ALT Linux Team

Package kernel-image-un-def update in sisyphus on 2015-03-27

ALT-PU-2015-1326-1

Package kernel-image-un-def updated to version 3.19.3-alt1 for branch sisyphus in task 142297.

Closed vulnerabilities

Published: 2016-03-13

BDU:2016-00886

Уязвимость ядра Linux, позволяющая нарушителю получить доступ к защищаемой информации

Severity: LOW (2.1)
References:
Published: 2016-05-02
Modified: 2024-11-21

CVE-2015-2686

net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for (1) sendto and (2) recvfrom system calls, which allows local users to gain privileges by leveraging a subsystem that uses the copy_from_iter function in the iov_iter interface, as demonstrated by the Bluetooth subsystem.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2015-05-27
Modified: 2024-11-21

CVE-2015-3331

The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket.

Severity: CRITICAL (9.3)
References:
Published: 2016-03-13
Modified: 2024-11-21

CVE-2016-0823

The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721.

Severity: MEDIUM (4.0) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top