[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ALAS-2016-694 ---- kernel perf

ID: oval:org.secpod.oval:def:1600345Date: (C)2016-05-19   (M)2024-01-29
Class: PATCHFamily: unix




An integer overflow vulnerability was found in xt_alloc_table_info, which on 32-bit systems can lead to small structure allocation and a copy_from_user based heap corruption. In the mark_source_chains function it is possible for a user-supplied ipt_entry structure to have a large next_offset field. This field is not bounds checked prior to writing a counter value at the supplied offset. A weakness was found in the Linux ASLR implementation. Any user able to run 32-bit applications in a x86 machine can disable the ASLR by setting the RLIMIT_STACK resource to unlimited. Destroying a network interface with a large number of IPv4 addresses keeps a rtnl_lock for a very long time, which can block many network-related operations

Platform:
Amazon Linux AMI
Product:
kernel
perf
Reference:
ALAS-2016-694
CVE-2016-7117
CVE-2016-3672
CVE-2016-3156
CVE-2016-3135
CVE-2016-3134
CVE    5
CVE-2016-3135
CVE-2016-3672
CVE-2016-3134
CVE-2016-3156
...
CPE    5
cpe:/o:amazon:linux
cpe:/o:linux:linux_kernel
cpe:/a:perf:perf
cpe:/o:linux:linux_kernel:4.5.2
...

© SecPod Technologies