USN-3099-1: Linux kernel vulnerabilities

Vladimír Beneš discovered an unbounded recursion in the VLAN and TEB Generic Receive Offload GRO processing implementations in the Linux kernel, A remote attacker could use this to cause a stack corruption, leading to a denial of service system crash. CVE-2016-7039 Marco Grassi discovered a...

USN-3097-1: Linux kernel vulnerabilities

Marco Grassi discovered a use-after-free condition could occur in the TCP retransmit queue handling code in the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2016-6828 Pengfei Wang discovered a race condition in the...

Ubuntu 16.04 LTS : Linux kernel (Qualcomm Snapdragon) vulnerabilities (USN-3099-4)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3099-4 advisory. Vladimr Bene discovered an unbounded recursion in the VLAN and TEB Generic Receive Offload GRO processing implementations in the Linux kernel, A remote...

CVE-2016-6679

CORE/HDD/src/wlanhddhostapd.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to obtain sensitive information via a crafted application that makes a setwpaie ioctl call, aka Android internal bug 29915601 and Qualcomm internal bug CR...

CVE-2016-6675

Off-by-one error in CORE/HDD/src/wlanhddhostapd.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to gain privileges or cause a denial of service buffer overflow via a crafted application that makes a linkspeed ioctl call, aka Android...

CVE-2016-6675

Off-by-one error in CORE/HDD/src/wlanhddhostapd.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to gain privileges or cause a denial of service buffer overflow via a crafted application that makes a linkspeed ioctl call, aka Android...

CVE-2016-6680

CORE/HDD/src/wlanhddwext.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to obtain sensitive information via a crafted application that makes an iwsetpriv ioctl call, aka Android internal bug 29982678 and Qualcomm internal bug CR...

CVE-2016-6676

CVE-2016-6676 is an off-by-one error in CORE/HDD/src/wlan_hdd_cfg.c of the Qualcomm Wi‑Fi driver affecting Android on Nexus 5X and Android One devices prior to 2016-10-05. The vulnerability allows a local attacker to gain privileges or cause a denial of service (buffer overflow) by a crafted appl...

CVE-2016-6679

CORE/HDD/src/wlanhddhostapd.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to obtain sensitive information via a crafted application that makes a setwpaie ioctl call, aka Android internal bug 29915601 and Qualcomm internal bug CR...

DLA-638-1 policycoreutils - security update

Bulletin has no description...

The vulnerability of the Linux operating system’s kernel allows a hacker to trigger a service failure or cause other adverse effects.

The vulnerability of the sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c file, a audio driver for the MSM QDSP6 core of the Linux operating system, relates to the reading of data beyond the specified buffer. Exploiting this vulnerability can allow an attacker to cause service failures or other...

Bitdefender Antivirus Plus bdfwfpf Elevation of Privilege Vulnerability

Bitdefender Antivirus Plus is an antivirus plugin. Bitdefender Antivirus Plus has a security vulnerability in bdfwfpf processing 0x8000e038 IOCTL. An attacker could exploit this vulnerability to elevate its privileges on the target system...

SUSE SLES11 Security Update : kernel (SUSE-SU-2016:2018-1)

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddevioctlusage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allowed local users to...

Bitdefender Antivirus Plus avc3 Kernel Driver Untrusted Pointer Dereference Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Bitdefender Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

The vulnerability of Kaspersky Internet Security’s antivirus protection allows a hacker to trigger a service failure.

The vulnerability of the KL1 driver of Kaspersky’s antivirus protection software exists due to errors in the filtering of system calls. Exploiting this vulnerability can allow a local attacker to trigger a service failure using a specially crafted IOCTL signal...

Kaspersky Internet Security KLDISK Driver Multiple Kernel Memory Disclosure Vulnerabilities

Summary Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. Specially crafted IOCTL requests can cause the driver to return out of bounds kernel memory, potentially leaking sensitive information such as privileged tokens or kernel memory...

Kaspersky Internet Security KL1 Driver Signal Handler Denial of Service

Summary A denial of service vulnerability exists in the IOCTL handling functionality of Kaspersky Internet Security KL1 driver. A specially crafted IOCTL signal can cause an access violation in KL1 kernel driver resulting in local system denial of service. An attacker can run a program from user...

Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl

Quick EmulatorQEMU built with the Block driver for iSCSI images support virtio-blk is vulnerable to a heap-based buffer overflow issue. The flaw could occur while processing iSCSI asynchronous I/O ioctl2 calls. A user inside a guest could exploit this flaw to crash the QEMU process resulting in...

Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl

Quick EmulatorQEMU built with the Block driver for iSCSI images support virtio-blk is vulnerable to a heap-based buffer overflow issue. The flaw could occur while processing iSCSI asynchronous I/O ioctl2 calls. A user inside a guest could exploit this flaw to crash the QEMU process resulting in...

kernel: infiniband: Unprivileged process can overwrite kernel memory using rdma_ucm.ko

A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write as bi-directional ioctl replacement, which could lead to insufficient memory security checks when being invoked using the splice system call. A local unprivileged user on a system with either...