All errata/p7/ALT-PU-2015-1060-1
ALT-PU-2015-1060-1

Package update kernel-image-un-def in branch p7

Version3.18.3-alt1
Task#138804
Published2015-01-19
Max severityMEDIUM
Severity:

Closed issues (2)

CVE-2014-9529
MEDIUM6.9

Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.

Published: 2015-01-09Modified: 2025-04-12
CVSS 2.0MEDIUM 6.9
CVSS:2.0/AV:L/AC:M/Au:N/C:C/I:C/A:C
References
CVE-2014-9585
LOW2.1

The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.

Published: 2015-01-09Modified: 2025-04-12
CVSS 2.0LOW 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:P/A:N
References