Debian: DSA-3313-1 Moderate: Linux Kernel Privilege Escalation and DoS
debian
July 23, 2015
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service
Topics Covered
Summary
CVE-2015-3290
Andy Lutomirski discovered that the Linux kernel does not properly
handle nested NMIs. A local, unprivileged user could use this flaw
for privilege escalation.
CVE-2015-3291
Andy Lutomirski discovered that under certain conditions a malicious
userspace program can cause the kernel to skip NMIs leading to a
denial of service.
CVE-2015-4167
Carl Henrik Lunde discovered that the UDF implementation is missing
a necessary length check. A local user that can mount devices could
use this flaw to crash the system.
CVE-2015-5157
Petr Matousek and Andy Lutomirski discovered that an NMI that
interrupts userspace and encounters an IRET fault is incorrectly
handled. A local, unprivileged user could use this flaw for denial
of service or possibly for privilege escalation.
CVE-2015-5364
It was discovered that the Linux kernel does not properly handle
invalid UDP checksums. A remote attacker could exploit this flaw to
cause a denial of servi...
PREVIOUS
NEXT
Package: linux
CVE ID: CVE-2015-3290 CVE-2015-3291 CVE-2015-4167 CVE-2015-5157
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!