CVE-2015-3291
https://notcve.org/view.php?id=CVE-2015-3291
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform does not properly determine when nested NMI processing is occurring, which allows local users to cause a denial of service (skipped NMI) by modifying the rsp register, issuing a syscall instruction, and triggering an NMI. Vulnerabilidad en arch/x86/entry/entry_64.S en el kernel de Linux en versiones anteriores a 4.1.6 en la plataforma x86_64, no determina correctamente cuándo está ocurriendo el procesamiento anidado de NMI, lo que permite a usuarios locales causar una denegación de servicio (NMI saltada) modificando el registro rsp, causando una llamada de instrucción del sistema y desencadenando una NMI. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=810bc075f78ff2c221536eb3008eac6a492dba2d http://www.debian.org/security/2015/dsa-3313 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6 http://www.openwall.com/lists/oss-security/2015/07/22/7 http://www.securityfocus.com/bid/76003 http://www.ubuntu.com/usn/USN-2687-1 http://www.ubuntu.com/usn/USN-2688-1 http://www.ubuntu.com/usn/USN-2689-1 http://www.ubuntu.com/usn • CWE-17: DEPRECATED: Code •
CVE-2015-5157 – kernel: x86-64: IRET faults during NMIs processing
https://notcve.org/view.php?id=CVE-2015-5157
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI. Vulnerabilidad en arch/x86/entry/entry_64.S en el kernel de Linux en versiones anteriores a 4.1.6 en la plataforma x86_64, no maneja correctamente los fallos IRET procesando NMIs que ocurrieron durante la ejecución en el espacio de usuario, lo que puede permitir a usuarios locales obtener privilegios mediante desencadenamiento de una NMI. A flaw was found in the way the Linux kernel handled IRET faults during the processing of NMIs. An unprivileged, local user could use this flaw to crash the system or, potentially (although highly unlikely), escalate their privileges on the system. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b6e6a8334d56354853f9c255d1395c2ba570e0a http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html http://rhn.redhat.com • CWE-264: Permissions, Privileges, and Access Controls CWE-435: Improper Interaction Between Multiple Correctly-Behaving Entities •
CVE-2015-5366 – kernel: net: incorrect processing of checksums in UDP implementation
https://notcve.org/view.php?id=CVE-2015-5366
The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364. Vulnerabilidad en las funciones (1) udp_recvmsg y (2) udpv6_recvmsg en el kernel de Linux en versiones anteriores a 4.0.6, proporcionan valores de retorno -EAGAIN inapropiados, lo que permite a atacantes remotos causar una denegación de servicio (interrupción de lectura de EPOLLET en aplicación epoll) a través de una suma de comprobación incorrecta en un paquete UDP, una vulnerabilidad diferente a CVE-2015-5364. A flaw was found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=beb39db59d14990e401e235faf66a6b9b31240b0 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html http://lists.opensuse.org/opensuse • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2015-5364 – kernel: net: incorrect processing of checksums in UDP implementation
https://notcve.org/view.php?id=CVE-2015-5364
The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood. Vulnerabilidad en las funciones (1) udp_recvmsg y (2) udpv6_recvmsg en el kernel de Linux en versiones anteriores a 4.0.6, no considera adecuadamente ceder un procesador, lo que permite a atacantes remotos causar una denegación de servicio (colgado del sistema) a través de sumas de comprobación incorrectas dentro de una inundación de paquetes UDP. A flaw was found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=beb39db59d14990e401e235faf66a6b9b31240b0 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html http://lists.opensuse.org/opensuse • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2015-4692
https://notcve.org/view.php?id=CVE-2015-4692
The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call. Vulnerabilidad en la función kvm_apic_has_events en arch/x86/kvm/lapic.h en el Kernel de Linux hasta la versión 4.1.3, permite a usuarios locales causar una denegación de servicio (mediante la referencia a un puntero NULO y una caída del sistema) o posiblemente tener otro impacto no especificado a través del aprovechamiento de acceso a /dev/kvm para una llamada ioctl. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce40cd3fc7fa40a6119e5fe6c0f2bc0eb4541009 http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160829.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/161144.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html http://www.debian.org/security/2015/dsa-3329 http://www.openwall.com/lists/oss-securit •