ALAS-2013-148 ---- kernel nvidiaID: oval:org.secpod.oval:def:1600296 | Date: (C)2016-05-19 (M)2024-05-04 |
Class: PATCH | Family: unix |
A malicious Network File System version 4 server could return a crafted reply to a GETACL request, causing a denial of service on the client. A divide-by-zero flaw was found in the TCP Illinois congestion control algorithm implementation in the Linux kernel. If the TCP Illinois congestion control algorithm were in use , a local, unprivileged user could trigger this flaw and cause a denial of service. A NULL pointer dereference flaw was found in the way a new node"s hot added memory was propagated to other nodes" zonelists. By utilizing this newly added memory from one of the remaining nodes, a local, unprivileged user could use this flaw to cause a denial of service. It was found that a prevoius kernel release did not correctly fix the CVE-2009-4307 issue, a divide-by-zero flaw in the ext4 file system code. A local, unprivileged user with the ability to mount an ext4 file system could use this flaw to cause a denial of service. A flaw was found in the way the Linux kernel"s IPv6 implementation handled overlapping, fragmented IPv6 packets. A remote attacker could potentially use this flaw to bypass protection mechanisms when sending network packets to a target system
Platform: |
Amazon Linux AMI |