ALT Linux Team

Package kernel-image-un-def update in p7 on 2015-01-19

ALT-PU-2015-1060-1

Package kernel-image-un-def updated to version 3.18.3-alt1 for branch p7 in task 138804.

Closed vulnerabilities

Published: 2015-01-09
Modified: 2025-04-12

CVE-2014-9529

Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.

Severity: MEDIUM (6.9) Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
References:
Published: 2015-01-09
Modified: 2025-04-12

CVE-2014-9585

The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.

Severity: LOW (2.1) Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top