vulnerable | None \nEnterprise Manager | 3.1.1 | None | High | Linux kernel - Management IPv6 addresses \nBIG-IQ Cloud | 4.4.0 - 4.5.0 | None | High | Linux kernel - Management IPv6 addresses \nBIG-IQ Device | 4.4.0 - 4.5.0 | None | High | Linux kernel - Management IPv6 addresses \nBIG-IQ Security | 4.4.0 - 4.5.0 | None | High | Linux kernel - Management IPv6 addresses \nBIG-IQ ADC | 4.5.0 | None | High | Linux kernel - Management IPv6 addresses \nBIG-IQ Centralized Management | 6.0.0 - 6.1.0 \n5.0.0 - 5.4.0 \n4.6.0 | 7.0.0 | High | Linux kernel - Management IPv6 addresses \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | High | Linux kernel - Management IPv6 addresses \nF5 iWorkflow | 2.0.0 - 2.3.0 | None | High | Linux kernel - Management IPv6 addresses \nLineRate | None | 2.5.0 - 2.6.2 | Not vulnerable | None \nTraffix SDC | 5.0.0 \n4.4.0 | 5.1.0 | Medium | Linux kernel\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>).\n\nMitigation\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 8.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2017-07-12T18:35:00", "title": "IPv6 fragmentation vulnerability CVE-2016-10142", "type": "f5", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10142"], "modified": "2019-08-13T17:26:00", "id": "F5:K57211290", "href": "https://support.f5.com/csp/article/K57211290", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-06-08T00:16:03", "edition": 2, "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.2| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebSafe| None| 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.1.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.0.2| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "cvss3": {"exploitabilityScore": 1.4, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-12-20T20:32:00", "type": "f5", "title": "Kernel vulnerability CVE-2016-6480", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6480"], "modified": "2016-12-20T20:32:00", "href": "https://support.f5.com/csp/article/K37046163", "id": "F5:K37046163", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2020-04-06T22:40:31", "description": "\nF5 Product Development has assigned IDs 633655, 633656, and 624722 (BIG-IP), ID 633602 (BIG-IQ), ID 634365 (Enterprise Manager), and ID 634431 (F5 iWorkflow) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H635143 on the **Diagnostics** &gt; **Identified** &gt; **Medium** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases, point releases, or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.1 \n13.0.0 HF2 \n12.1.2 HF1 \n11.6.2 \n11.5.5 | Medium | Linux kernel \nBIG-IP AAM | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.0.1 \n13.0.0 HF2 \n12.1.2 HF1 \n11.6.2 \n11.5.5 | Medium | Linux kernel \nBIG-IP AFM | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.0.1 \n13.0.0 HF2 \n12.1.2 HF1 \n11.6.2 \n11.5.5 | Medium | Linux kernel \nBIG-IP Analytics | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 | 13.0.1 \n13.0.0 HF2 \n12.1.2 HF1 \n11.6.2 \n11.5.5 | Medium | Linux kernel \nBIG-IP APM | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.1 \n13.0.0 HF2 \n12.1.2 HF1 \n11.6.2 \n11.5.5 | Medium | Linux kernel \nBIG-IP ASM | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.1 \n13.0.0 HF2 \n12.1.2 HF1 \n11.6.2 \n11.5.5 | Medium | Linux kernel \nBIG-IP DNS | 13.0.0 \n12.0.0 - 12.1.2 | 13.0.1 \n13.0.0 HF2 \n12.1.2 HF1 | Medium | Linux kernel \nBIG-IP Edge Gateway | 11.2.1 \n10.2.1 - 10.2.4 | None | Medium | Linux kernel \nBIG-IP GTM | 11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 11.6.2 \n11.5.5 | Medium | Linux kernel \nBIG-IP Link Controller | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.1 \n13.0.0 HF2 \n12.1.2 HF1 \n11.6.2 \n11.5.5 | Medium | Linux kernel \nBIG-IP PEM | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.0.1 \n13.0.0 HF2 \n12.1.2 HF1 \n11.6.2 \n11.5.5 | Medium | Linux kernel \nBIG-IP PSM | 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4 | None | Medium | Linux kernel \nBIG-IP WebAccelerator | 11.2.1 \n10.2.1 - 10.2.4 | None | Medium | Linux kernel \nBIG-IP WebSafe | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.0.1 \n13.0.0 HF2 \n12.1.2 HF1 \n11.6.2 \n11.5.5 | Medium \n\n \n\n| Linux kernel \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | 3.1.1 | None | Medium | Linux kernel \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Medium | Linux kernel \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | Medium | Linux kernel \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | Medium | Linux kernel \nBIG-IQ ADC | 4.5.0 | None | Medium | Linux kernel \nBIG-IQ Centralized Management | 6.0.0 - 6.1.0 \n5.0.0 - 5.4.0 \n4.6.0 | None | Medium | Linux kernel \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | Medium | Linux kernel \nF5 iWorkflow | 2.0.0 - 2.3.0 | None | Medium | Linux kernel \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nTraffix SDC | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | None | Low | Linux kernel\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nTo mitigate this vulnerability, you should permit management access to F5 products only over a secure network and restrict command line access for affected systems to only trusted users. For more information, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x - 15.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\n * [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "edition": 2, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-12-21T03:38:00", "title": "Kernel vulnerability CVE-2016-6828", "type": "f5", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6828"], "modified": "2020-03-24T09:43:00", "id": "F5:K62442245", "href": "https://support.f5.com/csp/article/K62442245", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-06-03T22:46:54", "description": "\nF5 Product Development has assigned IDs 641319 and 648879 (BIG-IP), ID 641319-1 (BIG-IQ), ID 643805 (Enterprise Manager), and ID 646642 (F5 iWorkflow) to this vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | None | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.3 \n11.4.0 - 11.6.2 \n11.2.1 | Not vulnerable1 | None \nBIG-IP AAM | None | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.3 \n11.4.0 - 11.6.2 | Not vulnerable1 | None \nBIG-IP AFM | None | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.3 \n11.4.0 - 11.6.2 | Not vulnerable1 | None \nBIG-IP Analytics | None | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.3 \n11.4.0 - 11.6.2 \n11.2.1 | Not vulnerable1 | None \nBIG-IP APM | None | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.3 \n11.4.0 - 11.6.2 \n11.2.1 | Not vulnerable1 | None \nBIG-IP ASM | None | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.3 \n11.4.0 - 11.6.2 \n11.2.1 | Not vulnerable1 | None \nBIG-IP DNS | None | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.3 | Not vulnerable1 | None \nBIG-IP Edge Gateway | None | 11.2.1 | Not vulnerable1 | None \nBIG-IP GTM | None | 11.4.0 - 11.6.2 \n11.2.1 | Not vulnerable1 | None \nBIG-IP Link Controller | None | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.3 \n11.4.0 - 11.6.2 \n11.2.1 | Not vulnerable1 | None \nBIG-IP PEM | None | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.3 \n11.4.0 - 11.6.2 | Not vulnerable1 | None \nBIG-IP PSM | None | 11.4.0 - 11.4.1 | Not vulnerable1 | None \nBIG-IP WebAccelerator | None | 11.2.1 | Not vulnerable1 | None \nBIG-IP WebSafe | None | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.3 \n11.4.0 - 11.6.2 | Not vulnerable1 | None \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable1 | None \nEnterprise Manager | None | 3.1.1 | Not vulnerable1 | None \nBIG-IQ Cloud | None | 4.0.0 - 4.5.0 | Not vulnerable1 | None \nBIG-IQ Device | None | 4.2.0 - 4.5.0 | Not vulnerable1 | None \nBIG-IQ Security | None | 4.0.0 - 4.5.0 | Not vulnerable1 | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable1 | None \nBIG-IQ Centralized Management | None | 5.0.0 - 5.1.0 \n4.6.0 | Not vulnerable1 | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable1 | None \nF5 iWorkflow | None | 2.0.0 - 2.0.2 | Not vulnerable1 | None \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable1 | None \nTraffix SDC | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | None | Low | Linux kernel \n \n1 The specified products may contain the affected code. However, F5 identifies the vulnerability status as Not vulnerable because the attacker cannot exploit the code in default, standard, or recommended configurations.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-02-23T01:21:00", "title": "Linux kernel vulnerability CVE-2016-9555", "type": "f5", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9555"], "modified": "2017-12-21T19:45:00", "id": "F5:K54095660", "href": "https://support.f5.com/csp/article/K54095660", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-06T22:39:44", "description": "\nF5 Product Development has assigned IDs 640766 and 640768 (BIG-IP), and IDs 640766 and 640768 (BIG-IQ, Enterprise Manager, iWorkflow) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H05513373 on the **Diagnostics** &gt; **Identified** &gt; **Low** page.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 | 14.0.0 \n13.1.0.4 \n13.0.1 \n12.1.3 \n11.6.2 \n11.5.5 | Low | Linux kernel \nBIG-IP AAM | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 | 14.0.0 \n13.1.0.4 \n13.0.1 \n12.1.3 \n11.6.2 \n11.5.5 | Low | Linux kernel \nBIG-IP AFM | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 | 14.0.0 \n13.1.0.4 \n13.0.1 \n12.1.3 \n11.6.2 \n11.5.5 | Low | Linux kernel \nBIG-IP Analytics | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 | 14.0.0 \n13.1.0.4 \n13.0.1 \n12.1.3 \n11.6.2 \n11.5.5 | Low | Linux kernel \nBIG-IP APM | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 | 14.0.0 \n13.1.0.4 \n13.0.1 \n12.1.3 \n11.6.2 \n11.5.5 | Low | Linux kernel \nBIG-IP ASM | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 | 14.0.0 \n13.1.0.4 \n13.0.1 \n12.1.3 \n11.6.2 \n11.5.5 | Low | Linux kernel \nBIG-IP DNS | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.2 | 14.0.0 \n13.1.0.4 \n13.0.1 \n12.1.3 | Low | Linux kernel \nBIG-IP Edge Gateway | 11.2.1 | None | Low | Linux kernel \nBIG-IP GTM | 11.4.0 - 11.6.1 \n11.2.1 | 11.6.2 \n11.5.5 | Low | Linux kernel \nBIG-IP Link Controller | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 | 14.0.0 \n13.1.0.4 \n13.0.1 \n12.1.3 \n11.6.2 \n11.5.5 | Low | Linux kernel \nBIG-IP PEM | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 | 14.0.0 \n13.1.0.4 \n13.0.1 \n12.1.3 \n11.6.2 \n11.5.5 | Low | Linux kernel \nBIG-IP PSM | 11.4.0 - 11.4.1 | None | Low | Linux kernel \nBIG-IP WebAccelerator | 11.2.1 | None | Low | Linux kernel \nBIG-IP WebSafe | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 | 14.0.0 \n13.1.0.4 \n13.0.1 \n12.1.3 \n11.6.2 \n11.5.5 | Low \n\n \n\n| Linux kernel \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | 3.1.1 | None | Low | Linux kernel \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Low | Linux kernel \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | Low | Linux kernel \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | Low | Linux kernel \nBIG-IQ ADC | 4.5.0 | None | Low | Linux kernel \nBIG-IQ Centralized Management | 5.0.0 - 5.4.0 \n4.6.0 | None | Low | Linux kernel \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | Low | Linux kernel \nF5 iWorkflow | 2.0.0 - 2.3.0 | None | Low | Linux kernel \nLineRate | None | 3.0.0 - 3.1.1 | Not vulnerable | None \nTraffix SDC | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | None | Low | Linux kernel\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>).\n\nMitigation \n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K9502: BIG-IP hotfix and point release matrix](<https://support.f5.com/csp/article/K9502>)\n", "edition": 2, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-28T02:28:00", "title": "Linux kernel vulnerability CVE-2016-9576", "type": "f5", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9576"], "modified": "2018-08-13T21:57:00", "id": "F5:K05513373", "href": "https://support.f5.com/csp/article/K05513373", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T22:23:11", "description": "\nF5 Product Development has assigned IDs 648879 and 653065 (BIG-IP), ID 652525 (BIG-IQ), ID 652524 (Enterprise Manager), and ID 456789 (ARX) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H90803619 on the **Diagnostics** &gt; **Identified** &gt; **Medium** page.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 | 13.0.1 - 13.1.0 \n12.1.3 \n12.1.2 HF1 \n11.6.2 - 11.6.3 \n11.5.5 | Medium | Linux kernel \nBIG-IP AAM | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.0.1 - 13.1.0 \n12.1.3 \n12.1.2 HF1 \n11.6.2 - 11.6.3 \n11.5.5 | Medium | Linux kernel \nBIG-IP AFM | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.0.1 - 13.1.0 \n12.1.3 \n12.1.2 HF1 \n11.6.2 - 11.6.3 \n11.5.5 | Medium | Linux kernel \nBIG-IP Analytics | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 | 13.0.1 - 13.1.0 \n12.1.3 \n12.1.2 HF1 \n11.6.2 - 11.6.3 \n11.5.5 | Medium | Linux kernel \nBIG-IP APM | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 | 13.0.1 - 13.1.0 \n12.1.3 \n12.1.2 HF1 \n11.6.2 - 11.6.3 \n11.5.5 | Medium | Linux kernel \nBIG-IP ASM | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 | 13.0.1 - 13.1.0 \n12.1.3 \n12.1.2 HF1 \n11.6.2 - 11.6.3 \n11.5.5 | Medium | Linux kernel \nBIG-IP DNS | 13.0.0 \n12.0.0 - 12.1.2 | 13.0.1 - 13.1.0 \n12.1.3 \n12.1.2 HF1 | Medium | Linux kernel \nBIG-IP Edge Gateway | 11.2.1 | None | Medium | Linux kernel \nBIG-IP GTM | 11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 | 11.6.2 - 11.6.3 \n11.5.5 | Medium | Linux kernel \nBIG-IP Link Controller | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 | 13.0.1 - 13.1.0 \n12.1.3 \n12.1.2 HF1 \n11.6.2 - 11.6.3 \n11.5.5 | Medium | Linux kernel \nBIG-IP PEM | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.0.1 - 13.1.0 \n12.1.3 \n12.1.2 HF1 \n11.6.2 - 11.6.3 \n11.5.5 | Medium | Linux kernel \nBIG-IP PSM | 11.4.0 - 11.4.1 | None | Medium | Linux kernel \nBIG-IP WebAccelerator | 11.2.1 | None | Medium | Linux kernel \nBIG-IP WebSafe | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 | 13.0.1 - 13.1.0 \n12.1.3 \n12.1.2 HF1 \n11.6.2 - 11.6.3 | Medium | Linux kernel \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | 3.1.1 | None | Medium | Linux kernel \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Medium | Linux kernel \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | Medium | Linux kernel \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | Medium | Linux kernel \nBIG-IQ ADC | 4.5.0 | None | Medium | Linux kernel \nBIG-IQ Centralized Management | 5.0.0 - 5.3.0 \n4.6.0 | None | Medium | Linux kernel \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | Medium | Linux kernel \nF5 iWorkflow | 2.0.0 - 2.3.0 | None | Medium | Linux kernel \nLineRate | None | 2.5.0 - 2.6.2 | Not vulnerable | None \nTraffix SDC | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | None | Medium | Linux kernel\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>).\n\nMitigation\n\nTo mitigate this vulnerability, you should permit management access to F5 products only over a secure network and limit shell access to only trusted users. For more information, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x - 13.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K9502: BIG-IP hotfix and point release matrix](<https://support.f5.com/csp/article/K9502>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K15113: BIG-IQ hotfix matrix](<https://support.f5.com/csp/article/K15113>)\n", "edition": 2, "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 4.7, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-03-28T07:36:00", "title": "Linux kernel vulnerability CVE-2016-6136", "type": "f5", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6136"], "modified": "2018-06-06T21:22:00", "id": "F5:K90803619", "href": "https://support.f5.com/csp/article/K90803619", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-06-08T00:16:35", "edition": 2, "description": "\nF5 Product Development has assigned CPF-23377, CPF-23378, and CPF-23379 (Traffix SDC) to this vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable1| None \nBIG-IP AAM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| Not vulnerable1| None \nBIG-IP AFM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| Not vulnerable1| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable1| None \nBIG-IP APM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable1| None \nBIG-IP ASM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable1| None \nBIG-IP DNS| None| 12.0.0 - 12.1.2| Not vulnerable1| None \nBIG-IP Edge Gateway| None| 11.2.1| Not vulnerable1| None \nBIG-IP GTM| None| 11.4.0 - 11.6.1 \n11.2.1| Not vulnerable1| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable1| None \nBIG-IP PEM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| Not vulnerable1| None \nBIG-IP PSM| None| 11.4.0 - 11.4.1| Not vulnerable1| None \nBIG-IP WebAccelerator| None| 11.2.1| Not vulnerable1| None \nBIG-IP WebSafe| None| 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| Not vulnerable1| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable1| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable1| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable1| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable1| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable1| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.1.0 \n4.6.0| Not vulnerable1| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable1| None \nF5 iWorkflow| None| 2.0.0 - 2.0.2| Not vulnerable1| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable1| None \nTraffix SDC| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| None| Low| Linux kernel \n \n1 The specified products contain the affected code. However, F5 identifies the vulnerability status as Not vulnerable because the attacker cannot exploit the code in default, standard, or recommended configurations.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.1, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2017-02-22T20:06:00", "type": "f5", "title": "Linux kernel vulnerability CVE-2016-4998", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 5.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4998"], "modified": "2017-03-14T00:54:00", "href": "https://support.f5.com/csp/article/K74171196", "id": "F5:K74171196", "cvss": {"score": 5.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:COMPLETE/"}}, {"lastseen": "2020-04-06T22:39:33", "description": "\nF5 Product Development has assigned IDs 652516 and 748870 (BIG-IP), ID 669855 (BIG-IQ), ID 670353 (F5 iWorkflow), and ID 669854 (Enterprise Manager) to this vulnerability. Additionally, [F5 iHealth](<https://www.f5.com/services/support/support-offerings/big-ip-ihealth-diagnostic-tool>) may list Heuristic H31603170 on the **Diagnostics** &gt; **Identified** &gt; **Medium** page.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases, point releases, or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 14.0.0 \n13.0.0 - 13.1.1 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 | 12.1.3 \n11.6.2 \n11.5.5 | Medium | Linux kernel \nBIG-IP AAM | 14.0.0 \n13.0.0 - 13.1.1 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 12.1.3 \n11.6.2 \n11.5.5 | Medium | Linux kernel \nBIG-IP AFM | 14.0.0 \n13.0.0 - 13.1.1 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 12.1.3 \n11.6.2 \n11.5.5 | Medium | Linux kernel \nBIG-IP Analytics | 14.0.0 \n13.0.0 - 13.1.1 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 | 12.1.3 \n11.6.2 \n11.5.5 | Medium | Linux kernel \nBIG-IP APM | 14.0.0 \n13.0.0 - 13.1.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 | 13.1.0.8 \n12.1.3 \n11.6.2 \n11.5.5 | Medium | Linux kernel \nBIG-IP ASM | 14.0.0 \n13.0.0 - 13.1.1 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 | 12.1.3 \n11.6.2 \n11.5.5 | Medium | Linux kernel \nBIG-IP DNS | 14.0.0 \n13.0.0 - 13.1.1 \n12.0.0 - 12.1.2 | 12.1.3 | Medium | Linux kernel \nBIG-IP Edge Gateway | 11.2.1 | None | Medium | Linux kernel \nBIG-IP GTM | 11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 | 11.6.2 \n11.5.5 | Medium | Linux kernel \nBIG-IP Link Controller | 14.0.0 \n13.0.0 - 13.1.1 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 | 12.1.3 \n11.6.2 \n11.5.5 | Medium | Linux kernel \nBIG-IP PEM | 14.0.0 \n13.0.0 - 13.1.1 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 12.1.3 \n11.6.2 \n11.5.5 | Medium | Linux kernel \nBIG-IP PSM | 11.4.0 - 11.4.1 | None | Medium | Linux kernel \nBIG-IP WebAccelerator | 11.2.1 | None | Medium | Linux kernel \nBIG-IP WebSafe | 14.0.0 \n13.0.0 - 13.1.1 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 | 12.1.3 \n11.6.2 | Medium | Linux kernel \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | 3.1.1 | None | Medium | Linux kernel \nBIG-IQ Centralized Management | 6.0.0 - 6.1.0 \n5.0.0 - 5.4.0 \n4.6.0 | 7.0.0 | Medium | Linux kernel \nBIG-IQ Cloud | 4.4.0 - 4.5.0 | None | Medium | Linux kernel \nBIG-IQ Device | 4.4.0 - 4.5.0 | None | Medium | Linux kernel \nBIG-IQ Security | 4.4.0 - 4.5.0 | None | Medium | Linux kernel \nBIG-IQ ADC | 4.5.0 | None | Medium | Linux kernel \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | Medium | Linux kernel \nF5 iWorkflow | 2.0.0 - 2.3.0 | None | Medium | Linux kernel \nLineRate | None | 2.5.0 - 2.6.2 | Not vulnerable | None \nTraffix SDC | 5.0.0 - 5.0.0 \n4.4.0 | 5.1.0 | Medium | Linux kernel\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>).\n\nMitigation\n\nTo mitigate this vulnerability, you should permit management access to F5 products only over a secure network and restrict command line access for affected systems to only trusted users. For more information, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x - 15.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "edition": 2, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 4.4, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 2.5}, "published": "2017-06-23T02:13:00", "title": "Linux kernel vulnerability CVE-2016-7097", "type": "f5", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7097"], "modified": "2019-08-13T17:35:00", "id": "F5:K31603170", "href": "https://support.f5.com/csp/article/K31603170", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2017-06-08T00:16:23", "edition": 2, "description": "\nF5 Product Development has assigned IDs 624722 and 624723 (BIG-IP), ID 625297 (BIG-IQ), and ID 461496 (ARX) to this vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.1| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebSafe| None| 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1| Not vulnerable \n\n| None \nARX| 6.2.0 - 6.4.0| None| Medium| Linux kernel \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable | None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable | None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.1.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable | None \nF5 iWorkflow| None| 2.0.0 - 2.0.1| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K12766: ARX hotfix matrix](<https://support.f5.com/csp/article/K12766>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-11-08T19:37:00", "type": "f5", "title": "Linux kernel vulnerability CVE-2016-7117", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7117"], "modified": "2016-11-08T19:37:00", "href": "https://support.f5.com/csp/article/K51201255", "id": "F5:K51201255", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2021-04-22T23:58:39", "description": "An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages. (The scope of this CVE is all affected IPv6 implementations from all vendors.) The security implications of IP fragmentation have been discussed at length in [RFC6274] and [RFC7739]. An attacker can leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in scenarios in which actual fragmentation of packets is not needed) and can subsequently perform any type of fragmentation-based attack against legacy IPv6 nodes that do not implement [RFC6946]. That is, employing fragmentation where not actually needed allows for fragmentation-based attack vectors to be employed, unnecessarily. We note that, unfortunately, even nodes that already implement [RFC6946] can be subject to DoS attacks as a result of the generation of IPv6 atomic fragments. Let us assume that Host A is communicating with Host B and that, as a result of the widespread dropping of IPv6 packets that contain extension headers (including fragmentation) [RFC7872], some intermediate node filters fragments between Host B and Host A. If an attacker sends a forged ICMPv6 PTB error message to Host B, reporting an MTU smaller than 1280, this will trigger the generation of IPv6 atomic fragments from that moment on (as required by [RFC2460]). When Host B starts sending IPv6 atomic fragments (in response to the received ICMPv6 PTB error message), these packets will be dropped, since we previously noted that IPv6 packets with extension headers were being dropped between Host B and Host A. Thus, this situation will result in a DoS scenario. Another possible scenario is that in which two BGP peers are employing IPv6 transport and they implement Access Control Lists (ACLs) to drop IPv6 fragments (to avoid control-plane attacks). If the aforementioned BGP peers drop IPv6 fragments but still honor received ICMPv6 PTB error messages, an attacker could easily attack the corresponding peering session by simply sending an ICMPv6 PTB message with a reported MTU smaller than 1280 bytes. Once the attack packet has been sent, the aforementioned routers will themselves be the ones dropping their own traffic.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 8.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2017-01-14T07:59:00", "title": "CVE-2016-10142", "type": "cve", "cwe": ["CWE-17"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10142"], "modified": "2018-05-11T01:29:00", "cpe": ["cpe:/a:ietf:ipv6:-"], "id": "CVE-2016-10142", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10142", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:ietf:ipv6:-:*:*:*:*:*:*:*"]}, {"lastseen": "2021-04-22T23:58:39", "description": "The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576.", "edition": 7, "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.0, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-30T18:59:00", "title": "CVE-2016-10088", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10088"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/o:linux:linux_kernel:4.9"], "id": "CVE-2016-10088", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10088", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.9:*:*:*:*:*:*:*"]}, {"lastseen": "2021-04-22T23:58:54", "description": "The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data.", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-11-28T03:59:00", "title": "CVE-2016-9555", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9555"], "modified": "2018-08-13T21:47:00", "cpe": ["cpe:/o:linux:linux_kernel:4.8.7"], "id": "CVE-2016-9555", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9555", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.8.7:*:*:*:*:*:*:*"]}, {"lastseen": "2021-04-22T23:58:54", "description": "The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.", "edition": 7, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-28T07:59:00", "title": "CVE-2016-9576", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9576"], "modified": "2018-01-05T02:31:00", "cpe": ["cpe:/o:linux:linux_kernel:4.8.13"], "id": "CVE-2016-9576", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9576", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.8.13:*:*:*:*:*:*:*"]}, {"lastseen": "2021-04-22T23:58:50", "description": "Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a \"double fetch\" vulnerability.", "edition": 7, "cvss3": {"exploitabilityScore": 1.4, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-08-06T20:59:00", "title": "CVE-2016-6480", "type": "cve", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6480"], "modified": "2018-01-05T02:31:00", "cpe": ["cpe:/o:linux:linux_kernel:4.7"], "id": "CVE-2016-6480", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6480", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.7:*:*:*:*:*:*:*"]}, {"lastseen": "2021-04-22T23:58:47", "description": "The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary.", "edition": 8, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.1, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2016-07-03T21:59:00", "title": "CVE-2016-4998", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 5.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4998"], "modified": "2019-12-27T16:08:00", "cpe": ["cpe:/o:linux:linux_kernel:4.5.5", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:oracle:linux:7", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2016-4998", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4998", "cvss": {"score": 5.6, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:C"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.5.5:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2021-04-22T23:58:49", "description": "Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a \"double fetch\" vulnerability.", "edition": 7, "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 4.7, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-08-06T20:59:00", "title": "CVE-2016-6136", "type": "cve", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6136"], "modified": "2018-01-05T02:31:00", "cpe": ["cpe:/o:linux:linux_kernel:4.7"], "id": "CVE-2016-6136", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6136", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.7:*:*:*:*:*:*:*"]}, {"lastseen": "2021-04-22T23:58:50", "description": "The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions.", "edition": 8, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 4.4, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 2.5}, "published": "2016-10-16T21:59:00", "title": "CVE-2016-7097", "type": "cve", "cwe": ["CWE-285"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7097"], "modified": "2018-01-05T02:31:00", "cpe": ["cpe:/o:linux:linux_kernel:4.8.2"], "id": "CVE-2016-7097", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7097", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.8.2:*:*:*:*:*:*:*"]}, {"lastseen": "2021-04-22T23:58:50", "description": "Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-10-10T11:00:00", "title": "CVE-2016-7117", "type": "cve", "cwe": ["CWE-19"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7117"], "modified": "2018-01-05T02:31:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:linux:linux_kernel:4.5.1", "cpe:/o:debian:debian_linux:7.0"], "id": "CVE-2016-7117", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7117", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-04-22T23:58:50", "description": "The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file.", "edition": 7, "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.2, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-10-16T21:59:00", "title": "CVE-2016-7042", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7042"], "modified": "2018-01-05T02:31:00", "cpe": ["cpe:/o:linux:linux_kernel:4.8.2"], "id": "CVE-2016-7042", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7042", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.8.2:*:*:*:*:*:*:*"]}], "ubuntucve": [{"lastseen": "2021-07-31T00:11:37", "description": "An issue was discovered in the IPv6 protocol specification, related to ICMP\nPacket Too Big (PTB) messages. (The scope of this CVE is all affected IPv6\nimplementations from all vendors.) The security implications of IP\nfragmentation have been discussed at length in [RFC6274] and [RFC7739]. An\nattacker can leverage the generation of IPv6 atomic fragments to trigger\nthe use of fragmentation in an arbitrary IPv6 flow (in scenarios in which\nactual fragmentation of packets is not needed) and can subsequently perform\nany type of fragmentation-based attack against legacy IPv6 nodes that do\nnot implement [RFC6946]. That is, employing fragmentation where not\nactually needed allows for fragmentation-based attack vectors to be\nemployed, unnecessarily. We note that, unfortunately, even nodes that\nalready implement [RFC6946] can be subject to DoS attacks as a result of\nthe generation of IPv6 atomic fragments. Let us assume that Host A is\ncommunicating with Host B and that, as a result of the widespread dropping\nof IPv6 packets that contain extension headers (including fragmentation)\n[RFC7872], some intermediate node filters fragments between Host B and Host\nA. If an attacker sends a forged ICMPv6 PTB error message to Host B,\nreporting an MTU smaller than 1280, this will trigger the generation of\nIPv6 atomic fragments from that moment on (as required by [RFC2460]). When\nHost B starts sending IPv6 atomic fragments (in response to the received\nICMPv6 PTB error message), these packets will be dropped, since we\npreviously noted that IPv6 packets with extension headers were being\ndropped between Host B and Host A. Thus, this situation will result in a\nDoS scenario. Another possible scenario is that in which two BGP peers are\nemploying IPv6 transport and they implement Access Control Lists (ACLs) to\ndrop IPv6 fragments (to avoid control-plane attacks). If the aforementioned\nBGP peers drop IPv6 fragments but still honor received ICMPv6 PTB error\nmessages, an attacker could easily attack the corresponding peering session\nby simply sending an ICMPv6 PTB message with a reported MTU smaller than\n1280 bytes. Once the attack packet has been sent, the aforementioned\nrouters will themselves be the ones dropping their own traffic.\n\n#### Bugs\n\n * <https://bugzilla.redhat.com/show_bug.cgi?id=1415908>\n * <https://bugzilla.novell.com/show_bug.cgi?id=1020078>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 8.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2017-01-14T00:00:00", "type": "ubuntucve", "title": "CVE-2016-10142", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10142"], "modified": "2017-01-14T00:00:00", "id": "UB:CVE-2016-10142", "href": "https://ubuntu.com/security/CVE-2016-10142", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-31T00:12:58", "description": "The sg implementation in the Linux kernel through 4.9 does not properly\nrestrict write operations in situations where the KERNEL_DS option is set,\nwhich allows local users to read or write to arbitrary kernel memory\nlocations or cause a denial of service (use-after-free) by leveraging\naccess to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c.\nNOTE: this vulnerability exists because of an incomplete fix for\nCVE-2016-9576.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support \n[sbeattie](<https://launchpad.net/~sbeattie>) | attack requires access to /dev/sg or other block scsi devices.\n", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.0, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-30T00:00:00", "type": "ubuntucve", "title": "CVE-2016-10088", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10088"], "modified": "2016-12-30T00:00:00", "id": "UB:CVE-2016-10088", "href": "https://ubuntu.com/security/CVE-2016-10088", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-31T00:14:53", "description": "The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel\nbefore 4.8.8 lacks chunk-length checking for the first chunk, which allows\nremote attackers to cause a denial of service (out-of-bounds slab access)\nor possibly have unspecified other impact via crafted SCTP data.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-11-27T00:00:00", "type": "ubuntucve", "title": "CVE-2016-9555", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9555"], "modified": "2016-11-27T00:00:00", "id": "UB:CVE-2016-9555", "href": "https://ubuntu.com/security/CVE-2016-9555", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-31T00:13:05", "description": "The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel\nbefore 4.8.14 does not properly restrict the type of iterator, which allows\nlocal users to read or write to arbitrary kernel memory locations or cause\na denial of service (use-after-free) by leveraging access to a /dev/sg\ndevice.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[sbeattie](<https://launchpad.net/~sbeattie>) | requires access to /dev/sg*, which unprivileged users normally do not have access to.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-28T00:00:00", "type": "ubuntucve", "title": "CVE-2016-9576", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9576"], "modified": "2016-12-28T00:00:00", "id": "UB:CVE-2016-9576", "href": "https://ubuntu.com/security/CVE-2016-9576", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-31T00:20:38", "description": "Race condition in the ioctl_send_fib function in\ndrivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows\nlocal users to cause a denial of service (out-of-bounds access or system\ncrash) by changing a certain size value, aka a \"double fetch\"\nvulnerability.\n\n#### Bugs\n\n * <https://bugzilla.kernel.org/show_bug.cgi?id=116751>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support\n", "cvss3": {"exploitabilityScore": 1.4, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-08-06T00:00:00", "type": "ubuntucve", "title": "CVE-2016-6480", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6480"], "modified": "2016-08-06T00:00:00", "id": "UB:CVE-2016-6480", "href": "https://ubuntu.com/security/CVE-2016-6480", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-31T00:23:45", "description": "The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem\nin the Linux kernel before 4.6 allows local users to cause a denial of\nservice (out-of-bounds read) or possibly obtain sensitive information from\nkernel heap memory by leveraging in-container root access to provide a\ncrafted offset value that leads to crossing a ruleset blob boundary.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support \n[seth-arnold](<https://launchpad.net/~seth-arnold>) | Can be mitigated against by a sysctl to disable userns support\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.1, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2016-06-24T00:00:00", "type": "ubuntucve", "title": "CVE-2016-4998", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 5.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4998"], "modified": "2016-06-24T00:00:00", "id": "UB:CVE-2016-4998", "href": "https://ubuntu.com/security/CVE-2016-4998", "cvss": {"score": 5.6, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2021-07-31T00:20:40", "description": "Race condition in the audit_log_single_execve_arg function in\nkernel/auditsc.c in the Linux kernel through 4.7 allows local users to\nbypass intended character-set restrictions or disrupt system-call auditing\nby changing a certain string, aka a \"double fetch\" vulnerability.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support \n[sbeattie](<https://launchpad.net/~sbeattie>) | allows corruption of audit logs\n", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 4.7, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-08-06T00:00:00", "type": "ubuntucve", "title": "CVE-2016-6136", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6136"], "modified": "2016-08-06T00:00:00", "id": "UB:CVE-2016-6136", "href": "https://ubuntu.com/security/CVE-2016-6136", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-07-31T00:16:57", "description": "The filesystem implementation in the Linux kernel through 4.8.2 preserves\nthe setgid bit during a setxattr call, which allows local users to gain\ngroup privileges by leveraging the existence of a setgid program with\nrestrictions on execute permissions.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 4.4, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 2.5}, "published": "2016-10-16T00:00:00", "type": "ubuntucve", "title": "CVE-2016-7097", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7097"], "modified": "2016-10-16T00:00:00", "id": "UB:CVE-2016-7097", "href": "https://ubuntu.com/security/CVE-2016-7097", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-07-31T00:17:13", "description": "Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c\nin the Linux kernel before 4.5.2 allows remote attackers to execute\narbitrary code via vectors involving a recvmmsg system call that is\nmishandled during error processing.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-10-10T00:00:00", "type": "ubuntucve", "title": "CVE-2016-7117", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7117"], "modified": "2016-10-10T00:00:00", "id": "UB:CVE-2016-7117", "href": "https://ubuntu.com/security/CVE-2016-7117", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-31T00:16:52", "description": "The proc_keys_show function in security/keys/proc.c in the Linux kernel\nthrough 4.8.2, when the GNU Compiler Collection (gcc) stack protector is\nenabled, uses an incorrect buffer size for certain timeout data, which\nallows local users to cause a denial of service (stack memory corruption\nand panic) by reading the /proc/keys file.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support \n[sbeattie](<https://launchpad.net/~sbeattie>) | fix is commit 03dab869b7b239c4e013ec82aea22e181e441cfc\n", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.2, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-10-16T00:00:00", "type": "ubuntucve", "title": "CVE-2016-7042", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7042"], "modified": "2016-10-16T00:00:00", "id": "UB:CVE-2016-7042", "href": "https://ubuntu.com/security/CVE-2016-7042", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "android": [{"lastseen": "2021-07-28T14:34:39", "description": "Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-10-01T00:00:00", "title": "CVE-2016-7117", "type": "android", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7117"], "modified": "2019-07-29T00:00:00", "id": "ANDROID:CVE-2016-7117", "href": "http://www.androidvulnerabilities.org/vulnerabilities/CVE-2016-7117.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:34:40", "description": "The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option.", "edition": 2, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-11-01T00:00:00", "title": "CVE-2016-6828", "type": "android", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6828"], "modified": "2019-07-29T00:00:00", "id": "ANDROID:CVE-2016-6828", "href": "http://www.androidvulnerabilities.org/vulnerabilities/CVE-2016-6828.html", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "metasploit": [{"lastseen": "2021-05-07T02:50:33", "description": "\n", "edition": 2, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 4.4, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 2.5}, "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "F5 Networks: K31603170 (CVE-2016-7097): Linux kernel vulnerability CVE-2016-7097", "bulletinFamily": "exploit", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7097"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/F5-BIG-IP-CVE-2016-7097/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-05-22T13:07:25", "description": "\n", "edition": 2, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "F5 Networks: K82508682 (CVE-2017-6074): Linux kernel vulnerability CVE-2017-6074", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-6074"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/F5-BIG-IP-CVE-2017-6074/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-05-07T02:50:30", "description": "\n", "edition": 2, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 4.4, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 2.5}, "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "SUSE: CVE-2016-7097: SUSE Linux Security Advisory", "bulletinFamily": "exploit", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7097"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/SUSE-CVE-2016-7097/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N"}}], "ubuntu": [{"lastseen": "2021-07-28T18:51:35", "description": "Marco Grassi discovered a use-after-free condition could occur in the TCP \nretransmit queue handling code in the Linux kernel. A local attacker could \nuse this to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2016-6828)\n\nPengfei Wang discovered a race condition in the audit subsystem in the \nLinux kernel. A local attacker could use this to corrupt audit logs or \ndisrupt system-call auditing. (CVE-2016-6136)\n\nPengfei Wang discovered a race condition in the Adaptec AAC RAID controller \ndriver in the Linux kernel when handling ioctl()s. A local attacker could \nuse this to cause a denial of service (system crash). (CVE-2016-6480)", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-10-11T00:00:00", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6480", "CVE-2016-6136", "CVE-2016-6828"], "modified": "2016-10-11T00:00:00", "id": "USN-3097-1", "href": "https://ubuntu.com/security/notices/USN-3097-1", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-28T18:46:44", "description": "Marco Grassi discovered a use-after-free condition could occur in the TCP \nretransmit queue handling code in the Linux kernel. A local attacker could \nuse this to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2016-6828)\n\nPengfei Wang discovered a race condition in the audit subsystem in the \nLinux kernel. A local attacker could use this to corrupt audit logs or \ndisrupt system-call auditing. (CVE-2016-6136)\n\nPengfei Wang discovered a race condition in the Adaptec AAC RAID controller \ndriver in the Linux kernel when handling ioctl()s. A local attacker could \nuse this to cause a denial of service (system crash). (CVE-2016-6480)", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-10-13T00:00:00", "title": "Linux kernel (OMAP4) vulnerabilities", "type": "ubuntu", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6480", "CVE-2016-6136", "CVE-2016-6828"], "modified": "2016-10-13T00:00:00", "id": "USN-3097-2", "href": "https://ubuntu.com/security/notices/USN-3097-2", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "oraclelinux": [{"lastseen": "2021-07-28T14:24:31", "description": "[2.6.32-642.13.1]\n- [net] Fix use after free in the recvmmsg exit path (Davide Caratti) [1390805 1390046] {CVE-2016-7117}\n- [net] vlan: Propagate MAC address to VLANs (Jarod Wilson) [1396479 1381585]\n- [net] tcp: fix use after free in tcp_xmit_retransmit_queue() (Mateusz Guzik) [1379527 1379529] {CVE-2016-6828}\n- [net] netfilter: x_tables: check for bogus target offset (Mateusz Guzik) [1351421 1351422] {CVE-2016-4998}\n- [net] netfilter: x_tables: validate e->target_offset early (Mateusz Guzik) [1351421 1351422] {CVE-2016-4998}\n- [net] netfilter: x_tables: make sure e->next_offset covers remaining blob size (Mateusz Guzik) [1351421 1351422] {CVE-2016-4998}\n- [net] ipv6: Don't change dst->flags using assignments (Marcelo Leitner) [1391974 1389478]\n- [scsi] libfc: Revert: use offload EM instance again (Chris Leech) [1392818 1383078]\n- [netdrv] sfc: report supported link speeds on SFP connections (Jarod Wilson) [1388168 1384621]\n- [drm] vmwgfx: respect 'nomodeset' (Rob Clark) [1392875 1342114]\n- [hv] avoid vfree() on crash (Vitaly Kuznetsov) [1385482 1333167]\n- [hv] vmbus: handle various crash scenarios (Vitaly Kuznetsov) [1385482 1333167]\n- [hv] vmbus: Support kexec on ws2012 r2 and above (Vitaly Kuznetsov) [1385482 1333167]\n- [hv] vmbus: Support handling messages on multiple CPUs (Vitaly Kuznetsov) [1385482 1333167]\n- [hv] vmbus: remove code duplication in message handling (Vitaly Kuznetsov) [1385482 1333167]\n- [hv] vmbus: avoid unneeded compiler optimizations in vmbus_wait_for_unload() (Vitaly Kuznetsov) [1385482 1333167]\n- [hv] vmbus: avoid wait_for_completion() on crash (Vitaly Kuznetsov) [1385482 1333167]\n- [hv] vmbus: avoid scheduling in interrupt context in vmbus_initiate_unload() (Vitaly Kuznetsov) [1385482 1333167]\n- [hv] vmbus: don't loose HVMSG_TIMER_EXPIRED messages (Vitaly Kuznetsov) [1385482 1333167]\n- [hv] vmbus: Force all channel messages to be delivered on CPU 0 (Vitaly Kuznetsov) [1385482 1333167]\n- [scsi] mpt3sas: Fix panic when aer correct error occurred (Frank Ramsay) [1396272 1374743]\n- [fs] nfs4.1: Remove a bogus BUG_ON() in nfs4_layoutreturn_done (Steve Dickson) [1385480 1376467]\n- [firmware] dmi_scan: DMI information in sysfs is missing on SMBIOS 3.0 based systems (Steve Best) [1393464 1353807]\n[2.6.32-642.12.1]\n- [netdrv] mlx5: Fix RC transport send queue overhead computation (Slava Shwartsman) [1392799 1384212]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-10T00:00:00", "type": "oraclelinux", "title": "kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4998", "CVE-2016-6828", "CVE-2016-7117"], "modified": "2017-01-10T00:00:00", "id": "ELSA-2017-0036", "href": "http://linux.oracle.com/errata/ELSA-2017-0036.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:24:54", "description": "- [3.10.0-514.6.1.OL7]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [bug 24817676]\n[3.10.0-514.6.1]\n- [net] sctp: validate chunk len before actually using it (Hangbin Liu) [1399458 1399459] {CVE-2016-9555}\n- [net] sctp: rename WORD_TRUNC/ROUND macros (Hangbin Liu) [1399458 1399459] {CVE-2016-9555}\n- [net] sctp: keep fragmentation point aligned to word size (Hangbin Liu) [1399458 1399459] {CVE-2016-9555}\n- [x86] Mark Intel Purley supported (Steve Best) [1402824 1371748]\n- [acpi] sleep: Do not save NVS for new machines to accelerate S3 (Prarit Bhargava) [1402326 1385527]\n- [scsi] megaraid_sas: Send SYNCHRONIZE_CACHE for VD to firmware (Tomas Henzl) [1398179 1380447]\n- [scsi] megaraid_sas: Fix data integrity failure for JBOD (passthrough) devices (Tomas Henzl) [1398179 1380447]\n- [scsi] megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression (Tomas Henzl) [1398179 1380447]\n- [netdrv] net/hyperv: avoid uninitialized variable (Vitaly Kuznetsov) [1395578 1392220]\n- [netdrv] netvsc: Remove mistaken udp.h inclusion (Vitaly Kuznetsov) [1395578 1392220]\n- [netdrv] netvsc: fix checksum on UDP IPV6 (Vitaly Kuznetsov) [1395578 1392220]\n- [netdrv] hv_netvsc: add ethtool statistics for tx packet issues (Vitaly Kuznetsov) [1395578 1392220]\n- [netdrv] hv_netvsc: rearrange start_xmit (Vitaly Kuznetsov) [1395578 1392220]\n- [fs] Retry operation on EREMOTEIO on an interrupted slot (Steve Dickson) [1394710 1378981]\n- [fs] rbd: don't retry watch reregistration if header object is gone (Ilya Dryomov) [1393485 1378186]\n- [fs] rbd: don't wait for the lock forever if blacklisted (Ilya Dryomov) [1393485 1378186]\n- [fs] rbd: lock_on_read map option (Ilya Dryomov) [1393485 1378186]\n- [hv] do not lose pending heartbeat vmbus packets (Vitaly Kuznetsov) [1392035 1378615]\n- [netdrv] netvsc: fix incorrect receive checksum offloading (Vitaly Kuznetsov) [1391617 1388702]\n- [x86] kvm: lapic: cap __delay at lapic_timer_advance_ns (Marcelo Tosatti) [1391614 1389431]\n- [x86] kvm: x86: move nsec_to_cycles from x86.c to x86.h (Marcelo Tosatti) [1391614 1389431]\n- [net] tcp: fix use after free in tcp_xmit_retransmit_queue() (Mateusz Guzik) [1379530 1379531] {CVE-2016-6828}\n[3.10.0-514.5.1]\n- [fs] Fix regression which breaks DFS mounting (Sachin Prabhu) [1400055 1302329]\n- [fs] Move check for prefix path to within cifs_get_root() (Sachin Prabhu) [1400055 1302329]\n- [fs] Compare prepaths when comparing superblocks (Sachin Prabhu) [1400055 1302329]\n- [fs] Fix memory leaks in cifs_do_mount() (Sachin Prabhu) [1400055 1302329]\n- [fs] cifs: make share unaccessible at root level mountable (Sachin Prabhu) [1400055 1302329]\n- [kernel] sched: Fix possible divide by zero in avg_atom() calculation (Mateusz Guzik) [1398361 1392466]\n- [scsi] megaraid_sas: Do not set MPI2_TYPE_CUDA for JBOD FP path for FW which does not support JBOD sequence map (Tomas Henzl) [1398175 1380441]\n- [x86] smp: Fix __max_logical_packages value setup (Prarit Bhargava) [1398173 1394239]\n- [x86] revert 'smp: Fix __max_logical_packages value setup' (Prarit Bhargava) [1398173 1394239]\n- [watchdog] hpwdt: add support for iLO5 (Linda Knippers) [1397747 1382798]\n- [x86] kexec: Fix kexec crash in syscall kexec_file_load() (Pingfan Liu) [1395573 1385109]\n- [powerpc] ppc64: Fix incorrect return value from __copy_tofrom_user (Steve Best) [1395565 1387244]\n- [scsi] megaraid-sas: request irqs later (Tomas Henzl) [1394711 1392978]\n- [netdrv] i40e: Fix errors resulted while turning off TSO (Stefan Assmann) [1394708 1378509]\n- [fs] ext4: pre-zero allocated blocks for DAX IO (Eric Sandeen) [1394707 1367989]\n- [powerpc] pseries: use pci_host_bridge.release_fn() to kfree(phb) (Steve Best) [1393724 1385635]\n- [misc] genwqe: Change default access rights for device node (Steve Best) [1393723 1325797]\n- [misc] hpilo: Changes to support new security states in iLO5 FW (Nigel Croxon) [1393720 1376576]\n- [kernel] sched/core: Fix a race between try_to_wake_up() and a woken up task (Lauro Ramos Venancio) [1393719 1379256]\n- [hid] i2c-hid: exit if the IRQ is not valid (David Arcari) [1393717 1376599]\n- [x86] Add support for missing Kabylake Sunrise Point PCH (David Arcari) [1392033 1379401]\n- [net] sctp: not return ENOMEM err back in sctp_packet_transmit (Xin Long) [1392025 1371362]\n- [net] sctp: make sctp_outq_flush/tail/uncork return void (Xin Long) [1392025 1371362]\n- [net] sctp: save transmit error to sk_err in sctp_outq_flush (Xin Long) [1392025 1371362]\n- [net] sctp: free msg->chunks when sctp_primitive_SEND return err (Xin Long) [1392025 1371362]\n- [net] sctp: do not return the transmit err back to sctp_sendmsg (Xin Long) [1392025 1371362]\n- [net] sctp: remove the unnecessary state check in sctp_outq_tail (Xin Long) [1392025 1371362]\n- [net] netdev, sched/wait: Fix sleeping inside wait event (Paolo Abeni) [1392024 1382175]\n- [net] Separate the close_list and the unreg_list (Paolo Abeni) [1392024 1382175]\n- [vfio] pci: Fix ordering of eventfd vs virqfd shutdown (Alex Williamson) [1391611 1322026]\n- [net] Fix use after free in the recvmmsg exit path (Davide Caratti) [1390806 1390047] {CVE-2016-7117}\n- [fs] nfsd: don't return an unhashed lock stateid after taking mutex ('J. Bruce Fields') [1390672 1368577]\n- [fs] nfsd: Fix race between FREE_STATEID and LOCK ('J. Bruce Fields') [1390672 1368577]\n- [fs] nfsd: Close race between nfsd4_release_lockowner and nfsd4_lock ('J. Bruce Fields') [1390672 1368577]\n- [fs] nfsd: Extend the mutex holding region around in nfsd4_process_open2() ('J. Bruce Fields') [1390672 1368577]\n- [fs] nfsd: Always lock state exclusively ('J. Bruce Fields') [1390672 1368577]\n- [infiniband] ib/ipoib: move back IB LL address into the hard header (Jonathan Toppins) [1390668 1378656]\n[3.10.0-514.4.1]\n- [net] rtnetlink: fix rtnl_vfinfo_size (Sabrina Dubroca) [1395811 1392128]\n- [netdrv] ixgbe: test for trust in macvlan adjustments for vf (Ken Cox) [1395572 1379787]\n- [kernel] timekeeping: Copy the shadow-timekeeper over the real timekeeper last (Prarit Bhargava) [1395577 1344747]\n[3.10.0-514.3.1]\n- [net] team: Fixing a bug in team driver due to incorrect 'unsigned int' to 'int' conversion (Hangbin Liu) [1392023 1382098]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-17T00:00:00", "type": "oraclelinux", "title": "kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6828", "CVE-2016-7117", "CVE-2016-9555"], "modified": "2017-01-17T00:00:00", "id": "ELSA-2017-0086", "href": "http://linux.oracle.com/errata/ELSA-2017-0086.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:25:00", "description": "[2.6.32-642.15.1]\n- [net] dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Hannes Frederic Sowa) [1424626 1424628] {CVE-2017-6074}\n[2.6.32-642.14.1]\n- [net] sctp: validate chunk len before actually using it (Hangbin Liu) [1399456 1399457] {CVE-2016-9555}\n- [netdrv] qlcnic: add wmb() call in transmit data path (Harish Patil) [1403143 1342659]\n- [kernel] audit: fix a double fetch in audit_log_single_execve_arg() (Paul Moore) [1359302 1359304] {CVE-2016-6136}\n- [fs] nfs: Kill fscache warnings when mounting without -ofsc (David Howells) [1399172 1353844]\n- [fs] nfs: Fix a compile issue when CONFIG_NFS_FSCACHE was undefined (David Howells) [1399172 1353844]\n- [fs] nfs: Don't pass mount data to nfs_fscache_get_super_cookie() (David Howells) [1399172 1353844]\n- [fs] nfsd: handle fileid wraparound (Dave Wysochanski) [1399174 1397552]\n- [scsi] hpsa: correct logical resets (Joseph Szczypek) [1399175 1083110]\n- [scsi] hpsa: generate a controller NMI (Joseph Szczypek) [1399175 1083110]\n- [scsi] hpsa: update driver version to 3.4.10-0-RH3 (Joseph Szczypek) [1399175 1083110]\n- [scsi] hpsa: Check for null devices in ioaccel submission patch (Joseph Szczypek) [1399175 1083110]\n- [scsi] hpsa: check for null device pointers (Joseph Szczypek) [1399175 1083110]\n- [scsi] hpsa: correct skipping masked peripherals (Joseph Szczypek) [1399175 1083110]\n- [scsi] hpsa: generalize external arrays (Joseph Szczypek) [1399175 1083110]\n- [fs] ext4: fix extent tree corruption caused by hole punch (Lukas Czerner) [1397808 1351798]\n- [hv] do not lose pending heartbeat vmbus packets (Vitaly Kuznetsov) [1397739 1378614]\n- [powerpc] ppc64: Fix incorrect return value from __copy_tofrom_user (Gustavo Duarte) [1398185 1387243]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-02-23T00:00:00", "type": "oraclelinux", "title": "kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6136", "CVE-2016-9555", "CVE-2017-6074"], "modified": "2017-02-23T00:00:00", "id": "ELSA-2017-0307", "href": "http://linux.oracle.com/errata/ELSA-2017-0307.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}