Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation or denial of service.
- CVE-2015-3290
Andy Lutomirski discovered that the Linux kernel does not properly
handle nested NMIs. A local, unprivileged user could use this flaw
for privilege escalation.
- CVE-2015-3291
Andy Lutomirski discovered that under certain conditions a malicious
userspace program can cause the kernel to skip NMIs leading to a
denial of service.
- CVE-2015-4167
Carl Henrik Lunde discovered that the UDF implementation is missing
a necessary length check. A local user that can mount devices could
use this flaw to crash the system.
- CVE-2015-5157
Petr Matousek and Andy Lutomirski discovered that an NMI that
interrupts userspace and encounters an IRET fault is incorrectly
handled. A local, unprivileged user could use this flaw for denial
of service or possibly for privilege escalation.
- CVE-2015-5364
It was discovered that the Linux kernel does not properly handle
invalid UDP checksums. A remote attacker could exploit this flaw to
cause a denial of service using a flood of UDP packets with invalid
checksums.
- CVE-2015-5366
It was discovered that the Linux kernel does not properly handle
invalid UDP checksums. A remote attacker can cause a denial of
service against applications that use epoll by injecting a single
packet with an invalid checksum.
For the stable distribution (jessie), these problems have been fixed in
version 3.16.7-ckt11-1+deb8u2.
For the unstable distribution (sid), these problems have been fixed in
version 4.0.8-2 or earlier versions.
We recommend that you upgrade your linux packages.