Branch sisyphus update bulletin.

Package kernel-image-std-def updated to version 3.18.21-alt1 for branch sisyphus in task 149359.

Published: 2013-01-22

BDU:2015-04307

Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (10.0)

References:

Published: 1970-01-01

BDU:2015-04308

Severity: CRITICAL (10.0)

References:

Published: 1970-01-01

BDU:2015-04309

Severity: CRITICAL (10.0)

References:

Published: 1970-01-01

BDU:2015-04310

Severity: CRITICAL (10.0)

References:

Published: 2014-03-11

BDU:2015-05685

Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05686

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05687

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05688

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05689

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05690

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05691

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05692

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05693

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05694

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05695

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05696

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05697

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05698

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05699

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05700

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05701

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05702

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05703

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05704

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05705

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05706

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05707

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05708

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05709

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05710

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05711

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05712

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05713

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05714

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05715

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05716

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05717

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05718

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05719

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05720

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05721

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05722

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05723

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05724

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05725

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05726

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05727

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05728

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05729

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05730

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05731

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05732

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05733

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05734

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05735

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05736

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05737

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05738

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05739

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05740

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05741

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05742

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05743

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05744

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05745

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05746

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05747

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05748

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05749

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05750

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05751

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05752

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05753

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05754

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05755

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05756

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05757

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05758

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05759

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05760

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05761

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05762

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05763

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05764

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05765

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05766

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05767

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05768

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05769

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05770

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05771

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05772

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05773

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05774

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05775

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05776

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05777

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05778

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05779

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05780

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05781

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05782

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05783

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05784

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05785

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05786

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05787

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05788

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05789

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05790

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05791

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05792

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05793

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05794

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05795

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05796

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05797

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05798

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05799

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05800

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05801

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05802

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05803

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05804

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05805

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05806

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05807

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05808

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05809

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05810

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05811

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05812

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05813

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05814

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05815

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05816

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05817

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05818

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05819

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05820

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05821

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05822

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05823

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05824

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05825

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05826

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05827

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05828

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05829

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05830

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05831

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05832

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05833

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05834

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05835

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05836

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05837

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05838

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05839

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05840

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05841

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05842

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05843

Severity: CRITICAL (9.3)

References:

Published: 2015-01-27

BDU:2015-06239

Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (10.0)

References:

Published: 2015-01-27

BDU:2015-06241

Severity: CRITICAL (10.0)

References:

Published: 2015-01-13

BDU:2015-06243

Severity: CRITICAL (10.0)

References:

Published: 2015-01-27

BDU:2015-06245

Severity: CRITICAL (10.0)

References:

Published: 2015-01-27

BDU:2015-06246

Severity: CRITICAL (10.0)

References:

Published: 2015-01-27

BDU:2015-06247

Severity: CRITICAL (10.0)

References:

Published: 2015-01-27

BDU:2015-06248

Severity: CRITICAL (10.0)

References:

Published: 2015-01-27

BDU:2015-06249

Severity: CRITICAL (10.0)

References:

Published: 2015-01-13

BDU:2015-06250

Severity: CRITICAL (10.0)

References:

Published: 2015-01-27

BDU:2015-06251

Severity: CRITICAL (10.0)

References:

Published: 2015-01-27

BDU:2015-06255

Severity: CRITICAL (10.0)

References:

Published: 2015-01-27

BDU:2015-06258

Severity: CRITICAL (10.0)

References:

Published: 2015-01-27

BDU:2015-06260

Severity: CRITICAL (10.0)

References:

Published: 2015-01-13

BDU:2015-06263

Severity: CRITICAL (10.0)

References:

Published: 2015-01-13

BDU:2015-06264

Severity: CRITICAL (10.0)

References:

Published: 2015-01-13

BDU:2015-06265

Severity: CRITICAL (10.0)

References:

Published: 2015-01-28

BDU:2015-09204

Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (10.0)

References:

Published: 2015-01-28

BDU:2015-09205

Severity: CRITICAL (10.0)

References:

Published: 2015-01-28

BDU:2015-09206

Severity: CRITICAL (10.0)

References:

Published: 2015-01-28

BDU:2015-09207

Severity: CRITICAL (10.0)

References:

Published: 2015-01-28

BDU:2015-09208

Severity: CRITICAL (10.0)

References:

Published: 2015-01-28

BDU:2015-09209

Severity: CRITICAL (10.0)

References:

Published: 2015-01-28

BDU:2015-09210

Severity: CRITICAL (10.0)

References:

Published: 2015-01-28

BDU:2015-09211

Severity: CRITICAL (10.0)

References:

Published: 2015-01-28

BDU:2015-09212

Severity: CRITICAL (10.0)

References:

Published: 2015-01-28

BDU:2015-09213

Severity: CRITICAL (10.0)

References:

Published: 2015-01-28

BDU:2015-09214

Severity: CRITICAL (10.0)

References:

Published: 2015-03-24

BDU:2015-09845

Уязвимости операционной системы Ubuntu, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.2)

References:

Published: 2015-03-24

BDU:2015-09846

Severity: CRITICAL (10.0)

References:

Published: 2015-03-24

BDU:2015-09847

Severity: CRITICAL (10.0)

References:

Published: 2014-07-09

BDU:2016-01579

Уязвимость операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии

References:

Published: 2017-03-06

BDU:2017-00542

Уязвимость драйвера Wi-Fi Qualcomm операционных систем Android, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

References:

CVE-2017-0523

Published: 2017-03-16

BDU:2017-00771

Уязвимость операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.9)

References:

Published: 2017-04-04

BDU:2017-01546

Уязвимость операционной системы Android, позволяющая нарушителю повысить свои привилегии

Severity: CRITICAL (9.3)

References:

Published: 2014-09-16

BDU:2017-01573

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2019-09-11

BDU:2019-04676

Уязвимость ядра Linux, связанная с переполнения буфера виртуальной памяти, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2019-14835

Published: 2019-09-18

BDU:2019-04677

Уязвимость функции Coalesced_MMIO ядра операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность

Severity: HIGH (8.8) Vector: AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

References:

CVE-2019-14821

Published: 2020-05-28

BDU:2021-03057

Уязвимость функции fill_thread_core_info() ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию и вызвать отказ в обслуживании

Severity: MEDIUM (4.4) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

References:

CVE-2020-10732

Published: 2015-08-08

BDU:2022-00885

Уязвимость функций pipe_read и pipe_write в fs/pipe.c ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии или вызвать отказ в обслуживании

Severity: HIGH (7.2)

References:

CVE-2015-1805

Published: 2018-07-05

BDU:2022-05860

Уязвимость функции inode_init_owner компонента fs/inode.c ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2018-13405

Published: 2015-03-02
Modified: 2024-11-21

CVE-2013-7421

The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.

Severity: LOW (2.1)

References:

Published: 2014-06-25
Modified: 2024-11-21

CVE-2014-0206

Array index error in the aio_read_events_ring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value.

Severity: LOW (2.1)

References:

Published: 2019-11-06
Modified: 2024-11-21

CVE-2014-3180

In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable

Severity: CRITICAL (9.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

References:

Published: 2014-09-28
Modified: 2024-11-21

CVE-2014-3181

Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allow physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event.

References:

Published: 2014-09-28
Modified: 2024-11-21

CVE-2014-3182

Array index error in the logi_dj_raw_event function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (invalid kfree) via a crafted device that provides a malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value.

References:

Published: 2014-09-28
Modified: 2024-11-21

CVE-2014-3183

Heap-based buffer overflow in the logi_dj_ll_raw_request function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that specifies a large report size for an LED report.

References:

Published: 2014-09-28
Modified: 2024-11-21

CVE-2014-3184

The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c.

Severity: MEDIUM (4.7)

References:

Published: 2014-09-28
Modified: 2024-11-21

CVE-2014-3185

Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response.

References:

Published: 2014-08-01
Modified: 2024-11-21

CVE-2014-3534

arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call.

Severity: HIGH (7.2)

References:

Published: 2014-09-01
Modified: 2024-11-21

CVE-2014-3601

The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages.

Severity: MEDIUM (4.3)

References:

Published: 2014-11-10
Modified: 2024-11-21

CVE-2014-3610

The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2014-11-10
Modified: 2024-11-21

CVE-2014-3611

Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS crash) by leveraging incorrect PIT emulation.

Severity: MEDIUM (4.7) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2014-09-28
Modified: 2024-11-21

CVE-2014-3631

The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via multiple "keyctl newring" operations followed by a "keyctl timeout" operation.

Severity: HIGH (7.2)

References:

Published: 2014-11-10
Modified: 2024-11-21

CVE-2014-3646

arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Published: 2014-11-10
Modified: 2024-11-21

CVE-2014-3647

arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Published: 2014-11-30
Modified: 2024-11-21

CVE-2014-3688

The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c.

Severity: MEDIUM (5.0)

References:

Published: 2014-11-10
Modified: 2024-11-21

CVE-2014-3690

arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2014-06-23
Modified: 2024-11-21

CVE-2014-4171

mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call.

Severity: MEDIUM (4.7)

References:

Published: 2014-12-24
Modified: 2024-11-21

CVE-2014-4322

drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application.

Severity: HIGH (7.2)

References:

Published: 2014-12-12
Modified: 2024-11-21

CVE-2014-4323

The mdp_lut_hw_update function in drivers/video/msm/mdp.c in the MDP display driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain start and length values within an ioctl call, which allows attackers to gain privileges via a crafted application.

Severity: HIGH (7.5)

References:

Published: 2014-06-23
Modified: 2024-11-21

CVE-2014-4508

arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000.

Severity: MEDIUM (4.7)

References:

Published: 2014-07-03
Modified: 2025-01-28

CVE-2014-4608

Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is *not* affected; media hype.

Severity: HIGH (7.5)

References:

Published: 2014-07-03
Modified: 2024-11-21

CVE-2014-4611

Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4_uncompress function in lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run that would be improperly handled by programs not complying with an API limitation, a different vulnerability than CVE-2014-4715.

Severity: MEDIUM (5.0)

References:

Published: 2014-07-03
Modified: 2024-11-21

CVE-2014-4652

Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.

Severity: LOW (1.9)

References:

Published: 2014-07-03
Modified: 2024-11-21

CVE-2014-4653

sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.

Severity: MEDIUM (4.6)

References:

Published: 2014-07-03
Modified: 2024-11-21

CVE-2014-4654

The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call.

Severity: MEDIUM (4.6)

References:

Published: 2014-07-03
Modified: 2024-11-21

CVE-2014-4655

The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls.

Severity: MEDIUM (4.9)

References:

Published: 2014-07-03
Modified: 2024-11-21

CVE-2014-4656

Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function.

Severity: MEDIUM (4.6)

References:

Published: 2014-07-03
Modified: 2024-11-21

CVE-2014-4667

The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.

Severity: MEDIUM (5.0)

References:

Published: 2014-07-09
Modified: 2024-11-21

CVE-2014-4699

The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls.

References:

Published: 2014-07-19
Modified: 2024-11-21

CVE-2014-4943

The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.

References:

Published: 2014-08-01
Modified: 2024-11-21

CVE-2014-5045

The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a symlink, which allows local users to cause a denial of service (memory consumption or use-after-free) or possibly have unspecified other impact via the umount program.

Severity: MEDIUM (6.2)

References:

Published: 2014-08-18
Modified: 2024-11-21

CVE-2014-5206

The do_remount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a "mount -o remount" command within a user namespace.

Severity: HIGH (7.2)

References:

Published: 2014-08-18
Modified: 2024-11-21

CVE-2014-5207

fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a "mount -o remount" command within a user namespace.

Severity: MEDIUM (6.2)

References:

Published: 2014-09-01
Modified: 2024-11-21

CVE-2014-5471

Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry.

Severity: MEDIUM (4.0)

References:

Published: 2014-09-01
Modified: 2024-11-21

CVE-2014-5472

The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry.

Severity: MEDIUM (4.0)

References:

Published: 2014-09-28
Modified: 2024-11-21

CVE-2014-6410

The __udf_read_inode function in fs/udf/inode.c in the Linux kernel through 3.16.3 does not restrict the amount of ICB indirection, which allows physically proximate attackers to cause a denial of service (infinite loop or stack consumption) via a UDF filesystem with a crafted inode.

Severity: MEDIUM (4.7)

References:

Published: 2015-03-16
Modified: 2024-11-21

CVE-2014-7822

The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem.

Severity: HIGH (7.2)

References:

Published: 2014-11-30
Modified: 2024-11-21

CVE-2014-7841

The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk.

Severity: MEDIUM (5.0)

References:

Published: 2014-11-30
Modified: 2024-11-21

CVE-2014-7842

Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allows guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to CVE-2010-5313.

Severity: MEDIUM (4.9)

References:

Published: 2014-11-30
Modified: 2024-11-21

CVE-2014-7843

The __clear_user function in arch/arm64/lib/clear_user.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary.

Severity: MEDIUM (4.9)

References:

Published: 2014-10-13
Modified: 2024-11-21

CVE-2014-7970

The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2014-10-13
Modified: 2024-11-21

CVE-2014-7975

The do_umount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAP_SYS_ADMIN capability for do_remount_sb calls that change the root filesystem to read-only, which allows local users to cause a denial of service (loss of writability) by making certain unshare system calls, clearing the / MNT_LOCKED flag, and making an MNT_FORCE umount system call.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2014-10-13
Modified: 2024-11-21

CVE-2014-8086

Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag.

Severity: MEDIUM (4.7) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2014-12-17
Modified: 2024-11-21

CVE-2014-8133

arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a set_thread_area system call and later reads a 16-bit value.

Severity: LOW (2.1)

References:

Published: 2014-12-12
Modified: 2024-11-21

CVE-2014-8134

The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value.

Severity: LOW (3.3) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

References:

Published: 2015-03-02
Modified: 2024-11-21

CVE-2014-8160

net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers.

Severity: MEDIUM (5.0)

References:

Published: 2014-11-10
Modified: 2024-11-21

CVE-2014-8369

The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2014-11-10
Modified: 2024-11-21

CVE-2014-8480

The instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel before 3.18-rc2 lacks intended decoder-table flags for certain RIP-relative instructions, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a crafted application.

Severity: MEDIUM (4.9)

References:

Published: 2014-11-10
Modified: 2024-11-21

CVE-2014-8481

The instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel before 3.18-rc2 does not properly handle invalid instructions, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a crafted application that triggers (1) an improperly fetched instruction or (2) an instruction that occupies too many bytes. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8480.

Severity: MEDIUM (4.9)

References:

Published: 2014-11-10
Modified: 2024-11-21

CVE-2014-8559

The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2014-11-30
Modified: 2024-11-21

CVE-2014-8884

Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call.

Severity: MEDIUM (6.1)

References:

Published: 2014-11-30
Modified: 2024-11-21

CVE-2014-8989

The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a "negative groups" issue, related to kernel/groups.c, kernel/uid16.c, and kernel/user_namespace.c.

Severity: MEDIUM (4.6)

References:

Published: 2014-11-30
Modified: 2024-11-21

CVE-2014-9090

The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite.

Severity: MEDIUM (4.9)

References:

Published: 2014-12-26
Modified: 2024-11-21

CVE-2014-9419

The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address.

Severity: LOW (2.1)

References:

Published: 2014-12-26
Modified: 2024-11-21

CVE-2014-9420

The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image.

Severity: MEDIUM (4.9)

References:

Published: 2015-01-10
Modified: 2024-11-21

CVE-2014-9529

Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.

References:

Published: 2015-01-10
Modified: 2024-11-21

CVE-2014-9584

The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.

Severity: LOW (2.1)

References:

Published: 2015-01-10
Modified: 2024-11-21

CVE-2014-9585

The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.

Severity: LOW (2.1)

References:

Published: 2015-03-02
Modified: 2024-11-21

CVE-2014-9644

The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-2013-7421.

Severity: LOW (2.1)

References:

Published: 2015-03-03
Modified: 2024-11-21

CVE-2014-9683

Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename.

Severity: LOW (3.6)

References:

Published: 2015-05-27
Modified: 2024-11-21

CVE-2014-9710

The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time window, related to a race condition, or (2) after an xattr-replacement attempt that fails because the data does not fit.

References:

Published: 2015-08-31
Modified: 2024-11-21

CVE-2014-9728

The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c.

Severity: MEDIUM (4.9)

References:

Published: 2015-08-31
Modified: 2024-11-21

CVE-2014-9729

The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a certain data-structure size consistency, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image.

Severity: MEDIUM (4.9)

References:

Published: 2015-08-31
Modified: 2024-11-21

CVE-2014-9730

The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image.

Severity: MEDIUM (4.9)

References:

Published: 2015-08-31
Modified: 2024-11-21

CVE-2014-9731

The UDF filesystem implementation in the Linux kernel before 3.18.2 does not ensure that space is available for storing a symlink target's name along with a trailing \0 character, which allows local users to obtain sensitive information via a crafted filesystem image, related to fs/udf/symlink.c and fs/udf/unicode.c.

Severity: LOW (2.1)

References:

Published: 2016-07-11
Modified: 2024-11-21

CVE-2014-9803

arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Android before 2016-07-05 on Nexus 5X and 6P devices, mishandles execute-only pages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28557020.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2016-06-27
Modified: 2024-11-21

CVE-2014-9904

The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-04-04
Modified: 2024-11-21

CVE-2014-9922

The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2015-03-02
Modified: 2024-11-21

CVE-2015-0239

The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction.

Severity: MEDIUM (4.4)

References:

Published: 2015-03-16
Modified: 2024-11-21

CVE-2015-1420

Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function.

Severity: LOW (1.9)

References:

Published: 2016-05-02
Modified: 2024-11-21

CVE-2015-1573

The nft_flush_table function in net/netfilter/nf_tables_api.c in the Linux kernel before 3.18.5 mishandles the interaction between cross-chain jumps and ruleset flushes, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2015-03-16
Modified: 2024-11-21

CVE-2015-1593

The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c.

Severity: MEDIUM (5.0)

References:

Published: 2015-08-08
Modified: 2024-11-21

CVE-2015-1805

The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun."

Severity: HIGH (7.2)

References:

Published: 2015-04-21
Modified: 2024-11-21

CVE-2015-2041

net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.

Severity: MEDIUM (4.6)

References:

Published: 2015-04-21
Modified: 2024-11-21

CVE-2015-2042

net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.

Severity: MEDIUM (4.6)

References:

Published: 2015-05-27
Modified: 2024-11-21

CVE-2015-3332

A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds.

Severity: MEDIUM (4.9)

References:

Published: 2015-08-31
Modified: 2024-11-21

CVE-2015-4036

Array index error in the tcm_vhost_make_tpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl call. NOTE: the affected function was renamed to vhost_scsi_make_tpg before the vulnerability was announced.

Severity: HIGH (7.2)

References:

Published: 2016-04-27
Modified: 2024-11-21

CVE-2016-3139

The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

Severity: MEDIUM (4.6) Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2017-03-08
Modified: 2024-11-21

CVE-2017-0523

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-32835279. References: QC-CR#1096945.

Severity: HIGH (7.0) Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2017-03-31
Modified: 2024-11-21

CVE-2017-2647

The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-03-16
Modified: 2024-11-21

CVE-2017-6951

The keyring_search_aux function in security/keys/keyring.c in the Linux kernel through 3.14.79 allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the "dead" type.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2018-07-06
Modified: 2024-11-21

CVE-2018-13405

The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2019-09-19
Modified: 2024-11-21

CVE-2019-14821

An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

References:

Published: 2019-09-17
Modified: 2024-11-21

CVE-2019-14835

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2020-06-12
Modified: 2024-11-21

CVE-2020-10732

A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.

Severity: MEDIUM (4.4) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

References:

Version: 2.1.0

ALT-BU-2015-2649-1

Closed vulnerabilities