Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-2890-2
HistoryFeb 02, 2016 - 12:00 a.m.

Linux kernel (Wily HWE) vulnerabilities

2016-02-0200:00:00
ubuntu.com
38

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.047 Low

EPSS

Percentile

92.5%

JSON

Releases

  • Ubuntu 14.04 ESM

Packages

  • linux-lts-wily - Linux hardware enablement kernel from Wily

Details

It was discovered that a use-after-free vulnerability existed in the
AF_UNIX implementation in the Linux kernel. A local attacker could use
crafted epoll_ctl calls to cause a denial of service (system crash) or
expose sensitive information. (CVE-2013-7446)

It was discovered that the KVM implementation in the Linux kernel did not
properly restore the values of the Programmable Interrupt Timer (PIT). A
user-assisted attacker in a KVM guest could cause a denial of service in
the host (system crash). (CVE-2015-7513)

It was discovered that the Linux kernel keyring subsystem contained a race
between read and revoke operations. A local attacker could use this to
cause a denial of service (system crash). (CVE-2015-7550)

Sasha Levin discovered that the Reliable Datagram Sockets (RDS)
implementation in the Linux kernel had a race condition when checking
whether a socket was bound or not. A local attacker could use this to cause
a denial of service (system crash). (CVE-2015-7990)

It was discovered that the Btrfs implementation in the Linux kernel
incorrectly handled compressed inline extants on truncation. A local
attacker could use this to expose sensitive information. (CVE-2015-8374)

郭永刚 discovered that the Linux kernel networking implementation did
not validate protocol identifiers for certain protocol families, A local
attacker could use this to cause a denial of service (system crash) or
possibly gain administrative privileges. (CVE-2015-8543)

Dmitry Vyukov discovered that the pptp implementation in the Linux kernel
did not verify an address length when setting up a socket. A local attacker
could use this to craft an application that exposed sensitive information
from kernel memory. (CVE-2015-8569)

David Miller discovered that the Bluetooth implementation in the Linux
kernel did not properly validate the socket address length for Synchronous
Connection-Oriented (SCO) sockets. A local attacker could use this to
expose sensitive information. (CVE-2015-8575)

It was discovered that the netfilter Network Address Translation (NAT)
implementation did not ensure that data structures were initialized when
handling IPv4 addresses. An attacker could use this to cause a denial of
service (system crash). (CVE-2015-8787)

OSVersionArchitecturePackageVersionFilename
Ubuntu14.04noarchlinux-image-4.2.0-27-generic< 4.2.0-27.32~14.04.1UNKNOWN
Ubuntu14.04noarchblock-modules-4.2.0-27-generic-di< 4.2.0-27.32~14.04.1UNKNOWN
Ubuntu14.04noarchcrypto-modules-4.2.0-27-generic-di< 4.2.0-27.32~14.04.1UNKNOWN
Ubuntu14.04noarchfat-modules-4.2.0-27-generic-di< 4.2.0-27.32~14.04.1UNKNOWN
Ubuntu14.04noarchfb-modules-4.2.0-27-generic-di< 4.2.0-27.32~14.04.1UNKNOWN
Ubuntu14.04noarchfirewire-core-modules-4.2.0-27-generic-di< 4.2.0-27.32~14.04.1UNKNOWN
Ubuntu14.04noarchfloppy-modules-4.2.0-27-generic-di< 4.2.0-27.32~14.04.1UNKNOWN
Ubuntu14.04noarchfs-core-modules-4.2.0-27-generic-di< 4.2.0-27.32~14.04.1UNKNOWN
Ubuntu14.04noarchfs-secondary-modules-4.2.0-27-generic-di< 4.2.0-27.32~14.04.1UNKNOWN
Ubuntu14.04noarchinput-modules-4.2.0-27-generic-di< 4.2.0-27.32~14.04.1UNKNOWN
Rows per page:
1-10 of 571

Related

nessus 50
openvas 31
ubuntu 15
fedora 12
osv 5
debian 8
cloudfoundry 1
suse 18
f5 10
prion 9
cve 10
debiancve 10
android 1
ubuntucve 10
veracode 2
mageia 1
oraclelinux 5
amazon 1
nessus
nessus
Ubuntu 15.10 : linux vulnerabilities (USN-2890-1)
2016-02-02 00:00:00
Ubuntu 15.10 : linux-raspi2 vulnerabilities (USN-2890-3)
2016-02-02 00:00:00
Ubuntu 14.04 LTS : Linux kernel (Utopic HWE) vulnerabilities (USN-2888-1)
2016-02-02 00:00:00
openvas
openvas
Ubuntu Update for linux USN-2890-1
2016-02-05 00:00:00
Ubuntu Update for linux-lts-wily USN-2890-2
2016-02-05 00:00:00
Ubuntu Update for linux-raspi2 USN-2890-3
2016-02-05 00:00:00
ubuntu
ubuntu
Linux kernel (Utopic HWE) vulnerabilities
2016-02-02 00:00:00
Linux kernel (Raspberry Pi 2) vulnerabilities
2016-02-02 00:00:00
Linux kernel vulnerabilities
2016-02-02 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: kernel-4.2.8-300.fc23
2015-12-22 22:09:32
[SECURITY] Fedora 22 Update: kernel-4.2.8-200.fc22
2015-12-22 07:24:44
[SECURITY] Fedora 23 Update: kernel-4.3.3-300.fc23
2016-01-12 08:03:52
osv
osv
linux-2.6 - security update
2016-01-05 00:00:00
linux - security update
2016-01-05 00:00:00
linux - security update
2015-12-17 00:00:00
debian
debian
[SECURITY] [DLA 378-1] linux-2.6 security update
2016-01-05 18:07:03
[SECURITY] [DSA 3434-1] linux security update
2016-01-05 19:18:32
[SECURITY] [DSA 3434-1] linux security update
2016-01-05 19:18:32
cloudfoundry
cloudfoundry
USN-2910-1 Linux kernel vulnerability | Cloud Foundry
2016-02-26 00:00:00
suse
suse
Security update for the Linux Kernel (important)
2016-01-19 14:12:54
Security update for the Linux Kernel (important)
2016-01-29 14:11:40
Security update for the Linux Kernel (important)
2016-02-25 21:11:27
f5
f5
K60742457 : Linux kernel vulnerability CVE-2015-8374
2016-01-29 00:00:00
SOL98102572 - Linux kernel vulnerability CVE-2015-7990
2016-01-28 00:00:00
K20022580 : Linux kernel vulnerability CVE-2013-7446
2016-01-28 00:00:00
prion
prion
Design/Logic Flaw
2015-12-28 11:59:00
Design/Logic Flaw
2015-12-28 11:59:00
Design/Logic Flaw
2016-02-08 03:59:00
cve
cve
CVE-2015-8374
2015-12-28 11:59:00
CVE-2015-7550
2016-02-08 03:59:00
CVE-2013-7446
2015-12-28 11:59:00
debiancve
debiancve
CVE-2015-8374
2015-12-28 11:59:00
CVE-2015-8569
2015-12-28 11:59:00
CVE-2013-7446
2015-12-28 11:59:00
android
android
CVE-2013-7446
2016-09-01 00:00:00
ubuntucve
ubuntucve
CVE-2015-7550
2015-12-30 00:00:00
CVE-2015-8569
2015-12-28 00:00:00
CVE-2013-7446
2015-12-28 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-04-01 10:48:16
Denial Of Service (DoS)
2019-05-02 05:29:40
mageia
mageia
Updated ctdb packages fix security vulnerability
2016-08-31 18:32:33
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2016-09-22 00:00:00
Unbreakable Enterprise kernel security update
2016-09-22 00:00:00
Unbreakable Enterprise kernel security update
2017-02-09 00:00:00
amazon
amazon
Medium: kernel
2015-10-27 13:40:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.047 Low

EPSS

Percentile

92.5%

JSON
Related for USN-2890-2
nessus50openvas31ubuntu15fedora12osv5debian8cloudfoundry1suse18f510prion9cve10debiancve10android1ubuntucve10veracode2mageia1oraclelinux5amazon1