Linux kernel (OMAP4) vulnerabilities

2015-05-20T00:00:00
ID USN-2612-1
Type ubuntu
Reporter Ubuntu
Modified 2015-05-20T00:00:00

Description

A race condition between chown() and execve() was discovered in the Linux
kernel. A local attacker could exploit this race by using chown on a
setuid-user-binary to gain administrative privileges. (CVE-2015-3339)

Vincent Tondellier discovered an integer overflow in the Linux kernel's
netfilter connection tracking accounting of loaded extensions. An attacker
on the local area network (LAN) could potential exploit this flaw to cause
a denial of service (system crash of targeted system). (CVE-2014-9715)