Lucene search

K
osvGoogleOSV:DSA-1655-1
HistoryOct 16, 2008 - 12:00 a.m.

linux-2.6.24 - several vulnerabilities

2008-10-1600:00:00
Google
osv.dev
24

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service, privilege escalation or a leak of
sensitive data. The Common Vulnerabilities and Exposures project
identifies the following problems:

  • CVE-2008-1514
    Jan Kratochvil reported a local denial of service vulnerability in
    the ptrace interface for the s390 architecture. Local users can
    trigger an invalid pointer dereference, leading to a system panic.
  • CVE-2008-3525
    Eugene Teo reported a lack of capability checks in the kernel
    driver for Granch SBNI12 leased line adapters (sbni), allowing
    local users to perform privileged operations.
  • CVE-2008-3831
    Olaf Kirch discovered an issue with the i915 driver that may allow
    local users to cause memory corruption by use of an ioctl with
    insufficient privilege restrictions.
  • CVE-2008-4113/CVE-2008-4445
    Eugene Teo discovered two issues in the SCTP subsystem which allow
    local users to obtain access to sensitive memory when the
    SCTP-AUTH extension is enabled.

For the stable distribution (etch), these problems have been fixed in
version 2.6.24-6~etchnhalf.6.

We recommend that you upgrade your linux-2.6.24 packages.

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

Related for OSV:DSA-1655-1