Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2016-AVI-110
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans le noyau linux de Suse. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
Vendor | Product | Description | ||
---|---|---|---|---|
SUSE | N/A | SUSE Linux Enterprise Debuginfo 11-SP4 | ||
SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 11-SP4 | ||
SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 11-SP4 | ||
SUSE | N/A | SUSE Linux Enterprise Software Development Kit 11-SP4 | ||
SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 11-EXTRA |
References
Title | Publication Time | Tags | |
---|---|---|---|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "SUSE Linux Enterprise Debuginfo 11-SP4", "product": { "name": "N/A", "vendor": { "name": "SUSE", "scada": false } } }, { "description": "SUSE Linux Enterprise Server 11-SP4", "product": { "name": "SUSE Linux Enterprise Server", "vendor": { "name": "SUSE", "scada": false } } }, { "description": "SUSE Linux Enterprise Desktop 11-SP4", "product": { "name": "SUSE Linux Enterprise Desktop", "vendor": { "name": "SUSE", "scada": false } } }, { "description": "SUSE Linux Enterprise Software Development Kit 11-SP4", "product": { "name": "N/A", "vendor": { "name": "SUSE", "scada": false } } }, { "description": "SUSE Linux Enterprise Server 11-EXTRA", "product": { "name": "SUSE Linux Enterprise Server", "vendor": { "name": "SUSE", "scada": false } } } ], "affected_systems_content": null, "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n", "cves": [ { "name": "CVE-2016-2545", "url": "https://www.cve.org/CVERecord?id=CVE-2016-2545" }, { "name": "CVE-2015-8767", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8767" }, { "name": "CVE-2016-0723", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0723" }, { "name": "CVE-2016-2548", "url": "https://www.cve.org/CVERecord?id=CVE-2016-2548" }, { "name": "CVE-2016-2544", "url": "https://www.cve.org/CVERecord?id=CVE-2016-2544" }, { "name": "CVE-2015-8569", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8569" }, { "name": "CVE-2015-8785", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8785" }, { "name": "CVE-2015-8575", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8575" }, { "name": "CVE-2015-8550", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8550" }, { "name": "CVE-2015-8551", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8551" }, { "name": "CVE-2015-8539", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8539" }, { "name": "CVE-2015-7550", "url": "https://www.cve.org/CVERecord?id=CVE-2015-7550" }, { "name": "CVE-2013-7446", "url": "https://www.cve.org/CVERecord?id=CVE-2013-7446" }, { "name": "CVE-2016-2384", "url": "https://www.cve.org/CVERecord?id=CVE-2016-2384" }, { "name": "CVE-2015-8543", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8543" }, { "name": "CVE-2015-8552", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8552" }, { "name": "CVE-2016-2069", "url": "https://www.cve.org/CVERecord?id=CVE-2016-2069" }, { "name": "CVE-2015-8812", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8812" }, { "name": "CVE-2016-2546", "url": "https://www.cve.org/CVERecord?id=CVE-2016-2546" }, { "name": "CVE-2016-2549", "url": "https://www.cve.org/CVERecord?id=CVE-2016-2549" }, { "name": "CVE-2016-2543", "url": "https://www.cve.org/CVERecord?id=CVE-2016-2543" }, { "name": "CVE-2015-7515", "url": "https://www.cve.org/CVERecord?id=CVE-2015-7515" }, { "name": "CVE-2016-2547", "url": "https://www.cve.org/CVERecord?id=CVE-2016-2547" } ], "initial_release_date": "2016-03-31T00:00:00", "last_revision_date": "2016-03-31T00:00:00", "links": [ { "title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2016:0911-1 du 30 mars 2016", "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20160911-1.html" } ], "reference": "CERTFR-2016-AVI-110", "revisions": [ { "description": "version initiale.", "revision_date": "2016-03-31T00:00:00.000000" } ], "risks": [ { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Ex\u00e9cution de code arbitraire" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" }, { "description": "\u00c9l\u00e9vation de privil\u00e8ges" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau linux de Suse\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire,\nun d\u00e9ni de service \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n", "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau linux de Suse", "vendor_advisories": [ { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2016:0911-1 du 30 mars 2016", "url": null } ] }
CVE-2015-8550 (GCVE-0-2015-8550)
Vulnerability from cvelistv5
Published
2016-04-14 14:00
Modified
2024-08-06 08:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.
References
URL | Tags | ||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:20:43.458Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "name": "DSA-3519", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3519" }, { "name": "79592", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/79592" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://xenbits.xen.org/xsa/advisory-155.html" }, { "name": "SUSE-SU-2016:1764", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "1034479", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034479" }, { "name": "GLSA-201604-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201604-03" }, { "name": "DSA-3471", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3471" }, { "name": "DSA-3434", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3434" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-12-17T00:00:00", "descriptions": [ { "lang": "en", "value": "Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-03T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "name": "DSA-3519", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3519" }, { "name": "79592", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/79592" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://xenbits.xen.org/xsa/advisory-155.html" }, { "name": "SUSE-SU-2016:1764", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "1034479", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034479" }, { "name": "GLSA-201604-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201604-03" }, { "name": "DSA-3471", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3471" }, { "name": "DSA-3434", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3434" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8550", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "name": "DSA-3519", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3519" }, { "name": "79592", "refsource": "BID", "url": "http://www.securityfocus.com/bid/79592" }, { "name": "http://xenbits.xen.org/xsa/advisory-155.html", "refsource": "CONFIRM", "url": "http://xenbits.xen.org/xsa/advisory-155.html" }, { "name": "SUSE-SU-2016:1764", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "name": "SUSE-SU-2016:1102", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "1034479", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034479" }, { "name": "GLSA-201604-03", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201604-03" }, { "name": "DSA-3471", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3471" }, { "name": "DSA-3434", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3434" }, { "name": "SUSE-SU-2016:0911", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8550", "datePublished": "2016-04-14T14:00:00", "dateReserved": "2015-12-14T00:00:00", "dateUpdated": "2024-08-06T08:20:43.458Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2016-0723 (GCVE-0-2016-0723)
Vulnerability from cvelistv5
Published
2016-02-08 02:00
Modified
2024-08-05 22:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:30:03.991Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security-tracker.debian.org/tracker/CVE-2016-0723" }, { "name": "USN-2930-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2930-1" }, { "name": "USN-2967-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296253" }, { "name": "USN-2930-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2930-2" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "USN-2967-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "name": "SUSE-SU-2016:1764", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5c17c861a357e9458001f021a7afa7aab9937439" }, { "name": "USN-2930-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2930-3" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://source.android.com/security/bulletin/2016-07-01.html" }, { "name": "USN-2929-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2929-1" }, { "name": "USN-2932-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "name": "82950", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/82950" }, { "name": "FEDORA-2016-5d43766e33", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "name": "1035695", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1035695" }, { "name": "USN-2948-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2948-1" }, { "name": "DSA-3448", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3448" }, { "name": "openSUSE-SU-2016:1008", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "name": "USN-2929-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2929-2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/5c17c861a357e9458001f021a7afa7aab9937439" }, { "name": "USN-2948-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2948-2" }, { "name": "FEDORA-2016-2f25d12c51", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176464.html" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K43650115" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-01-31T00:00:00", "descriptions": [ { "lang": "en", "value": "Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-07-19T17:06:05", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security-tracker.debian.org/tracker/CVE-2016-0723" }, { "name": "USN-2930-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2930-1" }, { "name": "USN-2967-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296253" }, { "name": "USN-2930-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2930-2" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "USN-2967-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "name": "SUSE-SU-2016:1764", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5c17c861a357e9458001f021a7afa7aab9937439" }, { "name": "USN-2930-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2930-3" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://source.android.com/security/bulletin/2016-07-01.html" }, { "name": "USN-2929-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2929-1" }, { "name": "USN-2932-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "name": "82950", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/82950" }, { "name": "FEDORA-2016-5d43766e33", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "name": "1035695", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1035695" }, { "name": "USN-2948-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2948-1" }, { "name": "DSA-3448", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3448" }, { "name": "openSUSE-SU-2016:1008", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "name": "USN-2929-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2929-2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/5c17c861a357e9458001f021a7afa7aab9937439" }, { "name": "USN-2948-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2948-2" }, { "name": "FEDORA-2016-2f25d12c51", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176464.html" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K43650115" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-0723", "datePublished": "2016-02-08T02:00:00", "dateReserved": "2015-12-16T00:00:00", "dateUpdated": "2024-08-05T22:30:03.991Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2015-8552 (GCVE-0-2015-8552)
Vulnerability from cvelistv5
Published
2016-04-13 15:00
Modified
2024-08-06 08:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks."
References
URL | Tags | |||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:20:43.208Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://xenbits.xen.org/xsa/advisory-157.html" }, { "name": "1034480", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034480" }, { "name": "openSUSE-SU-2016:2184", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html" }, { "name": "SUSE-SU-2016:1764", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "SUSE-SU-2016:1707", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html" }, { "name": "GLSA-201604-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201604-03" }, { "name": "SUSE-SU-2016:2105", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html" }, { "name": "DSA-3434", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3434" }, { "name": "79546", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/79546" }, { "name": "SUSE-SU-2016:1937", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-12-17T00:00:00", "descriptions": [ { "lang": "en", "value": "The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka \"Linux pciback missing sanity checks.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-03T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://xenbits.xen.org/xsa/advisory-157.html" }, { "name": "1034480", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034480" }, { "name": "openSUSE-SU-2016:2184", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html" }, { "name": "SUSE-SU-2016:1764", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "SUSE-SU-2016:1707", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html" }, { "name": "GLSA-201604-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201604-03" }, { "name": "SUSE-SU-2016:2105", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html" }, { "name": "DSA-3434", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3434" }, { "name": "79546", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/79546" }, { "name": "SUSE-SU-2016:1937", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8552", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka \"Linux pciback missing sanity checks.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://xenbits.xen.org/xsa/advisory-157.html", "refsource": "CONFIRM", "url": "http://xenbits.xen.org/xsa/advisory-157.html" }, { "name": "1034480", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034480" }, { "name": "openSUSE-SU-2016:2184", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html" }, { "name": "SUSE-SU-2016:1764", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "name": "SUSE-SU-2016:1102", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "SUSE-SU-2016:1707", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html" }, { "name": "GLSA-201604-03", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201604-03" }, { "name": "SUSE-SU-2016:2105", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html" }, { "name": "DSA-3434", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3434" }, { "name": "79546", "refsource": "BID", "url": "http://www.securityfocus.com/bid/79546" }, { "name": "SUSE-SU-2016:1937", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html" }, { "name": "SUSE-SU-2016:0911", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8552", "datePublished": "2016-04-13T15:00:00", "dateReserved": "2015-12-14T00:00:00", "dateUpdated": "2024-08-06T08:20:43.208Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2015-7515 (GCVE-0-2015-7515)
Vulnerability from cvelistv5
Published
2016-04-27 17:00
Modified
2024-08-06 07:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T07:51:28.054Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-2971-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2971-2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security-tracker.debian.org/tracker/CVE-2015-7515" }, { "name": "USN-2967-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "name": "84288", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/84288" }, { "name": "USN-2970-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2970-1" }, { "name": "USN-2969-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2969-1" }, { "name": "USN-2967-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "name": "USN-2968-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2968-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8e20cf2bce122ce9262d6034ee5d5b76fbb92f96" }, { "name": "USN-2971-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2971-3" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1285326" }, { "name": "DSA-3607", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3607" }, { "name": "39544", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/39544/" }, { "name": "USN-2971-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2971-1" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "USN-2968-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2968-2" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/8e20cf2bce122ce9262d6034ee5d5b76fbb92f96" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-04-27T00:00:00", "descriptions": [ { "lang": "en", "value": "The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-07T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "USN-2971-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2971-2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security-tracker.debian.org/tracker/CVE-2015-7515" }, { "name": "USN-2967-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "name": "84288", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/84288" }, { "name": "USN-2970-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2970-1" }, { "name": "USN-2969-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2969-1" }, { "name": "USN-2967-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "name": "USN-2968-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2968-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8e20cf2bce122ce9262d6034ee5d5b76fbb92f96" }, { "name": "USN-2971-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2971-3" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1285326" }, { "name": "DSA-3607", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3607" }, { "name": "39544", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/39544/" }, { "name": "USN-2971-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2971-1" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "USN-2968-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2968-2" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/8e20cf2bce122ce9262d6034ee5d5b76fbb92f96" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-7515", "datePublished": "2016-04-27T17:00:00", "dateReserved": "2015-09-29T00:00:00", "dateUpdated": "2024-08-06T07:51:28.054Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2015-8767 (GCVE-0-2015-8767)
Vulnerability from cvelistv5
Published
2016-02-08 02:00
Modified
2024-08-06 08:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:29:21.651Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-2930-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2930-1" }, { "name": "USN-2967-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "name": "RHSA-2016:1341", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2016:1341" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { "name": "RHSA-2016:0715", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0715.html" }, { "name": "USN-2930-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2930-2" }, { "name": "RHSA-2016:1301", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2016:1301" }, { "name": "[oss-security] 20160111 CVE Request: Linux kernel - SCTP denial of service during heartbeat timeout functions.", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/01/11/4" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "USN-2967-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=635682a14427d241bab7bbdeebb48a7d7b91638e" }, { "name": "USN-2930-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2930-3" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "USN-2932-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1297389" }, { "name": "FEDORA-2016-5d43766e33", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "80268", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/80268" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/635682a14427d241bab7bbdeebb48a7d7b91638e" }, { "name": "USN-2931-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2931-1" }, { "name": "DSA-3448", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3448" }, { "name": "openSUSE-SU-2016:1008", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "name": "RHSA-2016:1277", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2016:1277" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-09-24T00:00:00", "descriptions": [ { "lang": "en", "value": "net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-02T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-2930-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2930-1" }, { "name": "USN-2967-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "name": "RHSA-2016:1341", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2016:1341" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { "name": "RHSA-2016:0715", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0715.html" }, { "name": "USN-2930-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2930-2" }, { "name": "RHSA-2016:1301", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2016:1301" }, { "name": "[oss-security] 20160111 CVE Request: Linux kernel - SCTP denial of service during heartbeat timeout functions.", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/01/11/4" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "USN-2967-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=635682a14427d241bab7bbdeebb48a7d7b91638e" }, { "name": "USN-2930-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2930-3" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "USN-2932-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1297389" }, { "name": "FEDORA-2016-5d43766e33", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "80268", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/80268" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/635682a14427d241bab7bbdeebb48a7d7b91638e" }, { "name": "USN-2931-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2931-1" }, { "name": "DSA-3448", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3448" }, { "name": "openSUSE-SU-2016:1008", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "name": "RHSA-2016:1277", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2016:1277" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8767", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-2930-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2930-1" }, { "name": "USN-2967-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "name": "RHSA-2016:1341", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2016:1341" }, { "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { "name": "RHSA-2016:0715", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0715.html" }, { "name": "USN-2930-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2930-2" }, { "name": "RHSA-2016:1301", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2016:1301" }, { "name": "[oss-security] 20160111 CVE Request: Linux kernel - SCTP denial of service during heartbeat timeout functions.", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/01/11/4" }, { "name": "DSA-3503", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "USN-2967-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=635682a14427d241bab7bbdeebb48a7d7b91638e", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=635682a14427d241bab7bbdeebb48a7d7b91638e" }, { "name": "USN-2930-3", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2930-3" }, { "name": "SUSE-SU-2016:1102", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "USN-2932-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1297389", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1297389" }, { "name": "FEDORA-2016-5d43766e33", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html" }, { "name": "SUSE-SU-2016:2074", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "80268", "refsource": "BID", "url": "http://www.securityfocus.com/bid/80268" }, { "name": "https://github.com/torvalds/linux/commit/635682a14427d241bab7bbdeebb48a7d7b91638e", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/635682a14427d241bab7bbdeebb48a7d7b91638e" }, { "name": "USN-2931-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2931-1" }, { "name": "DSA-3448", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3448" }, { "name": "openSUSE-SU-2016:1008", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "name": "RHSA-2016:1277", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2016:1277" }, { "name": "SUSE-SU-2016:0911", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8767", "datePublished": "2016-02-08T02:00:00", "dateReserved": "2016-01-11T00:00:00", "dateUpdated": "2024-08-06T08:29:21.651Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2015-8551 (GCVE-0-2015-8551)
Vulnerability from cvelistv5
Published
2016-04-13 15:00
Modified
2024-08-06 08:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback missing sanity checks."
References
URL | Tags | |||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:20:43.119Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://xenbits.xen.org/xsa/advisory-157.html" }, { "name": "1034480", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034480" }, { "name": "openSUSE-SU-2016:2184", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html" }, { "name": "SUSE-SU-2016:1764", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "SUSE-SU-2016:1707", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html" }, { "name": "GLSA-201604-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201604-03" }, { "name": "SUSE-SU-2016:2105", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html" }, { "name": "DSA-3434", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3434" }, { "name": "79546", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/79546" }, { "name": "SUSE-SU-2016:1937", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-12-17T00:00:00", "descriptions": [ { "lang": "en", "value": "The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka \"Linux pciback missing sanity checks.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-03T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://xenbits.xen.org/xsa/advisory-157.html" }, { "name": "1034480", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034480" }, { "name": "openSUSE-SU-2016:2184", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html" }, { "name": "SUSE-SU-2016:1764", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "SUSE-SU-2016:1707", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html" }, { "name": "GLSA-201604-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201604-03" }, { "name": "SUSE-SU-2016:2105", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html" }, { "name": "DSA-3434", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3434" }, { "name": "79546", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/79546" }, { "name": "SUSE-SU-2016:1937", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8551", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka \"Linux pciback missing sanity checks.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://xenbits.xen.org/xsa/advisory-157.html", "refsource": "CONFIRM", "url": "http://xenbits.xen.org/xsa/advisory-157.html" }, { "name": "1034480", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034480" }, { "name": "openSUSE-SU-2016:2184", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html" }, { "name": "SUSE-SU-2016:1764", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "name": "SUSE-SU-2016:1102", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "SUSE-SU-2016:1707", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html" }, { "name": "GLSA-201604-03", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201604-03" }, { "name": "SUSE-SU-2016:2105", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html" }, { "name": "DSA-3434", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3434" }, { "name": "79546", "refsource": "BID", "url": "http://www.securityfocus.com/bid/79546" }, { "name": "SUSE-SU-2016:1937", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html" }, { "name": "SUSE-SU-2016:0911", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8551", "datePublished": "2016-04-13T15:00:00", "dateReserved": "2015-12-14T00:00:00", "dateUpdated": "2024-08-06T08:20:43.119Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2016-2545 (GCVE-0-2016-2545)
Vulnerability from cvelistv5
Published
2016-04-27 17:00
Modified
2024-08-05 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly maintain a certain linked list, which allows local users to cause a denial of service (race condition and system crash) via a crafted ioctl call.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T23:32:20.831Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/ee8413b01045c74340aa13ad5bdf905de32be736" }, { "name": "USN-2930-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2930-1" }, { "name": "USN-2967-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee8413b01045c74340aa13ad5bdf905de32be736" }, { "name": "USN-2930-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2930-2" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311560" }, { "name": "USN-2967-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "name": "[oss-security] 20160119 Security bugs in Linux kernel sound subsystem", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/01/19/1" }, { "name": "USN-2930-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2930-3" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "USN-2929-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2929-1" }, { "name": "USN-2932-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "name": "1035296", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1035296" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2931-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2931-1" }, { "name": "83381", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/83381" }, { "name": "USN-2929-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2929-2" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-01-19T00:00:00", "descriptions": [ { "lang": "en", "value": "The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly maintain a certain linked list, which allows local users to cause a denial of service (race condition and system crash) via a crafted ioctl call." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-06T09:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/ee8413b01045c74340aa13ad5bdf905de32be736" }, { "name": "USN-2930-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2930-1" }, { "name": "USN-2967-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee8413b01045c74340aa13ad5bdf905de32be736" }, { "name": "USN-2930-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2930-2" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311560" }, { "name": "USN-2967-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "name": "[oss-security] 20160119 Security bugs in Linux kernel sound subsystem", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/01/19/1" }, { "name": "USN-2930-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2930-3" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "USN-2929-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2929-1" }, { "name": "USN-2932-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "name": "1035296", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1035296" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2931-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2931-1" }, { "name": "83381", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/83381" }, { "name": "USN-2929-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2929-2" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-2545", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly maintain a certain linked list, which allows local users to cause a denial of service (race condition and system crash) via a crafted ioctl call." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/torvalds/linux/commit/ee8413b01045c74340aa13ad5bdf905de32be736", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/ee8413b01045c74340aa13ad5bdf905de32be736" }, { "name": "USN-2930-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2930-1" }, { "name": "USN-2967-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee8413b01045c74340aa13ad5bdf905de32be736", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee8413b01045c74340aa13ad5bdf905de32be736" }, { "name": "USN-2930-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2930-2" }, { "name": "DSA-3503", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1311560", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311560" }, { "name": "USN-2967-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "name": "[oss-security] 20160119 Security bugs in Linux kernel sound subsystem", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/01/19/1" }, { "name": "USN-2930-3", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2930-3" }, { "name": "SUSE-SU-2016:1102", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "USN-2929-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2929-1" }, { "name": "USN-2932-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "name": "1035296", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035296" }, { "name": "SUSE-SU-2016:2074", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2931-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2931-1" }, { "name": "83381", "refsource": "BID", "url": "http://www.securityfocus.com/bid/83381" }, { "name": "USN-2929-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2929-2" }, { "name": "SUSE-SU-2016:0911", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-2545", "datePublished": "2016-04-27T17:00:00", "dateReserved": "2016-02-23T00:00:00", "dateUpdated": "2024-08-05T23:32:20.831Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2013-7446 (GCVE-0-2013-7446)
Vulnerability from cvelistv5
Published
2015-12-28 11:00
Modified
2024-08-06 18:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T18:09:16.999Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "SUSE-SU-2016:0750", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00038.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://groups.google.com/forum/#%21topic/syzkaller/3twDUI4Cpm8" }, { "name": "1034557", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034557" }, { "name": "SUSE-SU-2016:2010", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html" }, { "name": "SUSE-SU-2016:2011", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html" }, { "name": "SUSE-SU-2016:2003", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html" }, { "name": "SUSE-SU-2016:0751", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.html" }, { "name": "SUSE-SU-2016:0747", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00035.html" }, { "name": "SUSE-SU-2016:0755", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.html" }, { "name": "SUSE-SU-2016:1994", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html" }, { "name": "USN-2887-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2887-2" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://forums.grsecurity.net/viewtopic.php?f=3\u0026t=4150" }, { "name": "SUSE-SU-2016:0757", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00045.html" }, { "name": "SUSE-SU-2016:1961", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html" }, { "name": "SUSE-SU-2016:2001", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html" }, { "name": "[netdev] 20150304 [PATCH net] af_unix: don\u0027t poll dead peers", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.spinics.net/lists/netdev/msg318826.html" }, { "name": "SUSE-SU-2016:0753", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00041.html" }, { "name": "USN-2886-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "USN-2887-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2887-1" }, { "name": "USN-2890-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "name": "SUSE-SU-2016:2006", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c" }, { "name": "USN-2889-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2889-1" }, { "name": "SUSE-SU-2016:2014", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html" }, { "name": "openSUSE-SU-2016:1641", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html" }, { "name": "USN-2889-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2889-2" }, { "name": "SUSE-SU-2016:0746", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00034.html" }, { "name": "[linux-kernel] 20150913 List corruption on epoll_ctl(EPOLL_CTL_DEL) an AF_UNIX socket", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lkml.org/lkml/2015/9/13/195" }, { "name": "SUSE-SU-2016:0749", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00037.html" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3" }, { "name": "77638", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/77638" }, { "name": "SUSE-SU-2016:2009", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html" }, { "name": "SUSE-SU-2016:2005", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html" }, { "name": "[linux-kernel] 20140515 eventpoll __list_del_entry corruption (was: perf: use after free in perf_remove_from_context)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lkml.org/lkml/2014/5/15/532" }, { "name": "SUSE-SU-2016:2007", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2890-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282688" }, { "name": "SUSE-SU-2016:2000", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html" }, { "name": "SUSE-SU-2016:0745", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00033.html" }, { "name": "DSA-3426", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2015/dsa-3426" }, { "name": "SUSE-SU-2016:1995", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html" }, { "name": "[oss-security] 20151118 Re: CVE request - Linux kernel - Unix sockets use after free - peer_wait_queue prematurely freed", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2015/11/18/16" }, { "name": "SUSE-SU-2016:2002", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html" }, { "name": "[linux-kernel] 20131014 Re: epoll oops.", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lkml.org/lkml/2013/10/14/424" }, { "name": "SUSE-SU-2016:0756", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00044.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/7d267278a9ece963d77eefec61630223fce08c6c" }, { "name": "USN-2890-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "name": "SUSE-SU-2016:0754", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00042.html" }, { "name": "SUSE-SU-2016:0752", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.html" }, { "name": "USN-2888-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2888-1" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-10-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-05T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "SUSE-SU-2016:0750", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00038.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://groups.google.com/forum/#%21topic/syzkaller/3twDUI4Cpm8" }, { "name": "1034557", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034557" }, { "name": "SUSE-SU-2016:2010", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html" }, { "name": "SUSE-SU-2016:2011", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html" }, { "name": "SUSE-SU-2016:2003", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html" }, { "name": "SUSE-SU-2016:0751", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.html" }, { "name": "SUSE-SU-2016:0747", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00035.html" }, { "name": "SUSE-SU-2016:0755", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.html" }, { "name": "SUSE-SU-2016:1994", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html" }, { "name": "USN-2887-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2887-2" }, { "tags": [ "x_refsource_MISC" ], "url": "https://forums.grsecurity.net/viewtopic.php?f=3\u0026t=4150" }, { "name": "SUSE-SU-2016:0757", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00045.html" }, { "name": "SUSE-SU-2016:1961", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html" }, { "name": "SUSE-SU-2016:2001", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html" }, { "name": "[netdev] 20150304 [PATCH net] af_unix: don\u0027t poll dead peers", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.spinics.net/lists/netdev/msg318826.html" }, { "name": "SUSE-SU-2016:0753", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00041.html" }, { "name": "USN-2886-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "USN-2887-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2887-1" }, { "name": "USN-2890-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "name": "SUSE-SU-2016:2006", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c" }, { "name": "USN-2889-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2889-1" }, { "name": "SUSE-SU-2016:2014", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html" }, { "name": "openSUSE-SU-2016:1641", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html" }, { "name": "USN-2889-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2889-2" }, { "name": "SUSE-SU-2016:0746", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00034.html" }, { "name": "[linux-kernel] 20150913 List corruption on epoll_ctl(EPOLL_CTL_DEL) an AF_UNIX socket", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lkml.org/lkml/2015/9/13/195" }, { "name": "SUSE-SU-2016:0749", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00037.html" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3" }, { "name": "77638", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/77638" }, { "name": "SUSE-SU-2016:2009", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html" }, { "name": "SUSE-SU-2016:2005", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html" }, { "name": "[linux-kernel] 20140515 eventpoll __list_del_entry corruption (was: perf: use after free in perf_remove_from_context)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lkml.org/lkml/2014/5/15/532" }, { "name": "SUSE-SU-2016:2007", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2890-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282688" }, { "name": "SUSE-SU-2016:2000", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html" }, { "name": "SUSE-SU-2016:0745", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00033.html" }, { "name": "DSA-3426", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2015/dsa-3426" }, { "name": "SUSE-SU-2016:1995", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html" }, { "name": "[oss-security] 20151118 Re: CVE request - Linux kernel - Unix sockets use after free - peer_wait_queue prematurely freed", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2015/11/18/16" }, { "name": "SUSE-SU-2016:2002", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html" }, { "name": "[linux-kernel] 20131014 Re: epoll oops.", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lkml.org/lkml/2013/10/14/424" }, { "name": "SUSE-SU-2016:0756", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00044.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/7d267278a9ece963d77eefec61630223fce08c6c" }, { "name": "USN-2890-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "name": "SUSE-SU-2016:0754", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00042.html" }, { "name": "SUSE-SU-2016:0752", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.html" }, { "name": "USN-2888-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2888-1" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-7446", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "SUSE-SU-2016:0750", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00038.html" }, { "name": "https://groups.google.com/forum/#!topic/syzkaller/3twDUI4Cpm8", "refsource": "CONFIRM", "url": "https://groups.google.com/forum/#!topic/syzkaller/3twDUI4Cpm8" }, { "name": "1034557", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034557" }, { "name": "SUSE-SU-2016:2010", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html" }, { "name": "SUSE-SU-2016:2011", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html" }, { "name": "SUSE-SU-2016:2003", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html" }, { "name": "SUSE-SU-2016:0751", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.html" }, { "name": "SUSE-SU-2016:0747", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00035.html" }, { "name": "SUSE-SU-2016:0755", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.html" }, { "name": "SUSE-SU-2016:1994", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html" }, { "name": "USN-2887-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2887-2" }, { "name": "https://forums.grsecurity.net/viewtopic.php?f=3\u0026t=4150", "refsource": "MISC", "url": "https://forums.grsecurity.net/viewtopic.php?f=3\u0026t=4150" }, { "name": "SUSE-SU-2016:0757", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00045.html" }, { "name": "SUSE-SU-2016:1961", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html" }, { "name": "SUSE-SU-2016:2001", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html" }, { "name": "[netdev] 20150304 [PATCH net] af_unix: don\u0027t poll dead peers", "refsource": "MLIST", "url": "http://www.spinics.net/lists/netdev/msg318826.html" }, { "name": "SUSE-SU-2016:0753", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00041.html" }, { "name": "USN-2886-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "USN-2887-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2887-1" }, { "name": "USN-2890-3", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "name": "SUSE-SU-2016:2006", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c" }, { "name": "USN-2889-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2889-1" }, { "name": "SUSE-SU-2016:2014", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html" }, { "name": "openSUSE-SU-2016:1641", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html" }, { "name": "USN-2889-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2889-2" }, { "name": "SUSE-SU-2016:0746", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00034.html" }, { "name": "[linux-kernel] 20150913 List corruption on epoll_ctl(EPOLL_CTL_DEL) an AF_UNIX socket", "refsource": "MLIST", "url": "https://lkml.org/lkml/2015/9/13/195" }, { "name": "SUSE-SU-2016:0749", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00037.html" }, { "name": "SUSE-SU-2016:1102", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3" }, { "name": "77638", "refsource": "BID", "url": "http://www.securityfocus.com/bid/77638" }, { "name": "SUSE-SU-2016:2009", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html" }, { "name": "SUSE-SU-2016:2005", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html" }, { "name": "[linux-kernel] 20140515 eventpoll __list_del_entry corruption (was: perf: use after free in perf_remove_from_context)", "refsource": "MLIST", "url": "https://lkml.org/lkml/2014/5/15/532" }, { "name": "SUSE-SU-2016:2007", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html" }, { "name": "SUSE-SU-2016:2074", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2890-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1282688", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282688" }, { "name": "SUSE-SU-2016:2000", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html" }, { "name": "SUSE-SU-2016:0745", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00033.html" }, { "name": "DSA-3426", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3426" }, { "name": "SUSE-SU-2016:1995", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html" }, { "name": "[oss-security] 20151118 Re: CVE request - Linux kernel - Unix sockets use after free - peer_wait_queue prematurely freed", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/11/18/16" }, { "name": "SUSE-SU-2016:2002", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html" }, { "name": "[linux-kernel] 20131014 Re: epoll oops.", "refsource": "MLIST", "url": "https://lkml.org/lkml/2013/10/14/424" }, { "name": "SUSE-SU-2016:0756", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00044.html" }, { "name": "https://github.com/torvalds/linux/commit/7d267278a9ece963d77eefec61630223fce08c6c", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/7d267278a9ece963d77eefec61630223fce08c6c" }, { "name": "USN-2890-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "name": "SUSE-SU-2016:0754", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00042.html" }, { "name": "SUSE-SU-2016:0752", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.html" }, { "name": "USN-2888-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2888-1" }, { "name": "SUSE-SU-2016:0911", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-7446", "datePublished": "2015-12-28T11:00:00", "dateReserved": "2015-11-18T00:00:00", "dateUpdated": "2024-08-06T18:09:16.999Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2015-8569 (GCVE-0-2015-8569)
Vulnerability from cvelistv5
Published
2015-12-28 11:00
Modified
2024-08-06 08:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:20:43.262Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] 20151215 Re: CVE Request: Linux Kernel: information leak from getsockname", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2015/12/15/11" }, { "name": "USN-2886-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "USN-2890-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "name": "79428", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/79428" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=09ccfd238e5a0e670d8178cf50180ea81ae09ae1" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://twitter.com/grsecurity/statuses/676744240802750464" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "[linux-kernel] 20151214 Information leak in pptp_bind", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lkml.org/lkml/2015/12/14/252" }, { "name": "FEDORA-2016-5d43766e33", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2890-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/09ccfd238e5a0e670d8178cf50180ea81ae09ae1" }, { "name": "1034549", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034549" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1292045" }, { "name": "USN-2890-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "name": "DSA-3434", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3434" }, { "name": "USN-2888-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2888-1" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-12-14T00:00:00", "descriptions": [ { "lang": "en", "value": "The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-06T16:16:06", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus" }, "references": [ { "name": "[oss-security] 20151215 Re: CVE Request: Linux Kernel: information leak from getsockname", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2015/12/15/11" }, { "name": "USN-2886-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "USN-2890-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "name": "79428", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/79428" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=09ccfd238e5a0e670d8178cf50180ea81ae09ae1" }, { "tags": [ "x_refsource_MISC" ], "url": "http://twitter.com/grsecurity/statuses/676744240802750464" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "[linux-kernel] 20151214 Information leak in pptp_bind", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lkml.org/lkml/2015/12/14/252" }, { "name": "FEDORA-2016-5d43766e33", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2890-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/09ccfd238e5a0e670d8178cf50180ea81ae09ae1" }, { "name": "1034549", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034549" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1292045" }, { "name": "USN-2890-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "name": "DSA-3434", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3434" }, { "name": "USN-2888-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2888-1" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@microfocus.com", "ID": "CVE-2015-8569", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[oss-security] 20151215 Re: CVE Request: Linux Kernel: information leak from getsockname", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/12/15/11" }, { "name": "USN-2886-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "USN-2890-3", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "name": "79428", "refsource": "BID", "url": "http://www.securityfocus.com/bid/79428" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=09ccfd238e5a0e670d8178cf50180ea81ae09ae1", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=09ccfd238e5a0e670d8178cf50180ea81ae09ae1" }, { "name": "http://twitter.com/grsecurity/statuses/676744240802750464", "refsource": "MISC", "url": "http://twitter.com/grsecurity/statuses/676744240802750464" }, { "name": "SUSE-SU-2016:1102", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "[linux-kernel] 20151214 Information leak in pptp_bind", "refsource": "MLIST", "url": "https://lkml.org/lkml/2015/12/14/252" }, { "name": "FEDORA-2016-5d43766e33", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html" }, { "name": "SUSE-SU-2016:2074", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2890-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "name": "https://github.com/torvalds/linux/commit/09ccfd238e5a0e670d8178cf50180ea81ae09ae1", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/09ccfd238e5a0e670d8178cf50180ea81ae09ae1" }, { "name": "1034549", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034549" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1292045", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1292045" }, { "name": "USN-2890-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "name": "DSA-3434", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3434" }, { "name": "USN-2888-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2888-1" }, { "name": "SUSE-SU-2016:0911", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2015-8569", "datePublished": "2015-12-28T11:00:00", "dateReserved": "2015-12-15T00:00:00", "dateUpdated": "2024-08-06T08:20:43.262Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2016-2544 (GCVE-0-2016-2544)
Vulnerability from cvelistv5
Published
2016-04-27 17:00
Modified
2024-08-05 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel before 4.4.1 allows local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T23:32:20.959Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-2930-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2930-1" }, { "name": "USN-2967-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1" }, { "name": "USN-2930-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2930-2" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "USN-2967-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "name": "[oss-security] 20160119 Security bugs in Linux kernel sound subsystem", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/01/19/1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3567eb6af614dac436c4b16a8d426f9faed639b3" }, { "name": "USN-2930-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2930-3" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311558" }, { "name": "83380", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/83380" }, { "name": "USN-2929-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2929-1" }, { "name": "USN-2932-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "1035305", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1035305" }, { "name": "USN-2931-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2931-1" }, { "name": "USN-2929-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2929-2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/3567eb6af614dac436c4b16a8d426f9faed639b3" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-01-19T00:00:00", "descriptions": [ { "lang": "en", "value": "Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel before 4.4.1 allows local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-06T09:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-2930-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2930-1" }, { "name": "USN-2967-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1" }, { "name": "USN-2930-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2930-2" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "USN-2967-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "name": "[oss-security] 20160119 Security bugs in Linux kernel sound subsystem", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/01/19/1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3567eb6af614dac436c4b16a8d426f9faed639b3" }, { "name": "USN-2930-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2930-3" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311558" }, { "name": "83380", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/83380" }, { "name": "USN-2929-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2929-1" }, { "name": "USN-2932-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "1035305", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1035305" }, { "name": "USN-2931-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2931-1" }, { "name": "USN-2929-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2929-2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/3567eb6af614dac436c4b16a8d426f9faed639b3" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-2544", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel before 4.4.1 allows local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-2930-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2930-1" }, { "name": "USN-2967-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1" }, { "name": "USN-2930-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2930-2" }, { "name": "DSA-3503", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "USN-2967-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "name": "[oss-security] 20160119 Security bugs in Linux kernel sound subsystem", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/01/19/1" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3567eb6af614dac436c4b16a8d426f9faed639b3", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3567eb6af614dac436c4b16a8d426f9faed639b3" }, { "name": "USN-2930-3", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2930-3" }, { "name": "SUSE-SU-2016:1102", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1311558", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311558" }, { "name": "83380", "refsource": "BID", "url": "http://www.securityfocus.com/bid/83380" }, { "name": "USN-2929-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2929-1" }, { "name": "USN-2932-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "name": "SUSE-SU-2016:2074", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "1035305", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035305" }, { "name": "USN-2931-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2931-1" }, { "name": "USN-2929-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2929-2" }, { "name": "https://github.com/torvalds/linux/commit/3567eb6af614dac436c4b16a8d426f9faed639b3", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/3567eb6af614dac436c4b16a8d426f9faed639b3" }, { "name": "SUSE-SU-2016:0911", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-2544", "datePublished": "2016-04-27T17:00:00", "dateReserved": "2016-02-23T00:00:00", "dateUpdated": "2024-08-05T23:32:20.959Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2015-8785 (GCVE-0-2015-8785)
Vulnerability from cvelistv5
Published
2016-02-08 02:00
Modified
2024-08-06 08:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:29:21.986Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1290642" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/3ca8138f014a913f98e6ef40e939868e1e9ea876" }, { "name": "USN-2886-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "81688", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/81688" }, { "name": "SUSE-SU-2016:1764", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3ca8138f014a913f98e6ef40e939868e1e9ea876" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "name": "[oss-security] 20160124 CVE Request: Linux: fuse: possible denial of service in fuse_fill_write_pages()", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/01/24/1" }, { "name": "openSUSE-SU-2016:1008", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-11-10T00:00:00", "descriptions": [ { "lang": "en", "value": "The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-02T20:57:01", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1290642" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/3ca8138f014a913f98e6ef40e939868e1e9ea876" }, { "name": "USN-2886-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "81688", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/81688" }, { "name": "SUSE-SU-2016:1764", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3ca8138f014a913f98e6ef40e939868e1e9ea876" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "name": "[oss-security] 20160124 CVE Request: Linux: fuse: possible denial of service in fuse_fill_write_pages()", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/01/24/1" }, { "name": "openSUSE-SU-2016:1008", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@debian.org", "ID": "CVE-2015-8785", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1290642", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1290642" }, { "name": "https://github.com/torvalds/linux/commit/3ca8138f014a913f98e6ef40e939868e1e9ea876", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/3ca8138f014a913f98e6ef40e939868e1e9ea876" }, { "name": "USN-2886-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "DSA-3503", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "81688", "refsource": "BID", "url": "http://www.securityfocus.com/bid/81688" }, { "name": "SUSE-SU-2016:1764", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "name": "SUSE-SU-2016:1102", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3ca8138f014a913f98e6ef40e939868e1e9ea876", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3ca8138f014a913f98e6ef40e939868e1e9ea876" }, { "name": "SUSE-SU-2016:2074", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "name": "[oss-security] 20160124 CVE Request: Linux: fuse: possible denial of service in fuse_fill_write_pages()", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/01/24/1" }, { "name": "openSUSE-SU-2016:1008", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "name": "SUSE-SU-2016:0911", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2015-8785", "datePublished": "2016-02-08T02:00:00", "dateReserved": "2016-01-24T00:00:00", "dateUpdated": "2024-08-06T08:29:21.986Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2015-8543 (GCVE-0-2015-8543)
Vulnerability from cvelistv5
Published
2015-12-28 11:00
Modified
2024-08-06 08:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:20:43.195Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2016:0855", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0855.html" }, { "name": "1034892", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034892" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { "name": "USN-2886-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "USN-2890-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "name": "RHSA-2016:2584", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html" }, { "name": "RHSA-2016:2574", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "79698", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/79698" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2890-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/79462ad02e861803b3840cc782248c7359451cd9" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79462ad02e861803b3840cc782248c7359451cd9" }, { "name": "DSA-3426", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2015/dsa-3426" }, { "name": "[oss-security] 20151209 Re: CVE request - Android kernel - IPv6 connect cause a denial of service", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2015/12/09/5" }, { "name": "USN-2890-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1290475" }, { "name": "DSA-3434", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3434" }, { "name": "USN-2888-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2888-1" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-12-09T00:00:00", "descriptions": [ { "lang": "en", "value": "The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "RHSA-2016:0855", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0855.html" }, { "name": "1034892", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034892" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { "name": "USN-2886-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "USN-2890-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "name": "RHSA-2016:2584", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html" }, { "name": "RHSA-2016:2574", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "79698", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/79698" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2890-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/79462ad02e861803b3840cc782248c7359451cd9" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79462ad02e861803b3840cc782248c7359451cd9" }, { "name": "DSA-3426", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2015/dsa-3426" }, { "name": "[oss-security] 20151209 Re: CVE request - Android kernel - IPv6 connect cause a denial of service", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2015/12/09/5" }, { "name": "USN-2890-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1290475" }, { "name": "DSA-3434", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3434" }, { "name": "USN-2888-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2888-1" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8543", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2016:0855", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0855.html" }, { "name": "1034892", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034892" }, { "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { "name": "USN-2886-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "USN-2890-3", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "name": "RHSA-2016:2584", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html" }, { "name": "RHSA-2016:2574", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html" }, { "name": "SUSE-SU-2016:1102", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "79698", "refsource": "BID", "url": "http://www.securityfocus.com/bid/79698" }, { "name": "SUSE-SU-2016:2074", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2890-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "name": "https://github.com/torvalds/linux/commit/79462ad02e861803b3840cc782248c7359451cd9", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/79462ad02e861803b3840cc782248c7359451cd9" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79462ad02e861803b3840cc782248c7359451cd9", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79462ad02e861803b3840cc782248c7359451cd9" }, { "name": "DSA-3426", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3426" }, { "name": "[oss-security] 20151209 Re: CVE request - Android kernel - IPv6 connect cause a denial of service", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/12/09/5" }, { "name": "USN-2890-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1290475", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1290475" }, { "name": "DSA-3434", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3434" }, { "name": "USN-2888-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2888-1" }, { "name": "SUSE-SU-2016:0911", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8543", "datePublished": "2015-12-28T11:00:00", "dateReserved": "2015-12-11T00:00:00", "dateUpdated": "2024-08-06T08:20:43.195Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2015-8812 (GCVE-0-2015-8812)
Vulnerability from cvelistv5
Published
2016-04-27 17:00
Modified
2024-08-06 08:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:29:22.037Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-2967-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "name": "SUSE-SU-2016:1038", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00031.html" }, { "name": "USN-2949-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2949-1" }, { "name": "83218", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/83218" }, { "name": "SUSE-SU-2016:1033", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00027.html" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "SUSE-SU-2016:1034", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00028.html" }, { "name": "USN-2947-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2947-3" }, { "name": "USN-2967-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3" }, { "name": "RHSA-2016:2584", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html" }, { "name": "SUSE-SU-2016:1035", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00029.html" }, { "name": "RHSA-2016:2574", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html" }, { "name": "SUSE-SU-2016:1764", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "name": "USN-2947-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2947-2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1303532" }, { "name": "SUSE-SU-2016:1031", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.html" }, { "name": "USN-2947-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2947-1" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "[oss-security] 20160211 Linux kernel: Flaw in CXGB3 driver.", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/02/11/1" }, { "name": "SUSE-SU-2016:1019", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html" }, { "name": "SUSE-SU-2016:1037", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00030.html" }, { "name": "SUSE-SU-2016:1045", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00036.html" }, { "name": "USN-2946-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2946-2" }, { "name": "SUSE-SU-2016:1032", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00026.html" }, { "name": "SUSE-SU-2016:1039", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00032.html" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "SUSE-SU-2016:1041", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00034.html" }, { "name": "SUSE-SU-2016:1046", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00037.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3" }, { "name": "USN-2948-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2948-1" }, { "name": "USN-2946-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2946-1" }, { "name": "openSUSE-SU-2016:1008", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "name": "USN-2948-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2948-2" }, { "name": "SUSE-SU-2016:1040", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00033.html" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-02-11T00:00:00", "descriptions": [ { "lang": "en", "value": "drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-2967-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "name": "SUSE-SU-2016:1038", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00031.html" }, { "name": "USN-2949-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2949-1" }, { "name": "83218", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/83218" }, { "name": "SUSE-SU-2016:1033", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00027.html" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "SUSE-SU-2016:1034", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00028.html" }, { "name": "USN-2947-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2947-3" }, { "name": "USN-2967-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3" }, { "name": "RHSA-2016:2584", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html" }, { "name": "SUSE-SU-2016:1035", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00029.html" }, { "name": "RHSA-2016:2574", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html" }, { "name": "SUSE-SU-2016:1764", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "name": "USN-2947-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2947-2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1303532" }, { "name": "SUSE-SU-2016:1031", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.html" }, { "name": "USN-2947-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2947-1" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "[oss-security] 20160211 Linux kernel: Flaw in CXGB3 driver.", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/02/11/1" }, { "name": "SUSE-SU-2016:1019", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html" }, { "name": "SUSE-SU-2016:1037", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00030.html" }, { "name": "SUSE-SU-2016:1045", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00036.html" }, { "name": "USN-2946-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2946-2" }, { "name": "SUSE-SU-2016:1032", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00026.html" }, { "name": "SUSE-SU-2016:1039", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00032.html" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "SUSE-SU-2016:1041", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00034.html" }, { "name": "SUSE-SU-2016:1046", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00037.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3" }, { "name": "USN-2948-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2948-1" }, { "name": "USN-2946-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2946-1" }, { "name": "openSUSE-SU-2016:1008", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "name": "USN-2948-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2948-2" }, { "name": "SUSE-SU-2016:1040", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00033.html" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8812", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-2967-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "name": "SUSE-SU-2016:1038", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00031.html" }, { "name": "USN-2949-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2949-1" }, { "name": "83218", "refsource": "BID", "url": "http://www.securityfocus.com/bid/83218" }, { "name": "SUSE-SU-2016:1033", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00027.html" }, { "name": "DSA-3503", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "SUSE-SU-2016:1034", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00028.html" }, { "name": "USN-2947-3", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2947-3" }, { "name": "USN-2967-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3" }, { "name": "RHSA-2016:2584", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html" }, { "name": "SUSE-SU-2016:1035", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00029.html" }, { "name": "RHSA-2016:2574", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html" }, { "name": "SUSE-SU-2016:1764", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "name": "USN-2947-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2947-2" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1303532", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1303532" }, { "name": "SUSE-SU-2016:1031", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.html" }, { "name": "USN-2947-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2947-1" }, { "name": "SUSE-SU-2016:1102", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "[oss-security] 20160211 Linux kernel: Flaw in CXGB3 driver.", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/02/11/1" }, { "name": "SUSE-SU-2016:1019", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html" }, { "name": "SUSE-SU-2016:1037", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00030.html" }, { "name": "SUSE-SU-2016:1045", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00036.html" }, { "name": "USN-2946-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2946-2" }, { "name": "SUSE-SU-2016:1032", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00026.html" }, { "name": "SUSE-SU-2016:1039", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00032.html" }, { "name": "SUSE-SU-2016:2074", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "SUSE-SU-2016:1041", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00034.html" }, { "name": "SUSE-SU-2016:1046", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00037.html" }, { "name": "https://github.com/torvalds/linux/commit/67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3" }, { "name": "USN-2948-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2948-1" }, { "name": "USN-2946-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2946-1" }, { "name": "openSUSE-SU-2016:1008", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "name": "USN-2948-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2948-2" }, { "name": "SUSE-SU-2016:1040", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00033.html" }, { "name": "SUSE-SU-2016:0911", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8812", "datePublished": "2016-04-27T17:00:00", "dateReserved": "2016-02-11T00:00:00", "dateUpdated": "2024-08-06T08:29:22.037Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2015-7550 (GCVE-0-2015-7550)
Vulnerability from cvelistv5
Published
2016-02-08 02:00
Modified
2024-08-06 07:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T07:51:28.463Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "79903", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/79903" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.4" }, { "name": "USN-2911-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2911-1" }, { "name": "USN-2890-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1291197" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/b4a1b4f5047e4f54e194681125c74c0aa64d637d" }, { "name": "USN-2911-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2911-2" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2890-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security-tracker.debian.org/tracker/CVE-2015-7550" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b4a1b4f5047e4f54e194681125c74c0aa64d637d" }, { "name": "USN-2890-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "name": "DSA-3434", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3434" }, { "name": "USN-2888-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2888-1" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-01-22T00:00:00", "descriptions": [ { "lang": "en", "value": "The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-03T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "79903", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/79903" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.4" }, { "name": "USN-2911-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2911-1" }, { "name": "USN-2890-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1291197" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/b4a1b4f5047e4f54e194681125c74c0aa64d637d" }, { "name": "USN-2911-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2911-2" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2890-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security-tracker.debian.org/tracker/CVE-2015-7550" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b4a1b4f5047e4f54e194681125c74c0aa64d637d" }, { "name": "USN-2890-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "name": "DSA-3434", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3434" }, { "name": "USN-2888-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2888-1" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-7550", "datePublished": "2016-02-08T02:00:00", "dateReserved": "2015-09-29T00:00:00", "dateUpdated": "2024-08-06T07:51:28.463Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2016-2549 (GCVE-0-2016-2549)
Vulnerability from cvelistv5
Published
2016-04-27 17:00
Modified
2024-08-05 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T23:32:20.958Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-2930-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2930-1" }, { "name": "83382", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/83382" }, { "name": "USN-2967-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1" }, { "name": "USN-2930-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2930-2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/2ba1fe7a06d3624f9a7586d672b55f08f7c670f3" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311570" }, { "name": "USN-2967-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "name": "[oss-security] 20160119 Security bugs in Linux kernel sound subsystem", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/01/19/1" }, { "name": "USN-2930-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2930-3" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2ba1fe7a06d3624f9a7586d672b55f08f7c670f3" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "USN-2929-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2929-1" }, { "name": "USN-2932-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2931-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2931-1" }, { "name": "USN-2929-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2929-2" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-01-19T00:00:00", "descriptions": [ { "lang": "en", "value": "sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-30T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-2930-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2930-1" }, { "name": "83382", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/83382" }, { "name": "USN-2967-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1" }, { "name": "USN-2930-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2930-2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/2ba1fe7a06d3624f9a7586d672b55f08f7c670f3" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311570" }, { "name": "USN-2967-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "name": "[oss-security] 20160119 Security bugs in Linux kernel sound subsystem", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/01/19/1" }, { "name": "USN-2930-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2930-3" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2ba1fe7a06d3624f9a7586d672b55f08f7c670f3" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "USN-2929-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2929-1" }, { "name": "USN-2932-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2931-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2931-1" }, { "name": "USN-2929-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2929-2" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-2549", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-2930-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2930-1" }, { "name": "83382", "refsource": "BID", "url": "http://www.securityfocus.com/bid/83382" }, { "name": "USN-2967-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1" }, { "name": "USN-2930-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2930-2" }, { "name": "https://github.com/torvalds/linux/commit/2ba1fe7a06d3624f9a7586d672b55f08f7c670f3", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/2ba1fe7a06d3624f9a7586d672b55f08f7c670f3" }, { "name": "DSA-3503", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1311570", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311570" }, { "name": "USN-2967-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "name": "[oss-security] 20160119 Security bugs in Linux kernel sound subsystem", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/01/19/1" }, { "name": "USN-2930-3", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2930-3" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2ba1fe7a06d3624f9a7586d672b55f08f7c670f3", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2ba1fe7a06d3624f9a7586d672b55f08f7c670f3" }, { "name": "SUSE-SU-2016:1102", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "USN-2929-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2929-1" }, { "name": "USN-2932-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "name": "SUSE-SU-2016:2074", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2931-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2931-1" }, { "name": "USN-2929-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2929-2" }, { "name": "SUSE-SU-2016:0911", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-2549", "datePublished": "2016-04-27T17:00:00", "dateReserved": "2016-02-23T00:00:00", "dateUpdated": "2024-08-05T23:32:20.958Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2016-2548 (GCVE-0-2016-2548)
Vulnerability from cvelistv5
Published
2016-04-27 17:00
Modified
2024-08-05 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop action, which allows local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T23:32:20.953Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-2930-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2930-1" }, { "name": "USN-2967-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "name": "83383", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/83383" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1" }, { "name": "USN-2930-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2930-2" }, { "name": "1035306", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1035306" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/b5a663aa426f4884c71cd8580adae73f33570f0d" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5a663aa426f4884c71cd8580adae73f33570f0d" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311568" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "USN-2967-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "name": "[oss-security] 20160119 Security bugs in Linux kernel sound subsystem", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/01/19/1" }, { "name": "USN-2930-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2930-3" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "USN-2929-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2929-1" }, { "name": "USN-2932-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2931-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2931-1" }, { "name": "USN-2929-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2929-2" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-01-19T00:00:00", "descriptions": [ { "lang": "en", "value": "sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop action, which allows local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-06T09:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-2930-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2930-1" }, { "name": "USN-2967-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "name": "83383", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/83383" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1" }, { "name": "USN-2930-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2930-2" }, { "name": "1035306", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1035306" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/b5a663aa426f4884c71cd8580adae73f33570f0d" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5a663aa426f4884c71cd8580adae73f33570f0d" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311568" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "USN-2967-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "name": "[oss-security] 20160119 Security bugs in Linux kernel sound subsystem", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/01/19/1" }, { "name": "USN-2930-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2930-3" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "USN-2929-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2929-1" }, { "name": "USN-2932-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2931-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2931-1" }, { "name": "USN-2929-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2929-2" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-2548", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop action, which allows local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-2930-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2930-1" }, { "name": "USN-2967-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "name": "83383", "refsource": "BID", "url": "http://www.securityfocus.com/bid/83383" }, { "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1" }, { "name": "USN-2930-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2930-2" }, { "name": "1035306", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035306" }, { "name": "https://github.com/torvalds/linux/commit/b5a663aa426f4884c71cd8580adae73f33570f0d", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/b5a663aa426f4884c71cd8580adae73f33570f0d" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5a663aa426f4884c71cd8580adae73f33570f0d", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5a663aa426f4884c71cd8580adae73f33570f0d" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1311568", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311568" }, { "name": "DSA-3503", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "USN-2967-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "name": "[oss-security] 20160119 Security bugs in Linux kernel sound subsystem", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/01/19/1" }, { "name": "USN-2930-3", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2930-3" }, { "name": "SUSE-SU-2016:1102", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "USN-2929-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2929-1" }, { "name": "USN-2932-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "name": "SUSE-SU-2016:2074", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2931-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2931-1" }, { "name": "USN-2929-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2929-2" }, { "name": "SUSE-SU-2016:0911", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-2548", "datePublished": "2016-04-27T17:00:00", "dateReserved": "2016-02-23T00:00:00", "dateUpdated": "2024-08-05T23:32:20.953Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2016-2384 (GCVE-0-2016-2384)
Vulnerability from cvelistv5
Published
2016-04-27 17:00
Modified
2024-08-05 23:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T23:24:49.255Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1035072", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1035072" }, { "name": "USN-2930-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2930-1" }, { "name": "[oss-security] 20160214 CVE Request: Linux: ALSA: usb-audio: double-free triggered by invalid USB descriptor", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/02/14/2" }, { "name": "SUSE-SU-2016:1038", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00031.html" }, { "name": "SUSE-SU-2016:1033", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00027.html" }, { "name": "USN-2930-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2930-2" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "SUSE-SU-2016:1034", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00028.html" }, { "name": "RHSA-2016:2584", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html" }, { "name": "SUSE-SU-2016:1035", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00029.html" }, { "name": "RHSA-2016:2574", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html" }, { "name": "SUSE-SU-2016:1764", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "name": "SUSE-SU-2016:1031", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.html" }, { "name": "USN-2930-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2930-3" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-2384" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/07d86ca93db7e5cdf4743564d98292042ec21af7" }, { "name": "RHSA-2017:0817", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0817.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1308444" }, { "name": "SUSE-SU-2016:1019", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html" }, { "name": "SUSE-SU-2016:1037", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00030.html" }, { "name": "SUSE-SU-2016:1045", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00036.html" }, { "name": "USN-2929-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2929-1" }, { "name": "USN-2932-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "name": "SUSE-SU-2016:1032", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00026.html" }, { "name": "SUSE-SU-2016:1039", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00032.html" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "SUSE-SU-2016:1041", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00034.html" }, { "name": "SUSE-SU-2016:1046", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00037.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=07d86ca93db7e5cdf4743564d98292042ec21af7" }, { "name": "USN-2928-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2928-1" }, { "name": "USN-2931-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2931-1" }, { "name": "USN-2928-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2928-2" }, { "name": "83256", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/83256" }, { "name": "openSUSE-SU-2016:1008", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "name": "USN-2929-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2929-2" }, { "name": "SUSE-SU-2016:1040", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00033.html" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-02-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian" }, "references": [ { "name": "1035072", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1035072" }, { "name": "USN-2930-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2930-1" }, { "name": "[oss-security] 20160214 CVE Request: Linux: ALSA: usb-audio: double-free triggered by invalid USB descriptor", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/02/14/2" }, { "name": "SUSE-SU-2016:1038", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00031.html" }, { "name": "SUSE-SU-2016:1033", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00027.html" }, { "name": "USN-2930-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2930-2" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "SUSE-SU-2016:1034", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00028.html" }, { "name": "RHSA-2016:2584", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html" }, { "name": "SUSE-SU-2016:1035", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00029.html" }, { "name": "RHSA-2016:2574", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html" }, { "name": "SUSE-SU-2016:1764", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "name": "SUSE-SU-2016:1031", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.html" }, { "name": "USN-2930-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2930-3" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-2384" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/07d86ca93db7e5cdf4743564d98292042ec21af7" }, { "name": "RHSA-2017:0817", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0817.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1308444" }, { "name": "SUSE-SU-2016:1019", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html" }, { "name": "SUSE-SU-2016:1037", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00030.html" }, { "name": "SUSE-SU-2016:1045", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00036.html" }, { "name": "USN-2929-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2929-1" }, { "name": "USN-2932-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "name": "SUSE-SU-2016:1032", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00026.html" }, { "name": "SUSE-SU-2016:1039", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00032.html" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "SUSE-SU-2016:1041", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00034.html" }, { "name": "SUSE-SU-2016:1046", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00037.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=07d86ca93db7e5cdf4743564d98292042ec21af7" }, { "name": "USN-2928-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2928-1" }, { "name": "USN-2931-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2931-1" }, { "name": "USN-2928-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2928-2" }, { "name": "83256", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/83256" }, { "name": "openSUSE-SU-2016:1008", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "name": "USN-2929-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2929-2" }, { "name": "SUSE-SU-2016:1040", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00033.html" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@debian.org", "ID": "CVE-2016-2384", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1035072", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035072" }, { "name": "USN-2930-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2930-1" }, { "name": "[oss-security] 20160214 CVE Request: Linux: ALSA: usb-audio: double-free triggered by invalid USB descriptor", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/02/14/2" }, { "name": "SUSE-SU-2016:1038", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00031.html" }, { "name": "SUSE-SU-2016:1033", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00027.html" }, { "name": "USN-2930-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2930-2" }, { "name": "DSA-3503", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "SUSE-SU-2016:1034", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00028.html" }, { "name": "RHSA-2016:2584", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html" }, { "name": "SUSE-SU-2016:1035", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00029.html" }, { "name": "RHSA-2016:2574", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html" }, { "name": "SUSE-SU-2016:1764", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "name": "SUSE-SU-2016:1031", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.html" }, { "name": "USN-2930-3", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2930-3" }, { "name": "https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-2384", "refsource": "MISC", "url": "https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-2384" }, { "name": "SUSE-SU-2016:1102", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "https://github.com/torvalds/linux/commit/07d86ca93db7e5cdf4743564d98292042ec21af7", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/07d86ca93db7e5cdf4743564d98292042ec21af7" }, { "name": "RHSA-2017:0817", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0817.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1308444", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1308444" }, { "name": "SUSE-SU-2016:1019", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html" }, { "name": "SUSE-SU-2016:1037", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00030.html" }, { "name": "SUSE-SU-2016:1045", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00036.html" }, { "name": "USN-2929-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2929-1" }, { "name": "USN-2932-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "name": "SUSE-SU-2016:1032", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00026.html" }, { "name": "SUSE-SU-2016:1039", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00032.html" }, { "name": "SUSE-SU-2016:2074", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "SUSE-SU-2016:1041", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00034.html" }, { "name": "SUSE-SU-2016:1046", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00037.html" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=07d86ca93db7e5cdf4743564d98292042ec21af7", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=07d86ca93db7e5cdf4743564d98292042ec21af7" }, { "name": "USN-2928-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2928-1" }, { "name": "USN-2931-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2931-1" }, { "name": "USN-2928-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2928-2" }, { "name": "83256", "refsource": "BID", "url": "http://www.securityfocus.com/bid/83256" }, { "name": "openSUSE-SU-2016:1008", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "name": "USN-2929-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2929-2" }, { "name": "SUSE-SU-2016:1040", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00033.html" }, { "name": "SUSE-SU-2016:0911", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2016-2384", "datePublished": "2016-04-27T17:00:00", "dateReserved": "2016-02-14T00:00:00", "dateUpdated": "2024-08-05T23:24:49.255Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2016-2547 (GCVE-0-2016-2547)
Vulnerability from cvelistv5
Published
2016-04-27 17:00
Modified
2024-08-05 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T23:32:21.009Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-2930-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2930-1" }, { "name": "USN-2967-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311566" }, { "name": "USN-2930-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2930-2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/b5a663aa426f4884c71cd8580adae73f33570f0d" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5a663aa426f4884c71cd8580adae73f33570f0d" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "83378", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/83378" }, { "name": "USN-2967-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "name": "[oss-security] 20160119 Security bugs in Linux kernel sound subsystem", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/01/19/1" }, { "name": "USN-2930-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2930-3" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "USN-2929-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2929-1" }, { "name": "USN-2932-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "1035298", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1035298" }, { "name": "USN-2931-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2931-1" }, { "name": "USN-2929-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2929-2" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-01-19T00:00:00", "descriptions": [ { "lang": "en", "value": "sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-06T09:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-2930-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2930-1" }, { "name": "USN-2967-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311566" }, { "name": "USN-2930-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2930-2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/b5a663aa426f4884c71cd8580adae73f33570f0d" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5a663aa426f4884c71cd8580adae73f33570f0d" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "83378", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/83378" }, { "name": "USN-2967-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "name": "[oss-security] 20160119 Security bugs in Linux kernel sound subsystem", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/01/19/1" }, { "name": "USN-2930-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2930-3" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "USN-2929-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2929-1" }, { "name": "USN-2932-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "1035298", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1035298" }, { "name": "USN-2931-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2931-1" }, { "name": "USN-2929-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2929-2" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-2547", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-2930-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2930-1" }, { "name": "USN-2967-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1311566", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311566" }, { "name": "USN-2930-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2930-2" }, { "name": "https://github.com/torvalds/linux/commit/b5a663aa426f4884c71cd8580adae73f33570f0d", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/b5a663aa426f4884c71cd8580adae73f33570f0d" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5a663aa426f4884c71cd8580adae73f33570f0d", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5a663aa426f4884c71cd8580adae73f33570f0d" }, { "name": "DSA-3503", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "83378", "refsource": "BID", "url": "http://www.securityfocus.com/bid/83378" }, { "name": "USN-2967-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "name": "[oss-security] 20160119 Security bugs in Linux kernel sound subsystem", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/01/19/1" }, { "name": "USN-2930-3", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2930-3" }, { "name": "SUSE-SU-2016:1102", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "USN-2929-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2929-1" }, { "name": "USN-2932-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "name": "SUSE-SU-2016:2074", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "1035298", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035298" }, { "name": "USN-2931-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2931-1" }, { "name": "USN-2929-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2929-2" }, { "name": "SUSE-SU-2016:0911", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-2547", "datePublished": "2016-04-27T17:00:00", "dateReserved": "2016-02-23T00:00:00", "dateUpdated": "2024-08-05T23:32:21.009Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2016-2546 (GCVE-0-2016-2546)
Vulnerability from cvelistv5
Published
2016-04-27 17:00
Modified
2024-08-05 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
sound/core/timer.c in the Linux kernel before 4.4.1 uses an incorrect type of mutex, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T23:32:20.924Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-2930-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2930-1" }, { "name": "83384", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/83384" }, { "name": "USN-2967-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=af368027a49a751d6ff4ee9e3f9961f35bb4fede" }, { "name": "USN-2930-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2930-2" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "USN-2967-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "name": "[oss-security] 20160119 Security bugs in Linux kernel sound subsystem", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/01/19/1" }, { "name": "USN-2930-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2930-3" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "USN-2929-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2929-1" }, { "name": "USN-2932-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311564" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/af368027a49a751d6ff4ee9e3f9961f35bb4fede" }, { "name": "USN-2931-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2931-1" }, { "name": "USN-2929-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2929-2" }, { "name": "1035301", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1035301" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-01-19T00:00:00", "descriptions": [ { "lang": "en", "value": "sound/core/timer.c in the Linux kernel before 4.4.1 uses an incorrect type of mutex, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-06T09:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-2930-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2930-1" }, { "name": "83384", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/83384" }, { "name": "USN-2967-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=af368027a49a751d6ff4ee9e3f9961f35bb4fede" }, { "name": "USN-2930-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2930-2" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "USN-2967-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "name": "[oss-security] 20160119 Security bugs in Linux kernel sound subsystem", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/01/19/1" }, { "name": "USN-2930-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2930-3" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "USN-2929-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2929-1" }, { "name": "USN-2932-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311564" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/af368027a49a751d6ff4ee9e3f9961f35bb4fede" }, { "name": "USN-2931-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2931-1" }, { "name": "USN-2929-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2929-2" }, { "name": "1035301", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1035301" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-2546", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "sound/core/timer.c in the Linux kernel before 4.4.1 uses an incorrect type of mutex, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-2930-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2930-1" }, { "name": "83384", "refsource": "BID", "url": "http://www.securityfocus.com/bid/83384" }, { "name": "USN-2967-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=af368027a49a751d6ff4ee9e3f9961f35bb4fede", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=af368027a49a751d6ff4ee9e3f9961f35bb4fede" }, { "name": "USN-2930-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2930-2" }, { "name": "DSA-3503", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "USN-2967-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "name": "[oss-security] 20160119 Security bugs in Linux kernel sound subsystem", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/01/19/1" }, { "name": "USN-2930-3", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2930-3" }, { "name": "SUSE-SU-2016:1102", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "USN-2929-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2929-1" }, { "name": "USN-2932-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1311564", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311564" }, { "name": "SUSE-SU-2016:2074", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "https://github.com/torvalds/linux/commit/af368027a49a751d6ff4ee9e3f9961f35bb4fede", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/af368027a49a751d6ff4ee9e3f9961f35bb4fede" }, { "name": "USN-2931-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2931-1" }, { "name": "USN-2929-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2929-2" }, { "name": "1035301", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035301" }, { "name": "SUSE-SU-2016:0911", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-2546", "datePublished": "2016-04-27T17:00:00", "dateReserved": "2016-02-23T00:00:00", "dateUpdated": "2024-08-05T23:32:20.924Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2015-8539 (GCVE-0-2015-8539)
Vulnerability from cvelistv5
Published
2016-02-08 02:00
Modified
2024-08-06 08:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:20:42.590Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "SUSE-SU-2016:0337", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00009.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1284450" }, { "name": "RHSA-2018:0181", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0181" }, { "name": "SUSE-SU-2016:0434", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00034.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=096fe9eaea40a17e125569f9e657e34cdb6d73bd" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/096fe9eaea40a17e125569f9e657e34cdb6d73bd" }, { "name": "[oss-security] 20151208 CVE request - Linux kernel - Fix handling of stored error in a negatively instantiated user key", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2015/12/09/1" }, { "name": "SUSE-SU-2016:0380", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00017.html" }, { "name": "RHSA-2018:0152", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0152" }, { "name": "SUSE-SU-2016:0335", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00007.html" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "SUSE-SU-2016:0383", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00019.html" }, { "name": "SUSE-SU-2016:0386", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00021.html" }, { "name": "SUSE-SU-2016:0339", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00011.html" }, { "name": "RHSA-2018:0151", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0151" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "SUSE-SU-2016:0384", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00020.html" }, { "name": "USN-3798-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3798-1/" }, { "name": "SUSE-SU-2016:0387", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00022.html" }, { "name": "SUSE-SU-2016:0336", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00008.html" }, { "name": "USN-3798-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3798-2/" }, { "name": "SUSE-SU-2016:0381", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00018.html" }, { "name": "SUSE-SU-2016:1937", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-12-08T00:00:00", "descriptions": [ { "lang": "en", "value": "The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-30T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "SUSE-SU-2016:0337", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00009.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1284450" }, { "name": "RHSA-2018:0181", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:0181" }, { "name": "SUSE-SU-2016:0434", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00034.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=096fe9eaea40a17e125569f9e657e34cdb6d73bd" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/096fe9eaea40a17e125569f9e657e34cdb6d73bd" }, { "name": "[oss-security] 20151208 CVE request - Linux kernel - Fix handling of stored error in a negatively instantiated user key", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2015/12/09/1" }, { "name": "SUSE-SU-2016:0380", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00017.html" }, { "name": "RHSA-2018:0152", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:0152" }, { "name": "SUSE-SU-2016:0335", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00007.html" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "SUSE-SU-2016:0383", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00019.html" }, { "name": "SUSE-SU-2016:0386", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00021.html" }, { "name": "SUSE-SU-2016:0339", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00011.html" }, { "name": "RHSA-2018:0151", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:0151" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "SUSE-SU-2016:0384", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00020.html" }, { "name": "USN-3798-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3798-1/" }, { "name": "SUSE-SU-2016:0387", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00022.html" }, { "name": "SUSE-SU-2016:0336", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00008.html" }, { "name": "USN-3798-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3798-2/" }, { "name": "SUSE-SU-2016:0381", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00018.html" }, { "name": "SUSE-SU-2016:1937", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8539", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "SUSE-SU-2016:0337", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00009.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1284450", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1284450" }, { "name": "RHSA-2018:0181", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0181" }, { "name": "SUSE-SU-2016:0434", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00034.html" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=096fe9eaea40a17e125569f9e657e34cdb6d73bd", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=096fe9eaea40a17e125569f9e657e34cdb6d73bd" }, { "name": "https://github.com/torvalds/linux/commit/096fe9eaea40a17e125569f9e657e34cdb6d73bd", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/096fe9eaea40a17e125569f9e657e34cdb6d73bd" }, { "name": "[oss-security] 20151208 CVE request - Linux kernel - Fix handling of stored error in a negatively instantiated user key", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/12/09/1" }, { "name": "SUSE-SU-2016:0380", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00017.html" }, { "name": "RHSA-2018:0152", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0152" }, { "name": "SUSE-SU-2016:0335", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00007.html" }, { "name": "SUSE-SU-2016:1102", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "SUSE-SU-2016:0383", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00019.html" }, { "name": "SUSE-SU-2016:0386", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00021.html" }, { "name": "SUSE-SU-2016:0339", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00011.html" }, { "name": "RHSA-2018:0151", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0151" }, { "name": "SUSE-SU-2016:2074", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "SUSE-SU-2016:0384", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00020.html" }, { "name": "USN-3798-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3798-1/" }, { "name": "SUSE-SU-2016:0387", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00022.html" }, { "name": "SUSE-SU-2016:0336", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00008.html" }, { "name": "USN-3798-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3798-2/" }, { "name": "SUSE-SU-2016:0381", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00018.html" }, { "name": "SUSE-SU-2016:1937", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html" }, { "name": "SUSE-SU-2016:0911", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8539", "datePublished": "2016-02-08T02:00:00", "dateReserved": "2015-12-10T00:00:00", "dateUpdated": "2024-08-06T08:20:42.590Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2015-8575 (GCVE-0-2015-8575)
Vulnerability from cvelistv5
Published
2016-02-08 02:00
Modified
2024-08-06 08:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:20:43.539Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1292840" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.4" }, { "name": "[oss-security] 20151216 Re: CVE Request: Linux Kernel: information leak from getsockname", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2015/12/16/3" }, { "name": "USN-2886-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "USN-2890-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/5233252fce714053f0151680933571a2da9cbfb4" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5233252fce714053f0151680933571a2da9cbfb4" }, { "name": "79724", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/79724" }, { "name": "FEDORA-2016-5d43766e33", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2890-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "name": "USN-2890-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "name": "DSA-3434", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3434" }, { "name": "USN-2888-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2888-1" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-12-16T00:00:00", "descriptions": [ { "lang": "en", "value": "The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-06T16:16:03", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1292840" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.4" }, { "name": "[oss-security] 20151216 Re: CVE Request: Linux Kernel: information leak from getsockname", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2015/12/16/3" }, { "name": "USN-2886-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "USN-2890-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/5233252fce714053f0151680933571a2da9cbfb4" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5233252fce714053f0151680933571a2da9cbfb4" }, { "name": "79724", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/79724" }, { "name": "FEDORA-2016-5d43766e33", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2890-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "name": "USN-2890-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "name": "DSA-3434", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3434" }, { "name": "USN-2888-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2888-1" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@microfocus.com", "ID": "CVE-2015-8575", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1292840", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1292840" }, { "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.4", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.4" }, { "name": "[oss-security] 20151216 Re: CVE Request: Linux Kernel: information leak from getsockname", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/12/16/3" }, { "name": "USN-2886-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "USN-2890-3", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "name": "https://github.com/torvalds/linux/commit/5233252fce714053f0151680933571a2da9cbfb4", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/5233252fce714053f0151680933571a2da9cbfb4" }, { "name": "SUSE-SU-2016:1102", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5233252fce714053f0151680933571a2da9cbfb4", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5233252fce714053f0151680933571a2da9cbfb4" }, { "name": "79724", "refsource": "BID", "url": "http://www.securityfocus.com/bid/79724" }, { "name": "FEDORA-2016-5d43766e33", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html" }, { "name": "SUSE-SU-2016:2074", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2890-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "name": "USN-2890-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "name": "DSA-3434", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3434" }, { "name": "USN-2888-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2888-1" }, { "name": "SUSE-SU-2016:0911", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2015-8575", "datePublished": "2016-02-08T02:00:00", "dateReserved": "2015-12-16T00:00:00", "dateUpdated": "2024-08-06T08:20:43.539Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2016-2543 (GCVE-0-2016-2543)
Vulnerability from cvelistv5
Published
2016-04-27 17:00
Modified
2024-08-05 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel before 4.4.1 does not verify FIFO assignment before proceeding with FIFO clearing, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted ioctl call.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T23:32:20.926Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-2930-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2930-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=030e2c78d3a91dd0d27fef37e91950dde333eba1" }, { "name": "USN-2967-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1" }, { "name": "USN-2930-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2930-2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/030e2c78d3a91dd0d27fef37e91950dde333eba1" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "USN-2967-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311554" }, { "name": "[oss-security] 20160119 Security bugs in Linux kernel sound subsystem", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/01/19/1" }, { "name": "USN-2930-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2930-3" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "83377", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/83377" }, { "name": "USN-2929-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2929-1" }, { "name": "USN-2932-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2931-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2931-1" }, { "name": "1035304", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1035304" }, { "name": "USN-2929-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2929-2" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-01-19T00:00:00", "descriptions": [ { "lang": "en", "value": "The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel before 4.4.1 does not verify FIFO assignment before proceeding with FIFO clearing, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted ioctl call." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-06T09:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-2930-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2930-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=030e2c78d3a91dd0d27fef37e91950dde333eba1" }, { "name": "USN-2967-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1" }, { "name": "USN-2930-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2930-2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/030e2c78d3a91dd0d27fef37e91950dde333eba1" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "USN-2967-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311554" }, { "name": "[oss-security] 20160119 Security bugs in Linux kernel sound subsystem", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/01/19/1" }, { "name": "USN-2930-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2930-3" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "83377", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/83377" }, { "name": "USN-2929-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2929-1" }, { "name": "USN-2932-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2931-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2931-1" }, { "name": "1035304", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1035304" }, { "name": "USN-2929-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2929-2" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-2543", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel before 4.4.1 does not verify FIFO assignment before proceeding with FIFO clearing, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted ioctl call." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-2930-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2930-1" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=030e2c78d3a91dd0d27fef37e91950dde333eba1", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=030e2c78d3a91dd0d27fef37e91950dde333eba1" }, { "name": "USN-2967-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1" }, { "name": "USN-2930-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2930-2" }, { "name": "https://github.com/torvalds/linux/commit/030e2c78d3a91dd0d27fef37e91950dde333eba1", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/030e2c78d3a91dd0d27fef37e91950dde333eba1" }, { "name": "DSA-3503", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "USN-2967-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1311554", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311554" }, { "name": "[oss-security] 20160119 Security bugs in Linux kernel sound subsystem", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/01/19/1" }, { "name": "USN-2930-3", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2930-3" }, { "name": "SUSE-SU-2016:1102", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "83377", "refsource": "BID", "url": "http://www.securityfocus.com/bid/83377" }, { "name": "USN-2929-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2929-1" }, { "name": "USN-2932-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "name": "SUSE-SU-2016:2074", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2931-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2931-1" }, { "name": "1035304", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035304" }, { "name": "USN-2929-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2929-2" }, { "name": "SUSE-SU-2016:0911", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-2543", "datePublished": "2016-04-27T17:00:00", "dateReserved": "2016-02-23T00:00:00", "dateUpdated": "2024-08-05T23:32:20.926Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2016-2069 (GCVE-0-2016-2069)
Vulnerability from cvelistv5
Published
2016-04-27 17:00
Modified
2024-08-05 23:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T23:17:50.485Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "81809", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/81809" }, { "name": "USN-2967-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "name": "[oss-security] 20160124 CVE Request: x86 Linux TLB flush bug", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/01/25/1" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "USN-2967-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "name": "RHSA-2016:2584", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html" }, { "name": "RHSA-2016:2574", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "RHSA-2017:0817", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0817.html" }, { "name": "USN-2932-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "name": "USN-2989-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2989-1" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/71b3c126e61177eb693423f2e18a1914205b165e" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301893" }, { "name": "USN-2931-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2931-1" }, { "name": "openSUSE-SU-2016:1008", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "name": "USN-2998-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2998-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71b3c126e61177eb693423f2e18a1914205b165e" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-01-24T00:00:00", "descriptions": [ { "lang": "en", "value": "Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "81809", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/81809" }, { "name": "USN-2967-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "name": "[oss-security] 20160124 CVE Request: x86 Linux TLB flush bug", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/01/25/1" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "USN-2967-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "name": "RHSA-2016:2584", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html" }, { "name": "RHSA-2016:2574", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "RHSA-2017:0817", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0817.html" }, { "name": "USN-2932-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "name": "USN-2989-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2989-1" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/71b3c126e61177eb693423f2e18a1914205b165e" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301893" }, { "name": "USN-2931-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2931-1" }, { "name": "openSUSE-SU-2016:1008", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "name": "USN-2998-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2998-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71b3c126e61177eb693423f2e18a1914205b165e" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-2069", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "81809", "refsource": "BID", "url": "http://www.securityfocus.com/bid/81809" }, { "name": "USN-2967-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1" }, { "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "name": "[oss-security] 20160124 CVE Request: x86 Linux TLB flush bug", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/01/25/1" }, { "name": "DSA-3503", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "USN-2967-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "name": "RHSA-2016:2584", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html" }, { "name": "RHSA-2016:2574", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html" }, { "name": "SUSE-SU-2016:1102", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "RHSA-2017:0817", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0817.html" }, { "name": "USN-2932-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "name": "USN-2989-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2989-1" }, { "name": "SUSE-SU-2016:2074", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "https://github.com/torvalds/linux/commit/71b3c126e61177eb693423f2e18a1914205b165e", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/71b3c126e61177eb693423f2e18a1914205b165e" }, { "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1301893", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301893" }, { "name": "USN-2931-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2931-1" }, { "name": "openSUSE-SU-2016:1008", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "name": "USN-2998-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2998-1" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71b3c126e61177eb693423f2e18a1914205b165e", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71b3c126e61177eb693423f2e18a1914205b165e" }, { "name": "SUSE-SU-2016:0911", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-2069", "datePublished": "2016-04-27T17:00:00", "dateReserved": "2016-01-26T00:00:00", "dateUpdated": "2024-08-05T23:17:50.485Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…