Debian: DSA-3426-1 Critical: Linux Kernel Escalation and DoS Threats
debian
December 17, 2015
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, information leak or data loss
Topics Covered
Summary
CVE-2013-7446
Dmitry Vyukov discovered that a particular sequence of valid
operations on local (AF_UNIX) sockets can result in a
use-after-free. This may be used to cause a denial of service
(crash) or possibly for privilege escalation.
CVE-2015-7799
It was discovered that a user granted access to /dev/ppp can cause a
denial of service (crash) by passing invalid parameters to the
PPPIOCSMAXCID ioctl. This also applies to ISDN PPP device nodes.
CVE-2015-7833
Sergej Schumilo, Hendrik Schwartke and Ralf Spenneberg discovered a
flaw in the processing of certain USB device descriptors in the
usbvision driver. An attacker with physical access to the system can
use this flaw to crash the system. This was partly fixed by the
changes listed in DSA 3396-1.
CVE-2015-8104
Jan Beulich reported a guest to host denial-of-service flaw
affecting the KVM hypervisor running on AMD processors. A malicious
guest can trigger an infinite stream of "debug" (#DB) ex...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: linux
CVE ID: CVE-2013-7446 CVE-2015-7799 CVE-2015-7833 CVE-2015-8104
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!