Security Kernel Security Update: Local Privilege Escalation CVE-2016-5195

eva2000 · Oct 22, 2016

dorobo said: ↑

OpenVZ 2.6.32-43-pve

That is still vulnerable right?
Click to expand...

see the list at Security - Kernel Security Update: Local Privilege Escalation CVE-2016-5195 | Centmin Mod Community

Matt said: ↑

Not for £27 I'm not!
Click to expand...

try reboot one time menu orders for grub How to change default boot kernel permanently or temporarily on CentOS - Ask Xmodulo so that next reboot goes back to default

Matt · Oct 22, 2016

Managed to get it to boot back into the installed kernel on the disk

Code:

[root@backup log]# yum remove kernel-firmware-2.6.32-642.6.1.el6.noarch dracut-kernel-004-409.el6_8.2.noarch kernel-2.6.32-642.6.1.el6.x86_64
Loaded plugins: fastestmirror, priorities, security
Setting up Remove Process
Resolving Dependencies
--> Running transaction check
---> Package dracut-kernel.noarch 0:004-409.el6_8.2 will be erased
---> Package kernel.x86_64 0:2.6.32-642.6.1.el6 will be erased
---> Package kernel-firmware.noarch 0:2.6.32-642.6.1.el6 will be erased
--> Finished Dependency Resolution

Dependencies Resolved

===================================================================================================================
 Package                       Arch                 Version                           Repository              Size
===================================================================================================================
Removing:
 dracut-kernel                 noarch               004-409.el6_8.2                   @updates               202  
 kernel                        x86_64               2.6.32-642.6.1.el6                @updates               131 M
 kernel-firmware               noarch               2.6.32-642.6.1.el6                @updates                57 M

Transaction Summary
===================================================================================================================
Remove        3 Package(s)

Installed size: 188 M
Is this ok [y/N]: y
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Erasing    : kernel-2.6.32-642.6.1.el6.x86_64                                                                1/3 
warning:    erase unlink of /lib/modules/2.6.32-642.6.1.el6.x86_64/weak-updates failed: No such file or directory
warning:    erase unlink of /lib/modules/2.6.32-642.6.1.el6.x86_64/modules.order failed: No such file or directory
warning:    erase unlink of /lib/modules/2.6.32-642.6.1.el6.x86_64/modules.networking failed: No such file or directory
warning:    erase unlink of /lib/modules/2.6.32-642.6.1.el6.x86_64/modules.modesetting failed: No such file or directory
warning:    erase unlink of /lib/modules/2.6.32-642.6.1.el6.x86_64/modules.drm failed: No such file or directory
warning:    erase unlink of /lib/modules/2.6.32-642.6.1.el6.x86_64/modules.block failed: No such file or directory
  Erasing    : kernel-firmware-2.6.32-642.6.1.el6.noarch                                                       2/3 
  Erasing    : dracut-kernel-004-409.el6_8.2.noarch                                                            3/3 
  Verifying  : kernel-2.6.32-642.6.1.el6.x86_64                                                                1/3 
  Verifying  : dracut-kernel-004-409.el6_8.2.noarch                                                            2/3 
  Verifying  : kernel-firmware-2.6.32-642.6.1.el6.noarch                                                       3/3 

Removed:
  dracut-kernel.noarch 0:004-409.el6_8.2                       kernel.x86_64 0:2.6.32-642.6.1.el6                
  kernel-firmware.noarch 0:2.6.32-642.6.1.el6                

Complete!
[root@backup log]#

Had to basically uninstall the standard kernels, as with those in place.......it won't boot?????

eva2000 · Oct 22, 2016

Matt said: ↑

Had to basically uninstall the standard kernels, as with those in place.......it won't boot?????
Click to expand...

that's a weird one then !

Matt · Oct 22, 2016

eva2000 said: ↑

that's a weird one then !
Click to expand...

Yeah, I'm going to stop messing now. Any new servers will be installed with the default kernel going forward. Luckily none of my servers have limited user accounts on them (and the cPanel ones are all noshell), so this CVE shouldn't impact them.

eva2000 · Oct 22, 2016

yeah... not being able to use ipset with ovh/sys grs kernels is enough to have me use distro default kernels to begin with

Xon · Oct 22, 2016

Matt said: ↑

Yeah, I'm going to stop messing now. Any new servers will be installed with the default kernel going forward. Luckily none of my servers have limited user accounts on them (and the cPanel ones are all noshell), so this CVE shouldn't impact them.
Click to expand...

Technically this affects any service account with normally limited rights. So if a php application is compromised but is running as a limited user, it could get root via privilege escalation.

eva2000 · Oct 22, 2016

Xon said: ↑

Technically this affects any service account with normally limited rights. So if a php application is compromised but is running as a limited user, it could get root via privilege escalation.
Click to expand...

thanks for clarification

seems if i read “Most serious” Linux privilege-escalation bug ever is under active exploit (updated) | Ars Technica again it mentions that

Any user can become root in < 5 seconds in my testing, very reliably. Scary stuff.

The vulnerability is easiest exploited with local access to a system such as shell accounts. Less trivially, any web server/application vulnerability which allows the attacker to upload a file to the impacted system and execute it also works.

The particular exploit which was uploaded to my system was compiled with GCC 4.8.5 released 20150623, though this should not imply that the vulnerability was not available earlier than that date given its longevity. As to who is being targeted, anyone running Linux on a web facing server is vulnerable.

For the past few years, I have been capturing all inbound traffic to my webservers for forensic analysis. This practice has proved invaluable on numerous occasions, and I would recommend it to all admins. In this case, I was able to extract the uploaded binary from those captures to analyze its behavior, and escalate to the appropriate Linux kernel maintainers.
Click to expand...

eva2000 · Oct 22, 2016

Redhat has also posted a detection bash script for this vulnerability at https://access.redhat.com/sites/default/files/rh-cve-2016-5195_1.sh
Code (Text):
mkdir -p /root/tools
cd /root/tools
wget https://access.redhat.com/sites/default/files/rh-cve-2016-5195_1.sh
chmod +x rh-cve-2016-5195_1.sh
On standard CentOS 7.2 system
Code (Text):
./rh-cve-2016-5195_1.sh
Your kernel is 3.10.0-327.36.1.el7.x86_64 which IS vulnerable.
Red Hat recommends that you update your kernel. Alternatively, you can apply partial
mitigation described at https://access.redhat.com/security/vulnerabilities/2706661 .
Seems elrepo mainline kernel isn't vulnerable. On my SoYouStart CentOS 7.2 + 4.7.5 Mainline linux kernel
Code (Text):
./rh-cve-2016-5195_1.sh
Your kernel is 4.7.5-1.el7.elrepo.x86_64 which is NOT vulnerable.
On Linode with CentOS 6 or 7 with 4.8.3 provided kernel the detection test script doesn't work
Code (Text):
./rh-cve-2016-5195_1.sh
This script is only meant to detect vulnerable kernels on Red Hat Enterprise Linux 5, 6 and 7.
seems the script just looks for vulnerable kernel versions rh-cve-2016-5195_1.sh · GitHub so elrepo 4.7.5 could still be vulnerable.

eva2000 · Oct 22, 2016

Installed KernelCare on a CentOS 7 server as they have a 30 day free trial before needing to pay 30-Days Trial

KernelCare Pricing
CloudLinux - Main | New template

Code (Text):

kcarectl --version
2.8-3

Code (Text):

kcarectl --update
Kernel is safe

Code (Text):

kcarectl --info
kpatch-state: patch is applied
kpatch-for: Linux version 3.10.0-327.36.1.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-4) (GCC) ) #1 SMP Sun Sep 18 13:04:29 UTC 2016
kpatch-build-time: Fri Oct 21 13:23:56 2016
kpatch-description: 3;3.10.0-327.36.2.el7.x86_64

Code (Text):

uname -r
3.10.0-327.36.1.el7.x86_64

Code (Text):

kcare-uname -r
3.10.0-327.36.2.el7.x86_64

patched for the following

Code (Text):

kcarectl --patch-info | grep kpatch-cve
kpatch-cve: CVE-2016-4581
kpatch-cve-url: https://access.redhat.com/security/cve/cve-2016-4581
kpatch-cve: CVE-2016-4581
kpatch-cve-url: https://access.redhat.com/security/cve/cve-2016-4581
kpatch-cve: CVE-2016-5829
kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2016-5829
kpatch-cve: CVE-2016-7039
kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2016-7039
kpatch-cve: CVE-2016-5195
kpatch-cve-url: https://access.redhat.com/security/cve/cve-2016-5195
kpatch-cve: CVE-2015-6937
kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2015-6937
kpatch-cve: CVE-2015-7990
kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2015-7990
kpatch-cve:
kpatch-cve-url: http://googleprojectzero.blogspot.ru/2015/03/exploiting-dram-rowhammer-bug-to-gain.html

Code (Text):

kcarectl --patch-info
OS: centos7
kernel: kernel-3.10.0-327.36.1.el7
time: 2016-10-21 09:46:25
uname: 3.10.0-327.36.2.el7.x86_64

kpatch-name: 3.10.0/fs-pnodec-treat-zero-mnt_group_id-s-as-unequal.patch
kpatch-description: fs/pnode.c: treat zero mnt_group_id-s as unequal
kpatch-kernel: >kernel-3.10.0-327.18.2.el7
kpatch-cve: CVE-2016-4581
kpatch-cvss: 4.7
kpatch-cve-url: https://access.redhat.com/security/cve/cve-2016-4581
kpatch-patch-url: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/patch/?id=7ae8fd0351f912b075149a1e03a017be8b903b9a

kpatch-name: 3.10.0/propogate_mnt-handle-the-first-propogated-copy-being-a-slave.patch
kpatch-description: propogate_mnt: Handle the first propogated copy being a slave
kpatch-kernel: >kernel-3.10.0-327.18.2.el7
kpatch-cve: CVE-2016-4581
kpatch-cvss: 4.7
kpatch-cve-url: https://access.redhat.com/security/cve/cve-2016-4581
kpatch-patch-url: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/patch/?id=5ec0811d30378ae104f250bfc9b3640242d81e3f

kpatch-name: 3.10.0/HID-hiddev-validate-num_values-for-HID.patch
kpatch-description: HID: hiddev: validate num_values for HIDIOCGUSAGES,HIDIOCSUSAGES commands
kpatch-kernel: >kernel-3.10.0-327.36.2.el7
kpatch-cve: CVE-2016-5829
kpatch-cvss: 6.9
kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2016-5829
kpatch-patch-url: https://git.kernel.org/linus/93a2001bdfd5376c3dc2158653034c20392d15c5

kpatch-name: 3.10.0/net-add-recursion-limit-to-GRO.patch
kpatch-description: [net] add recursion limit to GRO
kpatch-kernel: kernel-3.10.0-327.36.2.el7
kpatch-cve: CVE-2016-7039
kpatch-cvss: 7.1
kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2016-7039
kpatch-patch-url: https://access.redhat.com/labs/psb/versions/kernel-3.10.0-327.36.2.el7/patches/net-add-recursion-limit-to-GRO

kpatch-name: 3.10.0/0001-mm-remove-gup_flags-FOLL_WRITE-games-from-__get_user-327.patch
kpatch-description: mm: remove gup_flags FOLL_WRITE games from __get_user_pages()
kpatch-kernel: >kernel-3.10.0-327.36.2.el7
kpatch-cve: CVE-2016-5195
kpatch-cvss: 6.9
kpatch-cve-url: https://access.redhat.com/security/cve/cve-2016-5195
kpatch-patch-url: https://git.kernel.org/linus/19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619

kpatch-name: 3.10.0/RDS-verify-the-underlying-transport-exists-before-cr.patch
kpatch-description: RDS: verify the underlying transport exists before creating a connection
kpatch-kernel: >kernel-3.10.0-229.14.1.el7
kpatch-cve: CVE-2015-6937
kpatch-cvss: 7.1
kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2015-6937
kpatch-patch-url: http://git.kernel.org/linus/74e98eb085889b0d2d4908f59f6e00026063014f

kpatch-name: 3.10.0/RDS-fix-race-condition-when-sending-a-message-on.patch
kpatch-description: RDS: fix race condition when sending a message on unbound socket
kpatch-kernel: >kernel-3.10.0-229.14.1.el7
kpatch-cve: CVE-2015-7990
kpatch-cvss: 6.3
kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2015-7990
kpatch-patch-url: https://lkml.org/lkml/2015/10/16/530

kpatch-name: 3.10.0/proc-restrict-pagemap-access.patch
kpatch-description: Restrict access to pagemap/kpageflags/kpagecount
kpatch-kernel:
kpatch-cve:
kpatch-cvss:
kpatch-cve-url: http://googleprojectzero.blogspot.ru/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
kpatch-patch-url:

eva2000 · Oct 22, 2016

hmm. this will affect all Android devices with affected linux kernels !!

Matt · Oct 23, 2016

I've just tested on the OVH kernel on my CentOS6 box (doesn't work):

dirtycow.github.io/dirtyc0w.c at master · dirtycow/dirtycow.github.io · GitHub

Code (Text):

-bash-4.1$ cd /home/nginx/
-bash-4.1$ ls
dirtyc0w  dirtyc0w.c  domains  foo
-bash-4.1$ ls -al
total 32
drwxr-s--- 3 nginx nginx 4096 Oct 22 16:43 .
drwxr-xr-x 6 root  root  4096 Oct 22 04:01 ..
-rwxr-xr-x 1 nginx nginx 9690 Oct 22 16:43 dirtyc0w
-rw-r--r-- 1 root  nginx 2826 Oct 22 16:41 dirtyc0w.c
drwxr-s--- 2 nginx nginx 4096 Oct 22 04:05 domains
-r-----r-- 1 root  root    19 Oct 22 16:42 foo
-bash-4.1$ ./dirtyc0w foo m00000000000000000
mmap 6e7ca1408000

procselfmem -100000000

madvise 0

-bash-4.1$ cat foo 
this is not a test
-bash-4.1$

but does on a CentOS7 box

Code (Text):

[root@backup mattw]# wget https://raw.githubusercontent.com/dirtycow/dirtycow.github.io/master/dirtyc0w.c
--2016-10-22 17:47:18--  https://raw.githubusercontent.com/dirtycow/dirtycow.github.io/master/dirtyc0w.c
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.60.133
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.60.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2826 (2.8K) [text/plain]
Saving to: â€˜dirtyc0w.câ€™

100%[============================================================================================================>] 2,826       --.-K/s   in 0s      

2016-10-22 17:47:18 (104 MB/s) - â€˜dirtyc0w.câ€™ saved [2826/2826]

[root@backup mattw]# echo this is not a test > foo
[root@backup mattw]# chmod 0404 foo
[root@backup mattw]# ls
dirtyc0w.c  foo
[root@backup mattw]# ls -al
total 28
drwx------. 2 mattw mattw 4096 Oct 22 17:47 .
drwxr-xr-x. 3 root  root  4096 Oct 22 17:46 ..
-rw-r--r--. 1 mattw mattw   18 Aug  2 18:00 .bash_logout
-rw-r--r--. 1 mattw mattw  193 Aug  2 18:00 .bash_profile
-rw-r--r--. 1 mattw mattw  231 Aug  2 18:00 .bashrc
-rw-r--r--. 1 root  root  2826 Oct 22 17:47 dirtyc0w.c
-r-----r--. 1 root  root    19 Oct 22 17:47 foo
[root@backup mattw]# gcc -pthread dirtyc0w.c -o dirtyc0w
[root@backup mattw]# su - mattw
[mattw@backup ~]$ pwd
/home/mattw
[mattw@backup ~]$ ls
dirtyc0w  dirtyc0w.c  foo
[mattw@backup ~]$ ./dirtyc0w foo m00000000000000000
mmap 7f19440d4000

madvise 0

procselfmem 1800000000

[mattw@backup ~]$ cat foo
m00000000000000000
[mattw@backup ~]$

eva2000 · Oct 23, 2016

interesting, there's more than one PoC for this flaw, so I believe this test you did is just on PoC ?

Matt · Oct 23, 2016

Just seen that CentOS5/6 have write_mem disabled, so that specific one won't work. Either way, the OVH kernel needs patching.

eva2000 · Oct 23, 2016

indeed.. from same site at VulnerabilityDetails · dirtycow/dirtycow.github.io Wiki · GitHub

nice video

Matt · Oct 23, 2016

I've emailed my account manager @ OVH to see if he had any news on the issue (nothing on the OVH forums).

Matt · Oct 23, 2016

Actually, I made a mistake. The CentOS7 server I tested on was running the standard kernel :bag:

CentOS7 and OVH kernel:

Code (Text):

[mattw@host ~]$ ls
dirtyc0w  dirtyc0w.c  foo
[mattw@host ~]$ cat foo
this is not a test
[mattw@host ~]$ ls -lah foo 
-r-----r-- 1 root root 19 Oct 22 16:29 foo
[mattw@host ~]$ ./dirtyc0w foo m00000000000000000
mmap 60baa1179000

procselfmem -100000000

madvise 0

[mattw@host ~]$ cat foo 
this is not a test
[mattw@host ~]$ uname -a
Linux XXXXXXXXX 3.14.32-xxxx-grs-ipv6-64 #7 SMP Wed Jan 27 18:05:09 CET 2016 x86_64 x86_64 x86_64 GNU/Linux
[mattw@host ~]$ cat /etc/redhat-release 
CentOS Linux release 7.2.1511 (Core) 
[mattw@host ~]$

eva2000 · Oct 23, 2016

@Matt Flashpoint - Analysis of "DirtyCow" Kernel Exploit

Exploit Analysis

At the time of writing, Flashpoint has identified three different Proofs of Concept (POCs) of exploiting this vulnerability that are available in open sources.

The “dirtyc0w” exploit can be used to allow write access to files which are typically marked read-only.

“Cowroot” will escalate privileges to root.

“Dirtycow-mem” will allow for root access by patching libc’s getuid (which returns the real user ID of the calling process), and envoking su (superuser command).

Click to expand...

Matt · Oct 24, 2016

OVH Tasks

eva2000 · Oct 24, 2016

Matt said: ↑

OVH Tasks

Click to expand...

excellent news for those using OVH custom grs kernels. Doesn't apply to me though as i use distro linux kernels for better module compatibility

Details
A vulnerability in the Linux kernel has been discovered that affects all Linux kernels.

While we are in the course of preparing a new OVH kernel based on the long-term 4.4 series, we cannot update our public default kernels to 4.4 just yet because of several issues, mostly due to hardware compatibility, that need to be resolved.

We have for now instead decided to recompile the currently used 3.14.32 kernel (that already includes patches for prior vulnerabilities) with a backported fix to this issue.

This patched kernel is available on our ftp server: ftp://ftp.ovh.net/made-in-ovh/bzImage/latest-production/
It has also been rolled out on our reinstallation system for dedicated servers (if no other kernel is chosen during reinstallation launch) as well as on our netboot services.

We strongly encourage all users on 3.14.32 kernels to update their system. If uncertain on which patchlevel you are, please refer to the output of "uname -a" - the fixed kernels have recompilation number 9 and todays date, for example:
# uname -a
Linux yourserver.ovh.net 3.14.32-xxxx-grs-ipv6-64 #9 SMP Thu Oct 20 14:53:52 CEST 2016 x86_64 GNU/Linux

For users of our "test" kernels, updated kernels of version 4.4.26 are provided as well: ftp://ftp.ovh.net/made-in-ovh/bzImage/latest-test/.

We'd like to thank grsecurity.net for providing us with the backported fix for 3.14.
Click to expand...

Sunka · Oct 24, 2016

eva2000 said: ↑

Installed KernelCare on a CentOS 7 server as they have a 30 day free trial before needing to pay 30-Days Trial

KernelCare Pricing
CloudLinux - Main | New template

Code (Text):

kcarectl --version
2.8-3

Code (Text):

kcarectl --update
Kernel is safe

Code (Text):

kcarectl --info
kpatch-state: patch is applied
kpatch-for: Linux version 3.10.0-327.36.1.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-4) (GCC) ) #1 SMP Sun Sep 18 13:04:29 UTC 2016
kpatch-build-time: Fri Oct 21 13:23:56 2016
kpatch-description: 3;3.10.0-327.36.2.el7.x86_64

Code (Text):

uname -r
3.10.0-327.36.1.el7.x86_64

Code (Text):

kcare-uname -r
3.10.0-327.36.2.el7.x86_64

patched for the following

Code (Text):

kcarectl --patch-info | grep kpatch-cve
kpatch-cve: CVE-2016-4581
kpatch-cve-url: https://access.redhat.com/security/cve/cve-2016-4581
kpatch-cve: CVE-2016-4581
kpatch-cve-url: https://access.redhat.com/security/cve/cve-2016-4581
kpatch-cve: CVE-2016-5829
kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2016-5829
kpatch-cve: CVE-2016-7039
kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2016-7039
kpatch-cve: CVE-2016-5195
kpatch-cve-url: https://access.redhat.com/security/cve/cve-2016-5195
kpatch-cve: CVE-2015-6937
kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2015-6937
kpatch-cve: CVE-2015-7990
kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2015-7990
kpatch-cve:
kpatch-cve-url: http://googleprojectzero.blogspot.ru/2015/03/exploiting-dram-rowhammer-bug-to-gain.html

Code (Text):

kcarectl --patch-info
OS: centos7
kernel: kernel-3.10.0-327.36.1.el7
time: 2016-10-21 09:46:25
uname: 3.10.0-327.36.2.el7.x86_64

kpatch-name: 3.10.0/fs-pnodec-treat-zero-mnt_group_id-s-as-unequal.patch
kpatch-description: fs/pnode.c: treat zero mnt_group_id-s as unequal
kpatch-kernel: >kernel-3.10.0-327.18.2.el7
kpatch-cve: CVE-2016-4581
kpatch-cvss: 4.7
kpatch-cve-url: https://access.redhat.com/security/cve/cve-2016-4581
kpatch-patch-url: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/patch/?id=7ae8fd0351f912b075149a1e03a017be8b903b9a

kpatch-name: 3.10.0/propogate_mnt-handle-the-first-propogated-copy-being-a-slave.patch
kpatch-description: propogate_mnt: Handle the first propogated copy being a slave
kpatch-kernel: >kernel-3.10.0-327.18.2.el7
kpatch-cve: CVE-2016-4581
kpatch-cvss: 4.7
kpatch-cve-url: https://access.redhat.com/security/cve/cve-2016-4581
kpatch-patch-url: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/patch/?id=5ec0811d30378ae104f250bfc9b3640242d81e3f

kpatch-name: 3.10.0/HID-hiddev-validate-num_values-for-HID.patch
kpatch-description: HID: hiddev: validate num_values for HIDIOCGUSAGES,HIDIOCSUSAGES commands
kpatch-kernel: >kernel-3.10.0-327.36.2.el7
kpatch-cve: CVE-2016-5829
kpatch-cvss: 6.9
kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2016-5829
kpatch-patch-url: https://git.kernel.org/linus/93a2001bdfd5376c3dc2158653034c20392d15c5

kpatch-name: 3.10.0/net-add-recursion-limit-to-GRO.patch
kpatch-description: [net] add recursion limit to GRO
kpatch-kernel: kernel-3.10.0-327.36.2.el7
kpatch-cve: CVE-2016-7039
kpatch-cvss: 7.1
kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2016-7039
kpatch-patch-url: https://access.redhat.com/labs/psb/versions/kernel-3.10.0-327.36.2.el7/patches/net-add-recursion-limit-to-GRO

kpatch-name: 3.10.0/0001-mm-remove-gup_flags-FOLL_WRITE-games-from-__get_user-327.patch
kpatch-description: mm: remove gup_flags FOLL_WRITE games from __get_user_pages()
kpatch-kernel: >kernel-3.10.0-327.36.2.el7
kpatch-cve: CVE-2016-5195
kpatch-cvss: 6.9
kpatch-cve-url: https://access.redhat.com/security/cve/cve-2016-5195
kpatch-patch-url: https://git.kernel.org/linus/19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619

kpatch-name: 3.10.0/RDS-verify-the-underlying-transport-exists-before-cr.patch
kpatch-description: RDS: verify the underlying transport exists before creating a connection
kpatch-kernel: >kernel-3.10.0-229.14.1.el7
kpatch-cve: CVE-2015-6937
kpatch-cvss: 7.1
kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2015-6937
kpatch-patch-url: http://git.kernel.org/linus/74e98eb085889b0d2d4908f59f6e00026063014f

kpatch-name: 3.10.0/RDS-fix-race-condition-when-sending-a-message-on.patch
kpatch-description: RDS: fix race condition when sending a message on unbound socket
kpatch-kernel: >kernel-3.10.0-229.14.1.el7
kpatch-cve: CVE-2015-7990
kpatch-cvss: 6.3
kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2015-7990
kpatch-patch-url: https://lkml.org/lkml/2015/10/16/530

kpatch-name: 3.10.0/proc-restrict-pagemap-access.patch
kpatch-description: Restrict access to pagemap/kpageflags/kpagecount
kpatch-kernel:
kpatch-cve:
kpatch-cvss:
kpatch-cve-url: http://googleprojectzero.blogspot.ru/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
kpatch-patch-url:

Click to expand...

Nice.
Installed also 30 days free account, updated and I hope that's it for this security bug.

Log in / Register

Forums

Welcome to Centmin Mod Community

Security Kernel Security Update: Local Privilege Escalation CVE-2016-5195

eva2000 Administrator Staff Member

Matt Well-Known Member

eva2000 Administrator Staff Member

Matt Well-Known Member

eva2000 Administrator Staff Member

Xon Active Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

Matt Well-Known Member

eva2000 Administrator Staff Member

Matt Well-Known Member

eva2000 Administrator Staff Member

Matt Well-Known Member

Matt Well-Known Member

eva2000 Administrator Staff Member

Matt Well-Known Member

eva2000 Administrator Staff Member

Sunka Well-Known Member

.

Log in / Register

Useful Searches

Welcome to Centmin Mod Community

Security Kernel Security Update: Local Privilege Escalation CVE-2016-5195

eva2000 Administrator Staff Member

Matt Well-Known Member

eva2000 Administrator Staff Member

Matt Well-Known Member

eva2000 Administrator Staff Member

Xon Active Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

Matt Well-Known Member

eva2000 Administrator Staff Member

Matt Well-Known Member

eva2000 Administrator Staff Member

Matt Well-Known Member

Matt Well-Known Member

eva2000 Administrator Staff Member

Matt Well-Known Member

eva2000 Administrator Staff Member

Sunka Well-Known Member

.