10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.706 High
EPSS
Percentile
97.7%
These packages contain the Linux kernel, the core of any Linux operating
system.
Security fixes:
unsafe sprintf() use in the Bluetooth implementation. Creating a large
number of Bluetooth L2CAP, SCO, or RFCOMM sockets could result in arbitrary
memory pages being overwritten, allowing a local, unprivileged user to
cause a denial of service or escalate their privileges. (CVE-2010-1084,
Important)
a flaw in the Unidirectional Lightweight Encapsulation implementation,
allowing a remote attacker to send a specially-crafted ISO MPEG-2 Transport
Stream frame to a target system, resulting in a denial of service.
(CVE-2010-1086, Important)
NULL pointer dereference in nfs_wb_page_cancel(), allowing a local user
on a system that has an NFS-mounted file system to cause a denial of
service or escalate their privileges on that system. (CVE-2010-1087,
Important)
flaw in sctp_process_unk_param(), allowing a remote attacker to send a
specially-crafted SCTP packet to an SCTP listening port on a target system,
causing a denial of service. (CVE-2010-1173, Important)
race condition between finding a keyring by name and destroying a freed
keyring in the key management facility, allowing a local, unprivileged
user to cause a denial of service or escalate their privileges.
(CVE-2010-1437, Important)
systems using the kernel NFS server to export a shared memory file system
and that have the sysctl overcommit_memory variable set to never overcommit
(a value of 2; by default, it is set to 0), may experience a NULL pointer
dereference, allowing a local, unprivileged user to cause a denial of
service or escalate their privileges. (CVE-2008-7256, CVE-2010-1643,
Important)
when an application has a stack overflow, the stack could silently
overwrite another memory mapped area instead of a segmentation fault
occurring, which could cause an application to execute arbitrary code.
(CVE-2010-2240, Important)
flaw in CIFSSMBWrite() could allow a remote attacker to send a
specially-crafted SMB response packet to a target CIFS client, resulting in
a denial of service. (CVE-2010-2248, Important)
buffer overflow flaws in the kernel’s implementation of the server-side
XDR for NFSv4 could allow an attacker on the local network to send a
specially-crafted large compound request to the NFSv4 server, possibly
resulting in a denial of service or code execution. (CVE-2010-2521,
Important)
NULL pointer dereference in the firewire-ohci driver used for OHCI
compliant IEEE 1394 controllers could allow a local, unprivileged user with
access to /dev/fw* files to issue certain IOCTL calls, causing a denial of
service or privilege escalation. The FireWire modules are blacklisted by
default. If enabled, only root has access to the files noted above by
default. (CVE-2009-4138, Moderate)
flaw in the link_path_walk() function. Using the file descriptor
returned by open() with the O_NOFOLLOW flag on a subordinate NFS-mounted
file system, could result in a NULL pointer dereference, causing a denial
of service or privilege escalation. (CVE-2010-1088, Moderate)
memory leak in release_one_tty() could allow a local, unprivileged user
to cause a denial of service. (CVE-2010-1162, Moderate)
information leak in the USB implementation. Certain USB errors could
result in an uninitialized kernel buffer being sent to user-space. An
attacker with physical access to a target system could use this flaw to
cause an information leak. (CVE-2010-1083, Low)
Red Hat would like to thank Neil Brown for reporting CVE-2010-1084; Ang Way
Chuang for reporting CVE-2010-1086; Jukka Taimisto and Olli Jarva of
Codenomicon Ltd, Nokia Siemens Networks, and Wind River on behalf of their
customer, for responsibly reporting CVE-2010-1173; the X.Org security team
for reporting CVE-2010-2240, with upstream acknowledging Rafal Wojtczuk as
the original reporter; and Marcus Meissner for reporting CVE-2010-1083.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | x86_64 | kernel-rt-debug | < 2.6.24.7-161.el5rt | kernel-rt-debug-2.6.24.7-161.el5rt.x86_64.rpm |
RedHat | 5 | i686 | kernel-rt-vanilla | < 2.6.24.7-161.el5rt | kernel-rt-vanilla-2.6.24.7-161.el5rt.i686.rpm |
RedHat | 5 | i686 | kernel-rt-trace | < 2.6.24.7-161.el5rt | kernel-rt-trace-2.6.24.7-161.el5rt.i686.rpm |
RedHat | 5 | noarch | kernel-rt-doc | < 2.6.24.7-161.el5rt | kernel-rt-doc-2.6.24.7-161.el5rt.noarch.rpm |
RedHat | 5 | x86_64 | kernel-rt-devel | < 2.6.24.7-161.el5rt | kernel-rt-devel-2.6.24.7-161.el5rt.x86_64.rpm |
RedHat | 5 | i686 | kernel-rt-devel | < 2.6.24.7-161.el5rt | kernel-rt-devel-2.6.24.7-161.el5rt.i686.rpm |
RedHat | 5 | noarch | kernel-rt-firmware | < 2.6.24.7-161.el5rt | kernel-rt-firmware-2.6.24.7-161.el5rt.noarch.rpm |
RedHat | 5 | i686 | kernel-rt-trace-devel | < 2.6.24.7-161.el5rt | kernel-rt-trace-devel-2.6.24.7-161.el5rt.i686.rpm |
RedHat | 5 | x86_64 | kernel-rt-vanilla-devel | < 2.6.24.7-161.el5rt | kernel-rt-vanilla-devel-2.6.24.7-161.el5rt.x86_64.rpm |
RedHat | 5 | i686 | kernel-rt | < 2.6.24.7-161.el5rt | kernel-rt-2.6.24.7-161.el5rt.i686.rpm |