4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:N/A:C
0.0005 Low
EPSS
Percentile
15.6%
USN-2829-1 Linux kernel vulnerability
Medium
Linux kernel
It was discovered that the SCTP protocol implementation in the Linux kernel performed an incorrect sequence of protocol-initialization steps. A local attacker could use this to cause a denial of service (system crash). (CVE-2015-5283)
Dmitry Vyukov discovered that the Linux kernelโs keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash). (CVE-2015-7872)
The Cloud Foundry project released a BOSH stemcell version 3146.1 and 3149 that has the patched version of the Linux kernel.
_Severity is medium unless otherwise noted.
_
Users of affected versions should apply the following mitigation:
Dmitry Vyukov