ALAS-2016-726 ---- kernel perfID: oval:org.secpod.oval:def:1600433 | Date: (C)2016-08-09 (M)2023-12-20 |
Class: PATCH | Family: unix |
It was found that nfsd is missing permissions check when setting ACL on files, this may allow a local users to gain access to any file by setting a crafted ACL. A flaw was found in the Linux kernel"s keyring handling code, where in key_reject_and_link an uninitialised variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. A leak of information was possible when issuing a netlink command of the stack memory area leading up to this function call. An attacker could use this to determine stack information for use in a later exploit. A vulnerability was found in the Linux kernel in function rds_inc_info_copy of file net/rds/recv.c. The last field "flags" of object "minfo" is not initialized. This can leak data previously at the flags location to userspace
Platform: |
Amazon Linux AMI |