what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2015-2666

Status Candidate

Overview

Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd.

Related Files

Red Hat Security Advisory 2015-1565-01
Posted Aug 6, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1565-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. An integer overflow flaw was found in the way the Linux kernel's netfilter connection tracking implementation loaded extensions. An attacker on a local network could potentially send a sequence of specially crafted packets that would initiate the loading of a large number of extensions, causing the targeted system in that network to crash. A stack-based buffer overflow flaw was found in the Linux kernel's early load microcode functionality. On a system with UEFI Secure Boot enabled, a local, privileged user could use this flaw to increase their privileges to the kernel level, bypassing intended restrictions in place.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2014-9715, CVE-2015-2666, CVE-2015-2922, CVE-2015-3636
SHA-256 | 179873d3f9002fb4db51e8b9c22ef1d4b5cb4592c64af9a8c4b6b95906ef2a19
Red Hat Security Advisory 2015-1534-01
Posted Aug 6, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1534-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An integer overflow flaw was found in the way the Linux kernel's netfilter connection tracking implementation loaded extensions. An attacker on a local network could potentially send a sequence of specially crafted packets that would initiate the loading of a large number of extensions, causing the targeted system in that network to crash. A stack-based buffer overflow flaw was found in the Linux kernel's early load microcode functionality. On a system with UEFI Secure Boot enabled, a local, privileged user could use this flaw to increase their privileges to the kernel level, bypassing intended restrictions in place.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2014-9715, CVE-2015-2666, CVE-2015-2922, CVE-2015-3636
SHA-256 | 048d2d5cc4c394bfaaa95fb119f66f3f8d4896e9a5488b77527d6292a1ab8197
Ubuntu Security Notice USN-2589-1
Posted Apr 30, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2589-1 - Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). A stack overflow was discovered in the the microcode loader for the intel x86 platform. A local attacker could exploit this flaw to cause a denial of service (kernel crash) or to potentially execute code with kernel privileges. Various other issues were also addressed.

tags | advisory, denial of service, overflow, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-2150, CVE-2015-2666, CVE-2015-2830, CVE-2015-2922
SHA-256 | 8282d42fb6583caf6d76b6aee077dd9245ed77e5d04d2fc2bb4a081975c28256
Ubuntu Security Notice USN-2590-1
Posted Apr 30, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2590-1 - Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). A stack overflow was discovered in the the microcode loader for the intel x86 platform. A local attacker could exploit this flaw to cause a denial of service (kernel crash) or to potentially execute code with kernel privileges. Various other issues were also addressed.

tags | advisory, denial of service, overflow, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-2150, CVE-2015-2666, CVE-2015-2830, CVE-2015-2922
SHA-256 | 1b08e536241af42cd68bdd34efa71e59d286ef81926d08113e25aa0e4a6caa10
Ubuntu Security Notice USN-2588-1
Posted Apr 30, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2588-1 - A stack overflow was discovered in the the microcode loader for the intel x86 platform. A local attacker could exploit this flaw to cause a denial of service (kernel crash) or to potentially execute code with kernel privileges. It was discovered that the Linux kernel's IPv6 networking stack has a flaw that allows using route advertisement (RA) messages to set the 'hop_limit' to values that are too low. An unprivileged attacker on a local network could exploit this flaw to cause a denial of service (IPv6 messages dropped). Various other issues were also addressed.

tags | advisory, denial of service, overflow, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-2666, CVE-2015-2922
SHA-256 | 9a627000ef86237cd41df7a15f646311d33c5638f0b71888ede7a4353bc5d3b4
Ubuntu Security Notice USN-2587-1
Posted Apr 30, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2587-1 - A stack overflow was discovered in the the microcode loader for the intel x86 platform. A local attacker could exploit this flaw to cause a denial of service (kernel crash) or to potentially execute code with kernel privileges. It was discovered that the Linux kernel's IPv6 networking stack has a flaw that allows using route advertisement (RA) messages to set the 'hop_limit' to values that are too low. An unprivileged attacker on a local network could exploit this flaw to cause a denial of service (IPv6 messages dropped). Various other issues were also addressed.

tags | advisory, denial of service, overflow, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-2666, CVE-2015-2922
SHA-256 | aca50e1868eb2659833e7f58be08c01df08d2b9366912a4241e743edb63ccd25
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close