80 matches found
CVE-2015-1593
CVE-2015-1593 affects the Linux kernel: on 64-bit platforms, the stack randomization (ASLR) feature uses incorrect data types for bitwise left-shift results, making it easier to predict the stack top address and bypass ASLR. The issue is tied to functions such as randomize_stack_top in fs/binfmt_...
CVE-2015-1421
CVE-2015-1421 is a use-after-free in the Linux kernel SCTP path (sctp_assoc_update in net/sctp/associola.c) that allows a remote attacker to trigger an INIT collision, leading to slab corruption and a kernel panic (DoS) with potentially other impact. Affected condition: kernel versions prior to 3...
CVE-2015-1805
CVE-2015-1805 covers a local elevation/DoS flaw in the Linux kernel where the pipe_read/pipe_write paths in fs/pipe.c mishandle side effects from failed __copy_to_user_inatomic and __copy_from_user_inatomic calls. The issue permits a local user to crash the system or potentially gain privileges v...
CVE-2015-8660
CVE-2015-8660 targets the ovl_setattr path in Linux overlayfs (fs/overlayfs/inode.c) up to kernel 4.3.3. The issue arises from attempting to merge distinct setattr operations, allowing local users to bypass access restrictions and modify attributes of arbitrary overlay files via a crafted applica...
CVE-2015-7872
CVE-2015-7872 affects the Linux kernel (security/keys/gc.c: key_gc_unused_keys) up to version 4.2.6. A local attacker can trigger a DoS (OOPS) using crafted keyctl commands. Connected documents reference upstream kernel commits (f05819df10d7b09f6d1eb6f8534a8f68e5a4fe61 and ce1fad2740c648a4340f6f6...
CVE-2015-8104
CVE-2015-8104 affects the KVM/Hypervisor stack in Linux kernel up to 4.2.6 and Xen up to 4.6.x. The issue arises from handling of Debug (DB) exceptions in svm.c, allowing a guest OS user to trigger many DBs to cause a host denial-of-service (panic/hang). Connected CNA/records also show a link to ...
CVE-2015-5157
CVE-2015-5157 affects the Linux kernel prior to 4.1.6 on x86_64. The issue is in arch/x86/entry/entry_64.S where IRET faults during NMIs that occur in userspace are mishandled, potentially allowing a local user to gain privileges. The vulnerability is described in several connected advisories as ...
CVE-2015-3636
CVE-2015-3636 affects the Linux kernel up to 4.0.2, in the ping_unhash path of net/ipv4/ping.c. The issue arises because a certain list data structure is not initialized during an unhash operation, enabling a local user with ping socket access to crash the system or potentially gain privileges by...
CVE-2015-5364
The CVE-2015-5364 issue affects the Linux kernel prior to 4.0.6, where udp_recvmsg/udpv6_recvmsg fail to handle processor yielding correctly, enabling remote attackers to trigger a denial of service (system hang) via UDP packet flood with incorrect checksums. Related CVE-2015-5366 also concerns U...
CVE-2015-2150
CVE-2015-2150 affects Xen 3.3.x–4.5.x and the Linux kernel up to 3.19.1, where access to PCI command registers is not properly restricted. This can allow a local guest OS user to cause a denial of service (unexpected NMI, host crash) by disabling memory or I/O decoding for a PCI Express device an...
CVE-2015-8543
CVE-2015-8543 affects the Linux kernel networking stack (up to version 4.3.3 as used in Android and others). The issue: the networking implementation does not validate protocol identifiers for certain protocol families, enabling local users to cause a NULL pointer dereference and system crash, wi...
CVE-2015-8215
CVE-2015-8215 concerns the Linux kernel IPv6 stack (net/ipv6/addrconf.c) where MTU validation is missing. This affects kernel versions before 4.0 and can enable a context-dependent attacker to trigger packet loss through Router Advertisement processing, as the MTU value may be invalid (either bel...
CVE-2015-3214
CVE-2015-3214 affects QEMU prior to 2.3.1 (pit_ioport_read in i8254.c) and Linux kernel prior to 2.6.33. The flaw does not distinguish between read and write lengths, potentially allowing a privileged guest user (with PIT emulation enabled) to trigger an invalid index and cause arbitrary host cod...
CVE-2015-5307
CVE-2015-5307 affects the Linux kernel KVM subsystem (through 4.2.6) and Xen (4.3.x–4.6.x). An attacker who has local access in a guest can trigger many #AC exceptions (Alignment Check), potentially causing a host panic/hang. Root cause involves svm.c/vmx.c handling of alignment-related events. P...
CVE-2014-9584
CVE-2014-9584 affects the Linux kernel where the function parse_rock_ridge_inode_internal in fs/isofs/rock.c does not validate a length value in the ER System Use Field, enabling local users to obtain sensitive kernel memory via a crafted iso9660 image. This vulnerability exists in kernels before...
CVE-2015-3331
CVE-2015-3331 affects the Linux kernel up to 3.19.2, where __driver_rfc4106_decrypt in arch/x86/crypto/aesni-intel_glue.c mishandles memory locations for encrypted data, enabling a context-dependent attacker to trigger a buffer overflow via a crypto API call (e.g., with a libkcapi test program us...
CVE-2015-5156
CVE-2015-5156 affects the Linux kernel’s virtio-net implementation. The vulnerability arises in virtnet_probe (drivers/net/virtio_net.c) where a FRAGLIST feature is supported without proper memory allocation, enabling a remote attacker on the local network to trigger a buffer overflow/memory corr...
CVE-2015-2922
CVE-2015-2922 is a Linux kernel IPv6 Neighbor Discovery flaw in the ndisc_router_discovery path that lets a crafted Router Advertisement with a small hop_limit reconfigure the hop-limit on the receiving interface. It affects the IPv6 stack prior to kernel 3.19.6; the impact is loss of connectivit...
CVE-2014-8159
CVE-2014-8159 describes a flaw in the Linux kernel InfiniBand/RDMA subsystem where the uverbs interface used to register memory regions can be abused by a local user to access arbitrary physical memory, potentially crash the system or escalate privileges via /dev/infiniband/uverbsX. The initial e...
CVE-2015-2925
The vulnerability CVE-2015-2925 affects the Linux kernel prior to 4.2.4, specifically the prepend_path function in fs/dcache.c. It allows a local attacker to bypass container protections by renaming a directory inside a bind mount, enabling a double-chroot-style escape. The impact is enabling pri...
CVE-2014-9585
CVE-2014-9585 affects Linux kernels up to 3.18.2. The vdso_addr code in arch/x86/vdso/vma.c can misselect vDSO memory, enabling local users to bypass ASLR by guessing a PMD-end location. Exploitation details and patches/fixes are not provided in the connected documents; monitor advisories for rem...
CVE-2015-3339
CVE-2015-3339 affects the Linux kernel (before 3.19.6) and stems from a race condition between chown and execve when changing the owner of a setuid binary to root. An unprivileged local user could exploit the window where ownership is updated but the setuid bit is not yet stripped to gain root pr...
CVE-2014-9529
CVE-2014-9529: A race condition in Linux kernel key garbage collection (key_gc_unused_keys in security/keys/gc.c) up to 3.18.2 can enable local users to cause DoS or memory corruption during key garbage collection via keyctl. Connected advisory confirms kernel upstream fix and lists commit a3a878...
CVE-2014-7822
CVE-2014-7822 concerns the Linux kernel splice_write path, where the splice() system call does not validate the maximum size of a single file. This enables a local unprivileged user to trigger a denial of service (system crash) and potentially other effects, notably when using an ext4 filesystem....
CVE-2015-2830
CVE-2015-2830 affects the Linux kernel (arch/x86/kernel/entry_64.S) prior to 3.19.2. The TS_COMPAT flag can reach a user-mode task, potentially allowing local attackers to bypass seccomp or audit protections via crafted applications using fork or close. A fix is available in 3.19.2 and later; att...
CVE-2015-7799
The CVE-2015-7799 issue affects the Linux kernel, specifically slhc_init in drivers/net/slip/slhc.c, up to version 4.2.3. The vulnerability arises because the function does not validate certain slot numbers, allowing a local user to trigger a denial of service via a crafted PPPIOCSMAXCID ioctl ca...
CVE-2015-5366
The referenced sources confirm two Linux kernel UDP-handling flaws fixed in version 4.0.6: CVE-2015-5364 and CVE-2015-5366. Affected component: UDP and UDPv6 receive paths (udp_recvmsg and udpv6_recvmsg) in the Linux kernel prior to 4.0.6. Root cause: improper handling of UDP checksums, allowing ...
CVE-2015-7613
CVE-2015-7613 is a Linux kernel race condition in the IPC object implementation (up to version 4.2.3) that can allow a local unprivileged user to escalate privileges by triggering ipc_addid, which uses uid/gid values from uninitialized data (topics include msg.c, shm.c, util.c). Connected sources...
CVE-2014-8160
CVE-2014-8160 : In the Linux kernel, net/netfilter/nf_conntrack_proto_generic.c before 3.18 generates incorrect conntrack entries when handling certain iptables rule sets for SCTP, DCCP, GRE, and UDP-Lite. This can allow remote attackers to bypass intended access restrictions by sending packets w...
CVE-2015-2666
CVE-2015-2666 : The Linux kernel contains a stack-based buffer overflow in get_matching_model_microcode (arch/x86/kernel/cpu/microcode/intel_early.c) that can be exploited by a context-dependent local attacker with root privileges to write to the initrd. The description in connected advisories co...
CVE-2015-6937
The CVE-2015-6937 issue is in the Linux kernel (net/rds/connection.c: __rds_conn_create) and allows a local user to trigger a NULL pointer dereference and DoS by using an unbound socket. CVE-2015-7990 is a related race condition in net/rds/sendmsg.c (rds_sendmsg) that can cause DoS; both rely on ...
CVE-2013-7446
CVE-2013-7446 is a use-after-free vulnerability in the Linux kernel (net/unix/af_unix.c) up to version 4.3.2, fixed in 4.3.3. It allows local attackers to bypass AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls. Affected: Linux kernel before 4.3.3 (inclu...
CVE-2015-8374
CVE-2015-8374 affects the Linux kernel prior to 4.3.3. The vulnerability is due to the filesystem driver fs/btrfs/inode.c mishandling compressed inline extents, allowing local users to obtain sensitive pre-truncation data from a file via a clone operation. Affected: Linux kernel up to 4.3.2 (4.3....
CVE-2013-7445
CVE-2013-7445 : In the Linux kernel DRM subsystem, the Graphics Execution Manager (GEM) object handling (through GEM requests) is mishandled, allowing a context-aware attacker to cause a denial of service via memory exhaustion. The exploitation described uses JavaScript creating many CANVAS eleme...
CVE-2014-9715
CVE-2014-9715 affects the Linux kernel prior to 3.14.5, where nf_conntrack_extend.h in the netfilter subsystem uses an insufficiently large data type for certain extension data. This can allow a local attacker to trigger a NULL pointer dereference and OOPS (DoS) by outbound traffic that loads ext...
CVE-2015-5283
CVE-2015-5283 affects the Linux kernel prior to 4.2.3. The sctp_init function in net/sctp/protocol.c uses an incorrect sequence of protocol-initialization steps, allowing a local attacker to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all steps complete....
CVE-2015-0239
CVE-2015-0239 affects the Linux kernel KVM emulation path (arch/x86/kvm/emulate.c). If a guest OS does not initialize SYSENTER MSRs, em_sysenter can trigger using a 16‑bit code segment to emulate SYSENTER, allowing a guest OS user to gain guest privileges or cause a guest crash. The vulnerability...
CVE-2015-4700
The CVE-2015-4700 issue affects the Linux kernel (arch/x86/net/bpf_jit_comp.c) up to version 4.0.5. The bpf_int_jit_compile function can be triggered by crafted BPF instructions to cause a denial-of-service (system crash) via late convergence in the JIT compiler. Affected component is the JIT-com...
CVE-2015-0275
CVE-2015-0275 affects the Linux kernel ext4 subsystem: the ext4_zero_range function in fs/ext4/extents.c allows local users to trigger a denial of service via a crafted fallocate zero-range request. The linked MiracleLinux/Unity Linux Nessus entries reproduce this: the vulnerability is described ...
CVE-2015-3212
CVE-2015-3212: Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of socket-related system calls (notably setsockopt). Affected component is the SCTP implementation in the kernel; impa...
CVE-2015-7990
Technical details beyond the initial description are not provided in the connected documents. No public details about CVE-2015-7990 are included here; monitor for updates.
CVE-2014-9683
CVE-2014-9683 describes an off-by-one error in the Linux kernel’s eCryptfs path: ecryptfs_decode_from_filename in fs/ecryptfs/crypto.c (pre-3.18.2). A crafted filename can cause a buffer overflow, leading to a denial of service and, potentially, local privilege escalation. The vulnerability is lo...
CVE-2015-4167
The CVE-2015-4167 issue affects the Linux kernel UDF code: udf_read_inode in fs/udf/inode.c fails to validate certain length values, enabling local attackers with crafted UDF filesystems to trigger DoS (incorrect data representation or integer overflow, OOPS). Impact is local access with potentia...
CVE-2015-1333
CVE-2015-1333 is a memory-leak vulnerability in the Linux kernel prior to 4.1.4. The issue is in the __key_link_end function within security/keys/keyring.c, where adding a key to a keyring via add_key can allow a local attacker to exhaust memory and cause a denial of service. Public advisories an...
CVE-2015-2041
CVE-2015-2041 affects Unity Linux kernels (20.1050e/20.1060e/20.1070e) where the Linux kernel before 3.19 contains an error in net/llc/sysctl_net_llc.c using an incorrect data type in a sysctl table. This local information-disclosure flaw allows an unprivileged local user to read potentially sens...
CVE-2015-6252
CVE-2015-6252 refers to a vulnerability in the Linux kernel where the vhost_dev_ioctl path in drivers/vhost/vhost.c allows local users to trigger a denial of service (memory consumption) by issuing a VHOST_SET_LOG_FD ioctl that can cause permanent file-descriptor allocation. The description speci...
CVE-2014-9644
CVE-2014-9644 affects the Linux kernel Crypto API prior to 3.18.5. It allows a local user to load arbitrary kernel modules by abusing a bind() call on an AF_ALG socket with a module template expression (eg, vfat(aes)) in salg_name. This is a local, privilege-related issue, separate from CVE-2013-...
CVE-2015-5707
CVE-2015-5707 affects the Linux kernel sg.c sg_start_req function (drivers/scsi/sg.c) where an integer overflow can occur in write requests with a large iov_count, allowing a local attacker to cause a denial of service or potentially other impact on kernel memory. Affected are kernel versions 2.6...
CVE-2015-1420
CVE-2015-1420 is a Linux kernel race condition in fs/fhandle.c (handle_to_path) up to version 3.19.1. An attacker could bypass size restrictions by manipulating handle_bytes during handle_to_path execution to trigger reads from additional memory locations, enabling local read access to memory. Th...
CVE-2013-7421
CVE-2013-7421 : Linux kernel Crypto API flaw allows a local user to load arbitrary kernel modules via a bind() on an AF_ALG socket with a salg_name, in kernels before 3.18.5. This is the same class as CVE-2014-9644 and is addressed by the 3.18.5 fix (ChangeLog-3.18.5). Connected IBM and vendor ad...