5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.665 Medium
EPSS
Percentile
97.6%
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
A possible integer overflow was found in the Linux kernel Stream Control
Transmission Protocol (SCTP) implementation. This could allow an attacker
to cause a denial of service. (CVE-2008-3526, Important)
A deficiency was found in the Linux kernel Stream Control Transmission
Protocol (SCTP) Authentication Extension implementation. All the SCTP-AUTH
socket options could cause a kernel panic if the API was used when the
extension is disabled. (CVE-2008-3792, Important)
Missing boundary checks were reported in the Linux kernel SCTP
implementation. This could, potentially, cause information disclosure via a
specially crafted SCTP_HMAC_IDENT IOCTL request. (CVE-2008-4113,
CVE-2008-4445, Important)
Tobias Klein reported a missing check in the Linux kernel’s Open Sound
System (OSS) implementation. This deficiency could lead to a possible
information leak. (CVE-2008-3272, Moderate)
A deficiency was found in the Linux kernel virtual filesystem (VFS)
implementation. This could allow a local unprivileged user to make a series
of file creations within deleted directories, possibly causing a denial of
service. (CVE-2008-3275, Moderate)
A flaw was found in the Linux kernel Network File System daemon (nfsd) when
NFSv4 was enabled. Remote attackers could use this to cause a denial of
service via a buffer overflow. (CVE-2008-3915, Moderate)
A possible integer overflow was discovered in the Linux kernel Datagram
Congestion Control Protocol (DCCP) implementation. This could allow a
remote attacker to cause a denial of service on a victim’s machine.
(CVE-2008-3276, Low)
A deficiency was found in the Linux kernel tmpfs implementation. This could
allow a local unprivileged user to make a certain sequence of file
operations, possibly causing a denial of service. (CVE-2008-3534, Low)
An off-by-one error was found in the iov_iter_advance function. This could
allow a local unprivileged user to cause a denial of service as
demonstrated by a testcase from the Linux Test Project. (CVE-2008-3535,
Low)
These updated packages also fix the following bugs:
fixed a warning in the openib code.
increased MAX_STACK_TRACE_ENTRIES on the debug kernel variant.
enqueue deprioritized RT tasks to head of prio array.
use timer_pending() to test ipv6 FIB timers.
added a lower-bound check for the length field in PPPOE headers.
pppoe: unshare skb to avoid possible data loss.
using growisofs could cause oops due to the lack of proper sanity checks.
random seed improvement.
enabled the “Panic on Oops” feature.
fixed a portability issue in parse_pmtmr() due to variable type.
fixed sanity check in cifs/asn1.c.
fixed a bug introduced by a previous fix, related to the inode code.
added better sanity checks to dlm code.
dynamic ftrace enhancements. The daemon is no longer used.
fixed a format string bug in cpufreq.
avoid a potential kernel stack overflow in binfmt_misc.c
fixed the long boot-up time when CONFIG_PROVE_LOCKING is enabled.
use a better random seed for NAT port randomization.
a compat_semaphore was being handled as a regular semaphore due to
casting (qla2xxx driver).
All users of Red Hat Enterprise MRG should upgrade to these new packages,
which address these vulnerabilities and fix these bugs.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | x86_64 | kernel-rt-vanilla | < 2.6.24.7-81.el5rt | kernel-rt-vanilla-2.6.24.7-81.el5rt.x86_64.rpm |
RedHat | 5 | x86_64 | kernel-rt-vanilla-devel | < 2.6.24.7-81.el5rt | kernel-rt-vanilla-devel-2.6.24.7-81.el5rt.x86_64.rpm |
RedHat | 5 | noarch | kernel-rt-doc | < 2.6.24.7-81.el5rt | kernel-rt-doc-2.6.24.7-81.el5rt.noarch.rpm |
RedHat | 5 | x86_64 | kernel-rt-trace | < 2.6.24.7-81.el5rt | kernel-rt-trace-2.6.24.7-81.el5rt.x86_64.rpm |
RedHat | 5 | x86_64 | kernel-rt-debug | < 2.6.24.7-81.el5rt | kernel-rt-debug-2.6.24.7-81.el5rt.x86_64.rpm |
RedHat | 5 | x86_64 | kernel-rt | < 2.6.24.7-81.el5rt | kernel-rt-2.6.24.7-81.el5rt.x86_64.rpm |
RedHat | 5 | i686 | kernel-rt-devel | < 2.6.24.7-81.el5rt | kernel-rt-devel-2.6.24.7-81.el5rt.i686.rpm |
RedHat | 5 | x86_64 | kernel-rt-devel | < 2.6.24.7-81.el5rt | kernel-rt-devel-2.6.24.7-81.el5rt.x86_64.rpm |
RedHat | 5 | i686 | kernel-rt-vanilla-devel | < 2.6.24.7-81.el5rt | kernel-rt-vanilla-devel-2.6.24.7-81.el5rt.i686.rpm |
RedHat | 5 | i686 | kernel-rt-trace | < 2.6.24.7-81.el5rt | kernel-rt-trace-2.6.24.7-81.el5rt.i686.rpm |
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.665 Medium
EPSS
Percentile
97.6%