[USN-2542-1] Linux kernel (OMAP4) vulnerabilities
Several security issues were fixed in the kernel.
The Linux kernel's splice system call did not correctly validate its
parameters. A local, unprivileged user could exploit this flaw to cause a
denial of service (system crash). (CVE-2014-7822)
A flaw was discovered in how Thread Local Storage (TLS) is handled by the
task switching function in the Linux kernel for x86_64 based machines. A
local user could exploit this flaw to bypass the Address Space Layout
Radomization (ASLR) protection mechanism. (CVE-2014-9419)
Dmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file
name decoding. A local unprivileged user could exploit this flaw to cause a
denial of service (system crash) or potentially gain administrative
privileges. (CVE-2014-9683)
Carl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) failed to
verify symlink size info. A local attacker, who is able to mount a malicous
UDF file system image, could exploit this flaw to cause a denial of service
(system crash) or possibly cause other undesired behaviors. (CVE-2014-9728)
Carl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) did not
valid inode size information . A local attacker, who is able to mount a
malicous UDF file system image, could exploit this flaw to cause a denial
of service (system crash) or possibly cause other undesired behaviors.
(CVE-2014-9729)
Carl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) did not
correctly verify the component length for symlinks. A local attacker, who
is able to mount a malicous UDF file system image, could exploit this flaw
to cause a denial of service (system crash) or possibly cause other
undesired behaviors. (CVE-2014-9730)
Carl H Lunde discovered an information leak in the UDF file system
(CONFIG_UDF_FS). A local attacker, who is able to mount a malicous UDF file
system image, could exploit this flaw to read potential sensitve kernel
memory. (CVE-2014-9731)
Sun Baoliang discovered a use after free flaw in the Linux kernel's SCTP
(Stream Control Transmission Protocol) subsystem during INIT collisions. A
remote attacker could exploit this flaw to cause a denial of service
(system crash) or potentially escalate their privileges on the system.
(CVE-2015-1421)
- ID
- USN-2542-1
- Severity
- high
- Severity from
- CVE-2015-1421
- URL
- https://ubuntu.com/security/notices/USN-2542-1
- Published
-
2015-03-24T09:15:29
(9 years ago) - Modified
-
2015-03-24T09:15:29
(9 years ago) - Other Advisories
-
- ALAS-2015-476
- DSA-3128-1
- DSA-3170-1
- ELSA-2015-0102
- ELSA-2015-0164
- ELSA-2015-0674
- ELSA-2015-0726
- ELSA-2015-0864
- ELSA-2015-1081
- ELSA-2015-1272
- ELSA-2015-2152
- ELSA-2015-3019
- ELSA-2015-3020
- ELSA-2015-3021
- ELSA-2015-3041
- ELSA-2015-3042
- ELSA-2015-3043
- ELSA-2015-3053
- ELSA-2015-3054
- ELSA-2015-3055
- ELSA-2015-3098
- ELSA-2018-4300
- ELSA-2018-4301
- ELSA-2019-4316
- FEDORA-2015-0515
- FEDORA-2015-0517
- FEDORA-2015-0937
- FEDORA-2015-10678
- FEDORA-2015-12917
- FEDORA-2015-13391
- FEDORA-2015-1657
- FEDORA-2015-1672
- FEDORA-2015-3011
- FEDORA-2015-3594
- FEDORA-2015-4059
- FEDORA-2015-4457
- FEDORA-2015-5024
- FEDORA-2015-6294
- FEDORA-2015-6320
- FEDORA-2015-7736
- FEDORA-2015-8518
- FEDORA-2015-9127
- FEDORA-2015-9704
- RHSA-2015:0102
- RHSA-2015:0674
- RHSA-2015:0726
- RHSA-2015:0727
- RHSA-2015:0864
- RHSA-2015:1081
- RHSA-2015:1272
- RHSA-2015:2152
- RHSA-2015:2411
- SUSE-SU-2015:0529-1
- SUSE-SU-2015:0581-1
- SUSE-SU-2015:0736-1
- SUSE-SU-2015:0832-1
- SUSE-SU-2015:1174-1
- SUSE-SU-2015:1224-1
- SUSE-SU-2015:1324-1
- SUSE-SU-2015:1376-1
- SUSE-SU-2015:1478-1
- SUSE-SU-2015:1488-1
- SUSE-SU-2015:1489-1
- SUSE-SU-2015:1592-1
- SUSE-SU-2015:1611-1
- SUSE-SU-2015:1678-1
- USN-2515-1
- USN-2516-1
- USN-2517-1
- USN-2518-1
- USN-2541-1
- USN-2543-1
- USN-2544-1
- USN-2545-1
- USN-2546-1
- USN-2562-1
- USN-2563-1
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |