[USN-2666-1] Linux kernel vulnerabilities

Severity High

CVEs 6

Several security issues were fixed in the kernel.

A race condition was discovered in the Linux kernel's file_handle size
verification. A local user could exploit this flaw to read potentially
sensative memory locations. (CVE-2015-1420)

A underflow error was discovered in the Linux kernel's Ozmo Devices USB
over WiFi host controller driver. A remote attacker could exploit this flaw
to cause a denial of service (system crash) or potentially execute
arbitrary code via a specially crafted packet. (CVE-2015-4001)

A bounds check error was discovered in the Linux kernel's Ozmo Devices USB
over WiFi host controller driver. A remote attacker could exploit this flaw
to cause a denial of service (system crash) or potentially execute
arbitrary code via a specially crafted packet. (CVE-2015-4002)

A division by zero error was discovered in the Linux kernel's Ozmo Devices
USB over WiFi host controller driver. A remote attacker could exploit this
flaw to cause a denial of service (system crash). (CVE-2015-4003)

Carl H Lunde discovered missing consistency checks in the the Linux kernel's UDF
file system (CONFIG_UDF_FS). A local attacker could exploit this flaw to
cause a denial of service (system crash) by using a corrupted file system
image. (CVE-2015-4167)

Daniel Borkmann reported a kernel crash in the Linux kernel's BPF filter
JIT optimization. A local attacker could exploit this flaw to cause a
denial of service (system crash). (CVE-2015-4700)

ID

USN-2666-1

Severity

high

Severity from

CVE-2015-4001

URL

https://ubuntu.com/security/notices/USN-2666-1

Published