Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Enterprise Linux For Real Time
Total 43 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-15129 4 Canonical, Fedoraproject, Linux and 1 more 20 Ubuntu Linux, Fedora, Linux Kernel and 17 more 2024-02-28 4.9 MEDIUM 4.7 MEDIUM
A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely.
CVE-2016-3707 3 Linux, Novell, Redhat 4 Linux Kernel-rt, Suse Linux Enterprise Real Time Extension, Enterprise Linux For Real Time and 1 more 2024-02-28 6.8 MEDIUM 8.1 HIGH
The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file.
CVE-2016-4470 4 Linux, Novell, Oracle and 1 more 14 Linux Kernel, Suse Linux Enterprise Real Time Extension, Linux and 11 more 2024-02-28 4.9 MEDIUM 5.5 MEDIUM
The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.