CVE-2015-6526

Related Files

Red Hat Security Advisory 2015-2152-02

Posted Nov 20, 2015

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2152-02 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a container could use this flaw to escape the bind mount and, potentially, escalate their privileges on the system. A race condition flaw was found in the way the Linux kernel's IPC subsystem initialized certain fields in an IPC object structure that were later used for permission checking before inserting the object into a globally visible list. A local, unprivileged user could potentially use this flaw to elevate their privileges on the system.

tags | advisory, kernel, local

systems | linux, redhat

advisories | CVE-2010-5313, CVE-2013-7421, CVE-2014-3647, CVE-2014-7842, CVE-2014-8171, CVE-2014-9419, CVE-2014-9644, CVE-2015-0239, CVE-2015-2925, CVE-2015-3339, CVE-2015-4170, CVE-2015-5283, CVE-2015-6526, CVE-2015-7613, CVE-2015-7837

SHA-256 | 06dbad210262abe32fe40f41673bf1f3c59cc04c20cc43a1e532a4849a8b46c6

Download | Favorite | View

Ubuntu Security Notice USN-2760-1

Posted Oct 2, 2015

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2760-1 - It was discovered that an integer overflow error existed in the SCSI generic (sg) driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service (system crash) or potentially escalate their privileges. Lureau discovered that the vhost driver did not properly release the userspace provided log file descriptor. A privileged attacker could use this to cause a denial of service (resource exhaustion). Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local

systems | linux, ubuntu

advisories | CVE-2015-5707, CVE-2015-6252, CVE-2015-6526

SHA-256 | de3aa6e0975c435774afaabe129529eb031c77093f69aba45a8407301df84c59

Download | Favorite | View

Ubuntu Security Notice USN-2759-1

Posted Oct 2, 2015

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2759-1 - It was discovered that an integer overflow error existed in the SCSI generic (sg) driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service (system crash) or potentially escalate their privileges. Lureau discovered that the vhost driver did not properly release the userspace provided log file descriptor. A privileged attacker could use this to cause a denial of service (resource exhaustion). Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local

systems | linux, ubuntu

advisories | CVE-2015-5707, CVE-2015-6252, CVE-2015-6526

SHA-256 | 9d78cf9adfdb9b807b2e11fb63d2b4a4d51e2a604a147c8dffa40b63b82e8695

Download | Favorite | View