CVE-2015-4170 – kernel: pty layer race condition on tty ldisc shutdown.
https://notcve.org/view.php?id=CVE-2015-4170
Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by establishing a new tty thread during shutdown of a previous tty thread. Condición de carrera en la función ldsem_cmpxchg en drivers/tty/tty_ldsem.c en el kernel de Linux en versiones anteriores a 3.13-rc4-next-20131218 permite a usuarios locales provocar una denegación de servicio (interbloqueo de ldsem_down_read y ldsem_down_write) estableciendo un nuevo hilo tty durante la desconexión de un hilo tty previo. A flaw was discovered in the way the Linux kernel's TTY subsystem handled the tty shutdown phase. A local, unprivileged user could use this flaw to cause denial of service on the system by holding a reference to the ldisc lock during tty shutdown, causing a deadlock. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cf872776fc84128bb779ce2b83a37c884c3203ae http://www.openwall.com/lists/oss-security/2015/05/26/1 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/74820 https://access.redhat.com/errata/RHSA-2016:1395 https://bugzilla.redhat.com/show_bug.cgi?id=1218879 https://github.com/torvalds/linux/commit/cf872776fc84128bb779ce2b83a37c884c3203ae https://www.kernel.org/pub/linu • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-667: Improper Locking •
CVE-2015-8215 – kernel: MTU value is not validated in IPv6 stack causing packet loss
https://notcve.org/view.php?id=CVE-2015-8215
net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product. net/ipv6/addrconf.c en la pila IPv6 en el kernel Linux en versiones anteriores a 4.0 no valida los intentos de cambio del valor MTU, lo que permite a atacantes dependientes del contexto causar una denegación de servicio (pérdida de paquetes) a través de un valor que es (1) menor que el valor mínimo compatible o (2) más grande que la MTU de una interfaz, según lo demostrado por un mensaje Router Advertisement (RA) que no es validado por un demonio, una vulnerabilidad diferente a CVE-2015-0272. NOTA: el alcance de CVE-2015-0272 se limita al producto NetworkManager. It was found that the Linux kernel's IPv6 network stack did not properly validate the value of the MTU variable when it was set. A remote attacker could potentially use this flaw to disrupt a target system's networking (packet loss) by setting an invalid MTU value, for example, via a NetworkManager daemon that is processing router advertisement packets running on the target system. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77751427a1ff25b27d47a4c36b12c3c8667855ac http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html http://lists.opensuse.org • CWE-20: Improper Input Validation •
CVE-2015-8104 – virt: guest to host DoS by triggering an infinite loop in microcode via #DB exception
https://notcve.org/view.php?id=CVE-2015-8104
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c. El subsistema KVM en el kernel Linux hasta la versión 4.2.6, y Xen 4.3.x hasta la versión 4.6.x permite a usuarios del SO invitados causar una denegación de servicio (panic en el host del SO o cuelgue) desencadenando muchas excepciones #DB (también conocidas como Debug), relacionadas con svm.c. It was found that the x86 ISA (Instruction Set Architecture) is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way (sequential) delivering of benign exceptions such as #DB (debug exception) is handled. A privileged user inside a guest could use this flaw to create denial of service conditions on the host kernel. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cbdb967af3d54993f5814f1cee0ed311a055377d http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172187.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172300.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172435.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html http:/ • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2015-7872 – kernel: Keyrings crash triggerable by unprivileged user
https://notcve.org/view.php?id=CVE-2015-7872
The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands. La función key_gc_unused_keys en security/keys/gc.c en el kernel Linux hasta la versión 4.2.6 permite a usuarios locales causar una denegación de servicio (OOPS) a través de comandos keyctl manipulados. It was found that the Linux kernel's keys subsystem did not correctly garbage collect uninstantiated keyrings. A local attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce1fad2740c648a4340f6f6c391a8a83769d2e8c http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f05819df10d7b09f6d1eb6f8534a8f68e5a4fe61 http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026 • CWE-20: Improper Input Validation CWE-456: Missing Initialization of a Variable •
CVE-2015-7990
https://notcve.org/view.php?id=CVE-2015-7990
Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6937. Condición de carrera en la función rds_sendmsg en net/rds/sendmsg.c en el kernel de Linux en versiones anteriores a 4.3.3 permite a usuarios locales provocar una denegación de servicio (referencia a puntero NULL y caída del sistema) o posiblemente tener otro impacto no especificado mediante el uso de un socket que no estaba vinculado adecuadamente. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2015-6937 • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8c7188b23474cca017b3ef354c4a58456f68303a http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html http://lists.opensuse.org • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •