- Home
- CVEs with nessus.description==%2A+A+flaw+was+found+in+the+way+Linux+kernel%27s+Transparent+Huge+Pages+%28THP%29+implementation+handled+non-huge+page+migration.+A+local%2C+unprivileged+user+could+use+this+flaw+to+crash+the+kernel+by+migrating+transparent+hugepages.+%28CVE-2014-3940%2C+Moderate%29%0A%0A%2A+A+buffer+overflow+flaw+was+found+in+the+way+the+Linux+kernel%27s+eCryptfs+implementation+decoded+encrypted+file+names.+A+local%2C+unprivileged+user+could+use+this+flaw+to+crash+the+system+or%2C+potentially%2C+escalate+their+privileges+on+the+system.+%28CVE-2014-9683%2C+Moderate%29%0A%0A%2A+A+race+condition+flaw+was+found+between+the+chown+and+execve+system+calls.+When+changing+the+owner+of+a+setuid+user+binary+to+root%2C+the+race+condition+could+momentarily+make+the+binary+setuid+root.+A+local%2C+unprivileged+user+could+potentially+use+this+flaw+to+escalate+their+privileges+on+the+system.+%28CVE-2015-3339%2C+Moderate%29%0A%0A%2A+Multiple+out-of-bounds+write+flaws+were+found+in+the+way+the+Cherry+Cymotion+keyboard+driver%2C+KYE%2FGenius+device+drivers%2C+Logitech+device+drivers%2C+Monterey+Genius+KB29E+keyboard+driver%2C+Petalynx+Maxter+remote+control+driver%2C+and+Sunplus+wireless+desktop+driver+handled+HID+reports+with+an+invalid+report+descriptor+size.+An+attacker+with+physical+access+to+the+system+could+use+either+of+these+flaws+to+write+data+past+an+allocated+memory+buffer.+%28CVE-2014-3184%2C+Low%29%0A%0A%2A+An+information+leak+flaw+was+found+in+the+way+the+Linux+kernel%27s+Advanced+Linux+Sound+Architecture+%28ALSA%29+implementation+handled+access+of+the+user+control%27s+state.+A+local%2C+privileged+user+could+use+this+flaw+to+leak+kernel+memory+to+user+space.+%28CVE-2014-4652%2C+Low%29%0A%0A%2A+It+was+found+that+the+espfix+functionality+could+be+bypassed+by+installing+a+16-bit+RW+data+segment+into+GDT+instead+of+LDT+%28which+espfix+checks%29%2C+and+using+that+segment+on+the+stack.+A+local%2C+unprivileged+user+could+potentially+use+this+flaw+to+leak+kernel+stack+addresses.+%28CVE-2014-8133%2C+Low%29%0A%0A%2A+An+information+leak+flaw+was+found+in+the+Linux+kernel%27s+IEEE+802.11+wireless+networking+implementation.+When+software+encryption+was+used%2C+a+remote+attacker+could+use+this+flaw+to+leak+up+to+8+bytes+of+plaintext.+%28CVE-2014-8709%2C+Low%29%0A%0A%2A+It+was+found+that+the+Linux+kernel+KVM+subsystem%27s+sysenter+instruction+emulation+was+not+sufficient.+An+unprivileged+guest+user+could+use+this+flaw+to+escalate+their+privileges+by+tricking+the+hypervisor+to+emulate+a+SYSENTER+instruction+in+16-bit+mode%2C+if+the+guest+OS+did+not+initialize+the+SYSENTER+model-specific+registers+%28MSRs%29.+Note%3A+Certified+guest+operating+systems+for+Scientific+Linux+with+KVM+do+initialize+the+SYSENTER+MSRs+and+are+thus+not+vulnerable+to+this+issue+when+running+on+a+KVM+hypervisor.+%28CVE-2015-0239%2C+Low%29%0A%0AThe+system+must+be+rebooted+for+this+update+to+take+effect
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top