ALAS-2012-142 --- kernelID: oval:org.secpod.oval:def:1601342 | Date: (C)2020-11-27 (M)2023-12-07 |
Class: PATCH | Family: unix |
A use-after-free flaw was found in the Linux kernel"s memory management subsystem in the way quota handling for huge pages was performed. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges. A use-after-free flaw was found in the madvise system call implementation in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges. It was found that when running a 32-bit binary that uses a large number of shared libraries, one of the libraries would always be loaded at a predictable address in memory. An attacker could use this flaw to bypass the Address Space Layout Randomization security feature. Buffer overflow flaws were found in the udf_load_logicalvol function in the Universal Disk Format file system implementation in the Linux kernel. An attacker with physical access to a system could use these flaws to cause a denial of service or escalate their privileges
Platform: |
Amazon Linux AMI |