[USN-2760-1] Linux kernel (OMAP4) vulnerabilities

Severity Medium

CVEs 3

Several security issues were fixed in the kernel.

It was discovered that an integer overflow error existed in the SCSI
generic (sg) driver in the Linux kernel. A local attacker with write
permission to a SCSI generic device could use this to cause a denial of
service (system crash) or potentially escalate their privileges.
(CVE-2015-5707)

Marc-André Lureau discovered that the vhost driver did not properly
release the userspace provided log file descriptor. A privileged attacker
could use this to cause a denial of service (resource exhaustion).
(CVE-2015-6252)

It was discovered that the Linux kernel's perf subsystem did not bound
callchain backtraces on PowerPC 64. A local attacker could use this to
cause a denial of service. (CVE-2015-6526)

ID

USN-2760-1

Severity

medium

Severity from

CVE-2015-6526

URL

https://ubuntu.com/security/notices/USN-2760-1

Published