- Home
- CVEs with nessus.description==This update fixes the CVEs described below.
A further issue, CVE-2014-9419, was considered, but appears to require extensive changes with a consequent high risk of regression. It is now unlikely to be fixed in squeeze-lts.
CVE-2013-6885
It was discovered that under specific circumstances, a combination of write operations to write-combined memory and locked CPU instructions may cause a core hang on AMD 16h 00h through 0Fh processors. A local user can use this flaw to mount a denial of service (system hang) via a crafted application.
For more information please refer to the AMD CPU erratum 793 in http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.
pdf
CVE-2014-7822
It was found that the splice() system call did not validate the given file offset and length. A local unprivileged user can use this flaw to cause filesystem corruption on ext4 filesystems, or possibly other effects.
CVE-2014-8133
It was found that the espfix functionality can be bypassed by installing a 16-bit RW data segment into GDT instead of LDT (which espfix checks for) and using it for stack. A local unprivileged user could potentially use this flaw to leak kernel stack addresses.
CVE-2014-8134
It was found that the espfix functionality is wrongly disabled in a 32-bit KVM guest. A local unprivileged user could potentially use this flaw to leak kernel stack addresses.
CVE-2014-8160
It was found that a netfilter (iptables or ip6tables) rule accepting packets to a specific SCTP, DCCP, GRE or UDPlite port/endpoint could result in incorrect connection tracking state. If only the generic connection tracking module (nf_conntrack) was loaded, and not the protocol-specific connection tracking module, this would allow access to any port/endpoint of the specified protocol.
CVE-2014-9420
It was found that the ISO-9660 filesystem implementation (isofs) follows arbitrarily long chains, including loops, of Continuation Entries (CEs). This allows local users to mount a denial of service via a crafted disc image.
CVE-2014-9584
It was found that the ISO-9660 filesystem implementation (isofs) does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted disc image.
CVE-2014-9585
It was discovered that address randomisation for the vDSO in 64-bit processes is extremely biassed. A local unprivileged user could potentially use this flaw to bypass the ASLR protection mechanism.
CVE-2015-1421
It was found that the SCTP implementation could free authentication state while it was still in use, resulting in heap corruption. This could allow remote users to cause a denial of service or privilege escalation.
CVE-2015-1593
It was found that address randomisation for the initial stack in 64-bit processes was limited to 20 rather than 22 bits of entropy. A local unprivileged user could potentially use this flaw to bypass the ASLR protection mechanism.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top