what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2015-2666

Status Candidate

Overview

Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd.

Related Files

Red Hat Security Advisory 2015-1565-01
Posted Aug 6, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1565-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. An integer overflow flaw was found in the way the Linux kernel's netfilter connection tracking implementation loaded extensions. An attacker on a local network could potentially send a sequence of specially crafted packets that would initiate the loading of a large number of extensions, causing the targeted system in that network to crash. A stack-based buffer overflow flaw was found in the Linux kernel's early load microcode functionality. On a system with UEFI Secure Boot enabled, a local, privileged user could use this flaw to increase their privileges to the kernel level, bypassing intended restrictions in place.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2014-9715, CVE-2015-2666, CVE-2015-2922, CVE-2015-3636
SHA-256 | 179873d3f9002fb4db51e8b9c22ef1d4b5cb4592c64af9a8c4b6b95906ef2a19
Red Hat Security Advisory 2015-1534-01
Posted Aug 6, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1534-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An integer overflow flaw was found in the way the Linux kernel's netfilter connection tracking implementation loaded extensions. An attacker on a local network could potentially send a sequence of specially crafted packets that would initiate the loading of a large number of extensions, causing the targeted system in that network to crash. A stack-based buffer overflow flaw was found in the Linux kernel's early load microcode functionality. On a system with UEFI Secure Boot enabled, a local, privileged user could use this flaw to increase their privileges to the kernel level, bypassing intended restrictions in place.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2014-9715, CVE-2015-2666, CVE-2015-2922, CVE-2015-3636
SHA-256 | 048d2d5cc4c394bfaaa95fb119f66f3f8d4896e9a5488b77527d6292a1ab8197
Ubuntu Security Notice USN-2589-1
Posted Apr 30, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2589-1 - Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). A stack overflow was discovered in the the microcode loader for the intel x86 platform. A local attacker could exploit this flaw to cause a denial of service (kernel crash) or to potentially execute code with kernel privileges. Various other issues were also addressed.

tags | advisory, denial of service, overflow, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-2150, CVE-2015-2666, CVE-2015-2830, CVE-2015-2922
SHA-256 | 8282d42fb6583caf6d76b6aee077dd9245ed77e5d04d2fc2bb4a081975c28256
Ubuntu Security Notice USN-2590-1
Posted Apr 30, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2590-1 - Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). A stack overflow was discovered in the the microcode loader for the intel x86 platform. A local attacker could exploit this flaw to cause a denial of service (kernel crash) or to potentially execute code with kernel privileges. Various other issues were also addressed.

tags | advisory, denial of service, overflow, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-2150, CVE-2015-2666, CVE-2015-2830, CVE-2015-2922
SHA-256 | 1b08e536241af42cd68bdd34efa71e59d286ef81926d08113e25aa0e4a6caa10
Ubuntu Security Notice USN-2588-1
Posted Apr 30, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2588-1 - A stack overflow was discovered in the the microcode loader for the intel x86 platform. A local attacker could exploit this flaw to cause a denial of service (kernel crash) or to potentially execute code with kernel privileges. It was discovered that the Linux kernel's IPv6 networking stack has a flaw that allows using route advertisement (RA) messages to set the 'hop_limit' to values that are too low. An unprivileged attacker on a local network could exploit this flaw to cause a denial of service (IPv6 messages dropped). Various other issues were also addressed.

tags | advisory, denial of service, overflow, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-2666, CVE-2015-2922
SHA-256 | 9a627000ef86237cd41df7a15f646311d33c5638f0b71888ede7a4353bc5d3b4
Ubuntu Security Notice USN-2587-1
Posted Apr 30, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2587-1 - A stack overflow was discovered in the the microcode loader for the intel x86 platform. A local attacker could exploit this flaw to cause a denial of service (kernel crash) or to potentially execute code with kernel privileges. It was discovered that the Linux kernel's IPv6 networking stack has a flaw that allows using route advertisement (RA) messages to set the 'hop_limit' to values that are too low. An unprivileged attacker on a local network could exploit this flaw to cause a denial of service (IPv6 messages dropped). Various other issues were also addressed.

tags | advisory, denial of service, overflow, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-2666, CVE-2015-2922
SHA-256 | aca50e1868eb2659833e7f58be08c01df08d2b9366912a4241e743edb63ccd25
Page 1 of 1
Back1Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close