Executive Summary
Summary | |
---|---|
Title | kernel-rt security and bug fix update |
Informations | |||
---|---|---|---|
Name | RHSA-2012:1150 | First vendor Publication | 2012-08-08 |
Vendor | RedHat | Last vendor Modification | 2012-08-08 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 4.9 | Attack Range | Local |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated kernel-rt packages that fix two security issues and two bugs are now available for Red Hat Enterprise MRG 2.1. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64 3. Description: The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A memory leak flaw was found in the way the Linux kernel's memory subsystem handled resource clean up in the mmap() failure path when the MAP_HUGETLB flag was set. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2390, Moderate) * A flaw was found in the way the Linux kernel's Event Poll (epoll) subsystem handled resource clean up when an ELOOP error code was returned. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-3375, Moderate) This update also fixes the following bugs: * The MRG 2.1 realtime kernel lacked support for automatic memory reservation for the kdump kernel, as present in Red Hat Enterprise Linux kernels. Using the parameter crashkernel=auto on the kernel boot command line led to kdump being disabled because no memory was correctly reserved. Support for crashkernel=auto has been implemented in the 3.0 realtime kernel and now when the crashkernel=auto parameter is specified, machines with more than 4GB of RAM have the amount of memory required by the kdump kernel calculated and reserved. (BZ#820427) * The current bnx2x driver in the MRG 2.1 realtime kernel had faulty support for the network adapter PCI ID 14e4:168e and did not work correctly. The bnx2x driver was updated to include support for this network adapter. (BZ#839037) Users should upgrade to these updated packages, which upgrade the kernel-rt kernel to version kernel-rt-3.0.36-rt57, and correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 824345 - CVE-2012-2390 kernel: huge pages: memory leak on mmap failure 837502 - CVE-2012-3375 kernel: epoll: can leak file descriptors when returning -ELOOP |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2012-1150.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:17677 | |||
Oval ID: | oval:org.mitre.oval:def:17677 | ||
Title: | USN-1515-1 -- linux vulnerability | ||
Description: | The system could be made to crash under certain conditions. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1515-1 CVE-2012-2390 | Version: | 7 |
Platform(s): | Ubuntu 12.04 | Product(s): | linux |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17895 | |||
Oval ID: | oval:org.mitre.oval:def:17895 | ||
Title: | USN-1538-1 -- linux-lts-backport-natty vulnerabilities | ||
Description: | Several security issues were fixed in the kernel. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1538-1 CVE-2012-2136 CVE-2012-2372 CVE-2012-2390 | Version: | 7 |
Platform(s): | Ubuntu 10.04 | Product(s): | linux-lts-backport-natty |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17948 | |||
Oval ID: | oval:org.mitre.oval:def:17948 | ||
Title: | USN-1508-1 -- linux-ti-omap4 vulnerability | ||
Description: | The system could be made to crash under certain conditions. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1508-1 CVE-2012-2390 | Version: | 7 |
Platform(s): | Ubuntu 12.04 | Product(s): | linux-ti-omap4 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18007 | |||
Oval ID: | oval:org.mitre.oval:def:18007 | ||
Title: | USN-1534-1 -- linux-ec2 vulnerabilities | ||
Description: | Several security issues were fixed in the kernel. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1534-1 CVE-2012-2136 CVE-2012-2390 | Version: | 7 |
Platform(s): | Ubuntu 10.04 | Product(s): | linux-ec2 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21242 | |||
Oval ID: | oval:org.mitre.oval:def:21242 | ||
Title: | RHSA-2012:1061: kernel security and bug fix update (Moderate) | ||
Description: | The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:1061-00 CESA-2012:1061 CVE-2012-3375 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | kernel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27194 | |||
Oval ID: | oval:org.mitre.oval:def:27194 | ||
Title: | ELSA-2012-1061-1 -- kernel security and bug fix update (moderate) | ||
Description: | [2.6.18-308.11.1.0.1.el5] - [net] bonding: fix carrier detect when bond is down [orabug 12377284] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - [scsi] fix scsi hotplug and rescan race [orabug 10260172] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] shrink_zone patch (John Sobecki,Chris Mason) [orabug 6086839] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [rds] Patch rds to 1.4.2-20 (Andy Grover) [orabug 9471572, 9344105] RDS: Fix BUG_ONs to not fire when in a tasklet ipoib: Fix lockup of the tx queue RDS: Do not call set_page_dirty() with irqs off (Sherman Pun) RDS: Properly unmap when getting a remote access error (Tina Yang) RDS: Fix locking in rds_send_drop_to() - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] +- [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for el5 (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012-1061-1 CVE-2012-3375 | Version: | 5 |
Platform(s): | Oracle Linux 5 | Product(s): | kernel ocfs2 oracleasm kernel-PAE kernel-PAE-devel kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-headers kernel-xen kernel-xen-devel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27701 | |||
Oval ID: | oval:org.mitre.oval:def:27701 | ||
Title: | DEPRECATED: ELSA-2012-1061 -- kernel security and bug fix update (moderate) | ||
Description: | [2.6.18-308.11.1.el5] - [net] ixgbe: remove flow director stats (Andy Gospodarek) [832169 830226] - [net] ixgbe: fix default return value for ixgbe_cache_ring_fdir (Andy Gospodarek) [832169 830226] - [net] ixgbe: reverting setup redirection table for multiple packet buffers (Andy Gospodarek) [832169 830226] [2.6.18-308.10.1.el5] - [xen] x86_64: check address on trap handlers or guest callbacks (Paolo Bonzini) [813430 813431] {CVE-2012-0217} - [xen] x86_64: Do not execute sysret with a non-canonical return address (Paolo Bonzini) [813430 813431] {CVE-2012-0217} - [xen] x86: prevent hv boot on AMD CPUs with Erratum 121 (Laszlo Ersek) [824969 824970] {CVE-2012-2934} - [scsi] qla2xxx: Use ha->pdev->revision in 4Gbps MSI-X check. (Chad Dupuis) [816373 800653] - [fs] sunrpc: do array overrun check in svc_recv before page alloc (J. Bruce Fields) [820358 814626] - [fs] knfsd: fix an NFSD bug with full size non-page-aligned reads (J. Bruce Fields) [820358 814626] - [fs] sunrpc: fix oops due to overrunning server's page array (J. Bruce Fields) [820358 814626] - [fs] epoll: clear the tfile_check_list on -ELOOP (Jason Baron) [829670 817131] - [x86_64] sched: Avoid unnecessary overflow in sched_clock (Prarit Bhargava) [824654 818787] - [net] sunrpc: Don't use list_for_each_entry_safe in rpc_wake_up (Steve Dickson) [817571 809937] - [s390] qeth: add missing wake_up call (Hendrik Brueckner) [829059 790900] [2.6.18-308.9.1.el5] - [fs] jbd: clear b_modified before moving the jh to a different transaction (Josef Bacik) [827205 563247] | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012-1061 CVE-2012-3375 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | kernel |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-12-18 | Name : Fedora Update for kernel FEDORA-2012-20240 File : nvt/gb_fedora_2012_20240_kernel_fc16.nasl |
2012-12-04 | Name : Fedora Update for kernel FEDORA-2012-19337 File : nvt/gb_fedora_2012_19337_kernel_fc17.nasl |
2012-11-29 | Name : Fedora Update for kernel FEDORA-2012-18691 File : nvt/gb_fedora_2012_18691_kernel_fc16.nasl |
2012-11-23 | Name : Fedora Update for kernel FEDORA-2012-18684 File : nvt/gb_fedora_2012_18684_kernel_fc17.nasl |
2012-11-06 | Name : Fedora Update for kernel FEDORA-2012-17462 File : nvt/gb_fedora_2012_17462_kernel_fc17.nasl |
2012-11-06 | Name : Fedora Update for kernel FEDORA-2012-17479 File : nvt/gb_fedora_2012_17479_kernel_fc16.nasl |
2012-10-29 | Name : Fedora Update for kernel FEDORA-2012-16669 File : nvt/gb_fedora_2012_16669_kernel_fc17.nasl |
2012-09-27 | Name : CentOS Update for kernel CESA-2012:1304 centos6 File : nvt/gb_CESA-2012_1304_kernel_centos6.nasl |
2012-09-27 | Name : RedHat Update for kernel RHSA-2012:1304-01 File : nvt/gb_RHSA-2012_1304-01_kernel.nasl |
2012-09-04 | Name : Fedora Update for kernel FEDORA-2012-12684 File : nvt/gb_fedora_2012_12684_kernel_fc16.nasl |
2012-08-30 | Name : Fedora Update for kernel FEDORA-2012-8824 File : nvt/gb_fedora_2012_8824_kernel_fc17.nasl |
2012-08-30 | Name : Fedora Update for kernel FEDORA-2012-12490 File : nvt/gb_fedora_2012_12490_kernel_fc17.nasl |
2012-08-17 | Name : Ubuntu Update for linux-lts-backport-oneiric USN-1539-1 File : nvt/gb_ubuntu_USN_1539_1.nasl |
2012-08-17 | Name : Ubuntu Update for linux-lts-backport-natty USN-1538-1 File : nvt/gb_ubuntu_USN_1538_1.nasl |
2012-08-14 | Name : Ubuntu Update for linux USN-1535-1 File : nvt/gb_ubuntu_USN_1535_1.nasl |
2012-08-14 | Name : Ubuntu Update for linux-ec2 USN-1534-1 File : nvt/gb_ubuntu_USN_1534_1.nasl |
2012-08-14 | Name : Ubuntu Update for linux USN-1533-1 File : nvt/gb_ubuntu_USN_1533_1.nasl |
2012-08-14 | Name : Ubuntu Update for linux-ti-omap4 USN-1514-1 File : nvt/gb_ubuntu_USN_1514_1.nasl |
2012-08-14 | Name : Ubuntu Update for linux-ti-omap4 USN-1532-1 File : nvt/gb_ubuntu_USN_1532_1.nasl |
2012-08-14 | Name : Ubuntu Update for linux USN-1529-1 File : nvt/gb_ubuntu_USN_1529_1.nasl |
2012-08-14 | Name : Ubuntu Update for linux USN-1531-1 File : nvt/gb_ubuntu_USN_1531_1.nasl |
2012-08-06 | Name : Fedora Update for kernel FEDORA-2012-11348 File : nvt/gb_fedora_2012_11348_kernel_fc16.nasl |
2012-07-30 | Name : CentOS Update for kernel CESA-2012:1061 centos5 File : nvt/gb_CESA-2012_1061_kernel_centos5.nasl |
2012-07-26 | Name : Ubuntu Update for linux USN-1515-1 File : nvt/gb_ubuntu_USN_1515_1.nasl |
2012-07-19 | Name : Ubuntu Update for linux-ti-omap4 USN-1508-1 File : nvt/gb_ubuntu_USN_1508_1.nasl |
2012-07-16 | Name : RedHat Update for kernel RHSA-2012:1061-01 File : nvt/gb_RHSA-2012_1061-01_kernel.nasl |
2012-06-25 | Name : Fedora Update for kernel FEDORA-2012-8931 File : nvt/gb_fedora_2012_8931_kernel_fc15.nasl |
2012-06-15 | Name : Fedora Update for kernel FEDORA-2012-8890 File : nvt/gb_fedora_2012_8890_kernel_fc16.nasl |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-0287-1.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2012-1325.nasl - Type : ACT_GATHER_INFO |
2014-07-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1150.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-176.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-133.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1061-1.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1061.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1304.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-2025.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-2026.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-2034.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-2035.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-2038.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-120805.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-120714.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-120621.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-120620.nasl - Type : ACT_GATHER_INFO |
2012-09-27 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120925_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-09-27 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1304.nasl - Type : ACT_GATHER_INFO |
2012-09-26 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1304.nasl - Type : ACT_GATHER_INFO |
2012-08-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1539-1.nasl - Type : ACT_GATHER_INFO |
2012-08-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1538-1.nasl - Type : ACT_GATHER_INFO |
2012-08-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1514-1.nasl - Type : ACT_GATHER_INFO |
2012-08-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1535-1.nasl - Type : ACT_GATHER_INFO |
2012-08-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1529-1.nasl - Type : ACT_GATHER_INFO |
2012-08-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1531-1.nasl - Type : ACT_GATHER_INFO |
2012-08-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1532-1.nasl - Type : ACT_GATHER_INFO |
2012-08-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1533-1.nasl - Type : ACT_GATHER_INFO |
2012-08-13 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1534-1.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120710_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-07-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1515-1.nasl - Type : ACT_GATHER_INFO |
2012-07-17 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1508-1.nasl - Type : ACT_GATHER_INFO |
2012-07-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1061.nasl - Type : ACT_GATHER_INFO |
2012-07-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1061.nasl - Type : ACT_GATHER_INFO |
2012-06-25 | Name : The remote Fedora host is missing a security update. File : fedora_2012-8931.nasl - Type : ACT_GATHER_INFO |
2012-06-14 | Name : The remote Fedora host is missing a security update. File : fedora_2012-8890.nasl - Type : ACT_GATHER_INFO |
2012-06-07 | Name : The remote Fedora host is missing a security update. File : fedora_2012-8824.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-07-23 13:25:09 |
|