RHEL 7 : kernel (RHSA-2015:0290)

high Nessus Plugin ID 81626

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0290 advisory.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

* A flaw was found in the way the Linux kernel's XFS file system handled replacing of remote attributes under certain conditions. A local user with access to XFS file system mount could potentially use this flaw to escalate their privileges on the system. (CVE-2015-0274, Important)

* It was found that the Linux kernel's KVM implementation did not ensure that the host CR4 control register value remained unchanged across VM entries on the same virtual CPU. A local, unprivileged user could use this flaw to cause denial of service on the system. (CVE-2014-3690, Moderate)

* A flaw was found in the way Linux kernel's Transparent Huge Pages (THP) implementation handled non-huge page migration. A local, unprivileged user could use this flaw to crash the kernel by migrating transparent hugepages.
(CVE-2014-3940, Moderate)

* An out-of-bounds memory access flaw was found in the syscall tracing functionality of the Linux kernel's perf subsystem. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-7825, Moderate)

* An out-of-bounds memory access flaw was found in the syscall tracing functionality of the Linux kernel's ftrace subsystem. On a system with ftrace syscall tracing enabled, a local, unprivileged user could use this flaw to crash the system, or escalate their privileges. (CVE-2014-7826, Moderate)

* A race condition flaw was found in the Linux kernel's ext4 file system implementation that allowed a local, unprivileged user to crash the system by simultaneously writing to a file and toggling the O_DIRECT flag using fcntl(F_SETFL) on that file. (CVE-2014-8086, Moderate)

* A flaw was found in the way the Linux kernel's netfilter subsystem handled generic protocol tracking. As demonstrated in the Stream Control Transmission Protocol (SCTP) case, a remote attacker could use this flaw to bypass intended iptables rule restrictions when the associated connection tracking module was not loaded on the system. (CVE-2014-8160, Moderate)

* It was found that due to excessive files_lock locking, a soft lockup could be triggered in the Linux kernel when performing asynchronous I/O operations. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-8172, Moderate)

* A NULL pointer dereference flaw was found in the way the Linux kernel's madvise MADV_WILLNEED functionality handled page table locking. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-8173, Moderate)

* An information leak flaw was found in the Linux kernel's IEEE 802.11 wireless networking implementation. When software encryption was used, a remote attacker could use this flaw to leak up to 8 bytes of plaintext.
(CVE-2014-8709, Low)

* A stack-based buffer overflow flaw was found in the TechnoTrend/Hauppauge DEC USB device driver. A local user with write access to the corresponding device could use this flaw to crash the kernel or, potentially, elevate their privileges on the system. (CVE-2014-8884, Low)

Red Hat would like to thank Eric Windisch of the Docker project for reporting CVE-2015-0274, Andy Lutomirski for reporting CVE-2014-3690, and Robert wicki for reporting CVE-2014-7825 and CVE-2014-7826.

This update also fixes several hundred bugs and adds numerous enhancements.
Refer to the Red Hat Enterprise Linux 7.1 Release Notes for information on the most significant of these changes, and the following Knowledgebase article for further information: https://access.redhat.com/articles/1352803

All Red Hat Enterprise Linux 7 users are advised to install these updated packages, which correct these issues and add these enhancements. The system must be rebooted for this update to take effect.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?5fac6a89

https://access.redhat.com/articles/1352803

https://access.redhat.com/errata/RHSA-2015:0290

https://access.redhat.com/security/updates/classification/#important

https://bugzilla.redhat.com/show_bug.cgi?id=1043379

https://bugzilla.redhat.com/show_bug.cgi?id=1050834

https://bugzilla.redhat.com/show_bug.cgi?id=1058608

https://bugzilla.redhat.com/show_bug.cgi?id=1065474

https://bugzilla.redhat.com/show_bug.cgi?id=1067126

https://bugzilla.redhat.com/show_bug.cgi?id=1068627

https://bugzilla.redhat.com/show_bug.cgi?id=1071340

https://bugzilla.redhat.com/show_bug.cgi?id=1074747

https://bugzilla.redhat.com/show_bug.cgi?id=1078775

https://bugzilla.redhat.com/show_bug.cgi?id=1079841

https://bugzilla.redhat.com/show_bug.cgi?id=1080894

https://bugzilla.redhat.com/show_bug.cgi?id=1083860

https://bugzilla.redhat.com/show_bug.cgi?id=1083969

https://bugzilla.redhat.com/show_bug.cgi?id=1086058

https://bugzilla.redhat.com/show_bug.cgi?id=1088784

https://bugzilla.redhat.com/show_bug.cgi?id=1091818

https://bugzilla.redhat.com/show_bug.cgi?id=1095099

https://bugzilla.redhat.com/show_bug.cgi?id=1098643

https://bugzilla.redhat.com/show_bug.cgi?id=1102641

https://bugzilla.redhat.com/show_bug.cgi?id=1104097

https://bugzilla.redhat.com/show_bug.cgi?id=1110523

https://bugzilla.redhat.com/show_bug.cgi?id=1115201

https://bugzilla.redhat.com/show_bug.cgi?id=1117542

https://bugzilla.redhat.com/show_bug.cgi?id=1119662

https://bugzilla.redhat.com/show_bug.cgi?id=1120850

https://bugzilla.redhat.com/show_bug.cgi?id=1124880

https://bugzilla.redhat.com/show_bug.cgi?id=1127218

https://bugzilla.redhat.com/show_bug.cgi?id=1131552

https://bugzilla.redhat.com/show_bug.cgi?id=1141399

https://bugzilla.redhat.com/show_bug.cgi?id=1151353

https://bugzilla.redhat.com/show_bug.cgi?id=1153322

https://bugzilla.redhat.com/show_bug.cgi?id=1161565

https://bugzilla.redhat.com/show_bug.cgi?id=1164266

https://bugzilla.redhat.com/show_bug.cgi?id=1173580

https://bugzilla.redhat.com/show_bug.cgi?id=1182059

https://bugzilla.redhat.com/show_bug.cgi?id=1195248

https://bugzilla.redhat.com/show_bug.cgi?id=1198457

https://bugzilla.redhat.com/show_bug.cgi?id=1198503

https://bugzilla.redhat.com/show_bug.cgi?id=839966

https://bugzilla.redhat.com/show_bug.cgi?id=915335

https://bugzilla.redhat.com/show_bug.cgi?id=968147

Plugin Details

Severity: High

ID: 81626

File Name: redhat-RHSA-2015-0290.nasl

Version: 1.25

Type: local

Agent: unix

Published: 3/5/2015

Updated: 11/4/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

Vendor

Vendor Severity: Important

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2015-0274

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2014-7826

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:kernel-tools, p-cpe:/a:redhat:enterprise_linux:kernel, p-cpe:/a:redhat:enterprise_linux:kernel-headers, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel, p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-kdump, p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs, p-cpe:/a:redhat:enterprise_linux:python-perf, p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel, p-cpe:/a:redhat:enterprise_linux:kernel-devel, p-cpe:/a:redhat:enterprise_linux:kernel-debug, p-cpe:/a:redhat:enterprise_linux:perf

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 3/5/2015

Vulnerability Publication Date: 6/5/2014

Reference Information

CVE: CVE-2014-3690, CVE-2014-3940, CVE-2014-7825, CVE-2014-7826, CVE-2014-8086, CVE-2014-8160, CVE-2014-8172, CVE-2014-8173, CVE-2014-8709, CVE-2014-8884, CVE-2015-0274

BID: 73156

CWE: 121, 476

RHSA: 2015:0290