5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
18.1%
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
This update fixes the following security issues:
A buffer overflow flaw was found in the load_mixer_volumes() function in
the Linux kernel’s Open Sound System (OSS) sound driver. On 64-bit PowerPC
systems, a local, unprivileged user could use this flaw to cause a denial
of service or escalate their privileges. (CVE-2010-4527, Important)
A missing boundary check was found in the dvb_ca_ioctl() function in the
Linux kernel’s av7110 module. On systems that use old DVB cards that
require the av7110 module, a local, unprivileged user could use this flaw
to cause a denial of service or escalate their privileges. (CVE-2011-0521,
Important)
A missing initialization flaw was found in the ethtool_get_regs()
function in the Linux kernel’s ethtool IOCTL handler. A local user who has
the CAP_NET_ADMIN capability could use this flaw to cause an information
leak. (CVE-2010-4655, Low)
Red Hat would like to thank Dan Rosenberg for reporting CVE-2010-4527, and
Kees Cook for reporting CVE-2010-4655.
These updated kernel packages also fix hundreds of bugs and add numerous
enhancements. For details on individual bug fixes and enhancements included
in this update, refer to the Red Hat Enterprise Linux 4.9 Release Notes,
linked to in the References section.
Users should upgrade to these updated packages, which contain backported
patches to correct these issues and add these enhancements. The system must
be rebooted for this update to take effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | ia64 | kernel-largesmp-devel | < 2.6.9-100.EL | kernel-largesmp-devel-2.6.9-100.EL.ia64.rpm |
RedHat | any | x86_64 | kernel | < 2.6.9-100.EL | kernel-2.6.9-100.EL.x86_64.rpm |
RedHat | any | x86_64 | kernel-largesmp | < 2.6.9-100.EL | kernel-largesmp-2.6.9-100.EL.x86_64.rpm |
RedHat | any | ppc64 | kernel-devel | < 2.6.9-100.EL | kernel-devel-2.6.9-100.EL.ppc64.rpm |
RedHat | any | i686 | kernel-hugemem-devel | < 2.6.9-100.EL | kernel-hugemem-devel-2.6.9-100.EL.i686.rpm |
RedHat | any | s390x | kernel-devel | < 2.6.9-100.EL | kernel-devel-2.6.9-100.EL.s390x.rpm |
RedHat | any | noarch | kernel-doc | < 2.6.9-100.EL | kernel-doc-2.6.9-100.EL.noarch.rpm |
RedHat | any | i686 | kernel | < 2.6.9-100.EL | kernel-2.6.9-100.EL.i686.rpm |
RedHat | any | ia64 | kernel-largesmp | < 2.6.9-100.EL | kernel-largesmp-2.6.9-100.EL.ia64.rpm |
RedHat | any | s390 | kernel | < 2.6.9-100.EL | kernel-2.6.9-100.EL.s390.rpm |
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
18.1%