First published: Mon Dec 07 2015(Updated: )
A race condition in netlink socket creation can trigger a kernel panic in netlink_release->module_put for local users creating netlink sockets. This issue is specific to Red Hat Enterprise Linux and does not affect upstream kernels. This issue was introduced in commit 3500659804251facce0cf4ee2ca657e0108e9a4f. This was introduced in kernel-3.10.0-304.el7 in the fix titled: [net] netfilter: log: protect nf_log_register against double registering. It requires the nfnetlink_log module to be loaded to be effective. This commit was introduced as part of a patchset that was required to backport netfilter functionality from upstream while attempting to maintain KABI. This flaw is RHEL specific.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Red Hat Enterprise Linux | =7.0 | |
Red Hat Enterprise MRG | =2.0 | |
Red Hat Kernel RT |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-7553 has been classified as a high severity vulnerability due to its potential to trigger kernel panic.
To fix CVE-2015-7553, apply the latest security updates provided by Red Hat for affected versions of the Enterprise Linux and Kernel RT.
CVE-2015-7553 affects Red Hat Enterprise Linux 7.0, Red Hat Enterprise MRG 2.0, and Red Hat Kernel RT.
The impact of CVE-2015-7553 includes a potential denial of service due to kernel panic when local users create netlink sockets.
No, CVE-2015-7553 is specific to Red Hat Enterprise Linux and does not affect upstream kernels.