Red Hat Security Advisory 2019-3517-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service, heap overflow, information leakage, and use-after-free vulnerabilities.
03447a52c4980f374df664e7374cea8800a1174c9ab4df5eb1f470f7db1d6d0bRed Hat Security Advisory 2015-1221-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw was found in the way the Linux kernel's virtual console implementation handled reference counting when accessing pseudo-terminal device files. A local, unprivileged attacker could use this flaw to crash the system. It was found that the Linux kernel's ping socket implementation did not properly handle socket unhashing during spurious disconnects, which could lead to a use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On non-x86-64 architecture systems, a local user able to create ping sockets could use this flaw to escalate their privileges on the system.
8394d513775323a5411dce831989986059917715783fc2505ddab157a8940038Red Hat Security Advisory 2015-1139-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.
edf6a2a888e1f12e7dc662266281129cfaba312336e0fc5b027d706bd9acab86Red Hat Security Advisory 2015-1137-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.
b0d41a4e75261540327de9609c7f84e2f2c54a7eabc27611a2cfb4708a7cd5fdRed Hat Security Advisory 2015-1138-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.
bc6b92e674b8c59bb4c70d6ba01e90053bbee07767a1b4dc571aa00572108c9eUbuntu Security Notice 2565-1 - An integer overflow was discovered in the stack randomization feature of the Linux kernel on 64 bit platforms. A local attacker could exploit this flaw to bypass the Address Space Layout Randomization (ASLR) protection mechanism. An information leak was discovered in the Linux Kernel's handling of userspace configuration of the link layer control (LLC). A local user could exploit this flaw to read data from other sysctl settings. Various other issues were also addressed.
45367e0ecb6fdf13b6f707fbe0aa7b08eb00219f55533ddb3f943355617b7375Ubuntu Security Notice 2564-1 - An integer overflow was discovered in the stack randomization feature of the Linux kernel on 64 bit platforms. A local attacker could exploit this flaw to bypass the Address Space Layout Randomization (ASLR) protection mechanism. An information leak was discovered in the Linux Kernel's handling of userspace configuration of the link layer control (LLC). A local user could exploit this flaw to read data from other sysctl settings. Various other issues were also addressed.
b4b5729a8b3105060a97d50bfcaf3b153c00ee7647386935333eed9d44313e11Ubuntu Security Notice 2563-1 - Sun Baoliang discovered a use after free flaw in the Linux kernel's SCTP (Stream Control Transmission Protocol) subsystem during INIT collisions. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges on the system. Marcelo Leitner discovered a flaw in the Linux kernel's routing of packets to too many different dsts/too fast. A remote attacker can exploit this flaw to cause a denial of service (system crash). Various other issues were also addressed.
5dafdca9ed571fcd6801dd6f0d5967baba32409d329a23f6e9674061e54eb37cUbuntu Security Notice 2560-1 - An integer overflow was discovered in the stack randomization feature of the Linux kernel on 64 bit platforms. A local attacker could exploit this flaw to bypass the Address Space Layout Randomization (ASLR) mitigation mechanism. An information leak was discovered in the Linux kernel's handling of userspace configuration of the link layer control (LLC). A local user could exploit this flaw to read data from other sysctl settings. Various other issues were also addressed.
342f94cb1aabaa7a970f11ca1c034e73d616bd82981312d40732665c7748928bUbuntu Security Notice 2562-1 - Sun Baoliang discovered a use after free flaw in the Linux kernel's SCTP (Stream Control Transmission Protocol) subsystem during INIT collisions. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges on the system. Marcelo Leitner discovered a flaw in the Linux kernel's routing of packets to too many different dsts/too fast. A remote attacker can exploit this flaw to cause a denial of service (system crash). Various other issues were also addressed.
be127130c407df608bf557e516cba75d80dd022ba633f89a98b2e1cf1698a549Ubuntu Security Notice 2561-1 - It was discovered that the Linux kernel's Infiniband subsystem did not properly sanitize its input parameters while registering memory regions from userspace. A local user could exploit this flaw to cause a denial of service (system crash) or to potentially gain administrative privileges. An integer overflow was discovered in the stack randomization feature of the Linux kernel on 64 bit platforms. A local attacker could exploit this flaw to bypass the Address Space Layout Randomization (ASLR) mitigation mechanism. Various other issues were also addressed.
8aef8dc5ce0c1d2950a6515a77b071d9261bb137d80010ab9989173c9845de2dDebian Linux Security Advisory 3170-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leaks or privilege escalation.
bd8c99b2ab449bf19ff881a59d02a9213bd109f150a9ca0142efa66f7d734b69A bug in Linux ASLR implementation for versions prior to 3.19-rc3 has been found. The issue is that the stack for processes is not properly randomized on some 64 bit architectures due to an integer overflow.
9890952521e3cd5f5015f68364d858db61068493b180f85994b13d9035ba96b2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed