Linux Distros Unpatched Vulnerability : CVE-2016-3157

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The switchto function in arch/x86/kernel/process64.c in the Linux kernel does not properly context- switch IOPL on 64-bit PV Xen guests, which allows local gues...

Debian: Security Advisory (DLA-516-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3656)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-3656 advisory. - x86/iopl/64: properly context-switch IOPL on Xen PV Andy Lutomirski Orabug: 25269176 CVE-2016-3157 CVE-2016-3157 Tenable has extracted the...

OracleVM 3.3 : Unbreakable / etc (OVMSA-2016-0180)

The remote OracleVM system is missing necessary patches to address critical security updates : - x86/iopl/64: properly context-switch IOPL on Xen PV Andy Lutomirski Orabug: 25269176 CVE-2016-3157 CVE-2016-3157 - net: Fix use after free in the recvmmsg exit path Arnaldo Carvalho de Melo Orabug:...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3657)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-3657 advisory. - x86/iopl/64: properly context-switch IOPL on Xen PV Andy Lutomirski Orabug: 25269184 CVE-2016-3157 Tenable has extracted the preceding descriptio...

Unbreakable Enterprise kernel security update

kernel-uek 3.8.13-118.15.2 - x86/iopl/64: properly context-switch IOPL on Xen PV Andy Lutomirski Orabug: 25269176 CVE-2016-3157 CVE-2016-3157 - net: Fix use after free in the recvmmsg exit path Arnaldo Carvalho de Melo Orabug: 25298611 CVE-2016-7117...

Unbreakable Enterprise kernel security update

2.6.39-400.293.2 - x86/iopl/64: properly context-switch IOPL on Xen PV Andy Lutomirski Orabug: 25269184 CVE-2016-3157 - net: Fix use after free in the recvmmsg exit path Arnaldo Carvalho de Melo Orabug: 25298618 CVE-2016-7117...

Ubuntu: Security Advisory (USN-2965-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-2965-2)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2965-2 advisory. USN-2965-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enableme...

Ubuntu 14.04 LTS : Linux kernel (Wily HWE) vulnerabilities (USN-2971-2)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2971-2 advisory. USN-2971-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. This update provides the corresponding updates for the Linux Hardware Enablement H...

Ubuntu 15.10 : linux vulnerabilities (USN-2971-1)

Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service system crash. CVE-2015-7515 Zach Riggle discovered that the Linux kernel's...

Ubuntu: Security Advisory (USN-2969-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-2968-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2971-2: Linux kernel (Wily HWE) vulnerabilities

USN-2971-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 15.10 for Ubuntu 14.04 LTS. Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did no...

USN-2970-1: Linux kernel (Vivid HWE) vulnerabilities

Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly validate the endpoints reported by the device. An attacker with physical access could cause a denial of service system crash. CVE-2015-7515 Ben Hawkes discovered that the Linux kernel's AIO...

Fedora 22 : kernel-4.4.6-201.fc22 (2016-ed5110c4bb)

This is an incremental update with a series of bugzilla fixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Fedora 23 : kernel-4.4.6-301.fc23 (2016-7e602c0e5e)

This is an incremental update for a set of bugzillas in the kernel Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

CVE-2016-3157

The switchto function in arch/x86/kernel/process64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause a denial of service guest OS crash, or obtain sensitive information by leveraging I/O port access...

CVE-2016-3157

CVE-2016-3157 : The Linux kernel’s 64-bit PV Xen path__switch_to__ in arch/x86/kernel/process_64.c fails to context-switch IOPL properly, enabling local guest users to escalate privileges, cause a guest-OS DoS, or leak data via I/O ports. Public details in connected Nessus/Unity advisories (UTSA-...

OracleVM 3.4 : kernel-uek (OVMSA-2016-0041)

The remote OracleVM system is missing necessary patches to address critical security updates : - rebuild bumping release - x86/iopl/64: properly context-switch IOPL on Xen PV Andy Lutomirski Orabug: 22997978 CVE-2016-3157 - fs/hugetlbfs/inode.c: fix bugs in hugetlbvmtruncatelist Mike Kravetz...