Description: | Summary: Check the version of kernel
Vulnerability Insight: The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* hw: cpu: speculative execution permission faults handling (CVE-2017-5754)
* Kernel: error in exception handling leads to DoS (CVE-2018-8897)
* kernel: nfsd: Incorrect handling of long RPC replies (CVE-2017-7645)
* kernel: Use-after-free vulnerability in DCCP socket (CVE-2017-8824)
* kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation (CVE-2017-13166)
* kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c (CVE-2017-18017)
* kernel: Stack information leak in the EFS element (CVE-2017-1000410)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Google Project Zero for reporting CVE-2017-5754 Nick Peterson (Everdox Tech LLC) and Andy Lutomirski for reporting CVE-2018-8897 Mohamed Ghannam for reporting CVE-2017-8824 and Armis Labs for reporting CVE-2017-1000410.
Bug Fix(es):
These updated kernel packages include also numerous bug fixes. Space precludes documenting all of these bug fixes in this advisory. See the bug fix descriptions in the referenced Knowledge Article.
Affected Software/OS: kernel on CentOS 6
Solution: Please install the updated packages.
CVSS Score: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
|