RHSA-2015:2152: Important: kernel security, bug fix, and enhancement update

First published: Thu Nov 19 2015(Updated: )

The kernel packages contain the Linux kernel, the core of any Linux<br>operating system.<br><li> A flaw was found in the way the Linux kernel's file system implementation</li> handled rename operations in which the source was inside and the<br>destination was outside of a bind mount. A privileged user inside a<br>container could use this flaw to escape the bind mount and, potentially,<br>escalate their privileges on the system. (CVE-2015-2925, Important)<br><li> A race condition flaw was found in the way the Linux kernel's IPC</li> subsystem initialized certain fields in an IPC object structure that were<br>later used for permission checking before inserting the object into a<br>globally visible list. A local, unprivileged user could potentially use<br>this flaw to elevate their privileges on the system. (CVE-2015-7613,<br>Important)<br><li> It was found that reporting emulation failures to user space could lead</li> to either a local (CVE-2014-7842) or a L2-&gt;L1 (CVE-2010-5313) denial of<br>service. In the case of a local denial of service, an attacker must have<br>access to the MMIO area or be able to access an I/O port. (CVE-2010-5313,<br>CVE-2014-7842, Moderate)<br><li> A flaw was found in the way the Linux kernel's KVM subsystem handled</li> non-canonical addresses when emulating instructions that change the RIP<br>(for example, branches or calls). A guest user with access to an I/O or<br>MMIO region could use this flaw to crash the guest. (CVE-2014-3647,<br>Moderate)<br><li> It was found that the Linux kernel memory resource controller's (memcg)</li> handling of OOM (out of memory) conditions could lead to deadlocks.<br>An attacker could use this flaw to lock up the system. (CVE-2014-8171,<br>Moderate)<br><li> A race condition flaw was found between the chown and execve system</li> calls. A local, unprivileged user could potentially use this flaw to<br>escalate their privileges on the system. (CVE-2015-3339, Moderate)<br><li> A flaw was discovered in the way the Linux kernel's TTY subsystem handled</li> the tty shutdown phase. A local, unprivileged user could use this flaw to<br>cause a denial of service on the system. (CVE-2015-4170, Moderate)<br><li> A NULL pointer dereference flaw was found in the SCTP implementation.</li> A local user could use this flaw to cause a denial of service on the system<br>by triggering a kernel panic when creating multiple sockets in parallel<br>while the system did not have the SCTP module loaded. (CVE-2015-5283,<br>Moderate)<br><li> A flaw was found in the way the Linux kernel's perf subsystem retrieved</li> userlevel stack traces on PowerPC systems. A local, unprivileged user could<br>use this flaw to cause a denial of service on the system. (CVE-2015-6526,<br>Moderate)<br><li> A flaw was found in the way the Linux kernel's Crypto subsystem handled</li> automatic loading of kernel modules. A local user could use this flaw to<br>load any installed kernel module, and thus increase the attack surface of<br>the running kernel. (CVE-2013-7421, CVE-2014-9644, Low)<br><li> An information leak flaw was found in the way the Linux kernel changed</li> certain segment registers and thread-local storage (TLS) during a context<br>switch. A local, unprivileged user could use this flaw to leak the user<br>space TLS base address of an arbitrary process. (CVE-2014-9419, Low)<br><li> It was found that the Linux kernel KVM subsystem's sysenter instruction</li> emulation was not sufficient. An unprivileged guest user could use this<br>flaw to escalate their privileges by tricking the hypervisor to emulate a<br>SYSENTER instruction in 16-bit mode, if the guest OS did not initialize the<br>SYSENTER model-specific registers (MSRs). Note: Certified guest operating<br>systems for Red Hat Enterprise Linux with KVM do initialize the SYSENTER<br>MSRs and are thus not vulnerable to this issue when running on a KVM<br>hypervisor. (CVE-2015-0239, Low)<br><li> A flaw was found in the way the Linux kernel handled the securelevel</li> functionality after performing a kexec operation. A local attacker could<br>use this flaw to bypass the security mechanism of the<br>securelevel/secureboot combination. (CVE-2015-7837, Low)

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• anchor-id/RHSA-2015:2152
• agent/title
• agent/type
• agent/severity
• agent/references
• agent/weakness
• agent/description
• agent/event
• agent/remedy
• agent/softwarecombine
• agent/first-publish-date
• agent/last-modified-date
• agent/tags
• package-manager/redhat