7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.706 High
EPSS
Percentile
97.7%
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
This update fixes the following security issues:
multiple flaws were found in the mmap and mremap implementations. A local
user could use these flaws to cause a local denial of service or escalate
their privileges. (CVE-2010-0291, Important)
a NULL pointer dereference flaw was found in the Fast Userspace Mutexes
(futexes) implementation. The unlock code path did not check if the futex
value associated with pi_state->owner had been modified. A local user could
use this flaw to modify the futex value, possibly leading to a denial of
service or privilege escalation when the pi_state->owner pointer is
dereferenced. (CVE-2010-0622, Important)
a NULL pointer dereference flaw was found in the Linux kernel Network
File System (NFS) implementation. A local user on a system that has an
NFS-mounted file system could use this flaw to cause a denial of service or
escalate their privileges on that system. (CVE-2010-1087, Important)
a flaw was found in the sctp_process_unk_param() function in the Linux
kernel Stream Control Transmission Protocol (SCTP) implementation. A remote
attacker could send a specially-crafted SCTP packet to an SCTP listening
port on a target system, causing a kernel panic (denial of service).
(CVE-2010-1173, Important)
a flaw was found in the Linux kernel Transparent Inter-Process
Communication protocol (TIPC) implementation. If a client application, on a
local system where the tipc module is not yet in network mode, attempted to
send a message to a remote TIPC node, it would dereference a NULL pointer
on the local system, causing a kernel panic (denial of service).
(CVE-2010-1187, Important)
a buffer overflow flaw was found in the Linux kernel Global File System 2
(GFS2) implementation. In certain cases, a quota could be written past the
end of a memory page, causing memory corruption, leaving the quota stored
on disk in an invalid state. A user with write access to a GFS2 file system
could trigger this flaw to cause a kernel crash (denial of service) or
escalate their privileges on the GFS2 server. This issue can only be
triggered if the GFS2 file system is mounted with the “quota=on” or
“quota=account” mount option. (CVE-2010-1436, Important)
a race condition between finding a keyring by name and destroying a freed
keyring was found in the Linux kernel key management facility. A local user
could use this flaw to cause a kernel panic (denial of service) or escalate
their privileges. (CVE-2010-1437, Important)
a flaw was found in the link_path_walk() function in the Linux kernel.
Using the file descriptor returned by the open() function with the
O_NOFOLLOW flag on a subordinate NFS-mounted file system, could result in a
NULL pointer dereference, causing a denial of service or privilege
escalation. (CVE-2010-1088, Moderate)
a missing permission check was found in the gfs2_set_flags() function in
the Linux kernel GFS2 implementation. A local user could use this flaw to
change certain file attributes of files, on a GFS2 file system, that they
do not own. (CVE-2010-1641, Low)
Red Hat would like to thank Jukka Taimisto and Olli Jarva of Codenomicon
Ltd, Nokia Siemens Networks, and Wind River on behalf of their customer,
for responsibly reporting CVE-2010-1173; Mario Mikocevic for responsibly
reporting CVE-2010-1436; and Dan Rosenberg for responsibly reporting
CVE-2010-1641.
This update also fixes several bugs. Documentation for these bug fixes will
be available shortly from
http://www.redhat.com/docs/en-US/errata/RHSA-2010-0504/Kernel_Security_Update/index.html
Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | ppc64 | kernel-kdump | < 2.6.18-194.8.1.el5 | kernel-kdump-2.6.18-194.8.1.el5.ppc64.rpm |
RedHat | 5 | i386 | kernel-headers | < 2.6.18-194.8.1.el5 | kernel-headers-2.6.18-194.8.1.el5.i386.rpm |
RedHat | 5 | x86_64 | kernel-devel | < 2.6.18-194.8.1.el5 | kernel-devel-2.6.18-194.8.1.el5.x86_64.rpm |
RedHat | 5 | ia64 | kernel-xen | < 2.6.18-194.8.1.el5 | kernel-xen-2.6.18-194.8.1.el5.ia64.rpm |
RedHat | 5 | s390x | kernel-devel | < 2.6.18-194.8.1.el5 | kernel-devel-2.6.18-194.8.1.el5.s390x.rpm |
RedHat | 5 | x86_64 | kernel-xen | < 2.6.18-194.8.1.el5 | kernel-xen-2.6.18-194.8.1.el5.x86_64.rpm |
RedHat | 5 | ia64 | kernel-debug | < 2.6.18-194.8.1.el5 | kernel-debug-2.6.18-194.8.1.el5.ia64.rpm |
RedHat | 5 | s390x | kernel-kdump | < 2.6.18-194.8.1.el5 | kernel-kdump-2.6.18-194.8.1.el5.s390x.rpm |
RedHat | 5 | ia64 | kernel-debug-devel | < 2.6.18-194.8.1.el5 | kernel-debug-devel-2.6.18-194.8.1.el5.ia64.rpm |
RedHat | 5 | s390x | kernel-debug-devel | < 2.6.18-194.8.1.el5 | kernel-debug-devel-2.6.18-194.8.1.el5.s390x.rpm |