9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
51.0%
CentOS Errata and Security Advisory CESA-2017:1308
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
It was found that the packet_set_ring() function of the Linux kernel’s networking implementation did not properly validate certain block-size data. A local attacker with CAP_NET_RAW capability could use this flaw to trigger a buffer overflow, resulting in the crash of the system. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2017-7308, Important)
Mounting a crafted EXT4 image read-only leads to an attacker controlled memory corruption and SLAB-Out-of-Bounds reads. (CVE-2016-10208, Moderate)
A flaw was found in the Linux kernel’s implementation of seq_file where a local attacker could manipulate memory in the put() function pointer. This could lead to memory corruption and possible privileged escalation. (CVE-2016-7910, Moderate)
A vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shash_async_export() by attempting to force the in-kernel hashing algorithms into decrypting an empty data set. (CVE-2016-8646, Moderate)
It was reported that with Linux kernel, earlier than version v4.10-rc8, an application may trigger a BUG_ON in sctp_wait_for_sndbuf if the socket tx buffer is full, a thread is waiting on it to queue more data, and meanwhile another thread peels off the association being used by the first thread. (CVE-2017-5986, Moderate)
Red Hat would like to thank Igor Redko (Virtuozzo kernel team) for reporting CVE-2016-8646.
Additional Changes:
This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Technical Notes document linked to in the References section.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2017-May/084603.html
Affected packages:
kernel
kernel-abi-whitelists
kernel-debug
kernel-debug-devel
kernel-devel
kernel-doc
kernel-headers
kernel-tools
kernel-tools-libs
kernel-tools-libs-devel
perf
python-perf
Upstream details at:
https://access.redhat.com/errata/RHSA-2017:1308
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 7 | x86_64 | kernel | < 3.10.0-514.21.1.el7 | kernel-3.10.0-514.21.1.el7.x86_64.rpm |
CentOS | 7 | noarch | kernel-abi-whitelists | < 3.10.0-514.21.1.el7 | kernel-abi-whitelists-3.10.0-514.21.1.el7.noarch.rpm |
CentOS | 7 | x86_64 | kernel-debug | < 3.10.0-514.21.1.el7 | kernel-debug-3.10.0-514.21.1.el7.x86_64.rpm |
CentOS | 7 | x86_64 | kernel-debug-devel | < 3.10.0-514.21.1.el7 | kernel-debug-devel-3.10.0-514.21.1.el7.x86_64.rpm |
CentOS | 7 | x86_64 | kernel-devel | < 3.10.0-514.21.1.el7 | kernel-devel-3.10.0-514.21.1.el7.x86_64.rpm |
CentOS | 7 | noarch | kernel-doc | < 3.10.0-514.21.1.el7 | kernel-doc-3.10.0-514.21.1.el7.noarch.rpm |
CentOS | 7 | x86_64 | kernel-headers | < 3.10.0-514.21.1.el7 | kernel-headers-3.10.0-514.21.1.el7.x86_64.rpm |
CentOS | 7 | x86_64 | kernel-tools | < 3.10.0-514.21.1.el7 | kernel-tools-3.10.0-514.21.1.el7.x86_64.rpm |
CentOS | 7 | x86_64 | kernel-tools-libs | < 3.10.0-514.21.1.el7 | kernel-tools-libs-3.10.0-514.21.1.el7.x86_64.rpm |
CentOS | 7 | x86_64 | kernel-tools-libs-devel | < 3.10.0-514.21.1.el7 | kernel-tools-libs-devel-3.10.0-514.21.1.el7.x86_64.rpm |
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
51.0%