Red Hat Security Advisory 2016-0855-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: It was found that reporting emulation failures to user space could lead to either a local or a L2->L1 denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. Please note that on certain systems, HPET is mapped to userspace as part of vdso and thus an unprivileged user may generate MMIO transactions this way.
04e242034fb3ec62c7605bb20048f0fac25d6bf4a31d5570797bd3c137afe067Red Hat Security Advisory 2015-2152-02 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a container could use this flaw to escape the bind mount and, potentially, escalate their privileges on the system. A race condition flaw was found in the way the Linux kernel's IPC subsystem initialized certain fields in an IPC object structure that were later used for permission checking before inserting the object into a globally visible list. A local, unprivileged user could potentially use this flaw to elevate their privileges on the system.
06dbad210262abe32fe40f41673bf1f3c59cc04c20cc43a1e532a4849a8b46c6Mandriva Linux Security Advisory 2015-027 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c. Various other issues have also been addressed. The updated packages provides a solution for these security issues.
8db2a8779b1b5045f0e914377584f2e707328f0f91ef09e5a26429ff9fa5d67cUbuntu Security Notice 2468-1 - A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. Various other issues were also addressed.
b87ad3513b1b14897c08a8fa67c7f83ae209118a25480a7387424398b46ff1ebUbuntu Security Notice 2467-1 - A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. Various other issues were also addressed.
6db7378aa52f1ea3d0d471f8fffba697ae4faed7d96f6528cf50a5bb6e55846eUbuntu Security Notice 2466-1 - A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. Various other issues were also addressed.
72ab799039264b012fe56154c3779f8c3a2e0239f77320cbea5170fef033aff4Ubuntu Security Notice 2465-1 - A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. Various other issues were also addressed.
07d103f30d4ad42e9fbba5870ef5da6e4ed83ec02f5cd414821e6b547da1c15bUbuntu Security Notice 2463-1 - A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. The KVM (kernel virtual machine) subsystem of the Linux kernel miscalculates the number of memory pages during the handling of a mapping failure. A guest OS user could exploit this to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. Various other issues were also addressed.
da3c2be0fdb5fdfe7f461298d822b706d3f2c2d489afa8457ad3302c94e57aceUbuntu Security Notice 2464-1 - Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register in the x86 architecture. A local attacker could exploit this flaw to gain administrative privileges. An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. Various other issues were also addressed.
f75d7cc0dcd4758392f8801245cba456c9322b7d08a6a0f867821d681a4df56c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed