vulnerability

Amazon Linux AMI: CVE-2016-3157: Security patch for kernel (ALAS-2016-669)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:N/C:C/I:C/A:C)	2016-04-12	2016-04-20	2019-05-07

Severity

CVSS

(AV:L/AC:L/Au:N/C:C/I:C/A:C)

Published

2016-04-12

Added

2016-04-20

Modified

2019-05-07

Description

The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause a denial of service (guest OS crash), or obtain sensitive information by leveraging I/O port access.

Solution

amazon-linux-upgrade-kernel

References

AMAZON-ALAS-2016-669
DEBIAN-DLA-516-1
DEBIAN-DSA-3607
UBUNTU-USN-2965-1
UBUNTU-USN-2965-2
UBUNTU-USN-2965-3
UBUNTU-USN-2965-4
UBUNTU-USN-2968-1
UBUNTU-USN-2968-2
UBUNTU-USN-2969-1
UBUNTU-USN-2970-1
UBUNTU-USN-2971-1
UBUNTU-USN-2971-2
UBUNTU-USN-2971-3
UBUNTU-USN-2996-1
UBUNTU-USN-2997-1
NVD-CVE-2016-3157

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today