- Home
- CVEs with nessus.description==The+linux-2.6+update+issued+as+DLA-246-1+caused+regressions.+This+update+corrects+the+defective+patches+applied+in+that+update+causing+these+problems.+For+reference+the+original+advisory+text+follows.%0A%0AThis+update+fixes+the+CVEs+described+below.%0A%0ACVE-2011-5321%0A%0AJiri+Slaby+discovered+that+tty_driver_lookup_tty%28%29+may+leak+a+reference+to+the+tty+driver.+A+local+user+could+use+this+flaw+to+crash+the+system.%0A%0ACVE-2012-6689%0A%0APablo+Neira+Ayuso+discovered+that+non-root+user-space+processes+can+send+forged+Netlink+notifications+to+other+processes.+A+local+user+could+use+this+flaw+for+denial+of+service+or+privilege+escalation.%0A%0ACVE-2014-3184%0A%0ABen+Hawkes+discovered+that+various+HID+drivers+may+over-read+the+report+descriptor+buffer%2C+possibly+resulting+in+a+crash+if+a+HID+with+a+crafted+descriptor+is+plugged+in.%0A%0ACVE-2014-8159%0A%0AIt+was+found+that+the+Linux+kernel%27s+InfiniBand%2FRDMA+subsystem+did+not+properly+sanitize+input+parameters+while+registering+memory+regions+from+user+space+via+the+%28u%29verbs+API.+A+local+user+with+access+to+a+%2Fdev%2Finfiniband%2FuverbsX+device+could+use+this+flaw+to+crash+the+system+or%2C+potentially%2C+escalate+their+privileges+on+the+system.%0A%0ACVE-2014-9683%0A%0ADmitry+Chernenkov+discovered+that+eCryptfs+writes+past+the+end+of+the+allocated+buffer+during+encrypted+filename+decoding%2C+resulting+in+local+denial+of+service.%0A%0ACVE-2014-9728+%2F+CVE-2014-9729+%2F+CVE-2014-9730+%2F+CVE-2014-9731+%2F+CVE-2015-4167%0A%0ACarl+Henrik+Lunde+discovered+that+the+UDF+implementation+is+missing+several+necessary+length+checks.+A+local+user+that+can+mount+devices+could+use+these+various+flaws+to+crash+the+system%2C+to+leak+information+from+the+kernel%2C+or+possibly+for+privilege+escalation.%0A%0ACVE-2015-1805%0A%0ARed+Hat+discovered+that+the+pipe+iovec+read+and+write+implementations+may+iterate+over+the+iovec+twice+but+will+modify+the+iovec+such+that+the+second+iteration+accesses+the+wrong+memory.+A+local+user+could+use+this+flaw+to+crash+the+system+or+possibly+for+privilege+escalation.%0AThis+may+also+result+in+data+corruption+and+information+leaks+in+pipes+between+non-malicious+processes.%0A%0ACVE-2015-2041%0A%0ASasha+Levin+discovered+that+the+LLC+subsystem+exposed+some+variables+as+sysctls+with+the+wrong+type.+On+a+64-bit+kernel%2C+this+possibly+allows+privilege+escalation+from+a+process+with+CAP_NET_ADMIN+capability%3B+it+also+results+in+a+trivial+information+leak.%0A%0ACVE-2015-2042%0A%0ASasha+Levin+discovered+that+the+RDS+subsystem+exposed+some+variables+as+sysctls+with+the+wrong+type.+On+a+64-bit+kernel%2C+this+results+in+a+trivial+information+leak.%0A%0ACVE-2015-2830%0A%0AAndrew+Lutomirski+discovered+that+when+a+64-bit+task+on+an+amd64+kernel+makes+a+fork%282%29+or+clone%282%29+system+call+using+int+%240x80%2C+the+32-bit+compatibility+flag+is+set+%28correctly%29+but+is+not+cleared+on+return.+As+a+result%2C+both+seccomp+and+audit+will+misinterpret+the+following+system+call+by+the+task%28s%29%2C+possibly+leading+to+a+violation+of+security+policy.%0A%0ACVE-2015-2922%0A%0AModio+AB+discovered+that+the+IPv6+subsystem+would+process+a+router+advertisement+that+specifies+no+route+but+only+a+hop+limit%2C+which+would+then+be+applied+to+the+interface+that+received+it.+This+can+result+in+loss+of+IPv6+connectivity+beyond+the+local+network.%0A%0AThis+may+be+mitigated+by+disabling+processing+of+IPv6+router+advertisements+if+they+are+not+needed%3A+sysctl+net.ipv6.conf.default.accept_ra%3D0+sysctl+net.ipv6.conf.%3Cinterface%3E.accept_ra%3D0%0A%0ACVE-2015-3339%0A%0AIt+was+found+that+the+execve%282%29+system+call+can+race+with+inode+attribute+changes+made+by+chown%282%29.+Although+chown%282%29+clears+the+setuid%2Fsetgid+bits+of+a+file+if+it+changes+the+respective+owner+ID%2C+this+race+condition+could+result+in+execve%282%29+setting+effective+uid%2Fgid+to+the+new+owner+ID%2C+a+privilege+escalation.%0A%0AFor+the+oldoldstable+distribution+%28squeeze%29%2C+these+problems+have+been+fixed+in+version+2.6.32-48squeeze12.%0A%0AFor+the+oldstable+distribution+%28wheezy%29%2C+these+problems+were+fixed+in+linux+version+3.2.68-1%2Bdeb7u1+or+earlier%2C+except+for+CVE-2015-1805+and+CVE-2015-4167+which+will+be+fixed+soon.%0A%0AFor+the+stable+distribution+%28jessie%29%2C+these+problems+were+fixed+in+linux+version+3.16.7-ckt11-1+or+earlier%2C+except+for+CVE-2015-4167+which+will+be+fixed+later.%0A%0AWe+recommend+that+you+upgrade+your+linux-2.6+packages.%0A%0ANOTE%3A+Tenable+Network+Security+has+extracted+the+preceding+description+block+directly+from+the+DLA+security+advisory.+Tenable+has+attempted+to+automatically+clean+and+format+it+as+much+as+possible+without+introducing+additional+issues
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top