ALAS-2013-166 ---- kernelID: oval:org.secpod.oval:def:1600229 | Date: (C)2016-05-19 (M)2024-05-04 |
Class: PATCH | Family: unix |
It was found that a deadlock could occur in the Out of Memory killer. A process could trigger this deadlock by consuming a large amount of memory, and then causing request_module to be called. A local, unprivileged user could use this flaw to cause a denial of service . A flaw was found in the way the KVM subsystem handled guests attempting to run with the X86_CR4_OSXSAVE CPU feature flag set. On hosts without the XSAVE CPU feature, a local, unprivileged user could use this flaw to crash the host system. A memory disclosure flaw was found in the way the load_script function in the binfmt_script binary format handler handled excessive recursions. A local, unprivileged user could use this flaw to leak kernel stack memory to user-space by executing specially-crafted scripts. A race condition was found in the way the Linux kernel"s ptrace implementation handled PTRACE_SETREGS requests when the debuggee was woken due to a SIGKILL signal instead of being stopped. A local, unprivileged user could use this flaw to escalate their privileges
Platform: |
Amazon Linux AMI |