ALT-PU-2016-1534-1
Package kernel-image-std-def updated to version 4.4.11-alt1 for branch sisyphus in task 164989.
Closed vulnerabilities
Published: 2016-05-23
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-4557
The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in the Linux kernel before 4.5.5 does not properly maintain an fd data structure, which allows local users to gain privileges or cause a denial of service (use-after-free) via crafted BPF instructions that reference an incorrect file descriptor.
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8358b02bf67d3a5d8a825070e1aa73f25fb2e4c7
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8358b02bf67d3a5d8a825070e1aa73f25fb2e4c7
- openSUSE-SU-2016:1641
- openSUSE-SU-2016:1641
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5
- [oss-security] 20160506 CVE Requests: Linux: BPF flaws (one use-after-free / local root privilege escalation)
- [oss-security] 20160506 CVE Requests: Linux: BPF flaws (one use-after-free / local root privilege escalation)
- https://bugs.chromium.org/p/project-zero/issues/detail?id=808
- https://bugs.chromium.org/p/project-zero/issues/detail?id=808
- https://bugs.debian.org/823603
- https://bugs.debian.org/823603
- https://bugzilla.redhat.com/show_bug.cgi?id=1334307
- https://bugzilla.redhat.com/show_bug.cgi?id=1334307
- https://github.com/torvalds/linux/commit/8358b02bf67d3a5d8a825070e1aa73f25fb2e4c7
- https://github.com/torvalds/linux/commit/8358b02bf67d3a5d8a825070e1aa73f25fb2e4c7
- 40759
- 40759
Published: 2016-05-23
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-4558
The BPF subsystem in the Linux kernel before 4.5.5 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted application on (1) a system with more than 32 Gb of memory, related to the program reference count or (2) a 1 Tb system, related to the map reference count.
Severity: HIGH (7.0)
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=92117d8443bc5afacc8d5ba82e541946310f106e
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=92117d8443bc5afacc8d5ba82e541946310f106e
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5
- [oss-security] 20160506 CVE Requests: Linux: BPF flaws (one use-after-free / local root privilege escalation)
- [oss-security] 20160506 CVE Requests: Linux: BPF flaws (one use-after-free / local root privilege escalation)
- USN-3005-1
- USN-3005-1
- USN-3006-1
- USN-3006-1
- USN-3007-1
- USN-3007-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1334303
- https://bugzilla.redhat.com/show_bug.cgi?id=1334303
- https://github.com/torvalds/linux/commit/92117d8443bc5afacc8d5ba82e541946310f106e
- https://github.com/torvalds/linux/commit/92117d8443bc5afacc8d5ba82e541946310f106e
Published: 2016-05-23
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-4913
The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99d825822eade8d827a1817357cbf3f889a552d6
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99d825822eade8d827a1817357cbf3f889a552d6
- SUSE-SU-2016:1672
- SUSE-SU-2016:1672
- SUSE-SU-2016:1985
- SUSE-SU-2016:1985
- DSA-3607
- DSA-3607
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5
- [oss-security] 20160518 CVE Request: Linux: information leak in Rock Ridge Extensions to iso9660 -- fs/isofs/rock.c
- [oss-security] 20160518 CVE Request: Linux: information leak in Rock Ridge Extensions to iso9660 -- fs/isofs/rock.c
- [oss-security] 20160518 Re: CVE Request: Linux: information leak in Rock Ridge Extensions to iso9660 -- fs/isofs/rock.c
- [oss-security] 20160518 Re: CVE Request: Linux: information leak in Rock Ridge Extensions to iso9660 -- fs/isofs/rock.c
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
- 90730
- 90730
- USN-3016-1
- USN-3016-1
- USN-3016-2
- USN-3016-2
- USN-3016-3
- USN-3016-3
- USN-3016-4
- USN-3016-4
- USN-3017-1
- USN-3017-1
- USN-3017-2
- USN-3017-2
- USN-3017-3
- USN-3017-3
- USN-3018-1
- USN-3018-1
- USN-3018-2
- USN-3018-2
- USN-3019-1
- USN-3019-1
- USN-3020-1
- USN-3020-1
- USN-3021-1
- USN-3021-1
- USN-3021-2
- USN-3021-2
- RHSA-2018:3083
- RHSA-2018:3083
- RHSA-2018:3096
- RHSA-2018:3096
- https://bugzilla.redhat.com/show_bug.cgi?id=1337528
- https://bugzilla.redhat.com/show_bug.cgi?id=1337528
- https://github.com/torvalds/linux/commit/99d825822eade8d827a1817357cbf3f889a552d6
- https://github.com/torvalds/linux/commit/99d825822eade8d827a1817357cbf3f889a552d6