USN-2842-2: Linux kernel (Vivid HWE) vulnerabilities

Jan Beulich discovered that the KVM svm hypervisor implementation in the Linux kernel did not properly catch Debug exceptions on AMD processors. An attacker in a guest virtual machine could use this to cause a denial of service system crash in the host OS. CVE-2015-8104 郭永刚 discovered that the pp...

USN-2842-1: Linux kernel vulnerabilities

Jan Beulich discovered that the KVM svm hypervisor implementation in the Linux kernel did not properly catch Debug exceptions on AMD processors. An attacker in a guest virtual machine could use this to cause a denial of service system crash in the host OS. CVE-2015-8104 郭永刚 discovered that the pp...

USN-2841-2: Linux kernel (Trusty HWE) vulnerabilities

Jan Beulich discovered that the KVM svm hypervisor implementation in the Linux kernel did not properly catch Debug exceptions on AMD processors. An attacker in a guest virtual machine could use this to cause a denial of service system crash in the host OS. CVE-2015-8104 郭永刚 discovered that the pp...

USN-2841-1: Linux kernel vulnerabilities

Jan Beulich discovered that the KVM svm hypervisor implementation in the Linux kernel did not properly catch Debug exceptions on AMD processors. An attacker in a guest virtual machine could use this to cause a denial of service system crash in the host OS. CVE-2015-8104 郭永刚 discovered that the pp...

Ubuntu 14.04 LTS : Linux kernel (Vivid HWE) vulnerabilities (USN-2842-2)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2842-2 advisory. Jan Beulich discovered that the KVM svm hypervisor implementation in the Linux kernel did not properly catch Debug exceptions on AMD processors. An...

Ubuntu 15.10 : linux vulnerabilities (USN-2843-1)

Jan Beulich discovered that the KVM svm hypervisor implementation in the Linux kernel did not properly catch Debug exceptions on AMD processors. An attacker in a guest virtual machine could use this to cause a denial of service system crash in the host OS. CVE-2015-8104 Guoyong Gang discovered th...

Ubuntu 15.04 : linux vulnerabilities (USN-2842-1)

Jan Beulich discovered that the KVM svm hypervisor implementation in the Linux kernel did not properly catch Debug exceptions on AMD processors. An attacker in a guest virtual machine could use this to cause a denial of service system crash in the host OS. CVE-2015-8104 Guoyong Gang discovered th...

Debian DLA-360-1 : linux-2.6 security update

This update fixes the CVEs described below. CVE-2013-7446 Dmitry Vyukov discovered that a particular sequence of valid operations on local AFUNIX sockets can result in a use-after-free. This may be used to cause a denial of service crash or possibly for privilege escalation. CVE-2015-7799...

DLA-360-1 linux-2.6 - security update

Bulletin has no description...

Microsoft Windows - ndis.sys IOCTL 0x170034 (ndis!ndisNsiGetIfNameForIfIndex) Pool Buffer Overflow (MS15-117)

Microsoft Windows - ndis.sys IOCTL 0x170034 ndis!ndisNsiGetIfNameForIfIndex Pool Buffer Overflow MS15-117 Source: https://code.google.com/p/google-security-research/issues/detail?id=516 The attached testcase crashes Windows 7 32-bit due to a pool buffer overflow in an ioctl handler. Enabling...

Microsoft Windows - 'ndis.sys' IOCTL 0x170034 (ndis!ndisNsiGetIfNameForIfIndex) Pool Buffer Overflow (MS15-117)

Source: https://code.google.com/p/google-security-research/issues/detail?id=516 The attached testcase crashes Windows 7 32-bit due to a pool buffer overflow in an ioctl handler. Enabling special on ndis.sys netio.sys and ntoskrnl helps to track down the issue, however it will crashes due to a bad...

CVE-2012-4467

The 1 dosiocgstamp and 2 dosiocgstampns functions in net/socket.c in the Linux kernel before 3.5.4 use an incorrect argument order, which allows local users to obtain sensitive information from kernel memory or cause a denial of service system crash via a crafted ioctl call...

CVE-2013-4516

The mpgetcount function in drivers/staging/sb105x/sbpcimp.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call...

CVE-2011-2906

Integer signedness error in the pmcraidioctlpassthrough function in drivers/scsi/pmcraid.c in the Linux kernel before 3.1 might allow local users to cause a denial of service memory consumption or memory corruption via a negative size value in an ioctl call. NOTE: this may be a vulnerability only...

CVE-2011-0699

A flaw was found in the BTRFS implementation in the Linux kernel, where a local user with elevated permissions either root user or in the disk group can issue an ioctl to the /dev/btrfs-control device node. This flaw panics the system and allows memory allocation if a specially crafted ioctl is...

CVE-2013-4739

The MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, allows attackers to obtain sensitive information from kernel stack memory via 1 a crafted MSMMCRIOCTLEVTGET ioctl call, related to...

CVE-2010-2538

Integer overflow in the btrfsioctlclone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 might allow local users to obtain sensitive information via a BTRFSIOCCLONERANGE ioctl call...

CVE-2010-2537

The btrfsioctlclone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a 1 BTRFSIOCCLONE or 2 BTRFSIOCCLONERANGE ioctl call that specifies this file as a donor...

CVE-2013-6392

The genlockdevioctl function in genlock.c in the Genlock driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, does not properly initialize a certain data structure, which allows local users to obtain sensitive...

CVE-2006-7098

The Debian GNU/Linux 033-FNOSETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl...