SB2017041170 - Red Hat Enterprise Linux 6 update for kernel
Published: April 11, 2017 Updated: April 24, 2025
Security Bulletin ID
SB2017041170
Severity
Low
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Use-after-free error (CVE-ID: CVE-2016-7910)
The vulnerability allows a local attacker to gain elevated privileges on the target system.The weakness exists due to use-after-free error in the disk_seqf_stop function in block/genhd.c. a local attacker can leverage the execution of a certain stop operation and execute arbitrary code on the system with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
2) Race condition (CVE-ID: CVE-2017-2636)
The vulnerability allows a local user to execute arbitrary code.
Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.
Remediation
Install update from vendor's website.