Информационная безопасность
[RU] switch to English


Уязвимости безопасности в ядре Linux
дополнено с 13 июня 2015 г.
Опубликовано:21 июня 2015 г.
Источник:
SecurityVulns ID:14531
Тип:библиотека
Уровень опасности:
5/10
Описание:DoS, повышения привилегий.
CVE:CVE-2015-4167 (The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted UDF filesystem.)
 CVE-2015-4036 (Array index error in the tcm_vhost_make_tpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl call. NOTE: the affected function was renamed to vhost_scsi_make_tpg before the vulnerability was announced.)
 CVE-2015-3636 (The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.)
 CVE-2015-1805 (The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun.")
 CVE-2015-1328
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 3290-1] linux security update (21.06.2015)
 documentUBUNTU, [USN-2647-1] Linux kernel vulnerability (21.06.2015)
 documentUBUNTU, [USN-2634-1] Linux kernel vulnerabilities (13.06.2015)
 documentUBUNTU, [USN-2631-1] Linux kernel vulnerabilities (13.06.2015)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород