what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

CVE-2015-7872

Status Candidate

Overview

The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands.

Related Files

HP Security Bulletin HPSBGN03565 1
Posted Apr 4, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03565 1 - A vulnerability in the Linux kernel was addressed by HPE Virtualization Performance Viewer. The vulnerability could be exploited locally to allow Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, kernel
systems | linux
advisories | CVE-2015-7872
SHA-256 | 99c40fd384bf32a773b21eee76dfbdc695a46c41dfb88f5edec091d406f3ac30
Red Hat Security Advisory 2016-0224-01
Posted Feb 16, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0224-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's keys subsystem did not correctly garbage collect uninstantiated keyrings. A local attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. A flaw was found in the way the Linux kernel handled IRET faults during the processing of NMIs. An unprivileged, local user could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2015-5157, CVE-2015-7872
SHA-256 | 00ab730508d67ce6b518ba890134a1d1d8898a4574f922bc1006d89b31f85489
Red Hat Security Advisory 2016-0212-01
Posted Feb 16, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0212-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's keys subsystem did not correctly garbage collect uninstantiated keyrings. A local attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. A flaw was found in the way the Linux kernel handled IRET faults during the processing of NMIs. An unprivileged, local user could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2015-5157, CVE-2015-7872
SHA-256 | b771c9eefb04a0bae6b27307e6c6f3a2e4d927b2ee673b81a19677837f66263c
Red Hat Security Advisory 2016-0185-01
Posted Feb 16, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0185-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's keys subsystem did not correctly garbage collect uninstantiated keyrings. A local attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. A flaw was found in the way the Linux kernel handled IRET faults during the processing of NMIs. An unprivileged, local user could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2015-5157, CVE-2015-7872
SHA-256 | 1a2e527298ad69b36cf3c97378fa9634fd9b0bc9ef66a9c4a6fdf6769fb4a7cf
Ubuntu Security Notice USN-2840-2
Posted Dec 17, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2840-2 - Dmitry Vyukov discovered that the Linux kernel's keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash).

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7872
SHA-256 | 24c157bc5fb11507b05110e988d7bc8ac2a3a57436e0dee3534be4d8df1784a6
Ubuntu Security Notice USN-2843-3
Posted Dec 17, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2843-3 - =E9=83=AD=E6=B0=B8=E5=88=9A discovered that the ppp implementation in the Linux kernel did not ensure that certain slot numbers are valid. A local attacker with the privilege to call ioctl() on /dev/ppp could cause a denial of service (system crash). Dmitry Vyukov discovered that the Linux kernel's keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7799, CVE-2015-7872, CVE-2015-7884, CVE-2015-7885
SHA-256 | 49334a6b730ea953bb24db7899076e4caa9a090dbe9937e4c72b50efb8cce3a4
Ubuntu Security Notice USN-2843-2
Posted Dec 17, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2843-2 - Jan Beulich discovered that the KVM svm hypervisor implementation in the Linux kernel did not properly catch Debug exceptions on AMD processors. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS. It was discovered that the ppp implementation in the Linux kernel did not ensure that certain slot numbers are valid. A local attacker with the privilege to call ioctl() on /dev/ppp could cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7799, CVE-2015-7872, CVE-2015-7884, CVE-2015-7885, CVE-2015-8104
SHA-256 | c5e55d2c73f862fc096ea1440ff05f9e135387c9eb19edd0e68e6a85dc021481
Ubuntu Security Notice USN-2843-1
Posted Dec 17, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2843-1 - Jan Beulich discovered that the KVM svm hypervisor implementation in the Linux kernel did not properly catch Debug exceptions on AMD processors. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS. It was discovered that the ppp implementation in the Linux kernel did not ensure that certain slot numbers are valid. A local attacker with the privilege to call ioctl() on /dev/ppp could cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7799, CVE-2015-7872, CVE-2015-7884, CVE-2015-7885, CVE-2015-8104
SHA-256 | f479df664dd8312e1d62280d98193f75f0d711e3ff7b1a9290dd88a9b27a19bc
Ubuntu Security Notice USN-2840-1
Posted Dec 17, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2840-1 - Dmitry Vyukov discovered that the Linux kernel's keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash). Jan Beulich discovered that the KVM svm hypervisor implementation in the Linux kernel did not properly catch Debug exceptions on AMD processors. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7872, CVE-2015-8104
SHA-256 | 80fb709cf813138ac610699be9a980c35f20439568f9d3a1af1dc62faaed2bb6
Red Hat Security Advisory 2015-2636-01
Posted Dec 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2636-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a container could use this flaw to escape the bind mount and, potentially, escalate their privileges on the system. It was found that the x86 ISA is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way delivering of benign exceptions such as #AC and #DB is handled. A privileged user inside a guest could use these flaws to create denial of service conditions on the host kernel.

tags | advisory, denial of service, x86, kernel
systems | linux, redhat
advisories | CVE-2015-2925, CVE-2015-5307, CVE-2015-7613, CVE-2015-7872, CVE-2015-8104
SHA-256 | 4c9d3dc7b4a5862f13ddb25c6fe1d7ed8bae4329d542c363dd404d810e5e5967
Ubuntu Security Notice USN-2829-2
Posted Dec 4, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2829-2 - It was discovered that the SCTP protocol implementation in the Linux kernel performed an incorrect sequence of protocol-initialization steps. A local attacker could use this to cause a denial of service (system crash). Dmitry Vyukov discovered that the Linux kernel's keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2015-5283, CVE-2015-7872
SHA-256 | 5e4f710da8e8bbf54975fb1576d44e7ff897febc80e10c3dce85fa2a8b83ab06
Ubuntu Security Notice USN-2829-1
Posted Dec 4, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2829-1 - It was discovered that the SCTP protocol implementation in the Linux kernel performed an incorrect sequence of protocol-initialization steps. A local attacker could use this to cause a denial of service (system crash). Dmitry Vyukov discovered that the Linux kernel's keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2015-5283, CVE-2015-7872
SHA-256 | e5abdf2008e62ef43b3ae503e90de529e5809783c88d0f8c0761fc3ccbd0f5fd
Ubuntu Security Notice USN-2826-1
Posted Dec 3, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2826-1 - It was discovered that the SCTP protocol implementation in the Linux kernel performed an incorrect sequence of protocol-initialization steps. A local attacker could use this to cause a denial of service (system crash). Dmitry Vyukov discovered that the Linux kernel's keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2015-5283, CVE-2015-7872
SHA-256 | a46cac37588ee91b5f88a74d036718a72a40eb593bde4fc8fd7dd5be31746a37
Ubuntu Security Notice USN-2824-1
Posted Dec 2, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2824-1 - Dmitry Vyukov discovered that the Linux kernel's keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash).

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7872
SHA-256 | 7db7a7fae1c43f0a5515c9f7cba84ce7e29596eab26c0f8629bd42187783f008
Ubuntu Security Notice USN-2823-1
Posted Dec 1, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2823-1 - It was discovered that the SCTP protocol implementation in the Linux kernel performed an incorrect sequence of protocol-initialization steps. A local attacker could use this to cause a denial of service (system crash). Dmitry Vyukov discovered that the Linux kernel's keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2015-5283, CVE-2015-7872
SHA-256 | b571488b07c4a6634118c61047b479fdea699b8487c5473f9b60f7ecedacf73d
Debian Security Advisory 3396-1
Posted Nov 10, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3396-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2015-5307, CVE-2015-7833, CVE-2015-7872, CVE-2015-7990
SHA-256 | 57b221cf0f2e7a2aa4558d8d243981e0dfe2d84128caace2acf4863b4c84035f
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close