(RHSA-2010:0705) Important: kernel security update

2010-09-21T04:00:00
ID RHSA-2010:0705
Type redhat
Reporter RedHat
Modified 2017-07-29T20:26:26

Description

The kernel packages contain the Linux kernel, the core of any Linux operating system.

This update fixes the following security issue:

  • The compat_alloc_user_space() function in the Linux kernel 32/64-bit compatibility layer implementation was missing sanity checks. This function could be abused in other areas of the Linux kernel if its length argument can be controlled from user-space. On 64-bit systems, a local, unprivileged user could use this flaw to escalate their privileges. (CVE-2010-3081, Important)

Red Hat would like to thank Ben Hawkes for reporting this issue.

Red Hat is aware that a public exploit for this issue is available. Refer to Knowledgebase article DOC-40265 for further details: https://access.redhat.com/kb/docs/DOC-40265

Users should upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect.