ALT-PU-2016-1860-1

Package update kernel-image-un-def in branch p8

Version4.6.7-alt0.M80P.1

Published2016-08-18

Max severityHIGH

Severity:

Closed issues (4)

MEDIUM4.3

Memory leak in the airspy_probe function in drivers/media/usb/airspy/airspy.c in the airspy USB driver in the Linux kernel before 4.7 allows local users to cause a denial of service (memory consumption) via a crafted USB device that emulates many VFL_TYPE_SDR or VFL_TYPE_SUBDEV devices and performs many connect and disconnect operations.

Published: 2016-08-06Modified: 2025-04-12

CVSS 2.0MEDIUM 4.9

CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS 3.xMEDIUM 4.3

CVSS:3.x/CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

MEDIUM4.8

net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.

Published: 2016-08-06Modified: 2025-04-12

CVSS 2.0MEDIUM 5.8

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:P

CVSS 3.xMEDIUM 4.8

CVSS:3.x/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

References

MEDIUM5.1

Race condition in the ec_device_ioctl_xcmd function in drivers/platform/chrome/cros_ec_dev.c in the Linux kernel before 4.7 allows local users to cause a denial of service (out-of-bounds array access) by changing a certain size value, aka a "double fetch" vulnerability.

Published: 2016-08-06Modified: 2025-04-12

CVSS 2.0LOW 1.9

CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:P

CVSS 3.xMEDIUM 5.1

CVSS:3.x/CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References

HIGH7.8

Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed.

Published: 2016-11-16Modified: 2025-04-12

CVSS 2.0CRITICAL 9.3

CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS 3.xHIGH 7.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References