7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
40.2%
CentOS Errata and Security Advisory CESA-2016:0450
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
An integer overflow flaw was found in the way the Linux kernel’s Frame
Buffer device implementation mapped kernel memory to user space via the
mmap syscall. A local user able to access a frame buffer device file
(/dev/fb*) could possibly use this flaw to escalate their privileges on the
system. (CVE-2013-2596, Important)
It was found that the Xen hypervisor x86 CPU emulator implementation did
not correctly handle certain instructions with segment overrides,
potentially resulting in a memory corruption. A malicious guest user could
use this flaw to read arbitrary data relating to other guests, cause a
denial of service on the host, or potentially escalate their privileges on
the host. (CVE-2015-2151, Important)
This update also fixes the following bugs:
Previously, the CPU power of a CPU group could be zero. As a consequence,
a kernel panic occurred at “find_busiest_group+570” with do_divide_error.
The provided patch ensures that the division is only performed if the CPU
power is not zero, and the aforementioned panic no longer occurs.
(BZ#1209728)
Prior to this update, a bug occurred when performing an online resize of
an ext4 file system which had been previously converted from ext3. As a
consequence, the kernel crashed. The provided patch fixes online resizing
for such file systems by limiting the blockgroup search loop for non-extent
files, and the mentioned kernel crash no longer occurs. (BZ#1301100)
All kernel users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The system must be
rebooted for this update to take effect.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2016-March/083896.html
Affected packages:
kernel
kernel-PAE
kernel-PAE-devel
kernel-debug
kernel-debug-devel
kernel-devel
kernel-doc
kernel-headers
kernel-xen
kernel-xen-devel
Upstream details at:
https://access.redhat.com/errata/RHSA-2016:0450
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 5 | i686 | kernel | < 2.6.18-409.el5 | kernel-2.6.18-409.el5.i686.rpm |
CentOS | 5 | i686 | kernel-debug | < 2.6.18-409.el5 | kernel-debug-2.6.18-409.el5.i686.rpm |
CentOS | 5 | i686 | kernel-debug-devel | < 2.6.18-409.el5 | kernel-debug-devel-2.6.18-409.el5.i686.rpm |
CentOS | 5 | i686 | kernel-devel | < 2.6.18-409.el5 | kernel-devel-2.6.18-409.el5.i686.rpm |
CentOS | 5 | noarch | kernel-doc | < 2.6.18-409.el5 | kernel-doc-2.6.18-409.el5.noarch.rpm |
CentOS | 5 | i386 | kernel-headers | < 2.6.18-409.el5 | kernel-headers-2.6.18-409.el5.i386.rpm |
CentOS | 5 | i686 | kernel-pae | < 2.6.18-409.el5 | kernel-PAE-2.6.18-409.el5.i686.rpm |
CentOS | 5 | i686 | kernel-pae-devel | < 2.6.18-409.el5 | kernel-PAE-devel-2.6.18-409.el5.i686.rpm |
CentOS | 5 | i686 | kernel-xen | < 2.6.18-409.el5 | kernel-xen-2.6.18-409.el5.i686.rpm |
CentOS | 5 | i686 | kernel-xen-devel | < 2.6.18-409.el5 | kernel-xen-devel-2.6.18-409.el5.i686.rpm |
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
40.2%