CVE-2016-0774 Linux Kernel moderate vulnerability

March 28, 2016 — Leave a comment

Back in June of 2015, CVE-2015-1805 a kernel patch was released to implement a fix for vectored pipe read and write functionality which could potentially result in memory corruption. A local, unprivileged user could use the flaw in an unpatched kernel to crash the system or escalate their privileges on the system.

Recently it was found that the fix for this issue incorrectly kept buffer offset/length in sync on a failed atomic read. This could result in a pipe buffer state corruption – and a local, unprivileged user could use this to crash the system / leak kernel memory to the user space.

This affects Red Hat / CentOS 6. Red Hat / CentOS 7 is not affected.

How to update

You can run the following command to see if an updated kernel package is available for you:

It should show that there is a new update available. You can then install the update with this command:

Once updated, you should verify that the update you performed fixed this flaw by running the following command:

You should see this in the output:

Important: After verifying that your kernel is patched for this vulnerability, you need to reboot your machine so that it comes up under the new kernel. This patch will not benefit you until you do.


More information

Here are some helpful links with more information about this issue:
https://access.redhat.com/security/cve/CVE-2016-0774
https://access.redhat.com/security/cve/cve-2015-1805
https://lists.centos.org/pipermail/centos-announce/2016-March/021769.html

Here are the packages that are out there for this update:




No Comments

Be the first to start the conversation.

Leave a Reply