Errata ALT-PU-2017-2509-1: Information
Package name: kernel-image-std-def
Version: 4.4.93-alt0.M70C.1
Bulletin updated: Oct. 26, 2017
Task: #191210
Fixes
Published: Jan. 1, 1970
BDU:2015-04307
Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Links:
- CVE-2012-2372
- CVE-2013-2929
- CVE-2013-4299
- CVE-2013-4579
- CVE-2013-6382
- CVE-2013-7339
- CVE-2014-0055
- CVE-2014-0077
- CVE-2014-0101
- CVE-2014-0131
- CVE-2014-0155
- CVE-2014-1444
- CVE-2014-1445
- CVE-2014-1446
- CVE-2014-1874
- CVE-2014-2309
- CVE-2014-2523
- CVE-2014-2678
- CVE-2014-2851
- CVE-2014-3122
- CVE-2014-3144
- CVE-2014-3145
- CVE-2014-3917
- CVE-2014-4652
- CVE-2014-4653
- CVE-2014-4654
- CVE-2014-4655
- CVE-2014-4656
- CVE-2014-4699
Published: Jan. 1, 1970
BDU:2015-04308
Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Links:
- CVE-2012-2372
- CVE-2013-2929
- CVE-2013-4299
- CVE-2013-4579
- CVE-2013-6382
- CVE-2013-7339
- CVE-2014-0055
- CVE-2014-0077
- CVE-2014-0101
- CVE-2014-0131
- CVE-2014-0155
- CVE-2014-1444
- CVE-2014-1445
- CVE-2014-1446
- CVE-2014-1874
- CVE-2014-2309
- CVE-2014-2523
- CVE-2014-2678
- CVE-2014-2851
- CVE-2014-3122
- CVE-2014-3144
- CVE-2014-3145
- CVE-2014-3917
- CVE-2014-4652
- CVE-2014-4653
- CVE-2014-4654
- CVE-2014-4655
- CVE-2014-4656
- CVE-2014-4699
Published: Jan. 1, 1970
BDU:2015-04309
Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Links:
- CVE-2012-2372
- CVE-2013-2929
- CVE-2013-4299
- CVE-2013-4579
- CVE-2013-6382
- CVE-2013-7339
- CVE-2014-0055
- CVE-2014-0077
- CVE-2014-0101
- CVE-2014-0131
- CVE-2014-0155
- CVE-2014-1444
- CVE-2014-1445
- CVE-2014-1446
- CVE-2014-1874
- CVE-2014-2309
- CVE-2014-2523
- CVE-2014-2678
- CVE-2014-2851
- CVE-2014-3122
- CVE-2014-3144
- CVE-2014-3145
- CVE-2014-3917
- CVE-2014-4652
- CVE-2014-4653
- CVE-2014-4654
- CVE-2014-4655
- CVE-2014-4656
- CVE-2014-4699
Published: Jan. 1, 1970
BDU:2015-04310
Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Links:
- CVE-2012-2372
- CVE-2013-2929
- CVE-2013-4299
- CVE-2013-4579
- CVE-2013-6382
- CVE-2013-7339
- CVE-2014-0055
- CVE-2014-0077
- CVE-2014-0101
- CVE-2014-0131
- CVE-2014-0155
- CVE-2014-1444
- CVE-2014-1445
- CVE-2014-1446
- CVE-2014-1874
- CVE-2014-2309
- CVE-2014-2523
- CVE-2014-2678
- CVE-2014-2851
- CVE-2014-3122
- CVE-2014-3144
- CVE-2014-3145
- CVE-2014-3917
- CVE-2014-4652
- CVE-2014-4653
- CVE-2014-4654
- CVE-2014-4655
- CVE-2014-4656
- CVE-2014-4699
Published: Jan. 1, 1970
BDU:2015-05685
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05686
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05687
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05688
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05689
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05690
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05691
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05692
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05693
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05694
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05695
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05696
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05697
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05698
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05699
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05700
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05701
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05702
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05703
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05704
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05705
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05706
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05707
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05708
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05709
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05710
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05711
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05712
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05713
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05714
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05715
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05716
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05717
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05718
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05719
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05720
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05721
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05722
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05723
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05724
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05725
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05726
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05727
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05728
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05729
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05730
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05731
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05732
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05733
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05734
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05735
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05736
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05737
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05738
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05739
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05740
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05741
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05742
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05743
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05744
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05745
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05746
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05747
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05748
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05749
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05750
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05751
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05752
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05753
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05754
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05755
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05756
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05757
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05758
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05759
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05760
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05761
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05762
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05763
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05764
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05765
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05766
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05767
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05768
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05769
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05770
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05771
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05772
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05773
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05774
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05775
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05776
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05777
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05778
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05779
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05780
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05781
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05782
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05783
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05784
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05785
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05786
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05787
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05788
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05789
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05790
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05791
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05792
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05793
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05794
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05795
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05796
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05797
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05798
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05799
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05800
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05801
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05802
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05803
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05804
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05805
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05806
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05807
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05808
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05809
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05810
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05811
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05812
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05813
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05814
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05815
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05816
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05817
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05818
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05819
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05820
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05821
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05822
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05823
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05824
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05825
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05826
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05827
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05828
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05829
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05830
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05831
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05832
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05833
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05834
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05835
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05836
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05837
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05838
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05839
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05840
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05841
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05842
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 1, 1970
BDU:2015-05843
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Jan. 27, 2015
BDU:2015-06239
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Links:
Published: Jan. 27, 2015
BDU:2015-06241
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Links:
Published: Jan. 13, 2015
BDU:2015-06243
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Links:
Published: Jan. 27, 2015
BDU:2015-06245
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Links:
Published: Jan. 27, 2015
BDU:2015-06246
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Links:
Published: Jan. 27, 2015
BDU:2015-06247
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Links:
Published: Jan. 27, 2015
BDU:2015-06248
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Links:
Published: Jan. 27, 2015
BDU:2015-06249
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Links:
Published: Jan. 13, 2015
BDU:2015-06250
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Links:
Published: Jan. 27, 2015
BDU:2015-06251
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Links:
Published: Jan. 27, 2015
BDU:2015-06255
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Links:
Published: Jan. 27, 2015
BDU:2015-06258
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Links:
Published: Jan. 27, 2015
BDU:2015-06260
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Links:
Published: Jan. 13, 2015
BDU:2015-06263
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Links:
Published: Jan. 13, 2015
BDU:2015-06264
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Links:
Published: Jan. 13, 2015
BDU:2015-06265
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Links:
Published: Jan. 28, 2015
BDU:2015-09204
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Links:
Published: Jan. 28, 2015
BDU:2015-09205
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Links:
Published: Jan. 28, 2015
BDU:2015-09206
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Links:
Published: Jan. 28, 2015
BDU:2015-09207
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Links:
Published: Jan. 28, 2015
BDU:2015-09208
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Links:
Published: Jan. 28, 2015
BDU:2015-09209
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Links:
Published: Jan. 28, 2015
BDU:2015-09210
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Links:
Published: Jan. 28, 2015
BDU:2015-09211
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Links:
Published: Jan. 28, 2015
BDU:2015-09212
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Links:
Published: Jan. 28, 2015
BDU:2015-09213
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Links:
Published: Jan. 28, 2015
BDU:2015-09214
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Links:
Published: March 24, 2015
BDU:2015-09845
Уязвимости операционной системы Ubuntu, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.2)
Links:
Published: March 24, 2015
BDU:2015-09846
Уязвимости операционной системы Ubuntu, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Links:
Published: March 24, 2015
BDU:2015-09847
Уязвимости операционной системы Ubuntu, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
Links:
Published: Nov. 16, 2015
BDU:2015-12106
Уязвимость гипервизора Xen, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9)
Links:
Published: Nov. 16, 2015
BDU:2015-12123
Уязвимость гипервизора Xen, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.7)
Links:
Published: Feb. 13, 2016
BDU:2016-00513
Уязвимость драйвера USB-MIDI ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Severity: MEDIUM (4.6) Vector: AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: March 13, 2016
BDU:2016-00886
Уязвимость ядра Linux, позволяющая нарушителю получить доступ к защищаемой информации
Severity: LOW (2.1)
Links:
Published: March 13, 2016
BDU:2016-00898
Уязвимость операционной системы Android, позволяющая нарушителю обойти механизм защиты
Severity: MEDIUM (5.0)
Links:
Published: April 27, 2016
BDU:2016-01134
Уязвимость ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Severity: CRITICAL (10.0)
Links:
Published: July 9, 2014
BDU:2016-01579
Уязвимость операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
Links:
Published: Dec. 2, 2015
BDU:2016-01939
Уязвимость стека IPv6 ядра Linux операционной системы Android, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
Severity: HIGH (7.3) Vector: AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Links:
Published: March 30, 2016
BDU:2016-02082
Уязвимость функции usbip_recv_xbuff (drivers/usb/usbip/usbip_common.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Aug. 8, 2016
BDU:2016-02097
Уязвимость ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
Severity: CRITICAL (10.0)
Links:
Published: Aug. 8, 2016
BDU:2016-02098
Уязвимость ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
Severity: CRITICAL (10.0)
Links:
Published: Aug. 8, 2016
BDU:2016-02099
Уязвимость ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
Severity: CRITICAL (10.0)
Links:
Published: March 11, 2016
BDU:2016-02351
Уязвимость функции ion_ioctl (drivers/staging/android/ion/ion.c) операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Dec. 2, 2016
BDU:2016-02353
Уязвимость компонента net/packet/af_packet.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: March 8, 2017
BDU:2017-00542
Уязвимость операционных систем Android и Android, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (7.6)
Links:
Published: Oct. 18, 2016
BDU:2017-00758
Уязвимость компонента mm/gup.c операционной системы Linux, позволяющая нарушителю повысить свои привилегии
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: March 16, 2017
BDU:2017-00770
Уязвимость операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: March 16, 2017
BDU:2017-00771
Уязвимость операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9)
Links:
Published: Jan. 4, 2016
BDU:2017-00894
Уязвимость компонента udp.c ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: April 4, 2017
BDU:2017-01093
Уязвимость операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
Severity: MEDIUM (4.6)
Links:
Published: May 3, 2017
BDU:2017-01159
Уязвимость компонента kernel/events/core.c ядра операционной системы Android, позволяющая нарушителю повысить свои привилегии
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: May 3, 2017
BDU:2017-01160
Уязвимость компонента drivers/regulator/core.c ядра операционной системы Android, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
Severity: HIGH (7.6)
Links:
Published: April 25, 2017
BDU:2017-01162
Уязвимость реализации серверов NFSv2 и NFSv3 в ядре операционной системы Linux, позволяющая нарушителю вызвать ошибки арифметических указателей или оказать другое воздействие
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: May 10, 2017
BDU:2017-01200
Уязвимость функции inet_csk_clone_lock службы net/ipv4/inet_connection_sock.c операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Links:
Published: Oct. 29, 2016
BDU:2017-01280
Уязвимость функции sctp_sf_ootb ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: May 19, 2017
BDU:2017-01414
Уязвимость функции tcp_v6_syn_recv_sock службы net/ipv6/tcp_ipv6.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
Severity: MEDIUM (5.3) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Links:
Published: May 19, 2017
BDU:2017-01415
Уязвимость функции dccp_v6_request_recv_sock службы net/dccp/ipv6.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
Severity: HIGH (7.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Links:
Published: May 19, 2017
BDU:2017-01416
Уязвимость функции sctp_v6_create_accept_sk службы net/sctp/ipv6.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: May 19, 2017
BDU:2017-01417
Уязвимость реализации фрагментации пакетов IPv6 в ядре операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
Severity: HIGH (7.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Links:
Published: Feb. 5, 2017
BDU:2017-01463
Уязвимость функции ip6gre_err операционной системы Linux, позволяющая нарушителю оказать неопределенное воздействие
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: March 28, 2017
BDU:2017-01465
Уязвимость функции packet_set_ring операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: March 27, 2017
BDU:2017-01466
Уязвимость функции vmw_surface_define_ioctl операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: June 18, 2017
BDU:2017-01480
Уязвимость реализации механизма Stack Guard-Page ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: April 4, 2017
BDU:2017-01546
Уязвимость операционной системы Android, позволяющая нарушителю повысить свои привилегии
Severity: CRITICAL (9.3)
Links:
Published: April 12, 2017
BDU:2017-01547
Уязвимость операционной системы Linux, позволяющая нарушителю считывать или записывать в ячейки памяти ядра
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Feb. 17, 2017
BDU:2017-01556
Уязвимость операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или получить привилегии суперпользователя
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Sept. 15, 2016
BDU:2017-01560
Уязвимость функции aio_mount в fs/aio.c ядра операционной системы Android, позволяющая нарушителю обойти политику ограничений и повысить свои привилегии
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: April 17, 2017
BDU:2017-01568
Уязвимость операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Sept. 16, 2014
BDU:2017-01573
Уязвимость операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: June 18, 2017
BDU:2017-01612
Уязвимость ядра операционной системы Linux, позволяющая нарушителю манипулировать стеком
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: June 28, 2017
BDU:2017-01627
Уязвимость функции snd_msndmidi_input_read (sound/isa/msnd/msnd_midi.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: June 28, 2017
BDU:2017-01628
Уязвимость функции snd_msnd_interrupt (sound/isa/msnd/msnd_pinnacle.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: May 13, 2016
BDU:2017-01659
Уязвимость функции ring_buffer_resize подсистемы профилирования ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: July 9, 2017
BDU:2017-01686
Уязвимость функции mq_notify операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: July 19, 2017
BDU:2017-01748
Уязвимость функции mp_override_legacy_irq ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: May 2, 2017
BDU:2017-01836
Уязвимость функции ipxitf_ioctl (net/ipx/af_ipx.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
Severity: HIGH (7.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Links:
Published: July 7, 2017
BDU:2017-01846
Уязвимость пакета fsnotify ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
Severity: HIGH (7.0) Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: May 16, 2017
BDU:2017-02025
Уязвимость функции sanity_check_ckpt операционной системы Linux, позволяющая нарушителю повысить свои привилегии
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: May 2, 2017
BDU:2017-02026
Уязвимость функции sanity_check_raw_super операционной системы Linux, позволяющая нарушителю повысить свои привилегии
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Sept. 9, 2017
BDU:2017-02053
Уязвимость компонента модуля L2CAP пакета программ, реализующих стек протоколов Bluetooth, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.0) Vector: AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: May 16, 2017
BDU:2017-02413
Уязвимость функции lp_setup() загрузчика среды Secure Boot ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Aug. 10, 2017
BDU:2017-02488
Уязвимость функции packet_set_ring (net/packet/af_packet.c) ядра операционных систем Linux, позволяющая нарушителю повысить свои привилегии, вызвать отказ в обслуживании или выполнить произвольный код
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Sept. 18, 2017
BDU:2017-02571
Уязвимость ядра операционной системы Linux (drivers/uwb/uwbd.c), позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Oct. 3, 2015
BDU:2018-00380
Уязвимость реализации TCP-стека операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: July 12, 2017
BDU:2018-00521
Уязвимость драйвера контроллера i8042 операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: April 27, 2017
BDU:2019-00227
Уязвимость реализации протокола Keberos v5 ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии или вызвать отказ в обслуживании
Severity: HIGH (7.1) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Links:
Published: Jan. 9, 2019
BDU:2019-00255
Уязвимость функции do_get_mempolicy() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Dec. 17, 2018
BDU:2019-01341
Уязвимость сервера NFS ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (8.0) Vector: AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: July 2, 2018
BDU:2020-03264
Уязвимость компонента fs/f2fs/inline.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
Published: Aug. 8, 2015
BDU:2022-00885
Уязвимость функций pipe_read и pipe_write в fs/pipe.c ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии или вызвать отказ в обслуживании
Severity: HIGH (7.2)
Links:
Published: Aug. 5, 2015
BDU:2022-00886
Уязвимость функции ping_unhash (net/ipv4/ping.c) ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии или вызвать отказ в обслуживании
Severity: MEDIUM (4.9)
Links:
Published: July 5, 2018
BDU:2022-05860
Уязвимость функции inode_init_owner компонента fs/inode.c ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: July 12, 2017
BDU:2023-00939
Уязвимость функции brcmf_cfg80211_mgmt_tx в drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c ядра операционной системы Linux, позволяющая нарушителю вызывать отказ в обслуживании или повысить свои привилегии.
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Feb. 8, 2016
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2013-4312
The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.
Severity: MEDIUM (6.2) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1297813
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1
- https://github.com/torvalds/linux/commit/712f4aad406bb1ed67f3f98d04c044191f0ff593
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=712f4aad406bb1ed67f3f98d04c044191f0ff593
- https://security-tracker.debian.org/tracker/CVE-2013-4312
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- RHSA-2016:0855
- 82986
- DSA-3503
- USN-2967-1
- USN-2967-2
- USN-2931-1
- USN-2929-1
- USN-2932-1
- USN-2929-2
- FEDORA-2016-5d43766e33
- FEDORA-2016-2f25d12c51
- DSA-3448
- RHSA-2016:2584
- RHSA-2016:2574
Published: March 2, 2015
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2013-7421
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.
Severity: LOW (2.1)
Links:
- [linux-kernel] 20130304 Re: user ns: arbitrary module loading
- [oss-security] 20150124 Re: CVE Request: Linux kernel crypto api unprivileged arbitrary module load
- https://github.com/torvalds/linux/commit/5d26a105b5a73e5635eae0629b42fa0a90e07b7b
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.5
- https://bugzilla.redhat.com/show_bug.cgi?id=1185469
- https://plus.google.com/+MathiasKrause/posts/PqFCo4bfrWu
- USN-2514-1
- 72322
- USN-2513-1
- DSA-3170
- MDVSA-2015:057
- MDVSA-2015:058
- USN-2543-1
- USN-2544-1
- USN-2545-1
- USN-2546-1
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- RHSA-2016:0068
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5d26a105b5a73e5635eae0629b42fa0a90e07b7b
Published: Oct. 16, 2015
Modified: Oct. 16, 2015
Modified: Oct. 16, 2015
CVE-2013-7445
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.
Severity: HIGH (7.8)
Links:
Published: Dec. 28, 2015
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2013-7446
Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.
Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
Links:
- https://forums.grsecurity.net/viewtopic.php?f=3&t=4150
- https://github.com/torvalds/linux/commit/7d267278a9ece963d77eefec61630223fce08c6c
- [netdev] 20150304 [PATCH net] af_unix: don't poll dead peers
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3
- [oss-security] 20151118 Re: CVE request - Linux kernel - Unix sockets use after free - peer_wait_queue prematurely freed
- [linux-kernel] 20140515 eventpoll __list_del_entry corruption (was: perf: use after free in perf_remove_from_context)
- [linux-kernel] 20150913 List corruption on epoll_ctl(EPOLL_CTL_DEL) an AF_UNIX socket
- https://bugzilla.redhat.com/show_bug.cgi?id=1282688
- [linux-kernel] 20131014 Re: epoll oops.
- SUSE-SU-2016:1995
- SUSE-SU-2016:2000
- SUSE-SU-2016:2002
- SUSE-SU-2016:1961
- SUSE-SU-2016:2014
- SUSE-SU-2016:2006
- SUSE-SU-2016:2074
- SUSE-SU-2016:2007
- SUSE-SU-2016:2010
- openSUSE-SU-2016:1641
- SUSE-SU-2016:2001
- SUSE-SU-2016:1994
- SUSE-SU-2016:2003
- 77638
- SUSE-SU-2016:2011
- SUSE-SU-2016:2005
- SUSE-SU-2016:2009
- SUSE-SU-2016:0757
- SUSE-SU-2016:0755
- SUSE-SU-2016:0746
- SUSE-SU-2016:0753
- SUSE-SU-2016:0750
- SUSE-SU-2016:0756
- SUSE-SU-2016:0754
- SUSE-SU-2016:0747
- SUSE-SU-2016:0745
- SUSE-SU-2016:0752
- SUSE-SU-2016:0911
- SUSE-SU-2016:1102
- SUSE-SU-2016:0749
- SUSE-SU-2016:0751
- USN-2889-1
- USN-2890-1
- USN-2889-2
- USN-2890-2
- USN-2887-1
- USN-2890-3
- USN-2887-2
- USN-2888-1
- USN-2886-1
- DSA-3426
- 1034557
- https://groups.google.com/forum/#%21topic/syzkaller/3twDUI4Cpm8
Published: June 25, 2014
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2014-0206
Array index error in the aio_read_events_ring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value.
Severity: LOW (2.1)
Links:
- https://github.com/torvalds/linux/commit/edfbbf388f293d70bf4b7c0bc38774d05e6f711a
- https://bugzilla.redhat.com/show_bug.cgi?id=1094602
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.46
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.24
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.10
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.3
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=edfbbf388f29
- 1030479
- 68176
- 59278
- https://source.android.com/security/bulletin/2017-04-01
- 1038201
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=edfbbf388f293d70bf4b7c0bc38774d05e6f711a
Published: Nov. 6, 2019
Modified: May 17, 2024
Modified: May 17, 2024
CVE-2014-3180
In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable
Severity: CRITICAL (9.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Links:
Published: Sept. 28, 2014
Modified: Feb. 9, 2024
Modified: Feb. 9, 2024
CVE-2014-3181
Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allow physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event.
Links:
- USN-2377-1
- RHSA-2014:1318
- 69779
- https://code.google.com/p/google-security-research/issues/detail?id=100
- https://github.com/torvalds/linux/commit/c54def7bd64d7c0b6993336abcffb8444795bf38
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c54def7bd64d7c0b6993336abcffb8444795bf38
- SUSE-SU-2015:0481
- [oss-security] 20140911 Multiple Linux USB driver CVE assignment
- USN-2378-1
- openSUSE-SU-2015:0566
- https://bugzilla.redhat.com/show_bug.cgi?id=1141173
- USN-2379-1
- USN-2376-1
Published: Sept. 28, 2014
Modified: Dec. 29, 2023
Modified: Dec. 29, 2023
CVE-2014-3182
Array index error in the logi_dj_raw_event function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (invalid kfree) via a crafted device that provides a malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value.
Links:
- RHSA-2014:1318
- https://github.com/torvalds/linux/commit/ad3e14d7c5268c2e24477c6ef54bbdf88add5d36
- 69770
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad3e14d7c5268c2e24477c6ef54bbdf88add5d36
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.2
- [oss-security] 20140911 Multiple Linux USB driver CVE assignment
- https://code.google.com/p/google-security-research/issues/detail?id=89
- https://bugzilla.redhat.com/show_bug.cgi?id=1141210
Published: Sept. 28, 2014
Modified: Dec. 29, 2023
Modified: Dec. 29, 2023
CVE-2014-3183
Heap-based buffer overflow in the logi_dj_ll_raw_request function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that specifies a large report size for an LED report.
Links:
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.2
- [oss-security] 20140911 Multiple Linux USB driver CVE assignment
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=51217e69697fba92a06e07e16f55c9a52d8e8945
- https://bugzilla.redhat.com/show_bug.cgi?id=1141344
- https://github.com/torvalds/linux/commit/51217e69697fba92a06e07e16f55c9a52d8e8945
- https://code.google.com/p/google-security-research/issues/detail?id=90
Published: Sept. 28, 2014
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2014-3184
The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c.
Severity: MEDIUM (4.7)
Links:
- USN-2377-1
- RHSA-2014:1318
- USN-2375-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1141391
- 69768
- SUSE-SU-2015:0652
- https://code.google.com/p/google-security-research/issues/detail?id=91
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.2
- SUSE-SU-2015:0481
- [oss-security] 20140911 Multiple Linux USB driver CVE assignment
- USN-2378-1
- openSUSE-SU-2015:0566
- USN-2374-1
- RHSA-2015:1272
- https://github.com/torvalds/linux/commit/4ab25786c87eb20857bbb715c3ae34ec8fd6a214
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4ab25786c87eb20857bbb715c3ae34ec8fd6a214
- USN-2379-1
- USN-2376-1
- SUSE-SU-2015:0812
Published: Sept. 28, 2014
Modified: March 14, 2024
Modified: March 14, 2024
CVE-2014-3185
Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response.
Links:
- USN-2377-1
- RHSA-2014:1318
- USN-2375-1
- https://github.com/torvalds/linux/commit/6817ae225cd650fb1c3295d769298c38b1eba818
- SUSE-SU-2015:0652
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6817ae225cd650fb1c3295d769298c38b1eba818
- https://code.google.com/p/google-security-research/issues/detail?id=98
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.2
- SUSE-SU-2015:0481
- [oss-security] 20140911 Multiple Linux USB driver CVE assignment
- USN-2378-1
- openSUSE-SU-2015:0566
- https://bugzilla.redhat.com/show_bug.cgi?id=1141400
- RHSA-2015:0284
- USN-2374-1
- 69781
- USN-2379-1
- USN-2376-1
- SUSE-SU-2015:0812
Published: Aug. 1, 2014
Modified: Oct. 3, 2023
Modified: Oct. 3, 2023
CVE-2014-3534
arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call.
Severity: HIGH (7.2)
Links:
- https://github.com/torvalds/linux/commit/dab6cf55f81a6e16b8147aed9a843e1691dcd318
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.8
- https://bugzilla.redhat.com/show_bug.cgi?id=1114089
- DSA-2992
- 1030683
- 68940
- 109546
- 60351
- 59790
- linux-cve20143534-priv-esc(95069)
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=dab6cf55f81a6e16b8147aed9a843e1691dcd318
Published: Sept. 1, 2014
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2014-3601
The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages.
Severity: MEDIUM (4.3)
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1131951
- https://github.com/torvalds/linux/commit/350b8bdd689cd2ab2c67c8a86a0be86cfa0751a7
- USN-2358-1
- USN-2359-1
- USN-2357-1
- USN-2356-1
- SUSE-SU-2015:0481
- openSUSE-SU-2015:0566
- SUSE-SU-2015:0736
- 69489
- 60830
- linux-kernel-cve20143601-dos(95689)
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=350b8bdd689cd2ab2c67c8a86a0be86cfa0751a7
Published: Nov. 10, 2014
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2014-3610
The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1144883
- https://github.com/torvalds/linux/commit/854e8bb1aa06c578c2c9145fa6bfe3680ef63b23
- [oss-security] 20141024 kvm issues
- USN-2394-1
- USN-2418-1
- USN-2417-1
- DSA-3060
- USN-2491-1
- SUSE-SU-2015:0481
- openSUSE-SU-2015:0566
- 70742
- RHSA-2015:0869
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=854e8bb1aa06c578c2c9145fa6bfe3680ef63b23
Published: Nov. 10, 2014
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2014-3611
Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS crash) by leveraging incorrect PIT emulation.
Severity: MEDIUM (4.7) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://github.com/torvalds/linux/commit/2febc839133280d5a5e8e1179c94ea674489dae2
- https://bugzilla.redhat.com/show_bug.cgi?id=1144878
- [oss-security] 20141024 kvm issues
- USN-2394-1
- USN-2418-1
- USN-2417-1
- DSA-3060
- USN-2491-1
- RHSA-2015:0126
- RHSA-2015:0284
- RHSA-2015:0869
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2febc839133280d5a5e8e1179c94ea674489dae2
Published: Sept. 28, 2014
Modified: Feb. 2, 2024
Modified: Feb. 2, 2024
CVE-2014-3631
The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via multiple "keyctl newring" operations followed by a "keyctl timeout" operation.
Severity: HIGH (7.2)
Links:
- https://github.com/torvalds/linux/commit/95389b08d93d5c06ec63ab49bd732b0069b7c35e
- https://bugzilla.redhat.com/show_bug.cgi?id=1140325
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.3
- USN-2379-1
- USN-2378-1
- 111298
- 36268
- 70095
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=95389b08d93d5c06ec63ab49bd732b0069b7c35e
Published: Nov. 10, 2014
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2014-3646
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1144825
- [oss-security] 20141024 kvm issues
- https://github.com/torvalds/linux/commit/a642fc305053cc1c6e47e4f4df327895747ab485
- USN-2394-1
- USN-2418-1
- USN-2417-1
- DSA-3060
- RHSA-2015:0126
- SUSE-SU-2015:0481
- RHSA-2015:0284
- openSUSE-SU-2015:0566
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a642fc305053cc1c6e47e4f4df327895747ab485
Published: Nov. 10, 2014
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2014-3647
arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
- [oss-security] 20141024 kvm issues
- https://github.com/torvalds/linux/commit/d1442d85cc30ea75f7d399474ca738e0bc96f715
- https://bugzilla.redhat.com/show_bug.cgi?id=1144897
- https://github.com/torvalds/linux/commit/234f3ce485d54017f15cf5e0699cff4100121601
- USN-2394-1
- USN-2418-1
- USN-2417-1
- DSA-3060
- 70748
- SUSE-SU-2015:0481
- openSUSE-SU-2015:0566
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d1442d85cc30ea75f7d399474ca738e0bc96f715
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=234f3ce485d54017f15cf5e0699cff4100121601
Published: Nov. 30, 2014
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2014-3688
The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c.
Severity: MEDIUM (5.0)
Links:
- [oss-security] 20141113 Linux kernel: SCTP issues
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4
- https://bugzilla.redhat.com/show_bug.cgi?id=1155745
- https://github.com/torvalds/linux/commit/26b87c7881006311828bb0ab271a551a62dcceb4
- USN-2418-1
- USN-2417-1
- DSA-3060
- RHSA-2015:0062
- RHSA-2015:0115
- SUSE-SU-2015:0481
- openSUSE-SU-2015:0566
- SUSE-SU-2015:0652
- SUSE-SU-2015:0736
- HPSBGN03285
- HPSBGN03282
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=26b87c7881006311828bb0ab271a551a62dcceb4
Published: Nov. 10, 2014
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2014-3690
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://github.com/torvalds/linux/commit/d974baa398f34393db76be45f7d4d04fbdbb4a0a
- [oss-security] 20141021 CVE-2014-3690: KVM DoS triggerable by malicious host userspace
- https://bugzilla.redhat.com/show_bug.cgi?id=1153322
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.2
- [oss-security] 20141029 Re: CVE-2014-3690: KVM DoS triggerable by malicious host userspace
- USN-2421-1
- USN-2419-1
- USN-2420-1
- USN-2418-1
- USN-2417-1
- DSA-3060
- 70691
- 60174
- SUSE-SU-2015:0178
- SUSE-SU-2015:0481
- RHSA-2015:0290
- MDVSA-2015:058
- openSUSE-SU-2015:0566
- RHSA-2015:0782
- SUSE-SU-2015:0736
- RHSA-2015:0864
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d974baa398f34393db76be45f7d4d04fbdbb4a0a
Published: June 23, 2014
Modified: Dec. 18, 2018
Modified: Dec. 18, 2018
CVE-2014-4171
mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call.
Severity: MEDIUM (4.7)
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1111180
- http://ozlabs.org/~akpm/mmots/broken-out/shmem-fix-faulting-into-a-hole-while-its-punched.patch
- [oss-security] 20140618 CVE-2014-4171 - Linux kernel mm/shmem.c denial of service
- [mm-commits] 20140617 + shmem-fix-faulting-into-a-hole-while-its-punched.patch added to -mm tree
- 68157
- 59777
- 60564
- USN-2334-1
- USN-2335-1
- RHSA-2014:1318
- SUSE-SU-2014:1316
- SUSE-SU-2014:1319
- RHSA-2015:0102
- 1030450
Published: Dec. 24, 2014
Modified: Aug. 14, 2020
Modified: Aug. 14, 2020
CVE-2014-4322
drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application.
Severity: HIGH (7.2)
Links:
Published: Dec. 12, 2014
Modified: Aug. 14, 2020
Modified: Aug. 14, 2020
CVE-2014-4323
The mdp_lut_hw_update function in drivers/video/msm/mdp.c in the MDP display driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain start and length values within an ioctl call, which allows attackers to gain privileges via a crafted application.
Severity: HIGH (7.5)
Links:
Published: June 23, 2014
Modified: Nov. 13, 2020
Modified: Nov. 13, 2020
CVE-2014-4508
arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000.
Severity: MEDIUM (4.7)
Links:
- [oss-security] 20140619 CVE request: Another Linux syscall auditing bug
- [oss-security] 20140620 Re: CVE request: Another Linux syscall auditing bug
- [linux-kernel] 20140616 Re: 3.15: kernel BUG at kernel/auditsc.c:1525!
- 58964
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.61
- 60564
- USN-2334-1
- SUSE-SU-2014:1316
- SUSE-SU-2014:1319
- openSUSE-SU-2015:0566
- 68126
- [oss-security] 20201112 CVE-2014-4508
Published: July 3, 2014
Modified: May 17, 2024
Modified: May 17, 2024
CVE-2014-4608
Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is *not* affected; media hype.
Severity: HIGH (7.5)
Links:
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2
- https://www.securitymouse.com/lms-2014-06-16-2
- https://github.com/torvalds/linux/commit/206a81c18401c0cde6e579164f752c4b147324ce
- https://bugzilla.redhat.com/show_bug.cgi?id=1113899
- http://www.oberhumer.com/opensource/lzo/
- http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html
- [oss-security] 20140626 LMS-2014-06-16-2: Linux Kernel LZO
- 68214
- 60011
- USN-2421-1
- USN-2419-1
- USN-2416-1
- USN-2420-1
- USN-2418-1
- USN-2417-1
- 62633
- 60174
- RHSA-2015:0062
- SUSE-SU-2015:0481
- openSUSE-SU-2015:0566
- SUSE-SU-2015:0736
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=206a81c18401c0cde6e579164f752c4b147324ce
Published: July 3, 2014
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2014-4611
Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4_uncompress function in lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run that would be improperly handled by programs not complying with an API limitation, a different vulnerability than CVE-2014-4715.
Severity: MEDIUM (5.0)
Links:
- http://fastcompression.blogspot.fr/2014/06/debunking-lz4-20-years-old-bug-myth.html
- [oss-security] 20140626 LMS-2014-06-16-5: Linux Kernel LZ4
- https://bugzilla.redhat.com/show_bug.cgi?id=1112436
- https://github.com/torvalds/linux/commit/206204a1162b995e2185275167b22468c00d6b36
- http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html
- https://code.google.com/p/lz4/source/detail?r=118
- https://code.google.com/p/lz4/issues/detail?id=52
- https://www.securitymouse.com/lms-2014-06-16-5
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2
- https://www.securitymouse.com/lms-2014-06-16-6
- http://twitter.com/djrbliss/statuses/484931749013495809
- http://twitter.com/djrbliss/statuses/485042901399789568
- 1030491
- 59770
- 60238
- 59567
- openSUSE-SU-2014:0924
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=206204a1162b995e2185275167b22468c00d6b36
- [hadoop-common-issues] 20210916 [jira] [Updated] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
- [hadoop-common-dev] 20210916 [jira] [Created] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
- [hadoop-common-issues] 20210916 [jira] [Created] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
- [hadoop-common-issues] 20210920 [jira] [Updated] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
- [hadoop-common-issues] 20210920 [jira] [Commented] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
- [hadoop-common-issues] 20210921 [jira] [Updated] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
- [hadoop-common-issues] 20210921 [jira] [Commented] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
- [hadoop-common-issues] 20210921 [jira] [Comment Edited] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
- [hadoop-common-commits] 20210924 [hadoop] branch branch-3.2.3 updated: HADOOP-17917. Backport HADOOP-15993 to branch-3.2 which address CVE-2014-4611. Contributed by Brahma Reddy Battula.
- [hadoop-common-issues] 20210924 [jira] [Updated] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which address CVE-2014-4611
- [hadoop-common-commits] 20210924 [hadoop] branch branch-3.2 updated: HADOOP-17917. Backport HADOOP-15993 to branch-3.2 which address CVE-2014-4611. Contributed by Brahma Reddy Battula.
- [hadoop-common-issues] 20210924 [jira] [Commented] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which address CVE-2014-4611
- [hadoop-common-issues] 20210928 [jira] [Commented] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which address CVE-2014-4611
Published: July 3, 2014
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2014-4652
Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.
Severity: LOW (1.9)
Links:
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2
- [oss-security] 20140626 Re: CVE Request: Linux kernel ALSA core control API vulnerabilities
- https://github.com/torvalds/linux/commit/07f4d9d74a04aa7c72c5dae0ef97565f28f17b92
- https://bugzilla.redhat.com/show_bug.cgi?id=1113406
- 59434
- 59777
- 60564
- RHSA-2014:1083
- USN-2334-1
- USN-2335-1
- SUSE-SU-2015:0812
- RHSA-2015:1272
- 60545
- linux-kernel-cve20144652-info-disc(94412)
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=07f4d9d74a04aa7c72c5dae0ef97565f28f17b92
Published: July 3, 2014
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2014-4653
sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.
Severity: MEDIUM (4.6)
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1113409
- https://github.com/torvalds/linux/commit/fd9f26e4eca5d08a27d12c0933fceef76ed9663d
- [oss-security] 20140626 Re: CVE Request: Linux kernel ALSA core control API vulnerabilities
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2
- 59434
- 68164
- 59777
- 60564
- RHSA-2014:1083
- USN-2334-1
- USN-2335-1
- SUSE-SU-2015:0812
- 60545
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fd9f26e4eca5d08a27d12c0933fceef76ed9663d
Published: July 3, 2014
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2014-4654
The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call.
Severity: MEDIUM (4.6)
Links:
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2
- https://github.com/torvalds/linux/commit/82262a46627bebb0febcc26664746c25cef08563
- https://bugzilla.redhat.com/show_bug.cgi?id=1113445
- [oss-security] 20140626 Re: CVE Request: Linux kernel ALSA core control API vulnerabilities
- 59434
- 68162
- 59777
- 60564
- RHSA-2014:1083
- USN-2334-1
- USN-2335-1
- SUSE-SU-2015:0812
- 60545
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=82262a46627bebb0febcc26664746c25cef08563
Published: July 3, 2014
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2014-4655
The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls.
Severity: MEDIUM (4.9)
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1113445
- https://github.com/torvalds/linux/commit/82262a46627bebb0febcc26664746c25cef08563
- [oss-security] 20140626 Re: CVE Request: Linux kernel ALSA core control API vulnerabilities
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2
- 59434
- 68162
- 59777
- 60564
- RHSA-2014:1083
- USN-2334-1
- USN-2335-1
- SUSE-SU-2015:0812
- 60545
- 1036763
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=82262a46627bebb0febcc26664746c25cef08563
Published: July 3, 2014
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2014-4656
Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function.
Severity: MEDIUM (4.6)
Links:
- https://github.com/torvalds/linux/commit/883a1d49f0d77d30012f114b2e19fc141beb3e8e
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2
- https://github.com/torvalds/linux/commit/ac902c112d90a89e59916f751c2745f4dbdbb4bd
- [oss-security] 20140626 Re: CVE Request: Linux kernel ALSA core control API vulnerabilities
- https://bugzilla.redhat.com/show_bug.cgi?id=1113470
- 59434
- 59777
- 60564
- RHSA-2014:1083
- USN-2334-1
- USN-2335-1
- RHSA-2015:0087
- SUSE-SU-2015:0812
- 60545
- https://source.android.com/security/bulletin/2017-04-01
- 1038201
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ac902c112d90a89e59916f751c2745f4dbdbb4bd
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=883a1d49f0d77d30012f114b2e19fc141beb3e8e
Published: July 3, 2014
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2014-4667
The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.
Severity: MEDIUM (5.0)
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1113967
- https://github.com/torvalds/linux/commit/d3217b15a19a4779c39b212358a5c71d725822ee
- [oss-security] 20140627 Re: CVE request -- Linux kernel: sctp: sk_ack_backlog wrap-around problem
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2
- 68224
- 59777
- 60564
- DSA-2992
- USN-2334-1
- USN-2335-1
- SUSE-SU-2014:1316
- SUSE-SU-2014:1319
- SUSE-SU-2015:0812
- 60596
- 59790
- http://linux.oracle.com/errata/ELSA-2014-3069.html
- http://linux.oracle.com/errata/ELSA-2014-3068.html
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d3217b15a19a4779c39b212358a5c71d725822ee
Published: July 9, 2014
Modified: Feb. 16, 2024
Modified: Feb. 16, 2024
CVE-2014-4699
The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls.
Links:
- [oss-security] 20140704 CVE-2014-4699: Linux ptrace bug
- [oss-security] 20140708 Re: CVE-2014-4699: Linux ptrace bug
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.4
- [oss-security] 20140705 Re: CVE-2014-4699: Linux ptrace bug
- https://bugzilla.redhat.com/show_bug.cgi?id=1115927
- [oss-security] 20140708 Re: CVE-2014-4699: Linux ptrace bug
- https://github.com/torvalds/linux/commit/b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a
- USN-2269-1
- USN-2268-1
- USN-2274-1
- USN-2273-1
- USN-2272-1
- USN-2267-1
- USN-2271-1
- DSA-2972
- USN-2266-1
- USN-2270-1
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.47
- 59639
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.11
- 59633
- 59654
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.97
- http://linux.oracle.com/errata/ELSA-2014-0924.html
- http://linux.oracle.com/errata/ELSA-2014-3047.html
- http://linux.oracle.com/errata/ELSA-2014-3048.html
- http://packetstormsecurity.com/files/127573/Linux-Kernel-ptrace-sysret-Local-Privilege-Escalation.html
- 34134
- 60393
- 108754
- 60220
- 60380
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a
Published: July 19, 2014
Modified: Jan. 19, 2024
Modified: Jan. 19, 2024
CVE-2014-4943
The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.
Links:
- [oss-security] 20140716 CVE-2014-4943: Linux privilege escalation in ppp over l2tp sockets
- https://github.com/torvalds/linux/commit/3cf521f7dc87c031617fd47e4b7aa2593c2f3daf
- https://bugzilla.redhat.com/show_bug.cgi?id=1119458
- 60393
- 60011
- http://linux.oracle.com/errata/ELSA-2014-0924.html
- http://linux.oracle.com/errata/ELSA-2014-3047.html
- 60071
- http://linux.oracle.com/errata/ELSA-2014-3048.html
- 60220
- 60380
- 1030610
- DSA-2992
- RHSA-2014:1025
- SUSE-SU-2014:1316
- SUSE-SU-2014:1319
- 36267
- 109277
- SUSE-SU-2015:0481
- openSUSE-SU-2015:0566
- 59790
- linux-kernel-cve20144943-priv-esc(94665)
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3cf521f7dc87c031617fd47e4b7aa2593c2f3daf
Published: Aug. 1, 2014
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2014-5045
The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a symlink, which allows local users to cause a denial of service (memory consumption or use-after-free) or possibly have unspecified other impact via the umount program.
Severity: MEDIUM (6.2)
Links:
- [oss-security] 20140723 Re: CVE request: kernel: vfs: refcount issues during unmount on symlink
- https://github.com/torvalds/linux/commit/295dc39d941dc2ae53d5c170365af4c9d5c16212
- https://bugzilla.redhat.com/show_bug.cgi?id=1122472
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.8
- RHSA-2015:0062
- 68862
- 60353
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=295dc39d941dc2ae53d5c170365af4c9d5c16212
Published: Aug. 18, 2014
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2014-5206
The do_remount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a "mount -o remount" command within a user namespace.
Severity: HIGH (7.2)
Links:
- https://github.com/torvalds/linux/commit/a6138db815df5ee542d848318e5dae681590fccd
- [oss-security] 20140813 Re: CVE Request: ro bind mount bypass using user namespaces
- https://bugzilla.redhat.com/show_bug.cgi?id=1129662
- USN-2317-1
- USN-2318-1
- 69214
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a6138db815df5ee542d848318e5dae681590fccd
Published: Aug. 18, 2014
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2014-5207
fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a "mount -o remount" command within a user namespace.
Severity: MEDIUM (6.2)
Links:
- [oss-security] 20140813 Re: CVE Request: ro bind mount bypass using user namespaces
- https://bugzilla.redhat.com/show_bug.cgi?id=1129662
- https://github.com/torvalds/linux/commit/9566d6742852c527bf5af38af5cbb878dad75705
- http://packetstormsecurity.com/files/128595/Linux-Kernel-3.16.1-FUSE-Privilege-Escalation.html
- 110055
- 34923
- USN-2317-1
- USN-2318-1
- 69216
- [oss-security] 20140812 CVE Request: ro bind mount bypass using user namespaces
- linux-kernel-cve20145207-sec-bypass(95266)
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9566d6742852c527bf5af38af5cbb878dad75705
Published: Sept. 1, 2014
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2014-5471
Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry.
Severity: MEDIUM (4.0)
Links:
- [oss-security] 20140827 Re: CVE Request: Linux Kernel unbound recursion in ISOFS
- https://code.google.com/p/google-security-research/issues/detail?id=88
- https://bugzilla.redhat.com/show_bug.cgi?id=1134099
- https://github.com/torvalds/linux/commit/410dd3cf4c9b36f27ed4542ee18b1af5e68645a4
- USN-2355-1
- USN-2354-1
- USN-2358-1
- USN-2359-1
- USN-2357-1
- USN-2356-1
- RHSA-2014:1318
- SUSE-SU-2014:1316
- SUSE-SU-2014:1319
- SUSE-SU-2015:0481
- RHSA-2015:0102
- RHSA-2015:0695
- openSUSE-SU-2015:0566
- RHSA-2015:0782
- RHSA-2015:0803
- SUSE-SU-2015:0812
- HPSBGN03285
- HPSBGN03282
- 69396
- [oss-security] 20140826 CVE Request: Linux Kernel unbound recursion in ISOFS
- linux-kernel-isofs-bo(95481)
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=410dd3cf4c9b36f27ed4542ee18b1af5e68645a4
Published: Sept. 1, 2014
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2014-5472
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry.
Severity: MEDIUM (4.0)
Links:
- [oss-security] 20140827 Re: CVE Request: Linux Kernel unbound recursion in ISOFS
- https://bugzilla.redhat.com/show_bug.cgi?id=1134099
- https://github.com/torvalds/linux/commit/410dd3cf4c9b36f27ed4542ee18b1af5e68645a4
- https://code.google.com/p/google-security-research/issues/detail?id=88
- USN-2355-1
- USN-2354-1
- USN-2358-1
- USN-2359-1
- USN-2357-1
- USN-2356-1
- RHSA-2014:1318
- SUSE-SU-2014:1316
- SUSE-SU-2014:1319
- SUSE-SU-2015:0481
- RHSA-2015:0102
- RHSA-2015:0695
- openSUSE-SU-2015:0566
- RHSA-2015:0782
- RHSA-2015:0803
- SUSE-SU-2015:0812
- HPSBGN03285
- HPSBGN03282
- 69428
- linux-kernel-cve20145472-dos(95556)
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=410dd3cf4c9b36f27ed4542ee18b1af5e68645a4
Published: Sept. 28, 2014
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2014-6410
The __udf_read_inode function in fs/udf/inode.c in the Linux kernel through 3.16.3 does not restrict the amount of ICB indirection, which allows physically proximate attackers to cause a denial of service (infinite loop or stack consumption) via a UDF filesystem with a crafted inode.
Severity: MEDIUM (4.7)
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1141809
- https://github.com/torvalds/linux/commit/c03aa9f6e1f938618e6db2e23afef0574efeeb65
- [oss-security] 20140915 Re: CVE request for Linux kernel: udf: Avoid infinite loop when processing indirect ICBs
- 69799
- USN-2375-1
- USN-2377-1
- USN-2374-1
- USN-2376-1
- USN-2379-1
- USN-2378-1
- RHSA-2014:1318
- SUSE-SU-2014:1316
- SUSE-SU-2014:1319
- HPSBGN03285
- HPSBGN03282
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c03aa9f6e1f938618e6db2e23afef0574efeeb65
Published: March 16, 2015
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2014-7822
The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem.
Severity: HIGH (7.2)
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1163792
- https://github.com/torvalds/linux/commit/8d0207652cbe27d1f962050737848e5ad4671958
- RHSA-2015:0164
- RHSA-2015:0102
- RHSA-2015:0674
- DSA-3170
- RHSA-2015:0694
- SUSE-SU-2015:0529
- USN-2543-1
- USN-2541-1
- USN-2544-1
- USN-2542-1
- 36743
- 117810
- 72347
- SUSE-SU-2015:0736
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- SUSE-SU-2015:1489
- SUSE-SU-2015:1488
- openSUSE-SU-2015:0714
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8d0207652cbe27d1f962050737848e5ad4671958
Published: Nov. 30, 2014
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2014-7841
The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk.
Severity: MEDIUM (5.0)
Links:
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4
- https://github.com/torvalds/linux/commit/e40607cbe270a9e8360907cb1e62ddf0736e4864
- https://bugzilla.redhat.com/show_bug.cgi?id=1163087
- [oss-security] 20141113 CVE-2014-7841 Linux kernel: net: sctp: NULL pointer dereference in af->from_addr_param on malformed packet
- 62305
- DSA-3093
- RHSA-2015:0285
- RHSA-2015:0087
- SUSE-SU-2015:0481
- RHSA-2015:0284
- RHSA-2015:0102
- RHSA-2015:0695
- SUSE-SU-2015:0529
- openSUSE-SU-2015:0566
- SUSE-SU-2015:0652
- https://support.f5.com/kb/en-us/solutions/public/16000/000/sol16016.html
- 71081
- 62735
- 62597
- http://linux.oracle.com/errata/ELSA-2015-3005.html
- http://linux.oracle.com/errata/ELSA-2015-3004.html
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e40607cbe270a9e8360907cb1e62ddf0736e4864
Published: Nov. 30, 2014
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2014-7842
Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allows guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to CVE-2010-5313.
Severity: MEDIUM (4.9)
Links:
- https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4
- https://github.com/torvalds/linux/commit/a2b9e6c1a35afcc0973acb72e591c714e78885ff
- https://bugzilla.redhat.com/show_bug.cgi?id=1163762
- [oss-security] 20141113 CVE-2014-7842 Linux kernel: kvm: reporting emulation failures to userspace
- 62326
- 62305
- 62336
- SUSE-SU-2015:0481
- openSUSE-SU-2015:0566
- SUSE-SU-2015:0652
- SUSE-SU-2015:0736
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- RHSA-2016:0855
- 71078
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a2b9e6c1a35afcc0973acb72e591c714e78885ff
Published: Nov. 30, 2014
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2014-7843
The __clear_user function in arch/arm64/lib/clear_user.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary.
Severity: MEDIUM (4.9)
Links:
- https://github.com/torvalds/linux/commit/97fc15436b36ee3956efad83e22a557991f7d19d
- https://bugzilla.redhat.com/show_bug.cgi?id=1163744
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4
- [oss-security] 20141113 CVE-2014-7843 Linux kernel: aarch64: copying from /dev/zero causes local DoS
- 71082
- 62305
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=97fc15436b36ee3956efad83e22a557991f7d19d
Published: Oct. 13, 2014
Modified: Aug. 14, 2020
Modified: Aug. 14, 2020
CVE-2014-7970
The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1151095
- [linux-fsdevel] 20141008 [PATCH] mnt: Prevent pivot_root from creating a loop in the mount tree
- [oss-security] 20141008 CVE-2014-7970: Linux VFS denial of service
- 70319
- 1030991
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d0826019e529f21c84687521d03f60cd241ca7d
- 61142
- USN-2419-1
- USN-2420-1
- 60174
- USN-2514-1
- USN-2513-1
- SUSE-SU-2015:0736
- linux-kernel-cve20147970-dos(96921)
- RHSA-2017:2077
- RHSA-2017:1842
Published: Oct. 13, 2014
Modified: Aug. 14, 2020
Modified: Aug. 14, 2020
CVE-2014-7975
The do_umount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAP_SYS_ADMIN capability for do_remount_sb calls that change the root filesystem to read-only, which allows local users to cause a denial of service (loss of writability) by making certain unshare system calls, clearing the / MNT_LOCKED flag, and making an MNT_FORCE umount system call.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- [oss-security] 20141008 CVE-2014-7975: 0-day umount denial of service
- [stable] 20141008 [PATCH] fs: Add a missing permission check to do_umount
- https://bugzilla.redhat.com/show_bug.cgi?id=1151108
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ef3a56b1c466629cd0bf482b09c7b0e5a085bb5
- 70314
- 61145
- USN-2415-1
- USN-2421-1
- USN-2419-1
- USN-2420-1
- USN-2416-1
- USN-2418-1
- USN-2417-1
- 62634
- 62633
- 60174
- 1031180
- linux-kernel-cve20147975-dos(96994)
- RHSA-2017:2077
- RHSA-2017:1842
Published: Oct. 13, 2014
Modified: Aug. 14, 2020
Modified: Aug. 14, 2020
CVE-2014-8086
Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag.
Severity: MEDIUM (4.7) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- [linux-kernel] 20141009 Re: ext4: kernel BUG at fs/ext4/inode.c:2959!
- https://bugzilla.redhat.com/show_bug.cgi?id=1151353
- [linux-ext4] 20141009 [PATCH] add aio/dio regression test race between write and fcntl
- [linux-kernel] 20141008 ext4: kernel BUG at fs/ext4/inode.c:2959!
- [linux-ext4] 20141009 [PATCH] ext4: fix race between write and fcntl(F_SETFL)
- [oss-security] 20141009 CVE-2014-8086 - Linux kernel ext4 race condition
- 70376
- RHSA-2015:0290
- RHSA-2015:0694
- SUSE-SU-2015:1478
- linux-kernel-cve20148086-dos(96922)
Published: Dec. 17, 2014
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2014-8133
arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a set_thread_area system call and later reads a 16-bit value.
Severity: LOW (2.1)
Links:
- [oss-security] 20141215 Linux kernel: multiple x86_64 vulnerabilities
- https://bugzilla.redhat.com/show_bug.cgi?id=1172797
- https://github.com/torvalds/linux/commit/41bdc78544b8a93a9c6814b8bbbfef966272abbe
- 71684
- 62801
- USN-2516-1
- USN-2517-1
- USN-2492-1
- USN-2518-1
- USN-2515-1
- USN-2493-1
- USN-2490-1
- USN-2491-1
- DSA-3128
- MDVSA-2015:058
- openSUSE-SU-2015:0566
- SUSE-SU-2015:0736
- RHSA-2015:1272
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=41bdc78544b8a93a9c6814b8bbbfef966272abbe
Published: Dec. 12, 2014
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2014-8134
The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value.
Severity: LOW (3.3) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Links:
- http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8134.html
- [kvm] 20141205 [PATCH] x86, kvm: Clear paravirt_enabled on KVM guests for espfix32's benefit
- https://bugzilla.novell.com/show_bug.cgi?id=909078
- https://bugzilla.redhat.com/show_bug.cgi?id=1172765
- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1400314
- 62336
- SUSE-SU-2015:0481
- openSUSE-SU-2015:0566
- SUSE-SU-2015:0736
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- RHSA-2016:0855
- 71650
- openSUSE-SU-2015:0714
- https://support.f5.com/csp/article/K17120
- https://support.f5.com/csp/article/K17120?utm_source=f5support&amp%3Butm_medium=RSS
Published: March 2, 2015
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2014-8160
net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers.
Severity: MEDIUM (5.0)
Links:
- [oss-security] 20150114 CVE-2014-8160 Linux Kernel: SCTP firewalling fails until SCTP module is loaded
- https://bugzilla.redhat.com/show_bug.cgi?id=1182059
- https://github.com/torvalds/linux/commit/db29a9508a9246e77087c5531e45b2c88ec6988b
- [netfilter-devel] 20140925 [PATCH nf] netfilter: conntrack: disable generic protocol tracking
- USN-2518-1
- USN-2515-1
- USN-2516-1
- USN-2517-1
- 72061
- USN-2514-1
- USN-2513-1
- RHSA-2015:0284
- RHSA-2015:0674
- RHSA-2015:0290
- DSA-3170
- SUSE-SU-2015:0529
- MDVSA-2015:057
- MDVSA-2015:058
- SUSE-SU-2015:0652
- SUSE-SU-2015:0736
- openSUSE-SU-2015:0714
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=db29a9508a9246e77087c5531e45b2c88ec6988b
Published: Nov. 10, 2014
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2014-8369
The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1156518
- [oss-security] 20141024 CVE-2014-8369 - Linux kernel iommu.c excessive unpinning
- [linux-kernel] 20141024 [PATCH 13/14] kvm: fix excessive pages un-pinning in kvm_iommu_map error path.
- https://github.com/torvalds/linux/commit/3d32e4dbe71374a6780eaf51d719d76f9a9bf22f
- 62326
- 70749
- 62336
- DSA-3093
- SUSE-SU-2015:0481
- RHSA-2015:0674
- openSUSE-SU-2015:0566
- 70747
- SUSE-SU-2015:0736
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3d32e4dbe71374a6780eaf51d719d76f9a9bf22f
Published: Nov. 10, 2014
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2014-8480
The instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel before 3.18-rc2 lacks intended decoder-table flags for certain RIP-relative instructions, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a crafted application.
Severity: MEDIUM (4.9)
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1156615
- https://github.com/torvalds/linux/commit/3f6f1480d86bf9fc16c160d803ab1d006e3058d5
- [kvm] 20141013 [PATCH 0/2] KVM: x86: Fixing clflush/hint_nop/prefetch
- [oss-security] 20141023 CVE Request: Linux 3.17 guest-triggerable KVM OOPS
- 70710
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3f6f1480d86bf9fc16c160d803ab1d006e3058d5
Published: Nov. 10, 2014
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2014-8481
The instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel before 3.18-rc2 does not properly handle invalid instructions, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a crafted application that triggers (1) an improperly fetched instruction or (2) an instruction that occupies too many bytes. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8480.
Severity: MEDIUM (4.9)
Links:
- https://github.com/torvalds/linux/commit/a430c9166312e1aa3d80bce32374233bdbfeba32
- [oss-security] 20141023 CVE Request: Linux 3.17 guest-triggerable KVM OOPS
- [kvm] 20141013 [PATCH 0/2] KVM: x86: Fixing clflush/hint_nop/prefetch
- https://bugzilla.redhat.com/show_bug.cgi?id=1156615
- 62042
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a430c9166312e1aa3d80bce32374233bdbfeba32
Published: Nov. 10, 2014
Modified: Aug. 13, 2020
Modified: Aug. 13, 2020
CVE-2014-8559
The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- [linux-kernel] 20141026 Re: fs: lockup on rename_mutex in fs/dcache.c:1035
- https://bugzilla.redhat.com/show_bug.cgi?id=1159313
- [linux-kernel] 20141026 Re: fs: lockup on rename_mutex in fs/dcache.c:1035
- [linux-kernel] 20141025 fs: lockup on rename_mutex in fs/dcache.c:1035
- [oss-security] 20141030 CVE-2014-8559 - Linux kernel fs/dcache.c incorrect use of rename_lock
- [linux-kernel] 20141026 Re: fs: lockup on rename_mutex in fs/dcache.c:1035
- [linux-kernel] 20141026 Re: fs: lockup on rename_mutex in fs/dcache.c:1035
- [linux-kernel] 20141026 Re: fs: lockup on rename_mutex in fs/dcache.c:1035
- [linux-kernel] 20141026 Re: fs: lockup on rename_mutex in fs/dcache.c:1035
- 70854
- 62801
- USN-2516-1
- USN-2517-1
- USN-2492-1
- USN-2518-1
- USN-2515-1
- USN-2493-1
- SUSE-SU-2015:0178
- SUSE-SU-2015:0481
- DSA-3170
- SUSE-SU-2015:0529
- openSUSE-SU-2015:0566
- SUSE-SU-2015:0736
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- RHSA-2015:1978
- RHSA-2015:1976
- 1034051
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca5358ef75fc69fee5322a38a340f5739d997c10
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=946e51f2bf37f1656916eb75bd0742ba33983c28
- openSUSE-SU-2015:0714
- https://support.f5.com/csp/article/K05211147
Published: Nov. 30, 2014
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2014-8884
Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call.
Severity: MEDIUM (6.1)
Links:
- [oss-security] 20141114 Re: CVE Request: Linux kernel: ttusb-dec: overflow by descriptor
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f2e323ec96077642d397bb1c355def536d489d16
- DSA-3093
- RHSA-2015:0864
- RHSA-2015:0290
- RHSA-2015:0782
- https://github.com/torvalds/linux/commit/f2e323ec96077642d397bb1c355def536d489d16
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4
- 62305
- https://bugzilla.redhat.com/show_bug.cgi?id=1164266
Published: Nov. 30, 2014
Modified: Jan. 3, 2017
Modified: Jan. 3, 2017
CVE-2014-8989
The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a "negative groups" issue, related to kernel/groups.c, kernel/uid16.c, and kernel/user_namespace.c.
Severity: MEDIUM (4.6)
Links:
Published: Nov. 30, 2014
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2014-9090
The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite.
Severity: MEDIUM (4.9)
Links:
- [oss-security] 20141126 Re: CVE Request: Linux kernel LDT handling bugs
- https://github.com/torvalds/linux/commit/6f442be2fb22be02cafa606f1769fa1e6f894441
- 62336
- DSA-3093
- openSUSE-SU-2015:0566
- SUSE-SU-2015:0812
- SUSE-SU-2015:0736
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6f442be2fb22be02cafa606f1769fa1e6f894441
Published: Aug. 8, 2016
Modified: Nov. 17, 2020
Modified: Nov. 17, 2020
CVE-2014-9410
The vfe31_proc_general function in drivers/media/video/msm/vfe/msm_vfe31.c in the MSM-VFE31 driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate a certain id value, which allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that makes a crafted ioctl call.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Dec. 26, 2014
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2014-9419
The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address.
Severity: LOW (2.1)
Links:
- https://github.com/torvalds/linux/commit/f647d7c155f069c1a068030255c300663516420e
- [oss-security] 20141225 Re: CVE Request: Linux x86_64 userspace address leak
- https://bugzilla.redhat.com/show_bug.cgi?id=1177260
- USN-2518-1
- USN-2515-1
- USN-2516-1
- USN-2517-1
- DSA-3128
- SUSE-SU-2015:0529
- MDVSA-2015:058
- USN-2541-1
- USN-2542-1
- FEDORA-2015-0517
- FEDORA-2015-0515
- SUSE-SU-2015:0736
- 71794
- openSUSE-SU-2015:0714
- RHSA-2015:1081
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f647d7c155f069c1a068030255c300663516420e
Published: Dec. 26, 2014
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2014-9420
The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image.
Severity: MEDIUM (4.9)
Links:
- [oss-security] 20141225 Re: CVE Request Linux kernel: fs: isofs: infinite loop in CE records
- https://bugzilla.redhat.com/show_bug.cgi?id=1175235
- https://github.com/torvalds/linux/commit/f54e18f1b831c92f6512d2eedb224cd63d607d3d
- 62801
- USN-2492-1
- USN-2518-1
- USN-2515-1
- USN-2516-1
- USN-2493-1
- USN-2490-1
- USN-2517-1
- USN-2491-1
- SUSE-SU-2015:0178
- MDVSA-2015:058
- SUSE-SU-2015:0652
- FEDORA-2015-0517
- FEDORA-2015-0515
- SUSE-SU-2015:0812
- SUSE-SU-2015:0736
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- openSUSE-SU-2015:0714
- https://source.android.com/security/bulletin/2017-01-01.html
- RHSA-2015:1138
- RHSA-2015:1137
- RHSA-2015:1081
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f54e18f1b831c92f6512d2eedb224cd63d607d3d
Published: Jan. 10, 2015
Modified: March 14, 2024
Modified: March 14, 2024
CVE-2014-9529
Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.
Links:
- https://github.com/torvalds/linux/commit/a3a8784454692dd72e5d5d34dcdab17b4420e74c
- [oss-security] 20150106 CVE-2014-9529 - Linux kernel security/keys/gc.c race condition
- https://bugzilla.redhat.com/show_bug.cgi?id=1179813
- USN-2512-1
- USN-2511-1
- USN-2518-1
- USN-2515-1
- USN-2516-1
- USN-2517-1
- DSA-3128
- USN-2514-1
- USN-2513-1
- MDVSA-2015:058
- FEDORA-2015-0517
- FEDORA-2015-0515
- 71880
- openSUSE-SU-2015:0714
- 1036763
- linux-kernel-cve20149529-dos(99641)
- RHSA-2015:1138
- RHSA-2015:1137
- RHSA-2015:0864
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a3a8784454692dd72e5d5d34dcdab17b4420e74c
Published: Jan. 10, 2015
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2014-9584
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.
Severity: LOW (2.1)
Links:
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2
- [oss-security] 20150109 Re: CVE request Linux kernel: isofs: unchecked printing of ER records
- https://bugzilla.redhat.com/show_bug.cgi?id=1180119
- https://github.com/torvalds/linux/commit/4e2024624e678f0ebb916e6192bd23c1f9fdf696
- USN-2512-1
- USN-2511-1
- USN-2518-1
- USN-2515-1
- USN-2516-1
- USN-2517-1
- DSA-3128
- USN-2514-1
- USN-2513-1
- SUSE-SU-2015:0481
- SUSE-SU-2015:0529
- MDVSA-2015:058
- openSUSE-SU-2015:0566
- SUSE-SU-2015:0652
- SUSE-SU-2015:0812
- SUSE-SU-2015:0736
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- 71883
- openSUSE-SU-2015:0714
- RHSA-2015:1138
- RHSA-2015:1137
- RHSA-2015:0864
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4e2024624e678f0ebb916e6192bd23c1f9fdf696
Published: Jan. 10, 2015
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2014-9585
The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.
Severity: LOW (2.1)
Links:
- [oss-security] 20150109 Re: PIE bypass using VDSO ASLR weakness - Linux kernel
- [oss-security] 20141209 PIE bypass using VDSO ASLR weakness
- http://v0ids3curity.blogspot.in/2014/12/return-to-vdso-using-elf-auxiliary.html
- USN-2518-1
- USN-2515-1
- USN-2516-1
- USN-2517-1
- SUSE-SU-2015:0178
- USN-2514-1
- USN-2513-1
- SUSE-SU-2015:0481
- DSA-3170
- MDVSA-2015:058
- openSUSE-SU-2015:0566
- SUSE-SU-2015:0652
- FEDORA-2015-0937
- SUSE-SU-2015:0736
- RHSA-2015:1787
- RHSA-2015:1778
- 71990
- openSUSE-SU-2015:0714
- RHSA-2015:1081
- http://git.kernel.org/?p=linux/kernel/git/tip/tip.git%3Ba=commit%3Bh=fbe1bf140671619508dfa575d74a185ae53c5dbb
- http://git.kernel.org/?p=linux/kernel/git/luto/linux.git%3Ba=commit%3Bh=bc3b94c31d65e761ddfe150d02932c65971b74e2
Published: March 2, 2015
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2014-9644
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-2013-7421.
Severity: LOW (2.1)
Links:
- [oss-security] 20150124 Re: CVE Request: Linux kernel crypto api unprivileged arbitrary module load
- https://github.com/torvalds/linux/commit/4943ba16bbc2db05115707b3ff7b4874e9e3c560
- https://bugzilla.redhat.com/show_bug.cgi?id=1190546
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.5
- https://plus.google.com/+MathiasKrause/posts/PqFCo4bfrWu
- 72320
- USN-2514-1
- USN-2513-1
- DSA-3170
- MDVSA-2015:057
- MDVSA-2015:058
- USN-2543-1
- USN-2544-1
- USN-2545-1
- USN-2546-1
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- RHSA-2016:0068
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4943ba16bbc2db05115707b3ff7b4874e9e3c560
Published: March 3, 2015
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2014-9683
Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename.
Severity: LOW (3.6)
Links:
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2
- https://github.com/torvalds/linux/commit/942080643bce061c3dd9d5718d3b745dcb39a8bc
- https://bugzilla.redhat.com/show_bug.cgi?id=1193830
- [oss-security] 20150217 Re: CVE request: Linux kernel ecryptfs 1-byte overwrite
- USN-2518-1
- USN-2515-1
- USN-2516-1
- USN-2517-1
- 72643
- 1031860
- DSA-3170
- MDVSA-2015:058
- USN-2541-1
- USN-2542-1
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- SUSE-SU-2015:1478
- RHSA-2015:1272
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=942080643bce061c3dd9d5718d3b745dcb39a8bc
Published: May 27, 2015
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2014-9710
The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time window, related to a race condition, or (2) after an xattr-replacement attempt that fails because the data does not fit.
Links:
- https://github.com/torvalds/linux/commit/5f5bc6b1e2d5a6f827bc860ef2dc5b6f365d1339
- [oss-security] 20150324 CVE request Linux kernel: fs: btrfs: non-atomic xattr replace operation
- https://bugzilla.redhat.com/show_bug.cgi?id=1205079
- SUSE-SU-2015:1489
- SUSE-SU-2015:1224
- 1032418
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5f5bc6b1e2d5a6f827bc860ef2dc5b6f365d1339
Published: May 2, 2016
Modified: Aug. 12, 2016
Modified: Aug. 12, 2016
CVE-2014-9717
fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allows local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace.
Severity: MEDIUM (6.1) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Links:
- [linux-kernel] 20141007 [PATCH] mnt: don't allow to detach the namespace root
- https://bugzilla.redhat.com/show_bug.cgi?id=1226751
- https://github.com/torvalds/linux/commit/ce07d891a0891d3c0d0c2d73d577490486b809e1
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.2
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce07d891a0891d3c0d0c2d73d577490486b809e1
- [oss-security] 20150417 USERNS allows circumventing MNT_LOCKED
- [containers] 20150402 [PATCH review 0/19] Locked mount and loopback mount fixes
- 74226
- SUSE-SU-2016:1696
- SUSE-SU-2016:1690
- SUSE-SU-2016:1937
Published: Aug. 31, 2015
Modified: Dec. 22, 2016
Modified: Dec. 22, 2016
CVE-2014-9728
The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c.
Severity: MEDIUM (4.9)
Links:
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2
- https://bugzilla.redhat.com/show_bug.cgi?id=1228229
- https://github.com/torvalds/linux/commit/a1d47b262952a45aae62bd49cfaf33dd76c11a2c
- [oss-security] 20150602 CVE request Linux kernel: fs: udf heap overflow in __udf_adinicb_readpage
- https://github.com/torvalds/linux/commit/e237ec37ec154564f8690c5bd1795339955eeef9
- https://github.com/torvalds/linux/commit/e159332b9af4b04d882dbcfe1bb0117f0a6d4b58
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e159332b9af4b04d882dbcfe1bb0117f0a6d4b58
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a1d47b262952a45aae62bd49cfaf33dd76c11a2c
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e237ec37ec154564f8690c5bd1795339955eeef9
- 74964
- SUSE-SU-2015:1611
- SUSE-SU-2015:1592
- openSUSE-SU-2015:1382
- SUSE-SU-2015:1324
- SUSE-SU-2015:1224
Published: Aug. 31, 2015
Modified: Dec. 22, 2016
Modified: Dec. 22, 2016
CVE-2014-9729
The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a certain data-structure size consistency, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image.
Severity: MEDIUM (4.9)
Links:
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2
- https://bugzilla.redhat.com/show_bug.cgi?id=1228229
- [oss-security] 20150602 CVE request Linux kernel: fs: udf heap overflow in __udf_adinicb_readpage
- https://github.com/torvalds/linux/commit/e159332b9af4b04d882dbcfe1bb0117f0a6d4b58
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e159332b9af4b04d882dbcfe1bb0117f0a6d4b58
- 74964
- SUSE-SU-2015:1611
- SUSE-SU-2015:1592
- openSUSE-SU-2015:1382
- SUSE-SU-2015:1324
- SUSE-SU-2015:1224
Published: Aug. 31, 2015
Modified: Dec. 22, 2016
Modified: Dec. 22, 2016
CVE-2014-9730
The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image.
Severity: MEDIUM (4.9)
Links:
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2
- https://bugzilla.redhat.com/show_bug.cgi?id=1228229
- [oss-security] 20150602 CVE request Linux kernel: fs: udf heap overflow in __udf_adinicb_readpage
- https://github.com/torvalds/linux/commit/e237ec37ec154564f8690c5bd1795339955eeef9
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e237ec37ec154564f8690c5bd1795339955eeef9
- 74964
- SUSE-SU-2015:1611
- SUSE-SU-2015:1592
- openSUSE-SU-2015:1382
- SUSE-SU-2015:1324
- SUSE-SU-2015:1224
Published: Aug. 31, 2015
Modified: July 13, 2017
Modified: July 13, 2017
CVE-2014-9731
The UDF filesystem implementation in the Linux kernel before 3.18.2 does not ensure that space is available for storing a symlink target's name along with a trailing \0 character, which allows local users to obtain sensitive information via a crafted filesystem image, related to fs/udf/symlink.c and fs/udf/unicode.c.
Severity: LOW (2.1)
Links:
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2
- [oss-security] 20150603 CVE request Linux kernel: udf: information leakage when reading symlink
- https://bugzilla.redhat.com/show_bug.cgi?id=1228220
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0e5cc9a40ada6046e6bc3bdfcd0c0d7e4b706b14
- https://github.com/torvalds/linux/commit/0e5cc9a40ada6046e6bc3bdfcd0c0d7e4b706b14
- 75001
- SUSE-SU-2015:1611
- SUSE-SU-2015:1592
- openSUSE-SU-2015:1382
- SUSE-SU-2015:1324
- SUSE-SU-2015:1224
- https://source.android.com/security/bulletin/2017-07-01
Published: July 11, 2016
Modified: July 12, 2016
Modified: July 12, 2016
CVE-2014-9803
arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Android before 2016-07-05 on Nexus 5X and 6P devices, mishandles execute-only pages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28557020.
Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
- http://source.android.com/security/bulletin/2016-07-01.html
- https://www.kernel.org/pub/linux/kernel/next/patch-v3.15-rc5-next-20140519.xz
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5a0fdfada3a2aa50d7b947a2e958bf00cbe0d830
- https://github.com/torvalds/linux/commit/5a0fdfada3a2aa50d7b947a2e958bf00cbe0d830
Published: June 27, 2016
Modified: Jan. 18, 2023
Modified: Jan. 18, 2023
CVE-2014-9904
The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: April 4, 2017
Modified: July 11, 2017
Modified: July 11, 2017
CVE-2014-9922
The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c.
Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: May 3, 2017
Modified: Dec. 28, 2023
Modified: Dec. 28, 2023
CVE-2014-9940
The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application.
Severity: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: March 2, 2015
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2015-0239
The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction.
Severity: MEDIUM (4.4)
Links:
- [bk-commits-head] 20150123 KVM: x86: SYSENTER emulation is broken
- https://github.com/torvalds/linux/commit/f3747379accba8e95d70cec0eae0582c8c182050
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.5
- [oss-security] 20150127 KVM SYSENTER emulation vulnerability - CVE-2015-0239
- https://bugzilla.redhat.com/show_bug.cgi?id=1186448
- USN-2518-1
- USN-2515-1
- USN-2516-1
- USN-2517-1
- 72842
- USN-2514-1
- USN-2513-1
- DSA-3170
- MDVSA-2015:058
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- RHSA-2015:1272
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f3747379accba8e95d70cec0eae0582c8c182050
Published: Oct. 19, 2015
Modified: Dec. 27, 2019
Modified: Dec. 27, 2019
CVE-2015-0275
The ext4_zero_range function in fs/ext4/extents.c in the Linux kernel before 4.1 allows local users to cause a denial of service (BUG) via a crafted fallocate zero-range request.
Severity: MEDIUM (4.9)
Links:
- https://github.com/torvalds/linux/commit/0f2af21aae11972fa924374ddcf52e88347cf5a8
- [linux-ext4] 20150218 [PATCH] ext4: Allocate entire range in zero range
- [oss-security] 20150223 CVE-2015-0275 -- Linux kernel: fs: ext4: fallocate zero range page size > block size BUG()
- https://bugzilla.redhat.com/show_bug.cgi?id=1193907
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f2af21aae11972fa924374ddcf52e88347cf5a8
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- 75139
- 1034454
- RHSA-2015:1787
- RHSA-2015:1778
- https://support.f5.com/csp/article/K05211147
Published: Aug. 8, 2016
Modified: Aug. 4, 2020
Modified: Aug. 4, 2020
CVE-2015-0568
Use-after-free vulnerability in the msm_set_crop function in drivers/media/video/msm/msm_camera.c in the MSM-Camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that makes a crafted ioctl call.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Oct. 10, 2016
Modified: Aug. 4, 2020
Modified: Aug. 4, 2020
CVE-2015-0572
Multiple race conditions in drivers/char/adsprpc.c and drivers/char/adsprpc_compat.c in the ADSPRPC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (zero-value write) or possibly have unspecified other impact via a COMPAT_FASTRPC_IOCTL_INVOKE_FD ioctl call.
Severity: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=34ad3d34fbff11b8e1210b9da0dac937fb956b61
- https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=8fb32c3a8147b82e2bb159b3f70d803c9e68899b
- http://source.android.com/security/bulletin/2016-10-01.html
- https://www.codeaurora.org/race-condition-leading-arbitrary-null-write-adsp-using-ioctl-compatfastrpcioctlinvokefd-cve-2015
- 93312
Published: Aug. 8, 2016
Modified: Aug. 4, 2020
Modified: Aug. 4, 2020
CVE-2015-0573
drivers/media/platform/msm/broadcast/tsc.c in the TSC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via a crafted application that makes a TSC_GET_CARD_STATUS ioctl call.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Nov. 28, 2016
Modified: Sept. 21, 2017
Modified: Sept. 21, 2017
CVE-2015-1328
The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.
Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Aug. 31, 2015
Modified: April 8, 2019
Modified: April 8, 2019
CVE-2015-1333
Memory leak in the __key_link_end function in security/keys/keyring.c in the Linux kernel before 4.1.4 allows local users to cause a denial of service (memory consumption) via many add_key system calls that refer to existing keys.
Severity: MEDIUM (4.9)
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1245658
- [oss-security] 20150727 Security issue in Linux Kernel Keyring (CVE-2015-1333)
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.4
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca4da5dd1f99fe9c59f1709fb43e818b18ad20e0
- https://github.com/torvalds/linux/commit/ca4da5dd1f99fe9c59f1709fb43e818b18ad20e0
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- 76050
- DSA-3329
- RHSA-2015:1787
- RHSA-2015:1778
- USN-2691-1
- USN-2690-1
- USN-2689-1
- USN-2688-1
- USN-2687-1
- https://support.f5.com/csp/article/K05211147
Published: April 27, 2016
Modified: Dec. 1, 2016
Modified: Dec. 1, 2016
CVE-2015-1339
Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in the Linux kernel before 4.4 allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact by opening /dev/cuse many times.
Severity: MEDIUM (6.2) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- https://security-tracker.debian.org/tracker/CVE-2015-1339
- [oss-security] 20160302 CVE-2015-1339: Linux Kernel: memory exhaustion via CUSE driver
- https://bugzilla.novell.com/show_bug.cgi?id=969356
- https://bugzilla.redhat.com/show_bug.cgi?id=1314331
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2c5816b4beccc8ba709144539f6fdd764f8fa49c
- https://github.com/torvalds/linux/commit/2c5816b4beccc8ba709144539f6fdd764f8fa49c
- SUSE-SU-2016:1707
- openSUSE-SU-2016:1008
Published: May 2, 2016
Modified: July 15, 2021
Modified: July 15, 2021
CVE-2015-1350
The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1185139
- [oss-security] 20150124 Re: CVE Request: Linux kernel - Denial of service in notify_change for xattrs.
- [linux-kernel] 20150117 [RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770492
- 76075
Published: March 16, 2015
Modified: Dec. 28, 2016
Modified: Dec. 28, 2016
CVE-2015-1420
Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function.
Severity: LOW (1.9)
Links:
- [linux-kernel] 20150128 [PATCH v2] vfs: read file_handle only once in handle_to_path
- [oss-security] 20150129 CVE-2015-1420 - Linux kernel fs/fhandle.c race condition
- https://bugzilla.redhat.com/show_bug.cgi?id=1187534
- DSA-3170
- 72357
- SUSE-SU-2015:1611
- SUSE-SU-2015:1478
- SUSE-SU-2015:1592
- openSUSE-SU-2015:1382
- SUSE-SU-2015:1224
- USN-2667-1
- USN-2665-1
- USN-2661-1
- USN-2660-1
Published: May 2, 2016
Modified: Jan. 5, 2018
Modified: Jan. 5, 2018
CVE-2015-1573
The nft_flush_table function in net/netfilter/nf_tables_api.c in the Linux kernel before 3.18.5 mishandles the interaction between cross-chain jumps and ruleset flushes, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://github.com/torvalds/linux/commit/a2f18db0c68fec96631c10cad9384c196e9008ac
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a2f18db0c68fec96631c10cad9384c196e9008ac
- [oss-security] 20150210 Re: CVE-Request -- Linux kernel - panic on nftables rule flush
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.5
- https://bugzilla.redhat.com/show_bug.cgi?id=1190966
- 72552
- RHSA-2015:1138
- RHSA-2015:1137
Published: March 16, 2015
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2015-1593
The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c.
Severity: MEDIUM (5.0)
Links:
- [oss-security] 20150213 Re: CVE-Request -- Linux ASLR integer overflow
- [linux-kernel] 20150107 Re: [PATH] Fix stack randomization on x86_64 bit
- https://github.com/torvalds/linux/commit/4e7c22d447bb6d7e37bfe39ff658486ae78e8d77
- https://bugzilla.redhat.com/show_bug.cgi?id=1192519
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.1
- http://hmarco.org/bugs/linux-ASLR-integer-overflow.html
- DSA-3170
- SUSE-SU-2015:0736
- 72607
- USN-2565-1
- USN-2564-1
- USN-2563-1
- USN-2562-1
- USN-2561-1
- USN-2560-1
- openSUSE-SU-2015:0714
- RHSA-2015:1221
- RHSA-2015:1138
- RHSA-2015:1137
- RHSA-2019:3517
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4e7c22d447bb6d7e37bfe39ff658486ae78e8d77
Published: Aug. 8, 2015
Modified: Jan. 5, 2018
Modified: Jan. 5, 2018
CVE-2015-1805
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun."
Severity: HIGH (7.2)
Links:
- https://github.com/torvalds/linux/commit/f0d1bec9d58d4c038d0ac958c9af82be6eb18045
- https://github.com/torvalds/linux/commit/637b58c2887e5e57850865839cc75f59184b23d1
- https://bugzilla.redhat.com/show_bug.cgi?id=1202855
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=637b58c2887e5e57850865839cc75f59184b23d1
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f0d1bec9d58d4c038d0ac958c9af82be6eb18045
- [oss-security] 20150606 CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption
- DSA-3290
- RHSA-2015:1199
- RHSA-2015:1211
- RHSA-2015:1190
- http://source.android.com/security/bulletin/2016-04-02.html
- http://source.android.com/security/bulletin/2016-05-01.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- 74951
- RHSA-2015:1042
- 1032454
- RHSA-2015:1120
- USN-2967-1
- USN-2967-2
- SUSE-SU-2015:1611
- SUSE-SU-2015:1592
- SUSE-SU-2015:1478
- USN-2681-1
- USN-2680-1
- USN-2679-1
- SUSE-SU-2015:1491
- SUSE-SU-2015:1490
- SUSE-SU-2015:1489
- SUSE-SU-2015:1488
- SUSE-SU-2015:1487
- SUSE-SU-2015:1324
- SUSE-SU-2015:1224
- RHSA-2015:1138
- RHSA-2015:1137
- RHSA-2015:1082
- RHSA-2015:1081
Published: April 21, 2015
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2015-2041
net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.
Severity: MEDIUM (4.6)
Links:
- [oss-security] 20150220 CVE-2015-2041 - Linux kernel - incorrect data type in llc2_timeout_table
- https://bugzilla.redhat.com/show_bug.cgi?id=1195350
- https://github.com/torvalds/linux/commit/6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49
- SUSE-SU-2015:0812
- DSA-3237
- 72729
- SUSE-SU-2015:1478
- openSUSE-SU-2015:1382
- SUSE-SU-2015:1224
- USN-2565-1
- USN-2564-1
- USN-2563-1
- USN-2562-1
- USN-2561-1
- USN-2560-1
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49
Published: April 21, 2015
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2015-2042
net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.
Severity: MEDIUM (4.6)
Links:
- https://github.com/torvalds/linux/commit/db27ebb111e9f69efece08e4cb6a34ff980f8896
- [oss-security] 20150220 CVE-2015-2042 - Linux kernel - incorrect data type in rds_sysctl_rds_table
- https://bugzilla.redhat.com/show_bug.cgi?id=1195355
- DSA-3237
- SUSE-SU-2015:1478
- USN-2565-1
- USN-2564-1
- USN-2563-1
- USN-2562-1
- USN-2561-1
- USN-2560-1
- 72730
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=db27ebb111e9f69efece08e4cb6a34ff980f8896
Published: March 12, 2015
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2015-2150
Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.
Severity: MEDIUM (4.9)
Links:
- http://xenbits.xen.org/xsa/advisory-120.html
- https://github.com/torvalds/linux/commit/af6fc858a35b90e89ea7a7ee58e66628c55c776b
- https://bugzilla.redhat.com/show_bug.cgi?id=1196266
- 1031902
- 1031806
- FEDORA-2015-4066
- SUSE-SU-2015:0658
- DSA-3237
- FEDORA-2015-6320
- FEDORA-2015-6294
- FEDORA-2015-6100
- USN-2632-1
- USN-2631-1
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-423503.htm
- SUSE-SU-2015:1611
- SUSE-SU-2015:1592
- SUSE-SU-2015:1478
- 73014
- 20190813 [SECURITY] [DSA 4497-1] linux security update
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=af6fc858a35b90e89ea7a7ee58e66628c55c776b
Published: May 27, 2015
Modified: March 14, 2024
Modified: March 14, 2024
CVE-2015-2666
Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd.
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1204722
- [oss-security] 20150320 Re: CVE Request: Linux kernel execution in the early microcode loader.
- https://github.com/torvalds/linux/commit/f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4
- FEDORA-2015-4457
- RHSA-2015:1534
- 1032414
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4
Published: May 2, 2016
Modified: May 6, 2016
Modified: May 6, 2016
CVE-2015-2672
The xsave/xrstor implementation in arch/x86/include/asm/xsave.h in the Linux kernel before 3.19.2 creates certain .altinstr_replacement pointers and consequently does not provide any protection against instruction faulting, which allows local users to cause a denial of service (panic) by triggering a fault, as demonstrated by an unaligned memory operand or a non-canonical address memory operand.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=06c8173eb92bbfc03a0fe8bb64315857d0badd06
- https://bugzilla.redhat.com/show_bug.cgi?id=1204729
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.2
- [oss-security] 20150321 Re: CVE Request: Linux kernel unprivileged denial-of-service due to mis-protected xsave/xrstor instructions.
- https://github.com/torvalds/linux/commit/06c8173eb92bbfc03a0fe8bb64315857d0badd06
Published: May 27, 2015
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2015-2830
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16.
Severity: LOW (1.9)
Links:
- https://github.com/torvalds/linux/commit/956421fbb74c3a6261903f3836c0740187cf038b
- https://bugzilla.redhat.com/show_bug.cgi?id=1208598
- [oss-security] 20150401 CVE Request: Linux mishandles int80 fork from 64-bit tasks
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.2
- DSA-3237
- USN-2631-1
- USN-2632-1
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- SUSE-SU-2015:1611
- SUSE-SU-2015:1478
- SUSE-SU-2015:1592
- 1032413
- RHSA-2015:1221
- RHSA-2015:1138
- RHSA-2015:1137
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=956421fbb74c3a6261903f3836c0740187cf038b
Published: May 27, 2015
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2015-2922
The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.
Severity: LOW (3.3)
Links:
- https://github.com/torvalds/linux/commit/6fd99094de2b83d1d4c8457f2c83483b2828e75a
- [oss-security] 20150404 Re: CVE Request : IPv6 Hop limit lowering via RA messages
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.6
- https://bugzilla.redhat.com/show_bug.cgi?id=1203712
- DSA-3237
- RHSA-2015:1564
- FEDORA-2015-6320
- FEDORA-2015-6294
- FEDORA-2015-6100
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- 74315
- SUSE-SU-2015:1478
- openSUSE-SU-2015:1382
- SUSE-SU-2015:1224
- RHSA-2015:1534
- 1032417
- RHSA-2015:1221
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6fd99094de2b83d1d4c8457f2c83483b2828e75a
Published: Nov. 16, 2015
Modified: Jan. 5, 2018
Modified: Jan. 5, 2018
CVE-2015-2925
The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack."
Links:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cde93be45a8a90d8c264c776fab63487b5038a65
- https://github.com/torvalds/linux/commit/397d425dc26da728396e66d392d5dcb8dac30c37
- https://github.com/torvalds/linux/commit/cde93be45a8a90d8c264c776fab63487b5038a65
- [oss-security] 20150404 Re: Linux namespaces: It is possible to escape from bind mounts
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.4
- https://bugzilla.redhat.com/show_bug.cgi?id=1209367
- [containers] 20150403 [PATCH review 17/19] vfs: Test for and handle paths that are unreachable from their mnt_root
- http://pkgs.fedoraproject.org/cgit/kernel.git/commit/?h=f22&id=520b64102de2f184036024b2a53de2b67463bd78
- https://bugzilla.redhat.com/show_bug.cgi?id=1209373
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=397d425dc26da728396e66d392d5dcb8dac30c37
- [containers] 20150403 [PATCH review 19/19] vfs: Do not allow escaping from bind mounts.
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- 73926
- SUSE-SU-2016:0380
- SUSE-SU-2016:0386
- SUSE-SU-2016:0384
- SUSE-SU-2016:0337
- SUSE-SU-2016:0335
- SUSE-SU-2016:0387
- SUSE-SU-2016:0434
- SUSE-SU-2016:0381
- SUSE-SU-2016:0383
- USN-2794-1
- USN-2799-1
- SUSE-SU-2015:2194
- RHSA-2015:2636
- USN-2792-1
- USN-2795-1
- USN-2798-1
- DSA-3372
- SUSE-SU-2015:2292
- DSA-3364
- RHSA-2016:0068
Published: Aug. 31, 2015
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2015-3212
Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets, as demonstrated by setsockopt calls.
Severity: MEDIUM (4.9)
Links:
- https://github.com/torvalds/linux/commit/2d45a02d0166caf2627fe91897c6ffc3b19514c4
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2d45a02d0166caf2627fe91897c6ffc3b19514c4
- https://bugzilla.redhat.com/show_bug.cgi?id=1226442
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.2
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- 76082
- DSA-3329
- RHSA-2015:1787
- RHSA-2015:1778
- USN-2719-1
- USN-2718-1
- USN-2717-1
- USN-2716-1
- USN-2715-1
- USN-2714-1
- USN-2713-1
- openSUSE-SU-2015:1382
- SUSE-SU-2015:1324
- 1033169
- https://support.f5.com/csp/article/K05211147
Published: Aug. 31, 2015
Modified: Feb. 5, 2024
Modified: Feb. 5, 2024
CVE-2015-3290
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window.
Severity: HIGH (7.2)
Links:
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6
- [oss-security] 20150804 CVE-2015-3290: Linux privilege escalation due to nested NMIs interrupting espfix64
- https://github.com/torvalds/linux/commit/9b6e6a8334d56354853f9c255d1395c2ba570e0a
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b6e6a8334d56354853f9c255d1395c2ba570e0a
- https://bugzilla.redhat.com/show_bug.cgi?id=1243465
- [oss-security] 20150722 Linux x86_64 NMI security issues
- 76004
- USN-2691-1
- USN-2690-1
- USN-2689-1
- USN-2688-1
- USN-2687-1
- DSA-3313
- openSUSE-SU-2015:1382
- 37722
Published: Aug. 31, 2015
Modified: Dec. 22, 2016
Modified: Dec. 22, 2016
CVE-2015-3291
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform does not properly determine when nested NMI processing is occurring, which allows local users to cause a denial of service (skipped NMI) by modifying the rsp register, issuing a syscall instruction, and triggering an NMI.
Severity: LOW (2.1)
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1243489
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6
- https://github.com/torvalds/linux/commit/810bc075f78ff2c221536eb3008eac6a492dba2d
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=810bc075f78ff2c221536eb3008eac6a492dba2d
- [oss-security] 20150722 Linux x86_64 NMI security issues
- 76003
- USN-2691-1
- USN-2690-1
- USN-2689-1
- USN-2688-1
- USN-2687-1
- DSA-3313
Published: May 27, 2015
Modified: April 11, 2016
Modified: April 11, 2016
CVE-2015-3332
A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds.
Severity: MEDIUM (4.9)
Links:
Published: May 27, 2015
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2015-3339
Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped.
Severity: MEDIUM (6.2)
Links:
- https://github.com/torvalds/linux/commit/8b01fc86b9f425899f8a3a8fc1c47d73c2c20543
- [oss-security] 20150420 Re: Linux: chown() was racy relative to execve() - Linux kernel
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.6
- https://bugzilla.redhat.com/show_bug.cgi?id=1214030
- DSA-3237
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- SUSE-SU-2016:2074
- FEDORA-2015-7736
- SUSE-SU-2015:1491
- SUSE-SU-2015:1489
- SUSE-SU-2015:1488
- SUSE-SU-2015:1487
- openSUSE-SU-2015:1382
- RHSA-2015:1272
- 1032412
- FEDORA-2015-8518
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8b01fc86b9f425899f8a3a8fc1c47d73c2c20543
Published: Aug. 6, 2015
Modified: April 22, 2019
Modified: April 22, 2019
CVE-2015-3636
The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.
Severity: MEDIUM (4.9)
Links:
- [oss-security] 20150502 CVE request for a fixed bug existed in all versions of linux kernel from KeenTeam
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a134f083e79fb4c3d0a925691e732c56911b4326
- https://bugzilla.redhat.com/show_bug.cgi?id=1218074
- https://github.com/torvalds/linux/commit/a134f083e79fb4c3d0a925691e732c56911b4326
- DSA-3290
- RHSA-2015:1564
- USN-2631-1
- USN-2632-1
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- 74450
- USN-2634-1
- USN-2633-1
- FEDORA-2015-7736
- FEDORA-2015-7784
- FEDORA-2015-8518
- SUSE-SU-2015:1478
- SUSE-SU-2015:1491
- SUSE-SU-2015:1489
- SUSE-SU-2015:1488
- SUSE-SU-2015:1487
- openSUSE-SU-2015:1382
- SUSE-SU-2015:1224
- 1033186
- RHSA-2015:1643
- RHSA-2015:1583
- RHSA-2015:1534
- RHSA-2015:1221
Published: June 8, 2015
Modified: Dec. 28, 2016
Modified: Dec. 28, 2016
CVE-2015-4001
Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet.
Severity: CRITICAL (9.0)
Links:
- https://github.com/torvalds/linux/commit/b1bb5b49373b61bf9d2c73a4d30058ba6f069e4c
- [oss-security] 20150605 Re: CVE Request: Linux Kernel Ozwpan Driver - Remote packet-of-death vulnerabilities
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b1bb5b49373b61bf9d2c73a4d30058ba6f069e4c
- 74672
- openSUSE-SU-2015:1382
- USN-2667-1
- USN-2665-1
Published: June 8, 2015
Modified: Dec. 12, 2022
Modified: Dec. 12, 2022
CVE-2015-4004
The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.
Severity: HIGH (8.5)
Links:
Published: Aug. 31, 2015
Modified: Nov. 21, 2023
Modified: Nov. 21, 2023
CVE-2015-4036
Array index error in the tcm_vhost_make_tpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl call. NOTE: the affected function was renamed to vhost_scsi_make_tpg before the vulnerability was announced.
Severity: HIGH (7.2)
Links:
- https://github.com/torvalds/linux/commit/59c816c1f24df0204e01851431d3bab3eb76719c
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=59c816c1f24df0204e01851431d3bab3eb76719c
- [oss-security] 20150513 CVE request for vhost/scsi possible memory corruption.
- https://bugzilla.redhat.com/show_bug.cgi?id=1189864
- 74664
- USN-2634-1
- USN-2633-1
- 1033729
- openSUSE-SU-2015:1382
- SUSE-SU-2015:1324
Published: Aug. 5, 2015
Modified: Dec. 22, 2016
Modified: Dec. 22, 2016
CVE-2015-4167
The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted UDF filesystem.
Severity: MEDIUM (4.7)
Links:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23b133bdc452aa441fcb9b82cbf6dd05cfd342d0
- [oss-security] 20150602 CVE request Linux kernel: fs: udf kernel oops
- https://bugzilla.redhat.com/show_bug.cgi?id=1228204
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.1
- https://github.com/torvalds/linux/commit/23b133bdc452aa441fcb9b82cbf6dd05cfd342d0
- 1033187
- DSA-3290
- USN-2631-1
- USN-2632-1
- 74963
- SUSE-SU-2015:1611
- SUSE-SU-2015:1592
- DSA-3313
- openSUSE-SU-2015:1382
- SUSE-SU-2015:1324
Published: May 2, 2016
Modified: May 5, 2016
Modified: May 5, 2016
CVE-2015-4176
fs/namespace.c in the Linux kernel before 4.0.2 does not properly support mount connectivity, which allows local users to read arbitrary files by leveraging user-namespace root access for deletion of a file or directory.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1249442
- [oss-security] 20150604 Re: Re: CVE request Linux kernel: ns: user namespaces panic
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.2
- https://github.com/torvalds/linux/commit/e0c9c0afd2fc958ffa34b697972721d81df8a56f
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e0c9c0afd2fc958ffa34b697972721d81df8a56f
Published: May 2, 2016
Modified: May 6, 2016
Modified: May 6, 2016
CVE-2015-4177
The collect_mounts function in fs/namespace.c in the Linux kernel before 4.0.5 does not properly consider that it may execute after a path has been unmounted, which allows local users to cause a denial of service (system crash) by leveraging user-namespace root access for an MNT_DETACH umount2 system call.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cd4a40174b71acd021877341684d8bb1dc8ea4ae
- [oss-security] 20150529 Re: CVE request Linux kernel: ns: user namespaces panic
- [oss-security] 20150529 CVE request Linux kernel: ns: user namespaces panic
- [oss-security] 20150604 Re: Re: CVE request Linux kernel: ns: user namespaces panic
- https://github.com/torvalds/linux/commit/cd4a40174b71acd021877341684d8bb1dc8ea4ae
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.5
- https://bugzilla.redhat.com/show_bug.cgi?id=1248486
Published: May 2, 2016
Modified: May 6, 2016
Modified: May 6, 2016
CVE-2015-4178
The fs_pin implementation in the Linux kernel before 4.0.5 does not ensure the internal consistency of a certain list data structure, which allows local users to cause a denial of service (system crash) by leveraging user-namespace root access for an MNT_DETACH umount2 system call, related to fs/fs_pin.c and include/linux/fs_pin.h.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- [oss-security] 20150529 Re: CVE request Linux kernel: ns: user namespaces panic
- [oss-security] 20150529 CVE request Linux kernel: ns: user namespaces panic
- [oss-security] 20150604 Re: Re: CVE request Linux kernel: ns: user namespaces panic
- https://github.com/torvalds/linux/commit/820f9f147dcce2602eefd9b575bbbd9ea14f0953
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=820f9f147dcce2602eefd9b575bbbd9ea14f0953
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.5
- https://bugzilla.redhat.com/show_bug.cgi?id=1249849
Published: July 27, 2015
Modified: Sept. 22, 2017
Modified: Sept. 22, 2017
CVE-2015-4692
The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call.
Severity: MEDIUM (4.9)
Links:
- https://github.com/torvalds/linux/commit/ce40cd3fc7fa40a6119e5fe6c0f2bc0eb4541009
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce40cd3fc7fa40a6119e5fe6c0f2bc0eb4541009
- [oss-security] 20150620 Re: CVE request -- Linux kernel - kvm: x86: NULL pointer dereference in kvm_apic_has_events function
- https://bugzilla.redhat.com/show_bug.cgi?id=1230770
- 75142
- FEDORA-2015-10678
- FEDORA-2015-10677
- DSA-3329
- USN-2684-1
- USN-2683-1
- USN-2682-1
- USN-2681-1
- USN-2680-1
- openSUSE-SU-2015:1382
- SUSE-SU-2015:1324
- 1032798
Published: Aug. 31, 2015
Modified: April 8, 2019
Modified: April 8, 2019
CVE-2015-4700
The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler.
Severity: MEDIUM (4.9)
Links:
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.6
- https://bugzilla.redhat.com/show_bug.cgi?id=1233615
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3f7352bf21f8fd7ba3e2fcef9488756f188e12be
- [oss-security] 20150622 Re: CVE request: Linux kernel - bpf jit optimization flaw can panic kenrel.
- https://github.com/torvalds/linux/commit/3f7352bf21f8fd7ba3e2fcef9488756f188e12be
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- 75356
- SUSE-SU-2015:1611
- DSA-3329
- SUSE-SU-2015:1478
- SUSE-SU-2015:1592
- RHSA-2015:1778
- USN-2684-1
- USN-2683-1
- USN-2681-1
- USN-2680-1
- USN-2679-1
- SUSE-SU-2015:1491
- SUSE-SU-2015:1490
- SUSE-SU-2015:1489
- SUSE-SU-2015:1488
- SUSE-SU-2015:1487
- openSUSE-SU-2015:1382
- SUSE-SU-2015:1224
- 1033046
- https://support.f5.com/csp/article/K05211147
Published: Oct. 19, 2015
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2015-5156
The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets.
Severity: MEDIUM (6.1)
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1243852
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39
- https://github.com/torvalds/linux/commit/48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- RHSA-2016:0855
- 76230
- FEDORA-2015-c15f00eb95
- RHSA-2015:1978
- USN-2777-1
- 1034045
- FEDORA-2015-0253d1f070
- SUSE-SU-2015:2292
- USN-2774-1
- USN-2773-1
- SUSE-SU-2015:1727
- DSA-3364
Published: Aug. 31, 2015
Modified: March 14, 2024
Modified: March 14, 2024
CVE-2015-5157
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI.
Severity: HIGH (7.2)
Links:
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6
- https://github.com/torvalds/linux/commit/9b6e6a8334d56354853f9c255d1395c2ba570e0a
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b6e6a8334d56354853f9c255d1395c2ba570e0a
- [oss-security] 20150722 Linux x86_64 NMI security issues
- RHSA-2016:0715
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- 76005
- RHSA-2016:0212
- RHSA-2016:0185
- RHSA-2016:0224
- SUSE-SU-2016:0354
- SUSE-SU-2015:2108
- SUSE-SU-2015:2339
- SUSE-SU-2015:2350
- SUSE-SU-2015:1727
- USN-2691-1
- USN-2690-1
- USN-2689-1
- USN-2688-1
- USN-2687-1
- DSA-3313
Published: Nov. 16, 2015
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2015-5257
drivers/usb/serial/whiteheat.c in the Linux kernel before 4.2.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted USB device. NOTE: this ID was incorrectly used for an Apache Cordova issue that has the correct ID of CVE-2015-8320.
Severity: MEDIUM (4.9)
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1265607
- https://github.com/torvalds/linux/commit/cbb4be652d374f64661137756b8f357a1827d6a4
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cbb4be652d374f64661137756b8f357a1827d6a4
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.4
- [oss-security] 20150922 Vulnerability in WhiteHEAT Linux Driver-CVE-2015-5257
- 76834
- USN-2794-1
- DSA-3372
- USN-2799-1
- USN-2792-1
- USN-2795-1
- USN-2798-1
Published: Oct. 19, 2015
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2015-5283
The sctp_init function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished.
Severity: MEDIUM (4.7)
Links:
- https://security-tracker.debian.org/tracker/CVE-2015-5283
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8e2d61e0aed2b7c4ecb35844fe07e0b2b762dee4
- https://github.com/torvalds/linux/commit/8e2d61e0aed2b7c4ecb35844fe07e0b2b762dee4
- https://bugzilla.redhat.com/show_bug.cgi?id=1257528
- http://patchwork.ozlabs.org/patch/515996/
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.3
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- 77058
- SUSE-SU-2015:2194
- DSA-3372
- USN-2829-2
- USN-2823-1
- USN-2826-1
- USN-2829-1
- 1033808
- SUSE-SU-2015:1727
Published: Nov. 16, 2015
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2015-5307
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.
Severity: MEDIUM (4.9)
Links:
- [oss-security] 20151110 Re: CVE-2015-5307 kernel: kvm: guest to host DoS by triggering an infinite loop in microcode via #AC exception
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a20552e1eae07aa240fa370a0293e006b5faed
- https://bugzilla.redhat.com/show_bug.cgi?id=1277172
- https://github.com/torvalds/linux/commit/54a20552e1eae07aa240fa370a0293e006b5faed
- http://xenbits.xen.org/xsa/advisory-156.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- SUSE-SU-2016:2074
- 77528
- RHSA-2016:0046
- SUSE-SU-2016:0354
- FEDORA-2015-394835a3f6
- SUSE-SU-2015:2108
- USN-2805-1
- DSA-3396
- SUSE-SU-2015:2194
- USN-2802-1
- SUSE-SU-2015:2339
- 1034105
- DSA-3454
- RHSA-2015:2636
- http://support.citrix.com/article/CTX202583
- openSUSE-SU-2015:2232
- FEDORA-2015-668d213dc3
- DSA-3414
- USN-2801-1
- USN-2804-1
- FEDORA-2015-f150b2a8c8
- USN-2807-1
- SUSE-SU-2015:2350
- USN-2806-1
- USN-2800-1
- openSUSE-SU-2015:2250
- RHSA-2015:2645
- USN-2803-1
- https://kb.juniper.net/JSA10783
Published: Aug. 31, 2015
Modified: Jan. 5, 2018
Modified: Jan. 5, 2018
CVE-2015-5366
The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364.
Severity: MEDIUM (5.0)
Links:
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.6
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=beb39db59d14990e401e235faf66a6b9b31240b0
- https://bugzilla.redhat.com/show_bug.cgi?id=1239029
- [oss-security] 20150630 CVE Request: UDP checksum DoS
- https://github.com/torvalds/linux/commit/beb39db59d14990e401e235faf66a6b9b31240b0
- RHSA-2016:1225
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- 75510
- RHSA-2016:1100
- RHSA-2016:1096
- RHSA-2016:0045
- SUSE-SU-2015:1611
- SUSE-SU-2015:1592
- DSA-3329
- SUSE-SU-2015:1478
- RHSA-2015:1787
- RHSA-2015:1778
- USN-2714-1
- USN-2713-1
- USN-2684-1
- USN-2683-1
- USN-2682-1
- USN-2681-1
- USN-2680-1
- DSA-3313
- SUSE-SU-2015:1491
- SUSE-SU-2015:1490
- SUSE-SU-2015:1489
- SUSE-SU-2015:1488
- SUSE-SU-2015:1487
- openSUSE-SU-2015:1382
- SUSE-SU-2015:1324
- SUSE-SU-2015:1224
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
- 1032794
- RHSA-2015:1623
Published: Aug. 31, 2015
Modified: Sept. 21, 2017
Modified: Sept. 21, 2017
CVE-2015-5697
The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call.
Severity: LOW (2.1)
Links:
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6
- [oss-security] 20150728 CVE request: Linux kernel - information leak in md driver
- https://bugzilla.redhat.com/show_bug.cgi?id=1249011
- https://github.com/torvalds/linux/commit/b6878d9e03043695dbf3fa1caa6dfc09db225b16
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b6878d9e03043695dbf3fa1caa6dfc09db225b16
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- 76066
- USN-2777-1
- USN-2748-1
- USN-2752-1
- USN-2751-1
- DSA-3329
- USN-2749-1
- SUSE-SU-2015:1727
- USN-2732-1
- USN-2731-1
- FEDORA-2015-13391
- FEDORA-2015-13396
- FEDORA-2015-12917
- FEDORA-2015-12908
- 1033211
Published: Aug. 31, 2015
Modified: Aug. 13, 2020
Modified: Aug. 13, 2020
CVE-2015-5706
Use-after-free vulnerability in the path_openat function in fs/namei.c in the Linux kernel 3.x and 4.x before 4.0.4 allows local users to cause a denial of service or possibly have unspecified other impact via O_TMPFILE filesystem operations that leverage a duplicate cleanup operation.
Severity: MEDIUM (4.6)
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1250047
- http://twitter.com/grsecurity/statuses/597127122910490624
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f15133df088ecadd141ea1907f2c96df67c729f0
- [oss-security] 20150801 CVE request: Use-after-free in path lookup in Linux 3.11-4.0 inclusive
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.4
- https://github.com/torvalds/linux/commit/f15133df088ecadd141ea1907f2c96df67c729f0
- 76142
- DSA-3329
- USN-2681-1
- USN-2680-1
- https://source.android.com/security/bulletin/2017-01-01.html
Published: Oct. 19, 2015
Modified: June 2, 2020
Modified: June 2, 2020
CVE-2015-5707
Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request.
Severity: MEDIUM (4.6)
Links:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdc81f45e9f57858da6351836507fbcf1b7583ee
- https://github.com/torvalds/linux/commit/fdc81f45e9f57858da6351836507fbcf1b7583ee
- https://github.com/torvalds/linux/commit/451a2886b6bf90e2fb378f7c46c655450fb96e81
- [oss-security] 20150801 CVE request: Integer overflow in SCSI generic driver in Linux <4.1
- https://bugzilla.redhat.com/show_bug.cgi?id=1250030
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=451a2886b6bf90e2fb378f7c46c655450fb96e81
- 76145
- SUSE-SU-2015:2087
- SUSE-SU-2015:2086
- SUSE-SU-2015:2091
- SUSE-SU-2015:2090
- SUSE-SU-2015:2089
- SUSE-SU-2015:2084
- SUSE-SU-2015:2085
- SUSE-SU-2015:1611
- USN-2760-1
- USN-2759-1
- SUSE-SU-2015:1592
- USN-2734-1
- USN-2737-1
- USN-2733-1
- USN-2738-1
- USN-2750-1
- DSA-3329
- SUSE-SU-2015:1478
- https://source.android.com/security/bulletin/2017-07-01
- 1033521
Published: Oct. 19, 2015
Modified: Nov. 4, 2017
Modified: Nov. 4, 2017
CVE-2015-6252
The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel before 4.1.5 allows local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation.
Severity: LOW (2.1)
Links:
- [oss-security] 20150818 Re: CVE request: linux kernel:fd leak in vhost ioctl VHOST_SET_LOG_FD
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.5
- https://github.com/torvalds/linux/commit/7932c0bd7740f4cd2aa168d3ce0199e7af7d72d5
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7932c0bd7740f4cd2aa168d3ce0199e7af7d72d5
- https://bugzilla.redhat.com/show_bug.cgi?id=1251839
- SUSE-SU-2016:2074
- 76400
- SUSE-SU-2016:0354
- USN-2777-1
- SUSE-SU-2015:2108
- USN-2748-1
- USN-2752-1
- USN-2760-1
- USN-2759-1
- USN-2751-1
- USN-2749-1
- 1033666
- SUSE-SU-2015:1727
- DSA-3364
Published: Aug. 31, 2015
Modified: Dec. 8, 2016
Modified: Dec. 8, 2016
CVE-2015-6526
The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c in the Linux kernel before 4.0.2 on ppc64 platforms allows local users to cause a denial of service (infinite loop) via a deep 64-bit userspace backtrace.
Severity: MEDIUM (4.9)
Links:
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.2
- [oss-security] 20150818 CVE request - Linux kernel - perf on ppp64 - unbounded checks in perf_callchain_user_64 denial of service.
- https://github.com/torvalds/linux/commit/9a5cbce421a283e6aea3c4007f141735bf9da8c3
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a5cbce421a283e6aea3c4007f141735bf9da8c3
- https://bugzilla.redhat.com/show_bug.cgi?id=1218454
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- 76401
- USN-2760-1
- USN-2759-1
- 1033728
Published: Oct. 19, 2015
Modified: Oct. 17, 2018
Modified: Oct. 17, 2018
CVE-2015-6937
The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound.
Severity: MEDIUM (4.9)
Links:
- [oss-security] 20150914 CVE-2015-6937 - Linux kernel - NULL pointer dereference in net/rds/connection.c
- https://bugzilla.redhat.com/show_bug.cgi?id=1263139
- https://github.com/torvalds/linux/commit/74e98eb085889b0d2d4908f59f6e00026063014f
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=74e98eb085889b0d2d4908f59f6e00026063014f
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- SUSE-SU-2016:2074
- 76767
- SUSE-SU-2016:0380
- SUSE-SU-2016:0386
- SUSE-SU-2016:0384
- SUSE-SU-2016:0337
- SUSE-SU-2016:0335
- SUSE-SU-2016:0387
- SUSE-SU-2016:0434
- SUSE-SU-2016:0381
- SUSE-SU-2016:0383
- SUSE-SU-2016:0354
- SUSE-SU-2015:2108
- 1034453
- SUSE-SU-2015:2339
- SUSE-SU-2015:2350
- USN-2777-1
- openSUSE-SU-2015:2232
- FEDORA-2015-16417
- USN-2773-1
- FEDORA-2015-16440
- USN-2774-1
- FEDORA-2015-16441
- SUSE-SU-2015:1727
- DSA-3364
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Published: Feb. 8, 2016
Modified: Dec. 10, 2021
Modified: Dec. 10, 2021
CVE-2015-7513
arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1284847
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0185604c2d82c560dab2f2933a18f797e74ab5a8
- https://github.com/torvalds/linux/commit/0185604c2d82c560dab2f2933a18f797e74ab5a8
- [oss-security] 20160107 CVE-2015-7513 Kernel: kvm: divide by zero issue leads to DoS
- USN-2889-1
- FEDORA-2016-5d43766e33
- USN-2890-1
- USN-2890-3
- USN-2887-2
- USN-2890-2
- USN-2887-1
- FEDORA-2016-26e19f042a
- FEDORA-2016-b59fd603be
- USN-2888-1
- USN-2886-1
- USN-2889-2
- 79901
- 1034602
- DSA-3434
Published: April 27, 2016
Modified: Jan. 18, 2022
Modified: Jan. 18, 2022
CVE-2015-7515
The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints.
Severity: MEDIUM (4.6) Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8e20cf2bce122ce9262d6034ee5d5b76fbb92f96
- https://bugzilla.redhat.com/show_bug.cgi?id=1285326
- https://security-tracker.debian.org/tracker/CVE-2015-7515
- https://github.com/torvalds/linux/commit/8e20cf2bce122ce9262d6034ee5d5b76fbb92f96
- SUSE-SU-2016:2074
- DSA-3607
- 84288
- USN-2968-1
- USN-2969-1
- USN-2971-1
- USN-2967-1
- USN-2967-2
- USN-2971-2
- USN-2970-1
- USN-2971-3
- USN-2968-2
- SUSE-SU-2016:0911
- SUSE-SU-2016:1102
- 39544
Published: Feb. 8, 2016
Modified: Nov. 4, 2017
Modified: Nov. 4, 2017
CVE-2015-7550
The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.4
- https://github.com/torvalds/linux/commit/b4a1b4f5047e4f54e194681125c74c0aa64d637d
- https://security-tracker.debian.org/tracker/CVE-2015-7550
- https://bugzilla.redhat.com/show_bug.cgi?id=1291197
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b4a1b4f5047e4f54e194681125c74c0aa64d637d
- SUSE-SU-2016:2074
- 79903
- SUSE-SU-2016:0911
- SUSE-SU-2016:1102
- USN-2911-1
- USN-2890-1
- USN-2890-3
- USN-2890-2
- USN-2888-1
- USN-2911-2
- DSA-3434
Published: Feb. 8, 2016
Modified: Oct. 9, 2018
Modified: Oct. 9, 2018
CVE-2015-7566
The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.
Severity: MEDIUM (4.6) Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- https://github.com/torvalds/linux/commit/cb3232138e37129e88240a98a1d2aba2187ff57c
- https://security-tracker.debian.org/tracker/CVE-2015-7566
- https://bugzilla.redhat.com/show_bug.cgi?id=1296466
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb3232138e37129e88240a98a1d2aba2187ff57c
- https://bugzilla.redhat.com/show_bug.cgi?id=1283371
- SUSE-SU-2016:1672
- SUSE-SU-2016:1707
- SUSE-SU-2016:1764
- SUSE-SU-2016:2074
- 82975
- DSA-3503
- USN-2967-1
- USN-2967-2
- USN-2930-1
- USN-2929-1
- USN-2932-1
- USN-2948-2
- USN-2930-3
- USN-2930-2
- USN-2929-2
- USN-2948-1
- FEDORA-2016-5d43766e33
- FEDORA-2016-26e19f042a
- DSA-3448
- FEDORA-2016-b59fd603be
- 39540
- 20160309 OS-S 2016-09 Linux visor clie_5_attach Nullpointer Dereference CVE-2015-7566
Published: Oct. 19, 2015
Modified: Dec. 8, 2016
Modified: Dec. 8, 2016
CVE-2015-7613
Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c.
Links:
- [oss-security] 20151001 CVE Request: Unauthorized access to IPC objects with SysV shm
- https://github.com/torvalds/linux/commit/b9a532277938798b53178d5a66af6e2915cb27cf
- https://bugzilla.redhat.com/show_bug.cgi?id=1268270
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9a532277938798b53178d5a66af6e2915cb27cf
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- 76977
- SUSE-SU-2015:2087
- SUSE-SU-2015:2086
- SUSE-SU-2015:2091
- 1034592
- SUSE-SU-2015:2090
- 1034094
- SUSE-SU-2015:2089
- https://kc.mcafee.com/corporate/index?page=content&id=SB10146
- DSA-3372
- SUSE-SU-2015:2084
- SUSE-SU-2015:2085
- RHSA-2015:2636
- USN-2792-1
- USN-2763-1
- USN-2761-1
- USN-2764-1
- USN-2762-1
- USN-2765-1
- SUSE-SU-2015:1727
Published: Oct. 19, 2015
Modified: March 24, 2017
Modified: March 24, 2017
CVE-2015-7799
The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call.
Severity: MEDIUM (4.9)
Links:
- [oss-security] 20151010 Re: CVE request - Android OS - Using the PPP character device driver caused the system to restart - Linux kernel
- https://code.google.com/p/android/issues/detail?id=187973
- https://bugzilla.redhat.com/show_bug.cgi?id=1271134
- SUSE-SU-2016:2074
- openSUSE-SU-2016:1008
- USN-2886-1
- USN-2843-1
- USN-2842-1
- USN-2844-1
- SUSE-SU-2015:2194
- SUSE-SU-2015:2339
- SUSE-SU-2015:2350
- USN-2841-1
- USN-2842-2
- USN-2843-3
- USN-2841-2
- USN-2843-2
- DSA-3426
- SUSE-SU-2015:2292
- openSUSE-SU-2015:2232
- 1033809
- 77033
Published: Nov. 16, 2015
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2015-7872
The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands.
Severity: LOW (2.1)
Links:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce1fad2740c648a4340f6f6c391a8a83769d2e8c
- https://github.com/torvalds/linux/commit/ce1fad2740c648a4340f6f6c391a8a83769d2e8c
- https://github.com/torvalds/linux/commit/f05819df10d7b09f6d1eb6f8534a8f68e5a4fe61
- https://bugzilla.redhat.com/show_bug.cgi?id=1272172
- [oss-security] 20151020 Re: CVE request: crash when attempt to garbage collect an uninstantiated keyring - Linux kernel
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f05819df10d7b09f6d1eb6f8534a8f68e5a4fe61
- https://bugzilla.redhat.com/show_bug.cgi?id=1272371
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068676
- HPSBGN03565
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- 77544
- SUSE-SU-2016:2074
- openSUSE-SU-2016:1008
- RHSA-2016:0212
- RHSA-2016:0185
- RHSA-2016:0224
- SUSE-SU-2016:0386
- SUSE-SU-2016:0337
- SUSE-SU-2016:0335
- SUSE-SU-2016:0381
- SUSE-SU-2016:0380
- SUSE-SU-2016:0384
- SUSE-SU-2016:0387
- SUSE-SU-2016:0434
- SUSE-SU-2016:0383
- SUSE-SU-2016:0354
- USN-2843-1
- SUSE-SU-2015:2108
- USN-2824-1
- DSA-3396
- SUSE-SU-2015:2194
- SUSE-SU-2015:2339
- RHSA-2015:2636
- USN-2843-2
- USN-2823-1
- USN-2826-1
- USN-2829-1
- USN-2840-2
- 1034472
- SUSE-SU-2015:2350
- USN-2843-3
- USN-2829-2
- SUSE-SU-2015:2292
- USN-2840-1
- https://source.android.com/security/bulletin/2016-12-01.html
Published: Dec. 28, 2015
Modified: Dec. 7, 2016
Modified: Dec. 7, 2016
CVE-2015-7884
The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
Severity: LOW (2.3) Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1274726
- https://github.com/torvalds/linux/commit/eda98796aff0d9bf41094b06811f5def3b4c333c
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=eda98796aff0d9bf41094b06811f5def3b4c333c
- [oss-security] 20151021 Re: CVE Request: Linux Kernel ioctl infoleaks on vivid-osd and dgnc
- 77317
- openSUSE-SU-2016:1008
- 1034893
- USN-2843-1
- USN-2842-2
- USN-2843-3
- USN-2842-1
- USN-2843-2
Published: Dec. 28, 2015
Modified: Dec. 7, 2016
Modified: Dec. 7, 2016
CVE-2015-7885
The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
Severity: LOW (2.3) Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Links:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4b6184336ebb5c8dc1eae7f7ab46ee608a748b05
- https://github.com/torvalds/linux/commit/4b6184336ebb5c8dc1eae7f7ab46ee608a748b05
- https://bugzilla.redhat.com/show_bug.cgi?id=1274728
- [oss-security] 20151021 Re: CVE Request: Linux Kernel ioctl infoleaks on vivid-osd and dgnc
- 77317
- 1034896
- USN-2843-1
- USN-2842-1
- USN-2844-1
- USN-2841-1
- USN-2842-2
- USN-2843-3
- USN-2841-2
- USN-2843-2
Published: Dec. 28, 2015
Modified: Oct. 17, 2018
Modified: Oct. 17, 2018
CVE-2015-7990
Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6937.
Severity: MEDIUM (5.8) Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
Links:
- [linux-kernel] 20151016 [PATCH] RDS: fix race condition when sending a message on unbound socket.
- https://bugzilla.redhat.com/show_bug.cgi?id=1276437
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8c7188b23474cca017b3ef354c4a58456f68303a
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3
- https://bugzilla.suse.com/show_bug.cgi?id=952384
- https://github.com/torvalds/linux/commit/8c7188b23474cca017b3ef354c4a58456f68303a
- [oss-security] 20151027 Re: CVE-2015-6937 - Linux kernel - NULL pointer dereference in net/rds/connection.c
- SUSE-SU-2016:2074
- 77340
- SUSE-SU-2016:0386
- USN-2889-1
- USN-2890-1
- USN-2890-3
- USN-2887-2
- SUSE-SU-2016:0337
- SUSE-SU-2016:0335
- USN-2888-1
- SUSE-SU-2016:0381
- USN-2889-2
- SUSE-SU-2016:0380
- SUSE-SU-2016:0384
- USN-2890-2
- SUSE-SU-2016:0387
- USN-2887-1
- SUSE-SU-2016:0434
- USN-2886-1
- SUSE-SU-2016:0383
- SUSE-SU-2016:0354
- SUSE-SU-2015:2108
- DSA-3396
- SUSE-SU-2015:2194
- SUSE-SU-2015:2339
- openSUSE-SU-2015:2232
- 1034453
- SUSE-SU-2015:2350
- SUSE-SU-2015:2292
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Published: Nov. 16, 2015
Modified: Oct. 10, 2023
Modified: Oct. 10, 2023
CVE-2015-8104
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.
Severity: MEDIUM (4.7)
Links:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cbdb967af3d54993f5814f1cee0ed311a055377d
- [oss-security] 20151110 CVE-2015-8104 kernel: kvm: guest to host DoS by triggering an infinite loop in microcode via #DB exception
- https://bugzilla.redhat.com/show_bug.cgi?id=1278496
- http://xenbits.xen.org/xsa/advisory-156.html
- https://github.com/torvalds/linux/commit/cbdb967af3d54993f5814f1cee0ed311a055377d
- http://support.citrix.com/article/CTX203879
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- 91787
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- 77524
- SUSE-SU-2016:2074
- openSUSE-SU-2016:1008
- RHSA-2016:0046
- SUSE-SU-2016:0354
- USN-2843-1
- FEDORA-2015-394835a3f6
- SUSE-SU-2015:2108
- SUSE-SU-2015:2194
- SUSE-SU-2015:2339
- 1034105
- USN-2841-1
- DSA-3454
- RHSA-2015:2636
- USN-2843-2
- http://support.citrix.com/article/CTX202583
- DSA-3426
- openSUSE-SU-2015:2232
- FEDORA-2015-668d213dc3
- DSA-3414
- FEDORA-2015-f150b2a8c8
- USN-2842-1
- USN-2844-1
- SUSE-SU-2015:2350
- USN-2842-2
- USN-2841-2
- openSUSE-SU-2015:2250
- RHSA-2015:2645
- USN-2840-1
- https://kb.juniper.net/JSA10783
- [oss-security] 20231010 Xen Security Advisory 444 v3 (CVE-2023-34327,CVE-2023-34328) - x86/AMD: Debug Mask handling
Published: Nov. 17, 2015
Modified: Nov. 4, 2017
Modified: Nov. 4, 2017
CVE-2015-8215
net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product.
Severity: MEDIUM (5.0)
Links:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77751427a1ff25b27d47a4c36b12c3c8667855ac
- https://github.com/torvalds/linux/commit/77751427a1ff25b27d47a4c36b12c3c8667855ac
- https://bugzilla.novell.com/show_bug.cgi?id=944296
- https://bugs.launchpad.net/bugs/1500810
- https://bugzilla.redhat.com/show_bug.cgi?id=1192132
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- RHSA-2016:0855
- 85274
- SUSE-SU-2016:2074
- SUSE-SU-2016:0354
- SUSE-SU-2015:2194
- SUSE-SU-2015:2339
- SUSE-SU-2015:2350
- SUSE-SU-2015:2292
- DSA-3364
Published: Dec. 28, 2015
Modified: Jan. 5, 2018
Modified: Jan. 5, 2018
CVE-2015-8374
fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action.
Severity: MEDIUM (4.0) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Links:
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3
- [oss-security] 20151127 CVE request: Linux kernel, information disclosure after file truncate on BTRFS
- https://bugzilla.redhat.com/show_bug.cgi?id=1286261
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0305cd5f7fca85dae392b9ba85b116896eb7c1c7
- https://github.com/torvalds/linux/commit/0305cd5f7fca85dae392b9ba85b116896eb7c1c7
- http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- 78219
- USN-2889-1
- USN-2890-1
- USN-2890-3
- USN-2887-2
- USN-2890-2
- USN-2887-1
- 1034895
- USN-2888-1
- USN-2886-1
- USN-2889-2
- DSA-3426
- RHSA-2016:2584
- RHSA-2016:2574
Published: Feb. 8, 2016
Modified: Jan. 31, 2022
Modified: Jan. 31, 2022
CVE-2015-8539
The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- [oss-security] 20151208 CVE request - Linux kernel - Fix handling of stored error in a negatively instantiated user key
- https://github.com/torvalds/linux/commit/096fe9eaea40a17e125569f9e657e34cdb6d73bd
- https://bugzilla.redhat.com/show_bug.cgi?id=1284450
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=096fe9eaea40a17e125569f9e657e34cdb6d73bd
- SUSE-SU-2016:1937
- SUSE-SU-2016:2074
- SUSE-SU-2016:0911
- SUSE-SU-2016:1102
- SUSE-SU-2016:0380
- SUSE-SU-2016:0386
- SUSE-SU-2016:0384
- SUSE-SU-2016:0337
- SUSE-SU-2016:0335
- SUSE-SU-2016:0336
- SUSE-SU-2016:0387
- SUSE-SU-2016:0339
- SUSE-SU-2016:0434
- SUSE-SU-2016:0381
- SUSE-SU-2016:0383
- RHSA-2018:0181
- RHSA-2018:0152
- RHSA-2018:0151
- USN-3798-2
- USN-3798-1
Published: Dec. 28, 2015
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2015-8569
The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.
Severity: LOW (2.3) Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Links:
- [oss-security] 20151215 Re: CVE Request: Linux Kernel: information leak from getsockname
- USN-2886-1
- USN-2890-3
- 79428
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=09ccfd238e5a0e670d8178cf50180ea81ae09ae1
- http://twitter.com/grsecurity/statuses/676744240802750464
- SUSE-SU-2016:1102
- [linux-kernel] 20151214 Information leak in pptp_bind
- FEDORA-2016-5d43766e33
- SUSE-SU-2016:2074
- USN-2890-2
- https://github.com/torvalds/linux/commit/09ccfd238e5a0e670d8178cf50180ea81ae09ae1
- 1034549
- https://bugzilla.redhat.com/show_bug.cgi?id=1292045
- USN-2890-1
- DSA-3434
- USN-2888-1
- SUSE-SU-2016:0911
Published: Feb. 8, 2016
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2015-8575
The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.
Severity: MEDIUM (4.0) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1292840
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.4
- [oss-security] 20151216 Re: CVE Request: Linux Kernel: information leak from getsockname
- USN-2886-1
- USN-2890-3
- https://github.com/torvalds/linux/commit/5233252fce714053f0151680933571a2da9cbfb4
- SUSE-SU-2016:1102
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5233252fce714053f0151680933571a2da9cbfb4
- 79724
- FEDORA-2016-5d43766e33
- SUSE-SU-2016:2074
- USN-2890-2
- USN-2890-1
- DSA-3434
- USN-2888-1
- SUSE-SU-2016:0911
Published: Feb. 8, 2016
Modified: May 17, 2024
Modified: May 17, 2024
CVE-2015-8709
kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states "there is no kernel bug here.
Severity: HIGH (7.0) Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- [oss-security] 20151231 Re: CVE Request: Linux kernel: privilege escalation in user namespaces
- [linux-kernel] 20160106 Re: [PATCH] ptrace: being capable wrt a process requires mapped uids/gids
- [linux-kernel] 20160106 Re: [PATCH] ptrace: being capable wrt a process requires mapped uids/gids
- [oss-security] 20151217 CVE Request: Linux kernel: privilege escalation in user namespaces
- [linux-kernel] 20151226 [PATCH] ptrace: being capable wrt a process requires mapped uids/gids
- https://bugzilla.redhat.com/show_bug.cgi?id=1295287
- SUSE-SU-2016:1764
- openSUSE-SU-2016:1008
- SUSE-SU-2016:1039
- SUSE-SU-2016:1035
- SUSE-SU-2016:1040
- SUSE-SU-2016:1033
- SUSE-SU-2016:1034
- SUSE-SU-2016:1045
- SUSE-SU-2016:1041
- SUSE-SU-2016:1038
- SUSE-SU-2016:1037
- SUSE-SU-2016:1019
- SUSE-SU-2016:1046
- SUSE-SU-2016:1031
- SUSE-SU-2016:1032
- FEDORA-2016-5d43766e33
- 1034899
- 79899
- DSA-3434
Published: May 2, 2016
Modified: Jan. 5, 2018
Modified: Jan. 5, 2018
CVE-2015-8746
fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2 does not properly initialize memory for migration recovery operations, which allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) via crafted network traffic.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.2
- https://github.com/torvalds/linux/commit/18e3b739fdc826481c6a1335ce0c5b19b3d415da
- [oss-security] 20160105 CVE request -- linux kernel: nfs: kernel panic occurs at nfs client when nfsv4.2 migration is executed
- https://bugzilla.redhat.com/show_bug.cgi?id=1295802
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=18e3b739fdc826481c6a1335ce0c5b19b3d415da
- 1034594
- RHSA-2016:2584
- RHSA-2016:2574
Published: Feb. 8, 2016
Modified: Aug. 30, 2018
Modified: Aug. 30, 2018
CVE-2015-8767
net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
Severity: MEDIUM (6.2) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- https://github.com/torvalds/linux/commit/635682a14427d241bab7bbdeebb48a7d7b91638e
- [oss-security] 20160111 CVE Request: Linux kernel - SCTP denial of service during heartbeat timeout functions.
- https://bugzilla.redhat.com/show_bug.cgi?id=1297389
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=635682a14427d241bab7bbdeebb48a7d7b91638e
- RHSA-2016:1341
- RHSA-2016:1277
- RHSA-2016:1301
- RHSA-2016:0715
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- 80268
- SUSE-SU-2016:2074
- DSA-3503
- openSUSE-SU-2016:1008
- USN-2967-1
- USN-2967-2
- USN-2930-1
- USN-2931-1
- USN-2932-1
- USN-2930-3
- USN-2930-2
- SUSE-SU-2016:0911
- SUSE-SU-2016:1102
- FEDORA-2016-5d43766e33
- DSA-3448
Published: Feb. 8, 2016
Modified: Jan. 31, 2022
Modified: Jan. 31, 2022
CVE-2015-8785
The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.
Severity: MEDIUM (6.2) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3ca8138f014a913f98e6ef40e939868e1e9ea876
- [oss-security] 20160124 CVE Request: Linux: fuse: possible denial of service in fuse_fill_write_pages()
- https://bugzilla.redhat.com/show_bug.cgi?id=1290642
- https://github.com/torvalds/linux/commit/3ca8138f014a913f98e6ef40e939868e1e9ea876
- SUSE-SU-2016:1764
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
- SUSE-SU-2016:2074
- 81688
- DSA-3503
- openSUSE-SU-2016:1008
- SUSE-SU-2016:0911
- SUSE-SU-2016:1102
- USN-2886-1
Published: April 27, 2016
Modified: Jan. 19, 2023
Modified: Jan. 19, 2023
CVE-2015-8812
drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1303532
- [oss-security] 20160211 Linux kernel: Flaw in CXGB3 driver.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3
- https://github.com/torvalds/linux/commit/67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3
- SUSE-SU-2016:1764
- SUSE-SU-2016:2074
- 83218
- DSA-3503
- USN-2967-1
- USN-2967-2
- openSUSE-SU-2016:1008
- SUSE-SU-2016:1039
- SUSE-SU-2016:1035
- SUSE-SU-2016:1033
- USN-2946-2
- SUSE-SU-2016:1045
- SUSE-SU-2016:1041
- SUSE-SU-2016:1037
- USN-2947-3
- USN-2948-2
- SUSE-SU-2016:1046
- USN-2947-1
- SUSE-SU-2016:1031
- USN-2949-1
- SUSE-SU-2016:1040
- SUSE-SU-2016:1034
- USN-2947-2
- USN-2946-1
- SUSE-SU-2016:1038
- SUSE-SU-2016:1019
- SUSE-SU-2016:0911
- SUSE-SU-2016:1032
- SUSE-SU-2016:1102
- USN-2948-1
- RHSA-2016:2584
- RHSA-2016:2574
Published: April 27, 2016
Modified: Nov. 1, 2023
Modified: Nov. 1, 2023
CVE-2015-8816
The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.
Severity: MEDIUM (6.8) Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1311589
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e50293ef9775c5f1cf3fcc093037dd6a8c5684ea
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.5
- [oss-security] 20160223 CVE Request: Linux kernel USB hub invalid memory access in hub_activate()
- https://github.com/torvalds/linux/commit/e50293ef9775c5f1cf3fcc093037dd6a8c5684ea
- http://source.android.com/security/bulletin/2016-07-01.html
- SUSE-SU-2016:1672
- SUSE-SU-2016:1690
- SUSE-SU-2016:1707
- SUSE-SU-2016:1764
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
- SUSE-SU-2016:1995
- SUSE-SU-2016:2002
- SUSE-SU-2016:1961
- SUSE-SU-2016:2014
- SUSE-SU-2016:2006
- SUSE-SU-2016:2074
- SUSE-SU-2016:2007
- SUSE-SU-2016:2010
- 83363
- SUSE-SU-2016:2001
- SUSE-SU-2016:1994
- SUSE-SU-2016:2005
- SUSE-SU-2016:2009
- DSA-3503
- SUSE-SU-2016:1019
Published: April 27, 2016
Modified: Jan. 5, 2018
Modified: Jan. 5, 2018
CVE-2015-8844
The signal implementation in the Linux kernel before 4.3.5 on powerpc platforms does not check for an MSR with both the S and T bits set, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
- [oss-security] 20160413 CVE Request: Linux kernel: incorrect restoration of machine specific registers from signal handler.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d2b9d2a5ad5ef04ff978c9923d19730cb05efd55
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.5
- https://bugzilla.redhat.com/show_bug.cgi?id=1326540
- https://github.com/torvalds/linux/commit/d2b9d2a5ad5ef04ff978c9923d19730cb05efd55
- 1035594
- RHSA-2016:2584
- RHSA-2016:2574
Published: April 27, 2016
Modified: Jan. 5, 2018
Modified: Jan. 5, 2018
CVE-2015-8845
The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- [oss-security] 20160413 CVE Request: Linux kernel: incorrect restoration of machine specific registers from signal handler.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7f821fc9c77a9b01fe7b1d6e72717b33d8d64142
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1
- https://bugzilla.redhat.com/show_bug.cgi?id=1326540
- https://github.com/torvalds/linux/commit/7f821fc9c77a9b01fe7b1d6e72717b33d8d64142
- SUSE-SU-2016:1690
- SUSE-SU-2016:1937
- openSUSE-SU-2016:2184
- SUSE-SU-2016:2105
- 1035594
- RHSA-2016:2584
- RHSA-2016:2574
Published: Oct. 10, 2016
Modified: Nov. 28, 2016
Modified: Nov. 28, 2016
CVE-2015-8950
arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
- https://github.com/torvalds/linux/commit/6829e274a623187c24f7cfc0e3d35f25d087fcc5
- https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=6e2c437a2d0a85d90d3db85a7471f99764f7bbf8
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6829e274a623187c24f7cfc0e3d35f25d087fcc5
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3
- http://source.android.com/security/bulletin/2016-10-01.html
- 93318
Published: Oct. 17, 2016
Modified: Nov. 28, 2016
Modified: Nov. 28, 2016
CVE-2015-8953
fs/overlayfs/copy_up.c in the Linux kernel before 4.2.6 uses an incorrect cleanup code path, which allows local users to cause a denial of service (dentry reference leak) via filesystem operations on a large file in a lower overlayfs layer.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ab79efab0a0ba01a74df782eb7fa44b044dae8b5
- https://bugzilla.redhat.com/show_bug.cgi?id=1367814
- https://github.com/torvalds/linux/commit/ab79efab0a0ba01a74df782eb7fa44b044dae8b5
- [oss-security] 20160823 cve request: overlayfs: Fix dentry reference leak
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.6
- 92611
Published: Oct. 10, 2016
Modified: Oct. 5, 2023
Modified: Oct. 5, 2023
CVE-2015-8955
arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during a span of multiple HW PMUs.
Severity: HIGH (7.3) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Oct. 10, 2016
Modified: Jan. 5, 2018
Modified: Jan. 5, 2018
CVE-2015-8956
The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket.
Severity: MEDIUM (6.1) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Links:
Published: Nov. 16, 2016
Modified: Jan. 19, 2023
Modified: Jan. 19, 2023
CVE-2015-8962
Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call.
Severity: HIGH (7.3) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Nov. 16, 2016
Modified: Dec. 14, 2023
Modified: Dec. 14, 2023
CVE-2015-8963
Race condition in kernel/events/core.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation.
Severity: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Nov. 16, 2016
Modified: Nov. 28, 2016
Modified: Nov. 28, 2016
CVE-2015-8964
The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel before 4.5 allows local users to obtain sensitive information from kernel memory by reading a tty data structure.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Dec. 9, 2016
Modified: Dec. 10, 2016
Modified: Dec. 10, 2016
CVE-2015-8966
arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 4.4 allows local users to gain privileges via a crafted (1) F_OFD_GETLK, (2) F_OFD_SETLK, or (3) F_OFD_SETLKW command in an fcntl64 system call.
Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Dec. 9, 2016
Modified: Jan. 19, 2023
Modified: Jan. 19, 2023
CVE-2015-8967
arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Nov. 28, 2016
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2015-8970
crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that does not supply a key, related to the lrw_crypt function in crypto/lrw.c.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.2
- https://github.com/torvalds/linux/commit/dd504589577d8e8e70f51f997ad487a4cb6c026f
- https://bugzilla.redhat.com/show_bug.cgi?id=1386286
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd504589577d8e8e70f51f997ad487a4cb6c026f
- [oss-security] 20161104 Re: CVE request -- linux kernel: crypto: GPF in lrw_crypt caused by null-deref
- 94217
- RHSA-2017:2444
- RHSA-2017:2437
- RHSA-2017:2077
- RHSA-2017:1842
- https://groups.google.com/forum/#%21msg/syzkaller/frb2XrB5aWk/xCXzkIBcDAAJ
Published: May 3, 2017
Modified: Jan. 19, 2023
Modified: Jan. 19, 2023
CVE-2015-9004
kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 28, 2019
Modified: Dec. 11, 2019
Modified: Dec. 11, 2019
CVE-2015-9289
In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Links:
Published: Feb. 8, 2016
Modified: Dec. 6, 2016
Modified: Dec. 6, 2016
CVE-2016-0723
Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.
Severity: MEDIUM (6.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Links:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5c17c861a357e9458001f021a7afa7aab9937439
- https://github.com/torvalds/linux/commit/5c17c861a357e9458001f021a7afa7aab9937439
- https://bugzilla.redhat.com/show_bug.cgi?id=1296253
- https://security-tracker.debian.org/tracker/CVE-2016-0723
- http://source.android.com/security/bulletin/2016-07-01.html
- SUSE-SU-2016:1764
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
- SUSE-SU-2016:2074
- 82950
- DSA-3503
- openSUSE-SU-2016:1008
- USN-2967-1
- USN-2967-2
- USN-2930-1
- USN-2929-1
- USN-2932-1
- USN-2948-2
- 1035695
- USN-2930-2
- USN-2929-2
- USN-2930-3
- SUSE-SU-2016:0911
- SUSE-SU-2016:1102
- USN-2948-1
- FEDORA-2016-5d43766e33
- DSA-3448
- FEDORA-2016-2f25d12c51
- https://support.f5.com/csp/article/K43650115
Published: June 27, 2016
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2016-0758
Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1300257
- [oss-security] 20160513 CVE-2016-0758 - Linux kernel - Flaw in ASN.1 DER decoder for x509 certificate DER files.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa
- https://github.com/torvalds/linux/commit/23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa
- RHSA-2016:1033
- SUSE-SU-2016:1672
- RHSA-2016:1051
- SUSE-SU-2016:1690
- HPSBHF3548
- RHSA-2016:1055
- USN-2979-4
- SUSE-SU-2016:1937
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://source.android.com/security/bulletin/2016-10-01.html
- SUSE-SU-2016:1995
- SUSE-SU-2016:2000
- SUSE-SU-2016:2002
- SUSE-SU-2016:1961
- SUSE-SU-2016:2014
- SUSE-SU-2016:2006
- SUSE-SU-2016:2007
- SUSE-SU-2016:1985
- SUSE-SU-2016:2010
- openSUSE-SU-2016:1641
- openSUSE-SU-2016:2184
- SUSE-SU-2016:2001
- SUSE-SU-2016:1994
- SUSE-SU-2016:2003
- SUSE-SU-2016:2011
- 90626
- SUSE-SU-2016:2005
- SUSE-SU-2016:2105
- SUSE-SU-2016:2009
Published: March 13, 2016
Modified: Jan. 31, 2022
Modified: Jan. 31, 2022
CVE-2016-0821
The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Links:
- http://source.android.com/security/bulletin/2016-03-01.html
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8a5e5e02fc83aaf67053ab53b359af08c6c49aaf
- [oss-security] 20150502 Re: CVE request for a fixed bug existed in all versions of linux kernel from KeenTeam
- https://github.com/torvalds/linux/commit/8a5e5e02fc83aaf67053ab53b359af08c6c49aaf
- 84260
- DSA-3607
- USN-2968-1
- USN-2969-1
- USN-2971-1
- USN-2967-1
- USN-2967-2
- USN-2971-2
- USN-2970-1
- USN-2971-3
- USN-2968-2
Published: March 13, 2016
Modified: Nov. 28, 2016
Modified: Nov. 28, 2016
CVE-2016-0823
The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721.
Severity: MEDIUM (4.0) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Links:
- http://source.android.com/security/bulletin/2016-03-01.html
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.3
- http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ab676b7d6fbf4b294bf198fb27ade5b0e865c7ce
- https://github.com/torvalds/linux/commit/ab676b7d6fbf4b294bf198fb27ade5b0e865c7ce
- 84265
Published: Feb. 7, 2017
Modified: Jan. 18, 2023
Modified: Jan. 18, 2023
CVE-2016-10044
The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://github.com/torvalds/linux/commit/22f6b4d34fcf039c63a94e7670e0da24f8575a5a
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.7
- http://source.android.com/security/bulletin/2017-02-01.html
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=22f6b4d34fcf039c63a94e7670e0da24f8575a5a
- 96122
- 1037798
Published: Dec. 30, 2016
Modified: June 7, 2023
Modified: June 7, 2023
CVE-2016-10088
The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576.
Severity: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://github.com/torvalds/linux/commit/128394eff343fc6d2f32172f03e24829539c5835
- [oss-security] 20161230 Re: Linux Kernel use-after-free in SCSI generic device interface
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=128394eff343fc6d2f32172f03e24829539c5835
- 95169
- 1037538
- RHSA-2017:2669
- RHSA-2017:2077
- RHSA-2017:1842
- RHSA-2017:0817
Published: March 8, 2017
Modified: June 7, 2023
Modified: June 7, 2023
CVE-2016-10200
Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c.
Severity: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://github.com/torvalds/linux/commit/32c231164b762dddefa13af5a0101032c70b50ef
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.14
- http://source.android.com/security/bulletin/2017-03-01.html
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=32c231164b762dddefa13af5a0101032c70b50ef
- 1037968
- 1037965
- 101783
- RHSA-2017:2444
- RHSA-2017:2437
- RHSA-2017:2077
- RHSA-2017:1842
Published: April 4, 2017
Modified: Nov. 3, 2022
Modified: Nov. 3, 2022
CVE-2016-10229
udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
- https://github.com/torvalds/linux/commit/197c949e7798fbf28cfadc69d9ca0c2abbf93191
- http://source.android.com/security/bulletin/2017-04-01.html
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=197c949e7798fbf28cfadc69d9ca0c2abbf93191
- 97397
- 1038201
- https://security.paloaltonetworks.com/CVE-2016-10229
Published: June 27, 2016
Modified: Sept. 12, 2023
Modified: Sept. 12, 2023
CVE-2016-1583
The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://github.com/torvalds/linux/commit/2f36db71009304b3f0b95afacd8eba1f9f046b87
- https://github.com/torvalds/linux/commit/f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f36db71009304b3f0b95afacd8eba1f9f046b87
- https://bugzilla.redhat.com/show_bug.cgi?id=1344721
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3
- [oss-security] 20160622 Re: [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ
- https://bugs.chromium.org/p/project-zero/issues/detail?id=836
- [oss-security] 20160610 [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ
- USN-2997-1
- USN-2996-1
- USN-3002-1
- USN-3001-1
- USN-3004-1
- USN-3000-1
- USN-2998-1
- USN-3003-1
- 39992
- http://packetstormsecurity.com/files/137560/Linux-ecryptfs-Stack-Overflow.html
- USN-3005-1
- USN-3006-1
- USN-2999-1
- SUSE-SU-2016:1596
- USN-3007-1
- SUSE-SU-2016:1672
- SUSE-SU-2016:1696
- USN-3008-1
- SUSE-SU-2016:1937
- SUSE-SU-2016:1995
- SUSE-SU-2016:2000
- SUSE-SU-2016:2002
- DSA-3607
- SUSE-SU-2016:1961
- 91157
- SUSE-SU-2016:2014
- SUSE-SU-2016:2006
- SUSE-SU-2016:2007
- SUSE-SU-2016:1985
- SUSE-SU-2016:2010
- openSUSE-SU-2016:1641
- openSUSE-SU-2016:2184
- SUSE-SU-2016:1994
- SUSE-SU-2016:2005
- SUSE-SU-2016:2105
- SUSE-SU-2016:2009
- 1036763
- RHSA-2017:2760
- RHSA-2016:2766
- RHSA-2016:2124
- https://github.com/torvalds/linux/commit/f0fe970df3838c202ef6c07a4c2b36838ef0a88b
Published: May 2, 2016
Modified: Aug. 30, 2018
Modified: Aug. 30, 2018
CVE-2016-2053
The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c.
Severity: MEDIUM (4.7) Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- [oss-security] 20160125 Re: Linux kernel : Denial of service with specially crafted key file.
- https://github.com/torvalds/linux/commit/0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f
- https://bugzilla.redhat.com/show_bug.cgi?id=1300237
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f
- SUSE-SU-2016:1672
- SUSE-SU-2016:1690
- SUSE-SU-2016:1937
- SUSE-SU-2016:1995
- SUSE-SU-2016:2000
- SUSE-SU-2016:2002
- SUSE-SU-2016:1961
- SUSE-SU-2016:2014
- SUSE-SU-2016:2006
- SUSE-SU-2016:2007
- SUSE-SU-2016:1985
- SUSE-SU-2016:2010
- openSUSE-SU-2016:1641
- openSUSE-SU-2016:2184
- SUSE-SU-2016:2001
- SUSE-SU-2016:1994
- SUSE-SU-2016:2003
- SUSE-SU-2016:2011
- SUSE-SU-2016:2005
- SUSE-SU-2016:2105
- SUSE-SU-2016:2009
- 1036763
- RHSA-2016:2584
- RHSA-2016:2574
Published: May 6, 2016
Modified: Aug. 3, 2020
Modified: Aug. 3, 2020
CVE-2016-2059
The msm_ipc_router_bind_control_port function in net/ipc_router/ipc_router_core.c in the IPC router kernel module for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify that a port is a client port, which allows attackers to gain privileges or cause a denial of service (race condition and list corruption) by making many BIND_CONTROL_PORT ioctl calls.
Severity: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: June 13, 2016
Modified: Aug. 4, 2020
Modified: Aug. 4, 2020
CVE-2016-2061
Integer signedness error in the MSM V4L2 video driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (array overflow and memory corruption) via a crafted application that triggers an msm_isp_axi_create_stream call.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: May 6, 2016
Modified: Aug. 3, 2020
Modified: Aug. 3, 2020
CVE-2016-2062
The adreno_perfcounter_query_group function in drivers/gpu/msm/adreno_perfcounter.c in the Adreno GPU driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, uses an incorrect integer data type, which allows attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and incorrect memory allocation) or possibly have unspecified other impact via a crafted IOCTL_KGSL_PERFCOUNTER_QUERY ioctl call.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Aug. 8, 2016
Modified: Aug. 6, 2020
Modified: Aug. 6, 2020
CVE-2016-2063
Stack-based buffer overflow in the supply_lm_input_write function in drivers/thermal/supply_lm_core.c in the MSM Thermal driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application that sends a large amount of data through the debugfs interface.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Aug. 8, 2016
Modified: Aug. 4, 2020
Modified: Aug. 4, 2020
CVE-2016-2064
sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted application that makes an ioctl call specifying many commands.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Aug. 8, 2016
Modified: Aug. 3, 2020
Modified: Aug. 3, 2020
CVE-2016-2065
sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (out-of-bounds write and memory corruption) or possibly have unspecified other impact via a crafted application that makes an ioctl call triggering incorrect use of a parameters pointer.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: June 13, 2016
Modified: Aug. 6, 2020
Modified: Aug. 6, 2020
CVE-2016-2066
Integer signedness error in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application that makes an ioctl call.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 11, 2016
Modified: Aug. 4, 2020
Modified: Aug. 4, 2020
CVE-2016-2067
drivers/gpu/msm/kgsl.c in the MSM graphics driver (aka GPU driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, mishandles the KGSL_MEMFLAGS_GPUREADONLY flag, which allows attackers to gain privileges by leveraging accidental read-write mappings, aka Qualcomm internal bug CR988993.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 11, 2016
Modified: July 31, 2020
Modified: July 31, 2020
CVE-2016-2068
The MSM QDSP6 audio driver (aka sound driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (integer overflow, and buffer overflow or buffer over-read) via a crafted application that performs a (1) AUDIO_EFFECTS_WRITE or (2) AUDIO_EFFECTS_READ operation, aka Qualcomm internal bug CR1006609.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
- http://source.android.com/security/bulletin/2016-07-01.html
- https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=9900650540c889f761d102202bc80306ae80ab83
- https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=2c04c0dab66013b7dfbe4d5a523c2c1d6b5b11d6
- https://www.codeaurora.org/multiple-vulnerabilities-msm-qdsp6-audio-driver-allow-kernel-memory-corruption-cve-2016-2068-0
- https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=01ee86da5a0cd788f134e360e2be517ef52b6b00
Published: April 27, 2016
Modified: Jan. 5, 2018
Modified: Jan. 5, 2018
CVE-2016-2069
Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU.
Severity: HIGH (7.4) Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
- [oss-security] 20160124 CVE Request: x86 Linux TLB flush bug
- https://bugzilla.redhat.com/show_bug.cgi?id=1301893
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71b3c126e61177eb693423f2e18a1914205b165e
- https://github.com/torvalds/linux/commit/71b3c126e61177eb693423f2e18a1914205b165e
- USN-2998-1
- USN-2989-1
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
- SUSE-SU-2016:2074
- 81809
- DSA-3503
- openSUSE-SU-2016:1008
- USN-2967-1
- USN-2967-2
- USN-2931-1
- USN-2932-1
- SUSE-SU-2016:0911
- SUSE-SU-2016:1102
- RHSA-2017:0817
- RHSA-2016:2584
- RHSA-2016:2574
Published: April 27, 2016
Modified: Dec. 3, 2016
Modified: Dec. 3, 2016
CVE-2016-2085
The evm_verify_hmac function in security/integrity/evm/evm_main.c in the Linux kernel before 4.5 does not properly copy data, which makes it easier for local users to forge MAC values via a timing side-channel attack.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1324867
- https://github.com/torvalds/linux/commit/613317bd212c585c20796c10afe5daaa95d4b0a1
- https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2085.html
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=613317bd212c585c20796c10afe5daaa95d4b0a1
- https://security-tracker.debian.org/tracker/CVE-2016-2085
- USN-2949-1
- USN-2946-2
- USN-2947-2
- USN-2946-1
- USN-2947-3
- USN-2948-2
- USN-2947-1
- USN-2948-1
Published: April 27, 2016
Modified: Jan. 5, 2018
Modified: Jan. 5, 2018
CVE-2016-2384
Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.
Severity: MEDIUM (4.6) Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- [oss-security] 20160214 CVE Request: Linux: ALSA: usb-audio: double-free triggered by invalid USB descriptor
- https://bugzilla.redhat.com/show_bug.cgi?id=1308444
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=07d86ca93db7e5cdf4743564d98292042ec21af7
- https://github.com/torvalds/linux/commit/07d86ca93db7e5cdf4743564d98292042ec21af7
- SUSE-SU-2016:1764
- SUSE-SU-2016:2074
- 83256
- DSA-3503
- openSUSE-SU-2016:1008
- SUSE-SU-2016:1039
- SUSE-SU-2016:1035
- SUSE-SU-2016:1033
- USN-2930-1
- SUSE-SU-2016:1045
- USN-2929-1
- SUSE-SU-2016:1041
- SUSE-SU-2016:1037
- USN-2932-1
- USN-2928-1
- SUSE-SU-2016:1046
- USN-2930-2
- USN-2929-2
- SUSE-SU-2016:1031
- SUSE-SU-2016:1040
- SUSE-SU-2016:1034
- USN-2931-1
- SUSE-SU-2016:1038
- SUSE-SU-2016:1019
- USN-2930-3
- SUSE-SU-2016:0911
- SUSE-SU-2016:1032
- SUSE-SU-2016:1102
- USN-2928-2
- 1035072
- https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-2384
- RHSA-2017:0817
- RHSA-2016:2584
- RHSA-2016:2574
Published: April 27, 2016
Modified: Sept. 7, 2017
Modified: Sept. 7, 2017
CVE-2016-2543
The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel before 4.4.1 does not verify FIFO assignment before proceeding with FIFO clearing, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted ioctl call.
Severity: MEDIUM (6.2) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1
- [oss-security] 20160119 Security bugs in Linux kernel sound subsystem
- https://bugzilla.redhat.com/show_bug.cgi?id=1311554
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=030e2c78d3a91dd0d27fef37e91950dde333eba1
- https://github.com/torvalds/linux/commit/030e2c78d3a91dd0d27fef37e91950dde333eba1
- SUSE-SU-2016:2074
- 83377
- DSA-3503
- USN-2967-1
- USN-2967-2
- USN-2930-1
- USN-2931-1
- USN-2929-1
- USN-2932-1
- USN-2930-3
- USN-2930-2
- USN-2929-2
- SUSE-SU-2016:0911
- SUSE-SU-2016:1102
- 1035304
Published: April 27, 2016
Modified: Sept. 7, 2017
Modified: Sept. 7, 2017
CVE-2016-2544
Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel before 4.4.1 allows local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time.
Severity: MEDIUM (5.1) Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1311558
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1
- https://github.com/torvalds/linux/commit/3567eb6af614dac436c4b16a8d426f9faed639b3
- [oss-security] 20160119 Security bugs in Linux kernel sound subsystem
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3567eb6af614dac436c4b16a8d426f9faed639b3
- SUSE-SU-2016:2074
- 83380
- DSA-3503
- USN-2967-1
- USN-2967-2
- USN-2930-1
- USN-2931-1
- USN-2929-1
- USN-2932-1
- USN-2930-3
- USN-2930-2
- USN-2929-2
- SUSE-SU-2016:0911
- SUSE-SU-2016:1102
- 1035305
Published: April 27, 2016
Modified: Sept. 7, 2017
Modified: Sept. 7, 2017
CVE-2016-2545
The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly maintain a certain linked list, which allows local users to cause a denial of service (race condition and system crash) via a crafted ioctl call.
Severity: MEDIUM (5.1) Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1311560
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1
- [oss-security] 20160119 Security bugs in Linux kernel sound subsystem
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee8413b01045c74340aa13ad5bdf905de32be736
- https://github.com/torvalds/linux/commit/ee8413b01045c74340aa13ad5bdf905de32be736
- 83381
- SUSE-SU-2016:2074
- DSA-3503
- USN-2967-1
- USN-2967-2
- USN-2930-1
- USN-2931-1
- USN-2929-1
- USN-2932-1
- USN-2930-3
- USN-2930-2
- USN-2929-2
- SUSE-SU-2016:0911
- SUSE-SU-2016:1102
- 1035296
Published: April 27, 2016
Modified: Sept. 7, 2017
Modified: Sept. 7, 2017
CVE-2016-2546
sound/core/timer.c in the Linux kernel before 4.4.1 uses an incorrect type of mutex, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call.
Severity: MEDIUM (5.1) Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1311564
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=af368027a49a751d6ff4ee9e3f9961f35bb4fede
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1
- [oss-security] 20160119 Security bugs in Linux kernel sound subsystem
- https://github.com/torvalds/linux/commit/af368027a49a751d6ff4ee9e3f9961f35bb4fede
- 83384
- SUSE-SU-2016:2074
- DSA-3503
- USN-2967-1
- USN-2967-2
- USN-2930-1
- USN-2931-1
- USN-2929-1
- USN-2932-1
- USN-2930-3
- USN-2930-2
- USN-2929-2
- SUSE-SU-2016:0911
- SUSE-SU-2016:1102
- 1035301
Published: April 27, 2016
Modified: Sept. 7, 2017
Modified: Sept. 7, 2017
CVE-2016-2547
sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call.
Severity: MEDIUM (5.1) Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5a663aa426f4884c71cd8580adae73f33570f0d
- https://github.com/torvalds/linux/commit/b5a663aa426f4884c71cd8580adae73f33570f0d
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1
- [oss-security] 20160119 Security bugs in Linux kernel sound subsystem
- https://bugzilla.redhat.com/show_bug.cgi?id=1311566
- 83378
- SUSE-SU-2016:2074
- DSA-3503
- USN-2967-1
- USN-2967-2
- USN-2930-1
- USN-2931-1
- USN-2929-1
- USN-2932-1
- USN-2930-3
- USN-2930-2
- USN-2929-2
- SUSE-SU-2016:0911
- SUSE-SU-2016:1102
- 1035298
Published: April 27, 2016
Modified: Sept. 7, 2017
Modified: Sept. 7, 2017
CVE-2016-2548
sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop action, which allows local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions.
Severity: MEDIUM (6.2) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5a663aa426f4884c71cd8580adae73f33570f0d
- https://github.com/torvalds/linux/commit/b5a663aa426f4884c71cd8580adae73f33570f0d
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1
- [oss-security] 20160119 Security bugs in Linux kernel sound subsystem
- https://bugzilla.redhat.com/show_bug.cgi?id=1311568
- SUSE-SU-2016:2074
- 83383
- DSA-3503
- USN-2967-1
- USN-2967-2
- USN-2930-1
- USN-2931-1
- USN-2929-1
- USN-2932-1
- USN-2930-3
- USN-2930-2
- USN-2929-2
- SUSE-SU-2016:0911
- SUSE-SU-2016:1102
- 1035306
Published: April 27, 2016
Modified: Dec. 3, 2016
Modified: Dec. 3, 2016
CVE-2016-2549
sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call.
Severity: MEDIUM (6.2) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1
- [oss-security] 20160119 Security bugs in Linux kernel sound subsystem
- https://github.com/torvalds/linux/commit/2ba1fe7a06d3624f9a7586d672b55f08f7c670f3
- https://bugzilla.redhat.com/show_bug.cgi?id=1311570
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2ba1fe7a06d3624f9a7586d672b55f08f7c670f3
- SUSE-SU-2016:2074
- 83382
- DSA-3503
- USN-2967-1
- USN-2967-2
- USN-2930-1
- USN-2931-1
- USN-2929-1
- USN-2932-1
- USN-2930-3
- USN-2930-2
- USN-2929-2
- SUSE-SU-2016:0911
- SUSE-SU-2016:1102
Published: April 27, 2016
Modified: Jan. 18, 2018
Modified: Jan. 18, 2018
CVE-2016-2550
The Linux kernel before 4.5 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by leveraging incorrect tracking of descriptor ownership and sending each descriptor over a UNIX socket before closing it. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-4312.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1311517
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=415e3d3e90ce9e18727e8843ae343eda5a58fad6
- [oss-security] 20160223 CVE Request: Linux: unix: correctly track in-flight fds in sending process user_struct sockets
- https://github.com/torvalds/linux/commit/415e3d3e90ce9e18727e8843ae343eda5a58fad6
- DSA-3503
- USN-2949-1
- USN-2946-2
- USN-2947-2
- USN-2946-1
- USN-2947-3
- USN-2948-2
- USN-2947-1
- USN-2948-1
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Published: April 27, 2016
Modified: Sept. 12, 2023
Modified: Sept. 12, 2023
CVE-2016-2847
fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes.
Severity: MEDIUM (6.2) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1313428
- [oss-security] 20160301 CVE request -- linux kernel: pipe: limit the per-user amount of pages allocated in pipes
- https://github.com/torvalds/linux/commit/759c01142a5d0f364a462346168a56de28a80f52
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=759c01142a5d0f364a462346168a56de28a80f52
- SUSE-SU-2016:1672
- SUSE-SU-2016:1696
- SUSE-SU-2016:1690
- SUSE-SU-2016:1707
- SUSE-SU-2016:1937
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
- 83870
- SUSE-SU-2016:2074
- openSUSE-SU-2016:1382
- DSA-3503
- USN-2967-1
- USN-2967-2
- USN-2946-2
- USN-2947-3
- USN-2948-2
- USN-2947-1
- USN-2949-1
- USN-2947-2
- USN-2946-1
- USN-2948-1
- RHSA-2017:0217
- RHSA-2016:2584
- RHSA-2016:2574
Published: Aug. 6, 2016
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2016-3070
The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move.
Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1308846
- https://security-tracker.debian.org/tracker/CVE-2016-3070
- https://github.com/torvalds/linux/commit/42cb14b110a5698ccf26ce59c4441722605a3743
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=42cb14b110a5698ccf26ce59c4441722605a3743
- USN-3036-1
- USN-3035-1
- DSA-3607
- USN-3035-3
- USN-3035-2
- USN-3034-2
- USN-3037-1
- 90518
- USN-3034-1
- RHSA-2016:2584
- RHSA-2016:2574
Published: April 27, 2016
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2016-3139
The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
Severity: MEDIUM (4.6) Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- 39538
- SUSE-SU-2016:1690
- https://bugzilla.redhat.com/show_bug.cgi?id=1316993
- https://bugzilla.redhat.com/show_bug.cgi?id=1283377
- https://security-tracker.debian.org/tracker/CVE-2016-3139
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=471d17148c8b4174ac5f5283a73316d12c4379bc
- SUSE-SU-2016:1764
- https://github.com/torvalds/linux/commit/471d17148c8b4174ac5f5283a73316d12c4379bc
- https://bugzilla.redhat.com/show_bug.cgi?id=1283375
- SUSE-SU-2016:1707
- SUSE-SU-2016:1672
- SUSE-SU-2016:1019
- SUSE-SU-2016:2074
Published: Aug. 6, 2016
Modified: April 2, 2024
Modified: April 2, 2024
CVE-2016-3841
The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call.
Severity: HIGH (7.3) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Links:
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3
- https://github.com/torvalds/linux/commit/45f6fad84cc305103b28d73482b344d7f5b76f39
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=45f6fad84cc305103b28d73482b344d7f5b76f39
- http://source.android.com/security/bulletin/2016-08-01.html
- 92227
- RHSA-2016:2695
- RHSA-2016:2584
- RHSA-2016:2574
- RHSA-2016:0855
Published: July 4, 2016
Modified: Nov. 3, 2022
Modified: Nov. 3, 2022
CVE-2016-3955
The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP packet.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
- https://github.com/torvalds/linux/commit/b348d7dddb6c4fbfc810b7a0626e8ec9e29f7cbb
- https://bugzilla.redhat.com/show_bug.cgi?id=1328478
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b348d7dddb6c4fbfc810b7a0626e8ec9e29f7cbb
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3
- [oss-security] 20160419 CVE Request: Linux kernel: remote buffer overflow in usbip
- USN-2997-1
- USN-2996-1
- USN-3002-1
- USN-3001-1
- USN-3004-1
- USN-2989-1
- USN-3000-1
- USN-2998-1
- USN-3003-1
- openSUSE-SU-2016:1641
- DSA-3607
- 86534
Published: May 23, 2016
Modified: Jan. 18, 2023
Modified: Jan. 18, 2023
CVE-2016-4565
The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://github.com/torvalds/linux/commit/e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3
- [oss-security] 20160507 CVE Request: Linux: IB/security: Restrict use of the write() interface'
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3
- https://bugzilla.redhat.com/show_bug.cgi?id=1310570
- USN-3018-1
- USN-3019-1
- USN-3018-2
- RHSA-2016:1341
- RHSA-2016:1277
- RHSA-2016:1301
- USN-3002-1
- USN-3001-1
- USN-3004-1
- USN-3003-1
- USN-3021-1
- USN-3005-1
- USN-3021-2
- USN-3007-1
- SUSE-SU-2016:1672
- SUSE-SU-2016:1690
- USN-3006-1
- SUSE-SU-2016:1937
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- SUSE-SU-2016:1995
- SUSE-SU-2016:2000
- 90301
- DSA-3607
- SUSE-SU-2016:2014
- SUSE-SU-2016:2010
- openSUSE-SU-2016:1641
- SUSE-SU-2016:2001
- SUSE-SU-2016:1994
- RHSA-2016:1617
- SUSE-SU-2016:2011
- RHSA-2016:1581
- RHSA-2016:1657
- SUSE-SU-2016:2002
- SUSE-SU-2016:1961
- SUSE-SU-2016:2006
- RHSA-2016:1489
- SUSE-SU-2016:2007
- SUSE-SU-2016:1985
- openSUSE-SU-2016:2184
- RHSA-2016:1640
- SUSE-SU-2016:2003
- SUSE-SU-2016:2005
- SUSE-SU-2016:2105
- RHSA-2016:1814
- SUSE-SU-2016:2009
- RHSA-2016:1406
Published: May 23, 2016
Modified: Jan. 18, 2023
Modified: Jan. 18, 2023
CVE-2016-4805
Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1f461dcdd296eecedaffffc6bae2bfa90bd7eb89
- https://github.com/torvalds/linux/commit/1f461dcdd296eecedaffffc6bae2bfa90bd7eb89
- https://bugzilla.redhat.com/show_bug.cgi?id=1335803
- [oss-security] 20160515 Re: CVE Requests: Linux: use-after-free issue for ppp channel
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.2
- USN-3021-1
- SUSE-SU-2016:1672
- SUSE-SU-2016:1690
- USN-3021-2
- SUSE-SU-2016:1937
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
- openSUSE-SU-2016:1641
- openSUSE-SU-2016:2184
- DSA-3607
- SUSE-SU-2016:2105
- 90605
- SUSE-SU-2016:1985
- 1036763
Published: May 23, 2016
Modified: Sept. 12, 2023
Modified: Sept. 12, 2023
CVE-2016-4913
The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99d825822eade8d827a1817357cbf3f889a552d6
- [oss-security] 20160518 Re: CVE Request: Linux: information leak in Rock Ridge Extensions to iso9660 -- fs/isofs/rock.c
- https://github.com/torvalds/linux/commit/99d825822eade8d827a1817357cbf3f889a552d6
- https://bugzilla.redhat.com/show_bug.cgi?id=1337528
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5
- [oss-security] 20160518 CVE Request: Linux: information leak in Rock Ridge Extensions to iso9660 -- fs/isofs/rock.c
- USN-3017-2
- USN-3018-2
- USN-3016-4
- USN-3016-1
- USN-3016-2
- USN-3016-3
- USN-3018-1
- USN-3019-1
- USN-3017-3
- USN-3020-1
- USN-3017-1
- USN-3021-1
- USN-3021-2
- SUSE-SU-2016:1672
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
- DSA-3607
- SUSE-SU-2016:1985
- 90730
- RHSA-2018:3096
- RHSA-2018:3083
Published: July 4, 2016
Modified: Sept. 12, 2023
Modified: Sept. 12, 2023
CVE-2016-4997
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- [oss-security] 20160624 Linux CVE-2016-4997 (local privilege escalation) and CVE-2016-4998 (out of bounds memory access)
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce683e5f9d045e5d67d1312a42b359cb2ab2a13c
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3
- https://github.com/torvalds/linux/commit/ce683e5f9d045e5d67d1312a42b359cb2ab2a13c
- https://bugzilla.redhat.com/show_bug.cgi?id=1349722
- USN-3017-2
- USN-3018-2
- SUSE-SU-2016:1710
- USN-3016-4
- USN-3016-1
- USN-3016-2
- USN-3016-3
- USN-3018-1
- USN-3019-1
- SUSE-SU-2016:1709
- USN-3017-3
- USN-3020-1
- USN-3017-1
- SUSE-SU-2016:1937
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- [oss-security] 20160929 CVE request - Linux kernel through 4.6.2 allows escalade privileges via IP6T_SO_SET_REPLACE compat setsockopt call
- https://github.com/nccgroup/TriforceLinuxSyscallFuzzer/tree/master/crash_reports/report_compatIpt
- http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- SUSE-SU-2016:2181
- SUSE-SU-2016:2179
- DSA-3607
- SUSE-SU-2016:2178
- 1036171
- SUSE-SU-2016:1985
- 91451
- openSUSE-SU-2016:2184
- SUSE-SU-2016:2180
- SUSE-SU-2016:2174
- SUSE-SU-2016:2177
- SUSE-SU-2016:2105
- SUSE-SU-2016:2018
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541
- 40489
- 40435
- RHSA-2016:1883
- RHSA-2016:1875
- RHSA-2016:1847
Published: Nov. 11, 2016
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2016-5195
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.3
- https://dirtycow.ninja
- https://security-tracker.debian.org/tracker/CVE-2016-5195
- https://access.redhat.com/security/cve/cve-2016-5195
- https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails
- https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.html
- https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs
- https://github.com/torvalds/linux/commit/19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
- https://bugzilla.suse.com/show_bug.cgi?id=1004418
- https://bugzilla.redhat.com/show_bug.cgi?id=1384344
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
- [oss-security] 20161026 Re: CVE-2016-5195 "Dirty COW" Linux kernel privilege escalation vulnerability
- https://access.redhat.com/security/vulnerabilities/2706661
- VU#243144
- 93793
- https://source.android.com/security/bulletin/2016-11-01.html
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05341463
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05352241
- 40847
- 40839
- https://kc.mcafee.com/corporate/index?page=content&id=SB10176
- https://bto.bluecoat.com/security-advisory/sa134
- https://source.android.com/security/bulletin/2016-12-01.html
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03722en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03707en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03742en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03761en_us
- 1037078
- 40616
- 40611
- https://security.netapp.com/advisory/ntap-20161025-0001/
- RHSA-2017:0372
- RHSA-2016:2133
- RHSA-2016:2132
- RHSA-2016:2128
- RHSA-2016:2127
- RHSA-2016:2126
- RHSA-2016:2124
- RHSA-2016:2120
- RHSA-2016:2118
- RHSA-2016:2110
- RHSA-2016:2107
- RHSA-2016:2106
- RHSA-2016:2105
- RHSA-2016:2098
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- https://security.paloaltonetworks.com/CVE-2016-5195
- openSUSE-SU-2020:0554
- openSUSE-SU-2016:2649
- 20170331 [security bulletin] HPESBGN03722 rev.1 - HPE Operations Agent, Local Escalation of Privilege
- DSA-3696
- http://packetstormsecurity.com/files/139277/Kernel-Live-Patch-Security-Notice-LSN-0012-1.html
- SUSE-SU-2016:3304
- http://fortiguard.com/advisory/FG-IR-16-063
- SUSE-SU-2016:2657
- USN-3104-2
- USN-3104-1
- https://kc.mcafee.com/corporate/index?page=content&id=SB10222
- http://packetstormsecurity.com/files/139286/DirtyCow-Linux-Kernel-Race-Condition.html
- 20161026 Vulnerability in Linux Kernel Affecting Cisco Products: October 2016
- [oss-security] 20161021 CVE-2016-5195 "Dirty COW" Linux kernel privilege escalation vulnerability
- 20161020 [CVE-2016-5195] "Dirty COW" Linux privilege escalation vulnerability
- SUSE-SU-2016:2658
- 20161020 [CVE-2016-5195] "Dirty COW" Linux privilege escalation vulnerability
- SUSE-SU-2016:3069
- SUSE-SU-2016:2673
- http://packetstormsecurity.com/files/139922/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.html
- SUSE-SU-2016:2633
- https://kc.mcafee.com/corporate/index?page=content&id=SB10177
- SUSE-SU-2016:2636
- 20181107 Cisco TelePresence Video Communication Server Test Validation Script Issue
- http://packetstormsecurity.com/files/139287/DirtyCow-Local-Root-Proof-Of-Concept.html
- openSUSE-SU-2016:2583
- SUSE-SU-2016:2630
- USN-3105-1
- USN-3105-2
- SUSE-SU-2016:2634
- [oss-security] 20161103 Re: CVE-2016-5195 "Dirty COW" Linux kernel privilege escalation vulnerability
- SUSE-SU-2016:2596
- http://packetstormsecurity.com/files/142151/Kernel-Live-Patch-Security-Notice-LSN-0021-1.html
- 20170615 [security bulletin] HPESBGN03761 rev.1 - HPE Virtualization Performance Viewer (VPV)/ Cloud Optimizer using Linux, Remote Escalation of Privilege
- SUSE-SU-2016:2635
- SUSE-SU-2016:2585
- USN-3106-4
- USN-3106-3
- [oss-security] 20161030 Re: CVE-2016-5195 test case
- SUSE-SU-2016:2592
- SUSE-SU-2016:2629
- https://www.arista.com/en/support/advisories-notices/security-advisories/1753-security-advisory-0026
- USN-3106-2
- USN-3106-1
- SUSE-SU-2016:2637
- SUSE-SU-2016:2631
- openSUSE-SU-2016:2584
- 20170310 [security bulletin] HPESBGN03707 rev.1 - HPE ConvergedSystem 700 2.0 VMware Kit, Remote Increase of Privilege
- openSUSE-SU-2016:2625
- http://packetstormsecurity.com/files/139923/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.html
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10807
- 20170615 [security bulletin] HPESBGN03761 rev.1 - HPE Virtualization Performance Viewer (VPV)/ Cloud Optimizer using Linux, Remote Escalation of Privilege
- SUSE-SU-2016:2632
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10774
- SUSE-SU-2016:2593
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10770
- 20170331 [security bulletin] HPESBGN03722 rev.1 - HPE Operations Agent, Local Escalation of Privilege
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-dirtycow-en
- SUSE-SU-2016:2638
- SUSE-SU-2016:2659
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05352241
- SUSE-SU-2016:2655
- USN-3107-2
- SUSE-SU-2016:2614
- [oss-security] 20161027 CVE-2016-5195 test case
- USN-3107-1
- 20170310 [security bulletin] HPESBGN03707 rev.1 - HPE ConvergedSystem 700 2.0 VMware Kit, Remote Increase of Privilege
- [oss-security] 20220307 CVE-2022-0847: Linux kernel: overwriting read-only files
- [oss-security] 20220808 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions
- [oss-security] 20220808 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions
- [oss-security] 20220808 CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions
- [oss-security] 20220808 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions
- [oss-security] 20220809 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions
- [oss-security] 20220815 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions
- FEDORA-2016-c3558808cd
- FEDORA-2016-db4b75b352
- FEDORA-2016-c8a0c7eece
Published: Aug. 8, 2016
Modified: Aug. 3, 2020
Modified: Aug. 3, 2020
CVE-2016-5340
The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashmem string as the dentry name.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Aug. 30, 2016
Modified: Aug. 4, 2020
Modified: Aug. 4, 2020
CVE-2016-5342
Heap-based buffer overflow in the wcnss_wlan_write function in drivers/net/wireless/wcnss/wcnss_wlan.c in the wcnss_wlan device driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service or possibly have unspecified other impact by writing to /dev/wcnss_wlan with an unexpected amount of data.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Oct. 10, 2016
Modified: Aug. 3, 2020
Modified: Aug. 3, 2020
CVE-2016-5343
drivers/soc/qcom/qdsp6v2/voice_svc.c in the QDSP6v2 Voice Service driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write request, as demonstrated by a voice_svc_send_req buffer overflow.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Aug. 30, 2016
Modified: Aug. 4, 2020
Modified: Aug. 4, 2020
CVE-2016-5344
Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service or possibly have unspecified other impact via a large size value, related to mdss_compat_utils.c, mdss_fb.c, and mdss_rotator.c.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: June 27, 2016
Modified: Jan. 18, 2023
Modified: Jan. 18, 2023
CVE-2016-5828
The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://patchwork.ozlabs.org/patch/636776/
- [oss-security] 20160625 Re: CVE Request: Linux: powerpc/tm: Always reclaim in start_thread() for exec() class syscalls - Linux kernel
- DSA-3616
- SUSE-SU-2016:1937
- openSUSE-SU-2016:2184
- USN-3071-1
- 91415
- USN-3070-3
- USN-3070-4
- USN-3070-2
- USN-3070-1
- SUSE-SU-2016:2105
- USN-3071-2
- RHSA-2016:2574
Published: June 27, 2016
Modified: Jan. 18, 2023
Modified: Jan. 18, 2023
CVE-2016-5829
Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://github.com/torvalds/linux/commit/93a2001bdfd5376c3dc2158653034c20392d15c5
- [oss-security] 20160626 Re: CVE Request: Linux kernel HID: hiddev buffer overflows
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93a2001bdfd5376c3dc2158653034c20392d15c5
- DSA-3616
- SUSE-SU-2016:1937
- http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- USN-3072-2
- USN-3071-1
- SUSE-SU-2016:2175
- SUSE-SU-2016:2181
- SUSE-SU-2016:2179
- USN-3070-3
- USN-3070-2
- SUSE-SU-2016:2178
- SUSE-SU-2016:1985
- openSUSE-SU-2016:2184
- SUSE-SU-2016:2180
- 91450
- USN-3072-1
- SUSE-SU-2016:2174
- USN-3070-4
- SUSE-SU-2016:2177
- USN-3070-1
- SUSE-SU-2016:2105
- SUSE-SU-2016:2018
- USN-3071-2
- RHSA-2016:2584
- RHSA-2016:2574
- RHSA-2016:2006
Published: April 4, 2017
Modified: July 31, 2020
Modified: July 31, 2020
CVE-2016-5870
The msm_ipc_router_close function in net/ipc_router/ipc_router_socket.c in the ipc_router component for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact by triggering failure of an accept system call for an AF_MSM_IPC socket.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Dec. 28, 2016
Modified: June 7, 2023
Modified: June 7, 2023
CVE-2016-6786
kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 30955111.
Severity: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://github.com/torvalds/linux/commit/f63a8daa5812afef4f06c962351687e1ff9ccb2b
- https://bugzilla.redhat.com/show_bug.cgi?id=1403842
- http://source.android.com/security/bulletin/2016-12-01.html
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f63a8daa5812afef4f06c962351687e1ff9ccb2b
- 94679
- DSA-3791
Published: Dec. 28, 2016
Modified: June 7, 2023
Modified: June 7, 2023
CVE-2016-6787
kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 31095224.
Severity: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://github.com/torvalds/linux/commit/f63a8daa5812afef4f06c962351687e1ff9ccb2b
- https://bugzilla.redhat.com/show_bug.cgi?id=1403842
- http://source.android.com/security/bulletin/2016-12-01.html
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f63a8daa5812afef4f06c962351687e1ff9ccb2b
- 94679
- DSA-3791
Published: Oct. 10, 2016
Modified: Jan. 19, 2023
Modified: Jan. 19, 2023
CVE-2016-7117
Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=34b88a68f26a75e4fded796f1a49c40f82234b7d
- https://bugzilla.redhat.com/show_bug.cgi?id=1382268
- https://bugzilla.novell.com/show_bug.cgi?id=1003077
- https://github.com/torvalds/linux/commit/34b88a68f26a75e4fded796f1a49c40f82234b7d
- https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7117.html
- http://source.android.com/security/bulletin/2016-10-01.html
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.2
- https://security-tracker.debian.org/tracker/CVE-2016-7117
- 93304
- RHSA-2016:2962
- RHSA-2017:0270
- RHSA-2017:0217
- RHSA-2017:0216
- RHSA-2017:0215
- RHSA-2017:0196
- RHSA-2017:0113
- RHSA-2017:0091
- RHSA-2017:0086
- RHSA-2017:0065
- RHSA-2017:0036
- RHSA-2017:0031
Published: Oct. 17, 2016
Modified: Jan. 18, 2023
Modified: Jan. 18, 2023
CVE-2016-7425
The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- [oss-security] 20160916 Re: linux kernel SCSI arcmsr driver: buffer overflow in arcmsr_iop_message_xfer()
- [linux-kernel] 20160915 [patch v2] arcmsr: buffer overflow in arcmsr_iop_message_xfer()
- https://bugzilla.redhat.com/show_bug.cgi?id=1377330
- https://security-tracker.debian.org/tracker/CVE-2016-7425
- [linux-kernel] 20160915 Re: [patch v2] arcmsr: buffer overflow in arcmsr_iop_message_xfer()
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7bc2b55a5c030685b399bb65b6baa9ccc3d1f167
- https://github.com/torvalds/linux/commit/7bc2b55a5c030685b399bb65b6baa9ccc3d1f167
- 93037
- USN-3147-1
- USN-3146-2
- USN-3146-1
- USN-3145-2
- USN-3145-1
- USN-3144-2
- USN-3144-1
Published: Nov. 16, 2016
Modified: Jan. 19, 2023
Modified: Jan. 19, 2023
CVE-2016-7910
Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.1
- https://github.com/torvalds/linux/commit/77da160530dd1dc94f6ae15a981f24e5f0021e84
- http://source.android.com/security/bulletin/2016-11-01.html
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77da160530dd1dc94f6ae15a981f24e5f0021e84
- 94135
- RHSA-2017:1308
- RHSA-2017:1298
- RHSA-2017:1297
- RHSA-2017:0892
Published: Nov. 16, 2016
Modified: Jan. 19, 2023
Modified: Jan. 19, 2023
CVE-2016-7911
Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.6
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8ba8682107ee2ca3347354e018865d8e1967c5f4
- https://github.com/torvalds/linux/commit/8ba8682107ee2ca3347354e018865d8e1967c5f4
- http://source.android.com/security/bulletin/2016-11-01.html
- 94135
Published: Nov. 16, 2016
Modified: Dec. 9, 2022
Modified: Dec. 9, 2022
CVE-2016-7913
The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8dfbcc4351a0b6d2f2d77f367552f48ffefafe18
- http://source.android.com/security/bulletin/2016-11-01.html
- https://github.com/torvalds/linux/commit/8dfbcc4351a0b6d2f2d77f367552f48ffefafe18
- 94201
- RHSA-2018:1062
- RHSA-2018:0676
- USN-3798-2
- USN-3798-1
- RHSA-2019:1170
- RHSA-2019:1190
Published: Nov. 16, 2016
Modified: Dec. 3, 2016
Modified: Dec. 3, 2016
CVE-2016-7917
The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel before 4.5 does not check whether a batch message's length field is large enough, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by leveraging the CAP_NET_ADMIN capability.
Severity: MEDIUM (5.0) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Nov. 28, 2016
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2016-8632
The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Nov. 28, 2016
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2016-8646
The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1388821
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.6
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4afa5f9617927453ac04b24b584f6c718dfb4f45
- [oss-security] 20161115 CVE-2016-8646: linux kernel - oops in shash_async_export()
- https://github.com/torvalds/linux/commit/4afa5f9617927453ac04b24b584f6c718dfb4f45
- 94309
- RHSA-2017:1308
- RHSA-2017:1298
- RHSA-2017:1297
Published: Dec. 8, 2016
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2016-8655
Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1400019
- [oss-security] 20161206 CVE-2016-8655 Linux af_packet.c race condition (local root)
- https://github.com/torvalds/linux/commit/84ac7260236a49c79eede91617700174c2c19b0c
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c
- 94692
- 40871
- 1037403
- http://packetstormsecurity.com/files/140063/Linux-Kernel-4.4.0-AF_PACKET-Race-Condition-Privilege-Escalation.html
- USN-3152-2
- USN-3152-1
- USN-3151-4
- USN-3151-3
- USN-3151-2
- USN-3151-1
- USN-3150-2
- USN-3150-1
- USN-3149-2
- USN-3149-1
- SUSE-SU-2016:3247
- SUSE-SU-2016:3206
- SUSE-SU-2016:3205
- SUSE-SU-2016:3197
- SUSE-SU-2016:3183
- SUSE-SU-2016:3169
- SUSE-SU-2016:3117
- SUSE-SU-2016:3116
- SUSE-SU-2016:3113
- SUSE-SU-2016:3096
- https://source.android.com/security/bulletin/2017-03-01.html
- 1037968
- RHSA-2017:0402
- RHSA-2017:0387
- RHSA-2017:0386
- 44696
Published: Oct. 17, 2016
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2016-8666
The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- RHSA-2016:2107
- RHSA-2017:0372
- https://bto.bluecoat.com/security-advisory/sa134
- 93562
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971
- RHSA-2016:2047
- RHSA-2016:2110
- [oss-security] 20161013 CVE Request: another recursion in GRE
- https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971
- RHSA-2017:0004
- https://bugzilla.redhat.com/show_bug.cgi?id=1384991
- https://bugzilla.suse.com/show_bug.cgi?id=1001486
Published: Nov. 28, 2016
Modified: Jan. 18, 2023
Modified: Jan. 18, 2023
CVE-2016-9083
drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a "state machine confusion bug."
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=05692d7005a364add85c6e25a6c4447ce08f913a
- https://patchwork.kernel.org/patch/9373631/
- [oss-security] 20161027 kernel: low-severity vfio driver integer overflow
- https://github.com/torvalds/linux/commit/05692d7005a364add85c6e25a6c4447ce08f913a
- https://bugzilla.redhat.com/show_bug.cgi?id=1389258
- 93929
- RHSA-2017:0387
- RHSA-2017:0386
Published: Dec. 9, 2016
Modified: Jan. 19, 2023
Modified: Jan. 19, 2023
CVE-2016-9120
Race condition in the ion_ioctl function in drivers/staging/android/ion/ion.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) by calling ION_IOC_FREE on two CPUs at the same time.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Nov. 28, 2016
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2016-9555
The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
- [oss-security] 20161122 CVE Request: Linux: net/sctp: slab-out-of-bounds in sctp_sf_ootb
- https://bugzilla.redhat.com/show_bug.cgi?id=1397930
- https://github.com/torvalds/linux/commit/bf911e985d6bbaa328c20c3e05f4eb03de11fdd6
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bf911e985d6bbaa328c20c3e05f4eb03de11fdd6
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.8
- 94479
- 1037339
- https://bto.bluecoat.com/security-advisory/sa134
- SUSE-SU-2016:3247
- SUSE-SU-2016:3206
- SUSE-SU-2016:3205
- SUSE-SU-2016:3197
- SUSE-SU-2016:3183
- SUSE-SU-2016:3169
- SUSE-SU-2016:3117
- SUSE-SU-2016:3116
- SUSE-SU-2016:3113
- SUSE-SU-2016:3096
- RHSA-2017:0307
- RHSA-2017:0113
- RHSA-2017:0091
- RHSA-2017:0086
- https://groups.google.com/forum/#%21topic/syzkaller/pAUcHsUJbjk
Published: Jan. 5, 2017
Modified: Jan. 18, 2023
Modified: Jan. 18, 2023
CVE-2016-9754
The ring_buffer_resize function in kernel/trace/ring_buffer.c in the profiling subsystem in the Linux kernel before 4.6.1 mishandles certain integer calculations, which allows local users to gain privileges by writing to the /sys/kernel/debug/tracing/buffer_size_kb file.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://source.android.com/security/bulletin/2017-01-01.html
- https://github.com/torvalds/linux/commit/59643d1535eb220668692a5359de22545af579f6
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.1
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=59643d1535eb220668692a5359de22545af579f6
- 95278
Published: Dec. 28, 2016
Modified: Jan. 18, 2023
Modified: Jan. 18, 2023
CVE-2016-9793
The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://github.com/torvalds/linux/commit/b98b0bc8c431e3ceb4b26b0dfc8db509518fb290
- https://bugzilla.redhat.com/show_bug.cgi?id=1402013
- [oss-security] 20161202 Re: CVE Request: Linux: signed overflows for SO_{SND|RCV}BUFFORCE
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.14
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b98b0bc8c431e3ceb4b26b0dfc8db509518fb290
- 94655
- https://source.android.com/security/bulletin/2017-03-01.html
- 1037968
- https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-9793
- RHSA-2017:0933
- RHSA-2017:0932
- RHSA-2017:0931
Published: Dec. 28, 2016
Modified: Jan. 18, 2023
Modified: Jan. 18, 2023
CVE-2016-9794
Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://patchwork.kernel.org/patch/8752621/
- https://github.com/torvalds/linux/commit/3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4
- https://bugzilla.redhat.com/show_bug.cgi?id=1401494
- [oss-security] 20161203 CVE request: -- Linux kernel: ALSA: use-after-free in,kill_fasync
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4
- 94654
- SUSE-SU-2016:3252
- SUSE-SU-2016:3248
- SUSE-SU-2016:3217
- SUSE-SU-2016:3203
- SUSE-SU-2016:3188
- SUSE-SU-2016:3146
- openSUSE-SU-2016:3118
- https://source.android.com/security/bulletin/2017-05-01
- RHSA-2016:2574
Published: Dec. 28, 2016
Modified: Jan. 18, 2023
Modified: Jan. 18, 2023
CVE-2016-9806
Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://github.com/torvalds/linux/commit/92964c79b357efd980812c4de5c1fd2ec8bb5520
- https://bugzilla.redhat.com/show_bug.cgi?id=1401502
- [oss-security] 20161203 CVE Request: -- Linux kernel: double free in netlink_dump
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3
- [netdev] 20160515 BUG: use-after-free in netlink_dump
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=92964c79b357efd980812c4de5c1fd2ec8bb5520
- 94653
- https://source.android.com/security/bulletin/2017-03-01.html
- 1037968
- RHSA-2017:2669
- RHSA-2017:2077
- RHSA-2017:1842
Published: March 8, 2017
Modified: Oct. 3, 2019
Modified: Oct. 3, 2019
CVE-2017-0523
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-32835279. References: QC-CR#1096945.
Severity: HIGH (7.0) Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Sept. 8, 2017
Modified: Oct. 3, 2019
Modified: Oct. 3, 2019
CVE-2017-0786
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37351060. References: B-V2017060101.
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Oct. 5, 2017
Modified: Jan. 18, 2023
Modified: Jan. 18, 2023
CVE-2017-1000111
Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. The solution is similar: lock the socket for the update. This issue may be exploitable, we did not investigate further. As this issue affects PF_PACKET sockets, it requires CAP_NET_RAW in the process namespace. But note that with user namespaces enabled, any process can create a namespace in which it has CAP_NET_RAW.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Oct. 5, 2017
Modified: June 7, 2023
Modified: June 7, 2023
CVE-2017-1000112
Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In case UFO packet lengths exceeds MTU, copy = maxfraglen - skb->len becomes negative on the non-UFO path and the branch to allocate new skb is taken. This triggers fragmentation and computation of fraggap = skb_prev->len - maxfraglen. Fraggap can exceed MTU, causing copy = datalen - transhdrlen - fraggap to become negative. Subsequently skb_copy_and_csum_bits() writes out-of-bounds. A similar issue is present in IPv6 code. The bug was introduced in e89e9cf539a2 ("[IPv4/IPv6]: UFO Scatter-gather approach") on Oct 18 2005.
Severity: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- 1039162
- 100262
- [oss-security] 20170810 Linux kernel: CVE-2017-1000112: Exploitable memory corruption due to UFO to non-UFO path switch
- DSA-3981
- RHSA-2017:3200
- RHSA-2017:2931
- RHSA-2017:2930
- RHSA-2017:2918
- https://github.com/xairy/kernel-exploits/tree/master/CVE-2017-1000112
- 45147
- RHSA-2019:1931
- RHSA-2019:1932
- RHSA-2019:4159
Published: Sept. 12, 2017
Modified: Jan. 19, 2023
Modified: Jan. 19, 2023
CVE-2017-1000251
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.
Severity: HIGH (8.0) Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://www.armis.com/blueborne
- https://access.redhat.com/security/vulnerabilities/blueborne
- 100809
- VU#240311
- 1039373
- 42762
- http://nvidia.custhelp.com/app/answers/detail/a_id/4561
- DSA-3981
- https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe
- RHSA-2017:2732
- RHSA-2017:2731
- RHSA-2017:2707
- RHSA-2017:2706
- RHSA-2017:2705
- RHSA-2017:2704
- RHSA-2017:2683
- RHSA-2017:2682
- RHSA-2017:2681
- RHSA-2017:2680
- RHSA-2017:2679
- https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne
Published: July 17, 2017
Modified: Jan. 18, 2023
Modified: Jan. 18, 2023
CVE-2017-1000363
Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partial control over the command line) can overflow the parport_nr array in the following code, by appending many (>LP_NO) 'lp=none' arguments to the command line.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: June 19, 2017
Modified: Jan. 18, 2023
Modified: Jan. 18, 2023
CVE-2017-1000365
The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: June 19, 2017
Modified: Jan. 18, 2023
Modified: Jan. 18, 2023
CVE-2017-1000379
The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
- https://access.redhat.com/security/cve/CVE-2017-1000379
- 99284
- 42275
- RHSA-2017:1842
- RHSA-2017:1712
- RHSA-2017:1647
- RHSA-2017:1616
- RHSA-2017:1491
- RHSA-2017:1490
- RHSA-2017:1489
- RHSA-2017:1488
- RHSA-2017:1487
- RHSA-2017:1486
- RHSA-2017:1485
- RHSA-2017:1484
- RHSA-2017:1482
Published: Aug. 19, 2017
Modified: Jan. 18, 2023
Modified: Jan. 18, 2023
CVE-2017-10662
The sanity_check_raw_super function in fs/f2fs/super.c in the Linux kernel before 4.11.1 does not validate the segment count, which allows local users to gain privileges via unspecified vectors.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://source.android.com/security/bulletin/2017-08-01
- https://github.com/torvalds/linux/commit/b9dd46188edc2f0d1f37328637860bb65a771124
- https://bugzilla.redhat.com/show_bug.cgi?id=1481146
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.1
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9dd46188edc2f0d1f37328637860bb65a771124
- 100215
Published: Aug. 19, 2017
Modified: Jan. 18, 2023
Modified: Jan. 18, 2023
CVE-2017-10663
The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel before 4.12.4 does not validate the blkoff and segno arrays, which allows local users to gain privileges via unspecified vectors.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://source.android.com/security/bulletin/2017-08-01
- https://github.com/torvalds/linux/commit/15d3042a937c13f5d9244241c7a9c8416ff6e82a
- https://bugzilla.redhat.com/show_bug.cgi?id=1481149
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.4
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=15d3042a937c13f5d9244241c7a9c8416ff6e82a
- 100215
Published: July 12, 2017
Modified: Jan. 18, 2023
Modified: Jan. 18, 2023
CVE-2017-11176
The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://github.com/torvalds/linux/commit/f991af3daabaecff34684fd51fac80319d1baad1
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f991af3daabaecff34684fd51fac80319d1baad1
- 99919
- DSA-3945
- DSA-3927
- RHSA-2017:2931
- RHSA-2017:2930
- RHSA-2017:2918
- RHSA-2018:0169
- 45553
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- RHSA-2018:3822
Published: July 20, 2017
Modified: Jan. 19, 2023
Modified: Jan. 19, 2023
CVE-2017-11473
Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 3.2 allows local users to gain privileges via a crafted ACPI table.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=70ac67826602edf8c0ccb413e5ba7eacf597a60c
- 100010
- https://source.android.com/security/bulletin/pixel/2018-01-01
- RHSA-2018:0654
- USN-3754-1
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=dad5ab0db8deac535d03e3fe3d8f2892173fa6a4
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=96301209473afd3f2f274b91cb7082d161b9be65
Published: July 24, 2017
Modified: June 26, 2023
Modified: June 26, 2023
CVE-2017-11600
net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message.
Severity: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Nov. 30, 2017
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2017-15116
The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference).
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://github.com/torvalds/linux/commit/94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6
- https://bugzilla.redhat.com/show_bug.cgi?id=1514609
- https://bugzilla.redhat.com/show_bug.cgi?id=1485815
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6
- RHSA-2018:1062
- RHSA-2018:0676
Published: Oct. 16, 2017
Modified: June 21, 2023
Modified: June 21, 2023
CVE-2017-15265
Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c.
Severity: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://bugzilla.suse.com/show_bug.cgi?id=1062520
- [oss-security] 20171011 Linux kernel: alsa: use-after-free in /dev/snd/seq CVE-2017-15265
- [alsa-devel] 20171011 [PATCH] ALSA: seq: Fix use-after-free at creating a port
- 1039561
- 101288
- https://github.com/torvalds/linux/commit/71105998845fb012937332fe2e806d443c09e026
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71105998845fb012937332fe2e806d443c09e026
- [debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update
- https://source.android.com/security/bulletin/2018-02-01
- RHSA-2018:1062
- RHSA-2018:0676
- RHSA-2018:1170
- RHSA-2018:1130
- USN-3698-2
- USN-3698-1
- RHSA-2018:2390
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- RHSA-2018:3823
- RHSA-2018:3822
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/security-alerts/cpujul2020.html
Published: Dec. 6, 2017
Modified: Jan. 19, 2023
Modified: Jan. 19, 2023
CVE-2017-15868
The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://source.android.com/security/bulletin/pixel/2017-12-01
- https://patchwork.kernel.org/patch/9882449/
- https://github.com/torvalds/linux/commit/71bb99a02b32b4cc4265118e85f6035ca72923f0
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71bb99a02b32b4cc4265118e85f6035ca72923f0
- 102084
- SUSE-SU-2018:0011
- DSA-4082
- [debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update
- USN-3583-2
- USN-3583-1
Published: Nov. 4, 2017
Modified: Jan. 19, 2023
Modified: Jan. 19, 2023
CVE-2017-16526
drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Jan. 3, 2018
Modified: April 24, 2024
Modified: April 24, 2024
CVE-2017-18017
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36
- https://lkml.org/lkml/2017/4/2/13
- https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901
- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765
- http://patchwork.ozlabs.org/patch/746618/
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901
- 102367
- USN-3583-2
- USN-3583-1
- RHSA-2018:1062
- RHSA-2018:0676
- RHSA-2018:1170
- RHSA-2018:1130
- DSA-4187
- [debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update
- RHSA-2018:1319
- RHSA-2018:1737
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- SUSE-SU-2018:0555
- SUSE-SU-2018:0986
- openSUSE-SU-2018:0408
- SUSE-SU-2018:0848
- USN-3583-1
- SUSE-SU-2018:0482
- USN-3583-2
- SUSE-SU-2018:0383
- https://support.f5.com/csp/article/K18352029
- SUSE-SU-2018:0834
- SUSE-SU-2018:0416
- https://www.arista.com/en/support/advisories-notices/security-advisories/4577-security-advisory-34
- SUSE-SU-2018:0660
- SUSE-SU-2018:0841
Published: Jan. 29, 2018
Modified: Feb. 8, 2023
Modified: Feb. 8, 2023
CVE-2017-18079
drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: March 8, 2017
Modified: Feb. 24, 2023
Modified: Feb. 24, 2023
CVE-2017-2636
Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.
Severity: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1428319
- [oss-security] 20170307 Linux kernel: CVE-2017-2636: local privilege escalation flaw in n_hdlc
- 96732
- https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html
- 1037963
- DSA-3804
- RHSA-2017:1488
- RHSA-2017:1233
- RHSA-2017:1232
- RHSA-2017:1126
- RHSA-2017:1125
- RHSA-2017:0986
- RHSA-2017:0933
- RHSA-2017:0932
- RHSA-2017:0931
- RHSA-2017:0892
Published: March 31, 2017
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2017-2647
The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c.
Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://github.com/torvalds/linux/commit/c06cfb08b88dfbe13be44a69ae2fdc3a7c902d81
- https://bugzilla.redhat.com/show_bug.cgi?id=1428353
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c06cfb08b88dfbe13be44a69ae2fdc3a7c902d81
- 97258
- RHSA-2017:2444
- RHSA-2017:2437
- RHSA-2017:2077
- RHSA-2017:1842
- USN-3849-2
- USN-3849-1
Published: March 23, 2017
Modified: Nov. 3, 2022
Modified: Nov. 3, 2022
CVE-2017-5897
The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Feb. 14, 2017
Modified: July 31, 2020
Modified: July 31, 2020
CVE-2017-5972
The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3.10.0 package in CentOS Linux 7. NOTE: third parties have been unable to discern any relationship between the GitHub Engineering finding and the Trigemini.c attack code.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- https://githubengineering.com/syn-flood-mitigation-with-synsanity/
- https://cxsecurity.com/issue/WLB-2017020112
- 96231
- 41350
- https://security-tracker.debian.org/tracker/CVE-2017-5972
- https://bugzilla.redhat.com/show_bug.cgi?id=1422081
- https://access.redhat.com/security/cve/cve-2017-5972
- https://packetstormsecurity.com/files/141083/CentOS7-Kernel-Denial-Of-Service.html
- http://seclists.org/oss-sec/2017/q1/573
Published: Feb. 19, 2017
Modified: Feb. 10, 2023
Modified: Feb. 10, 2023
CVE-2017-6074
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4
- [oss-security] 20170222 Linux kernel: CVE-2017-6074: DCCP double-free vulnerability (local root)
- 96310
- https://source.android.com/security/bulletin/2017-07-01
- 1037876
- 41458
- 41457
- https://www.tenable.com/security/tns-2017-07
- DSA-3791
- RHSA-2017:1209
- RHSA-2017:0932
- RHSA-2017:0501
- RHSA-2017:0403
- RHSA-2017:0366
- RHSA-2017:0365
- RHSA-2017:0347
- RHSA-2017:0346
- RHSA-2017:0345
- RHSA-2017:0324
- RHSA-2017:0323
- RHSA-2017:0316
- RHSA-2017:0295
- RHSA-2017:0294
- RHSA-2017:0293
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Published: March 1, 2017
Modified: June 21, 2023
Modified: June 21, 2023
CVE-2017-6346
Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that makes PACKET_FANOUT setsockopt system calls.
Severity: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://github.com/torvalds/linux/commit/d199fab63c11998a602205f7ee7ff7c05c97164b
- [oss-security] 20170228 Linux: packet: fix races in fanout_add() (CVE-2017-6346)
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d199fab63c11998a602205f7ee7ff7c05c97164b
- 96508
- https://source.android.com/security/bulletin/2017-09-01
- DSA-3804
Published: March 16, 2017
Modified: Jan. 5, 2018
Modified: Jan. 5, 2018
CVE-2017-6951
The keyring_search_aux function in security/keys/keyring.c in the Linux kernel through 3.14.79 allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the "dead" type.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: March 19, 2017
Modified: Feb. 10, 2023
Modified: Feb. 10, 2023
CVE-2017-7184
The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://twitter.com/thezdi/status/842126074435665920
- https://blog.trendmicro.com/results-pwn2own-2017-day-one/
- http://www.eweek.com/security/ubuntu-linux-falls-on-day-1-of-pwn2own-hacking-competition
- 97018
- https://github.com/torvalds/linux/commit/f843ee6dd019bcece3e74e76ad9df0155655d0df
- https://github.com/torvalds/linux/commit/677e806da4d916052585301785d847c3b3e6186a
- http://openwall.com/lists/oss-security/2017/03/29/2
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f843ee6dd019bcece3e74e76ad9df0155655d0df
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=677e806da4d916052585301785d847c3b3e6186a
- https://source.android.com/security/bulletin/2017-05-01
- 1038166
- RHSA-2017:2931
- RHSA-2017:2930
- RHSA-2017:2918
- RHSA-2019:4159
Published: March 20, 2017
Modified: Feb. 10, 2023
Modified: Feb. 10, 2023
CVE-2017-7187
The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.11/scsi-fixes&id=bf33f87dd04c371ea33feb821b60d63d754e3124
- https://gist.github.com/dvyukov/48ad14e84de45b0be92b7f0eda20ff1b
- 96989
- 1038086
- https://source.android.com/security/bulletin/pixel/2017-10-01
- RHSA-2017:2669
- RHSA-2017:2077
- RHSA-2017:1842
Published: March 29, 2017
Modified: Feb. 10, 2023
Modified: Feb. 10, 2023
CVE-2017-7294
The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: March 29, 2017
Modified: Feb. 14, 2023
Modified: Feb. 14, 2023
CVE-2017-7308
The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://patchwork.ozlabs.org/patch/744811/
- https://patchwork.ozlabs.org/patch/744813/
- https://patchwork.ozlabs.org/patch/744812/
- https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html
- https://source.android.com/security/bulletin/2017-07-01
- 41994
- RHSA-2017:1308
- RHSA-2017:1298
- RHSA-2017:1297
- 44654
- RHSA-2018:1854
- 97234
Published: July 30, 2018
Modified: Feb. 15, 2023
Modified: Feb. 15, 2023
CVE-2017-7482
In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: May 15, 2017
Modified: Feb. 15, 2023
Modified: Feb. 15, 2023
CVE-2017-7487
The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://patchwork.ozlabs.org/patch/757549/
- https://github.com/torvalds/linux/commit/ee0d8d8482345ff97a75a7d747efc309f13b0d80
- https://bugzilla.redhat.com/show_bug.cgi?id=1447734
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee0d8d8482345ff97a75a7d747efc309f13b0d80
- 98439
- 1039237
- https://source.android.com/security/bulletin/2017-09-01
- DSA-3886
Published: Aug. 5, 2017
Modified: June 21, 2023
Modified: June 21, 2023
CVE-2017-7533
Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.
Severity: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://patchwork.kernel.org/patch/9755757/
- https://patchwork.kernel.org/patch/9755753/
- https://github.com/torvalds/linux/commit/49d31c2f389acfe83417083e1208422b4091cd9e
- https://bugzilla.redhat.com/show_bug.cgi?id=1468283
- http://openwall.com/lists/oss-security/2017/08/03/2
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9e
- 1039075
- 100123
- DSA-3945
- DSA-3927
- https://source.android.com/security/bulletin/2017-12-01
- RHSA-2017:2869
- RHSA-2017:2770
- RHSA-2017:2669
- RHSA-2017:2585
- RHSA-2017:2473
- [oss-security] 20190627 Re: linux-distros membership application - Microsoft
- [oss-security] 20190628 Re: linux-distros membership application - Microsoft
- [oss-security] 20190628 Re: linux-distros membership application - Microsoft
- https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1408967.html
Published: July 25, 2017
Modified: Feb. 15, 2023
Modified: Feb. 15, 2023
CVE-2017-7541
The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.12.3 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://www.spinics.net/lists/stable/msg180994.html
- https://github.com/torvalds/linux/commit/8f44c9a41386729fea410e688959ddaa9d51be7c
- https://bugzilla.redhat.com/show_bug.cgi?id=1473198
- https://bugzilla.novell.com/show_bug.cgi?id=1049645
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.3
- http://openwall.com/lists/oss-security/2017/07/24/2
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f44c9a41386729fea410e688959ddaa9d51be7c
- 1038981
- 99955
- DSA-3945
- DSA-3927
- https://source.android.com/security/bulletin/2017-11-01
- RHSA-2017:2931
- RHSA-2017:2930
- RHSA-2017:2918
- RHSA-2017:2863
Published: April 18, 2017
Modified: Jan. 18, 2023
Modified: Jan. 18, 2023
CVE-2017-7645
The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- https://marc.info/?l=linux-nfs&m=149247516212924&w=2
- https://marc.info/?l=linux-nfs&m=149218228327497&w=2
- 97950
- https://github.com/torvalds/linux/commit/e6838a29ecb484c97e4efef9429643b9851fba6e
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e6838a29ecb484c97e4efef9429643b9851fba6e
- DSA-3886
- RHSA-2017:1647
- RHSA-2017:1616
- RHSA-2017:1615
- RHSA-2018:1319
- USN-3754-1
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
Published: April 17, 2017
Modified: Feb. 15, 2023
Modified: Feb. 15, 2023
CVE-2017-7889
The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://github.com/torvalds/linux/commit/a4866aa812518ed1a37d8ea0c881dc946409de94
- http://www.openwall.com/lists/oss-security/2017/04/16/4
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a4866aa812518ed1a37d8ea0c881dc946409de94
- 97690
- DSA-3945
- RHSA-2017:2669
- RHSA-2017:2077
- RHSA-2017:1842
- USN-3583-2
- USN-3583-1
- RHSA-2018:1854
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=b8f254aa17f720053054c4ecff3920973a83b9d6
Published: April 28, 2017
Modified: Jan. 19, 2023
Modified: Jan. 19, 2023
CVE-2017-7895
The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
- https://github.com/torvalds/linux/commit/13bf9fbff0e5e099e2b6f003a0ab8ae145436309
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13bf9fbff0e5e099e2b6f003a0ab8ae145436309
- 98085
- DSA-3886
- RHSA-2017:2732
- RHSA-2017:2472
- RHSA-2017:2429
- RHSA-2017:2428
- RHSA-2017:2412
- RHSA-2017:1798
- RHSA-2017:1766
- RHSA-2017:1723
- RHSA-2017:1715
- RHSA-2017:1647
- RHSA-2017:1616
- RHSA-2017:1615
Published: May 10, 2017
Modified: Feb. 24, 2023
Modified: Feb. 24, 2023
CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://github.com/torvalds/linux/commit/657831ffc38e30092a2d5f03d385d710eb88b09a
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=657831ffc38e30092a2d5f03d385d710eb88b09a
- 98562
- https://source.android.com/security/bulletin/2017-09-01
- DSA-3886
- RHSA-2017:2669
- RHSA-2017:2077
- RHSA-2017:1842
- RHSA-2018:1854
Published: May 19, 2017
Modified: Feb. 24, 2023
Modified: Feb. 24, 2023
CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://patchwork.ozlabs.org/patch/763117/
- https://github.com/torvalds/linux/commit/2423496af35d94a87156b063ea5cedffc10a70a1
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2423496af35d94a87156b063ea5cedffc10a70a1
- 98577
- DSA-3886
- RHSA-2017:2669
- RHSA-2017:2077
- RHSA-2017:1842
- RHSA-2018:0169
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
Published: May 19, 2017
Modified: Feb. 24, 2023
Modified: Feb. 24, 2023
CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://patchwork.ozlabs.org/patch/763569/
- https://github.com/torvalds/linux/commit/fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8
- 98597
- https://source.android.com/security/bulletin/2017-10-01
- DSA-3886
- RHSA-2017:2669
- RHSA-2017:2077
- RHSA-2017:1842
- RHSA-2018:1854
Published: May 19, 2017
Modified: Feb. 24, 2023
Modified: Feb. 24, 2023
CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://patchwork.ozlabs.org/patch/760370/
- https://github.com/torvalds/linux/commit/83eaddab4378db256d00d295bda6ca997cd13a52
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=83eaddab4378db256d00d295bda6ca997cd13a52
- 98586
- https://source.android.com/security/bulletin/2017-09-01
- DSA-3886
- RHSA-2017:2669
- RHSA-2017:2077
- RHSA-2017:1842
- RHSA-2018:1854
Published: May 19, 2017
Modified: Feb. 24, 2023
Modified: Feb. 24, 2023
CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://patchwork.ozlabs.org/patch/760370/
- https://github.com/torvalds/linux/commit/83eaddab4378db256d00d295bda6ca997cd13a52
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=83eaddab4378db256d00d295bda6ca997cd13a52
- 98583
- DSA-3886
- https://source.android.com/security/bulletin/2017-11-01
- RHSA-2017:2669
- RHSA-2017:2077
- RHSA-2017:1842
- RHSA-2018:1854
Published: June 28, 2017
Modified: Feb. 24, 2023
Modified: Feb. 24, 2023
CVE-2017-9984
The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: June 28, 2017
Modified: Feb. 24, 2023
Modified: Feb. 24, 2023
CVE-2017-9985
The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: May 2, 2018
Modified: Feb. 24, 2023
Modified: Feb. 24, 2023
CVE-2018-10675
The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.9
- https://github.com/torvalds/linux/commit/73223e4e2e3867ebf033a5a8eb2e5df0158ccc99
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=73223e4e2e3867ebf033a5a8eb2e5df0158ccc99
- 104093
- RHSA-2018:2164
- RHSA-2018:2395
- RHSA-2018:2384
- USN-3754-1
- RHSA-2018:2791
- RHSA-2018:2785
- RHSA-2018:2933
- RHSA-2018:2925
- RHSA-2018:2924
- RHSA-2018:3590
- RHSA-2018:3586
- RHSA-2018:3540
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://www.oracle.com/security-alerts/cpujul2020.html
Published: July 3, 2018
Modified: Oct. 7, 2022
Modified: Oct. 7, 2022
CVE-2018-13099
An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
- https://sourceforge.net/p/linux-f2fs/mailman/message/36356878/
- https://bugzilla.kernel.org/show_bug.cgi?id=200179
- 104680
- DSA-4308
- [debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update
- USN-3932-2
- USN-3932-1
- USN-4094-1
- USN-4118-1
- 20181001 [SECURITY] [DSA 4308-1] linux security update
- openSUSE-SU-2018:3202
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4dbe38dc386910c668c75ae616b99b823b59f3eb
- 20190130 [slackware-security] Slackware 14.2 kernel (SSA:2019-030-01)
- http://packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=3bfe2049c222b23342ff2a216cd5a869e8a14897
Published: July 6, 2018
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2018-13405
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://twitter.com/grsecurity/status/1015082951204327425
- https://github.com/torvalds/linux/commit/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7
- http://openwall.com/lists/oss-security/2018/07/13/2
- 45033
- DSA-4266
- [debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update
- USN-3754-1
- USN-3753-2
- USN-3753-1
- USN-3752-2
- USN-3752-1
- USN-3752-3
- RHSA-2018:3096
- RHSA-2018:3083
- RHSA-2018:2948
- 106503
- RHSA-2019:0717
- https://support.f5.com/csp/article/K00854051
- RHSA-2019:2476
- RHSA-2019:2566
- RHSA-2019:2696
- RHSA-2019:2730
- RHSA-2019:4164
- RHSA-2019:4159
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=0b3369840cd61c23e2b9241093737b4c395cb406
- FEDORA-2022-3a60c34473
- FEDORA-2022-5d0676b098
Published: Dec. 19, 2018
Modified: Aug. 11, 2023
Modified: Aug. 11, 2023
CVE-2018-16884
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.
Severity: HIGH (8.0) Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://patchwork.kernel.org/patch/10733769/
- https://patchwork.kernel.org/cover/10733767/
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16884
- 106253
- [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
- [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
- USN-3932-2
- USN-3932-1
- https://support.f5.com/csp/article/K21430012
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- USN-3981-1
- USN-3980-1
- USN-3980-2
- USN-3981-2
- RHSA-2019:1891
- RHSA-2019:1873
- RHSA-2019:2696
- RHSA-2019:2730
- RHSA-2019:3517
- RHSA-2019:3309
- RHSA-2020:0204
- https://www.oracle.com/security-alerts/cpuApr2021.html