RHSA-2017:1647
Vulnerability from csaf_redhat - Published: 2017-06-28 16:34 - Updated: 2026-02-26 20:42Summary
Red Hat Security Advisory: kernel-rt security and bug fix update
Severity
Important
Notes
Topic: An update for kernel-rt is now available for Red Hat Enterprise MRG 2.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult. (CVE-2017-1000364, Important)
* The NFS2/3 RPC client could send long arguments to the NFS server. These encoded arguments are stored in an array of memory pages, and accessed using pointer variables. Arbitrarily long arguments could make these pointers point outside the array and cause an out-of-bounds memory access. A remote user or program could use this flaw to crash the kernel, resulting in denial of service. (CVE-2017-7645, Important)
* The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important)
* A flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality could allow a remote attacker to force the kernel to enter a condition in which it could loop indefinitely. (CVE-2017-6214, Moderate)
Red Hat would like to thank Qualys Research Labs for reporting CVE-2017-1000364 and Ari Kauppi for reporting CVE-2017-7895.
Bug Fix(es):
* kernel-rt packages have been upgraded to the 3.10.0-514 source tree, which provides a number of bug fixes over the previous version. (BZ#1452745)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality could allow a remote attacker to force the kernel to enter a condition in which it could loop indefinitely.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2017:1647
The NFS2/3 RPC client could send long arguments to the NFS server. These encoded arguments are stored in an array of memory pages, and accessed using pointer variables. Arbitrarily long arguments could make these pointers point outside the array and cause an out-of-bounds memory access. A remote user or program could use this flaw to crash the kernel, resulting in denial of service.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2017:1647
The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2017:1647
A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult.
7.4 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2017:1647
The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected.
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2017:1647
References
Acknowledgments
Ari Kauppi
Qualys Research Labs
Qualys Inc
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for kernel-rt is now available for Red Hat Enterprise MRG 2.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult. (CVE-2017-1000364, Important)\n\n* The NFS2/3 RPC client could send long arguments to the NFS server. These encoded arguments are stored in an array of memory pages, and accessed using pointer variables. Arbitrarily long arguments could make these pointers point outside the array and cause an out-of-bounds memory access. A remote user or program could use this flaw to crash the kernel, resulting in denial of service. (CVE-2017-7645, Important)\n\n* The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important)\n\n* A flaw was found in the Linux kernel\u0027s handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality could allow a remote attacker to force the kernel to enter a condition in which it could loop indefinitely. (CVE-2017-6214, Moderate)\n\nRed Hat would like to thank Qualys Research Labs for reporting CVE-2017-1000364 and Ari Kauppi for reporting CVE-2017-7895.\n\nBug Fix(es):\n\n* kernel-rt packages have been upgraded to the 3.10.0-514 source tree, which provides a number of bug fixes over the previous version. (BZ#1452745)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:1647",
"url": "https://access.redhat.com/errata/RHSA-2017:1647"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1426542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1426542"
},
{
"category": "external",
"summary": "1443615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443615"
},
{
"category": "external",
"summary": "1446103",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1446103"
},
{
"category": "external",
"summary": "1452745",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452745"
},
{
"category": "external",
"summary": "1452769",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452769"
},
{
"category": "external",
"summary": "1461333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461333"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_1647.json"
}
],
"title": "Red Hat Security Advisory: kernel-rt security and bug fix update",
"tracking": {
"current_release_date": "2026-02-26T20:42:06+00:00",
"generator": {
"date": "2026-02-26T20:42:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2017:1647",
"initial_release_date": "2017-06-28T16:34:27+00:00",
"revision_history": [
{
"date": "2017-06-28T16:34:27+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-06-28T16:34:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-26T20:42:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat MRG Realtime for RHEL 6 Server v.2",
"product": {
"name": "Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise MRG for RHEL-6"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-debug-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"product": {
"name": "kernel-rt-debug-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"product_id": "kernel-rt-debug-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-devel@3.10.0-514.rt56.228.el6rt?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-trace-1:3.10.0-514.rt56.228.el6rt.x86_64",
"product": {
"name": "kernel-rt-trace-1:3.10.0-514.rt56.228.el6rt.x86_64",
"product_id": "kernel-rt-trace-1:3.10.0-514.rt56.228.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-trace@3.10.0-514.rt56.228.el6rt?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-vanilla-1:3.10.0-514.rt56.228.el6rt.x86_64",
"product": {
"name": "kernel-rt-vanilla-1:3.10.0-514.rt56.228.el6rt.x86_64",
"product_id": "kernel-rt-vanilla-1:3.10.0-514.rt56.228.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-vanilla@3.10.0-514.rt56.228.el6rt?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-1:3.10.0-514.rt56.228.el6rt.x86_64",
"product": {
"name": "kernel-rt-1:3.10.0-514.rt56.228.el6rt.x86_64",
"product_id": "kernel-rt-1:3.10.0-514.rt56.228.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@3.10.0-514.rt56.228.el6rt?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-trace-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"product": {
"name": "kernel-rt-trace-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"product_id": "kernel-rt-trace-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-trace-devel@3.10.0-514.rt56.228.el6rt?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-514.rt56.228.el6rt.x86_64",
"product": {
"name": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-514.rt56.228.el6rt.x86_64",
"product_id": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-514.rt56.228.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@3.10.0-514.rt56.228.el6rt?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-trace-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"product": {
"name": "kernel-rt-trace-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"product_id": "kernel-rt-trace-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-trace-debuginfo@3.10.0-514.rt56.228.el6rt?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-vanilla-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"product": {
"name": "kernel-rt-vanilla-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"product_id": "kernel-rt-vanilla-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-vanilla-devel@3.10.0-514.rt56.228.el6rt?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-vanilla-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"product": {
"name": "kernel-rt-vanilla-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"product_id": "kernel-rt-vanilla-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-vanilla-debuginfo@3.10.0-514.rt56.228.el6rt?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"product": {
"name": "kernel-rt-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"product_id": "kernel-rt-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-devel@3.10.0-514.rt56.228.el6rt?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"product": {
"name": "kernel-rt-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"product_id": "kernel-rt-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo@3.10.0-514.rt56.228.el6rt?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"product": {
"name": "kernel-rt-debug-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"product_id": "kernel-rt-debug-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@3.10.0-514.rt56.228.el6rt?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-1:3.10.0-514.rt56.228.el6rt.x86_64",
"product": {
"name": "kernel-rt-debug-1:3.10.0-514.rt56.228.el6rt.x86_64",
"product_id": "kernel-rt-debug-1:3.10.0-514.rt56.228.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug@3.10.0-514.rt56.228.el6rt?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-firmware-1:3.10.0-514.rt56.228.el6rt.noarch",
"product": {
"name": "kernel-rt-firmware-1:3.10.0-514.rt56.228.el6rt.noarch",
"product_id": "kernel-rt-firmware-1:3.10.0-514.rt56.228.el6rt.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-firmware@3.10.0-514.rt56.228.el6rt?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-doc-1:3.10.0-514.rt56.228.el6rt.noarch",
"product": {
"name": "kernel-rt-doc-1:3.10.0-514.rt56.228.el6rt.noarch",
"product_id": "kernel-rt-doc-1:3.10.0-514.rt56.228.el6rt.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-doc@3.10.0-514.rt56.228.el6rt?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-1:3.10.0-514.rt56.228.el6rt.src",
"product": {
"name": "kernel-rt-1:3.10.0-514.rt56.228.el6rt.src",
"product_id": "kernel-rt-1:3.10.0-514.rt56.228.el6rt.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@3.10.0-514.rt56.228.el6rt?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-1:3.10.0-514.rt56.228.el6rt.src as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-514.rt56.228.el6rt.src"
},
"product_reference": "kernel-rt-1:3.10.0-514.rt56.228.el6rt.src",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-1:3.10.0-514.rt56.228.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-514.rt56.228.el6rt.x86_64"
},
"product_reference": "kernel-rt-1:3.10.0-514.rt56.228.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-1:3.10.0-514.rt56.228.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-514.rt56.228.el6rt.x86_64"
},
"product_reference": "kernel-rt-debug-1:3.10.0-514.rt56.228.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64"
},
"product_reference": "kernel-rt-debug-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-devel-1:3.10.0-514.rt56.228.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-514.rt56.228.el6rt.x86_64"
},
"product_reference": "kernel-rt-debug-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64"
},
"product_reference": "kernel-rt-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-514.rt56.228.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-514.rt56.228.el6rt.x86_64"
},
"product_reference": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-514.rt56.228.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-1:3.10.0-514.rt56.228.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-514.rt56.228.el6rt.x86_64"
},
"product_reference": "kernel-rt-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-doc-1:3.10.0-514.rt56.228.el6rt.noarch as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-514.rt56.228.el6rt.noarch"
},
"product_reference": "kernel-rt-doc-1:3.10.0-514.rt56.228.el6rt.noarch",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-firmware-1:3.10.0-514.rt56.228.el6rt.noarch as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-514.rt56.228.el6rt.noarch"
},
"product_reference": "kernel-rt-firmware-1:3.10.0-514.rt56.228.el6rt.noarch",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-1:3.10.0-514.rt56.228.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-514.rt56.228.el6rt.x86_64"
},
"product_reference": "kernel-rt-trace-1:3.10.0-514.rt56.228.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64"
},
"product_reference": "kernel-rt-trace-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-devel-1:3.10.0-514.rt56.228.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-514.rt56.228.el6rt.x86_64"
},
"product_reference": "kernel-rt-trace-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-vanilla-1:3.10.0-514.rt56.228.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-514.rt56.228.el6rt.x86_64"
},
"product_reference": "kernel-rt-vanilla-1:3.10.0-514.rt56.228.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-vanilla-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64"
},
"product_reference": "kernel-rt-vanilla-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-vanilla-devel-1:3.10.0-514.rt56.228.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-514.rt56.228.el6rt.x86_64"
},
"product_reference": "kernel-rt-vanilla-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-6214",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2017-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1426542"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel\u0027s handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality could allow a remote attacker to force the kernel to enter a condition in which it could loop indefinitely.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: ipv4/tcp: Infinite loop in tcp_splice_read()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code with the flaw is not present in the products listed.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-514.rt56.228.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-514.rt56.228.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-514.rt56.228.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-514.rt56.228.el6rt.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-6214"
},
{
"category": "external",
"summary": "RHBZ#1426542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1426542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-6214",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6214"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-6214",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6214"
}
],
"release_date": "2017-02-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-06-28T16:34:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-514.rt56.228.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-514.rt56.228.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-514.rt56.228.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-514.rt56.228.el6rt.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1647"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-514.rt56.228.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-514.rt56.228.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-514.rt56.228.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-514.rt56.228.el6rt.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: ipv4/tcp: Infinite loop in tcp_splice_read()"
},
{
"cve": "CVE-2017-7645",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2017-04-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1443615"
}
],
"notes": [
{
"category": "description",
"text": "The NFS2/3 RPC client could send long arguments to the NFS server. These encoded arguments are stored in an array of memory pages, and accessed using pointer variables. Arbitrarily long arguments could make these pointers point outside the array and cause an out-of-bounds memory access. A remote user or program could use this flaw to crash the kernel, resulting in denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: nfsd: Incorrect handling of long RPC replies",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of the Linux kernel as shipped with\nRed Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel\nupdates for Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 may\naddress this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-514.rt56.228.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-514.rt56.228.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-514.rt56.228.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-514.rt56.228.el6rt.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-7645"
},
{
"category": "external",
"summary": "RHBZ#1443615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443615"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-7645",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7645"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7645",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7645"
}
],
"release_date": "2017-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-06-28T16:34:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-514.rt56.228.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-514.rt56.228.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-514.rt56.228.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-514.rt56.228.el6rt.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1647"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-514.rt56.228.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-514.rt56.228.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-514.rt56.228.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-514.rt56.228.el6rt.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: nfsd: Incorrect handling of long RPC replies"
},
{
"acknowledgments": [
{
"names": [
"Ari Kauppi"
]
}
],
"cve": "CVE-2017-7895",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2017-04-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1446103"
}
],
"notes": [
{
"category": "description",
"text": "The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: NFSv3 server does not properly handle payload bounds checking of WRITE requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2 may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-514.rt56.228.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-514.rt56.228.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-514.rt56.228.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-514.rt56.228.el6rt.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-7895"
},
{
"category": "external",
"summary": "RHBZ#1446103",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1446103"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-7895",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7895"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7895",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7895"
}
],
"release_date": "2017-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-06-28T16:34:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-514.rt56.228.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-514.rt56.228.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-514.rt56.228.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-514.rt56.228.el6rt.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1647"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-514.rt56.228.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-514.rt56.228.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-514.rt56.228.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-514.rt56.228.el6rt.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: NFSv3 server does not properly handle payload bounds checking of WRITE requests"
},
{
"acknowledgments": [
{
"names": [
"Qualys Research Labs"
]
}
],
"cve": "CVE-2017-1000364",
"discovery_date": "2017-05-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1461333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: heap/stack gap jumping via unbounded stack allocations",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a kernel-side mitigation. For a related glibc mitigation please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-1000366 .",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-514.rt56.228.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-514.rt56.228.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-514.rt56.228.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-514.rt56.228.el6rt.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-1000364"
},
{
"category": "external",
"summary": "RHBZ#1461333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-1000364",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000364"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000364",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000364"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/stackguard",
"url": "https://access.redhat.com/security/vulnerabilities/stackguard"
},
{
"category": "external",
"summary": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt",
"url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"
}
],
"release_date": "2017-06-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-06-28T16:34:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-514.rt56.228.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-514.rt56.228.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-514.rt56.228.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-514.rt56.228.el6rt.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1647"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-514.rt56.228.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-514.rt56.228.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-514.rt56.228.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-514.rt56.228.el6rt.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: heap/stack gap jumping via unbounded stack allocations"
},
{
"acknowledgments": [
{
"names": [
"Qualys Inc"
]
}
],
"cve": "CVE-2017-1000379",
"discovery_date": "2017-05-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1462165"
}
],
"notes": [
{
"category": "description",
"text": "The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Incorrectly mapped contents of PIE executable",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue was part of the stack guard fixes that was fixed along side the CVE-2017-1000364 flaw. This issue has previously affected Red Hat Enterprise Linux 5,6,7 and MRG-2. This issue is currently fixed in most versions of shipping products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-514.rt56.228.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-514.rt56.228.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-514.rt56.228.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-514.rt56.228.el6rt.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-1000379"
},
{
"category": "external",
"summary": "RHBZ#1462165",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462165"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-1000379",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000379"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000379",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000379"
},
{
"category": "external",
"summary": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt",
"url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"
}
],
"release_date": "2017-06-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-06-28T16:34:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-514.rt56.228.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-514.rt56.228.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-514.rt56.228.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-514.rt56.228.el6rt.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1647"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-514.rt56.228.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-514.rt56.228.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-514.rt56.228.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-514.rt56.228.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-514.rt56.228.el6rt.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "kernel: Incorrectly mapped contents of PIE executable"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…