CentOS ProjectCESA-2010:0718kernel security update
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.2%
CentOS Errata and Security Advisory CESA-2010:0718
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
This update fixes the following security issue:
- The compat_alloc_user_space() function in the Linux kernel 32/64-bit
compatibility layer implementation was missing sanity checks. This function
could be abused in other areas of the Linux kernel if its length argument
can be controlled from user-space. On 64-bit systems, a local, unprivileged
user could use this flaw to escalate their privileges. (CVE-2010-3081,
Important)
Red Hat would like to thank Ben Hawkes for reporting this issue.
Refer to Knowledgebase article DOC-40265 for further details:
https://access.redhat.com/kb/docs/DOC-40265
Users should upgrade to these updated packages, which contain a backported
patch to correct this issue. The system must be rebooted for this update to
take effect.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2010-September/079190.html
https://lists.centos.org/pipermail/centos-announce/2010-September/079191.html
Affected packages:
kernel
kernel-devel
kernel-doc
kernel-hugemem
kernel-hugemem-devel
kernel-largesmp
kernel-largesmp-devel
kernel-smp
kernel-smp-devel
kernel-xenU
kernel-xenU-devel
Upstream details at:
https://access.redhat.com/errata/RHSA-2010:0718
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| CentOS | 4 | i586 | kernel | < 2.6.9-89.29.1.EL | kernel-2.6.9-89.29.1.EL.i586.rpm |
| CentOS | 4 | i686 | kernel | < 2.6.9-89.29.1.EL | kernel-2.6.9-89.29.1.EL.i686.rpm |
| CentOS | 4 | i586 | kernel-devel | < 2.6.9-89.29.1.EL | kernel-devel-2.6.9-89.29.1.EL.i586.rpm |
| CentOS | 4 | i686 | kernel-devel | < 2.6.9-89.29.1.EL | kernel-devel-2.6.9-89.29.1.EL.i686.rpm |
| CentOS | 4 | i686 | kernel-hugemem | < 2.6.9-89.29.1.EL | kernel-hugemem-2.6.9-89.29.1.EL.i686.rpm |
| CentOS | 4 | i686 | kernel-hugemem-devel | < 2.6.9-89.29.1.EL | kernel-hugemem-devel-2.6.9-89.29.1.EL.i686.rpm |
| CentOS | 4 | i586 | kernel-smp | < 2.6.9-89.29.1.EL | kernel-smp-2.6.9-89.29.1.EL.i586.rpm |
| CentOS | 4 | i686 | kernel-smp | < 2.6.9-89.29.1.EL | kernel-smp-2.6.9-89.29.1.EL.i686.rpm |
| CentOS | 4 | i586 | kernel-smp-devel | < 2.6.9-89.29.1.EL | kernel-smp-devel-2.6.9-89.29.1.EL.i586.rpm |
| CentOS | 4 | i686 | kernel-smp-devel | < 2.6.9-89.29.1.EL | kernel-smp-devel-2.6.9-89.29.1.EL.i686.rpm |
Related
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.2%