The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Linux kernel

computer vulnerability announce CVE-2015-0569

Linux kernel: buffer overflow of the prima WLAN driver

Synthesis of the vulnerability

An attacker can generate a buffer overflow in the prima WLAN driver of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Linux.
Severity: 2/4.
Creation date: 26/01/2016.
Identifiers: CVE-2015-0569, VIGILANCE-VUL-18817.

Description of the vulnerability

The Linux driver prima WLAN is used in some Android based devices.

The ioctl system call is used for special operations like setting or getting interface parameters. However, the command numbered 0x8bf7 of this driver does not rightly check its parameters. If the size of data is greater than the size of the storage array, an overflow occurs.

An attacker can therefore generate a buffer overflow in the prima WLAN driver of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2016-2069

Linux kernel: privilege escalation via TLB synchronization between processors

Synthesis of the vulnerability

An attacker can trigger a synchronization error of processor' TLB in the Linux kernel, in order to escalate his privileges.
Impacted products: Debian, Linux, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 25/01/2016.
Identifiers: CERTFR-2016-AVI-069, CERTFR-2016-AVI-070, CERTFR-2016-AVI-073, CERTFR-2016-AVI-082, CERTFR-2016-AVI-099, CERTFR-2016-AVI-103, CERTFR-2016-AVI-110, CERTFR-2016-AVI-159, CERTFR-2016-AVI-186, CERTFR-2016-AVI-199, CERTFR-2017-AVI-001, CVE-2016-2069, DSA-3503-1, openSUSE-SU-2016:0537-1, openSUSE-SU-2016:1008-1, openSUSE-SU-2016:2649-1, openSUSE-SU-2016:3021-1, RHSA-2016:2574-02, RHSA-2016:2584-02, RHSA-2017:0817-01, SUSE-SU-2016:0585-1, SUSE-SU-2016:0785-1, SUSE-SU-2016:0911-1, SUSE-SU-2016:1102-1, SUSE-SU-2016:1203-1, SUSE-SU-2016:2074-1, SUSE-SU-2016:3304-1, USN-2908-1, USN-2908-2, USN-2908-3, USN-2908-4, USN-2908-5, USN-2931-1, USN-2932-1, USN-2967-1, USN-2967-2, USN-2989-1, USN-2998-1, VIGILANCE-VUL-18812.

Description of the vulnerability

The x86 processors include a cache of the page table, which must be shared by all processors.

The Linux kernel implements a specific protocol to spread changes to the page table into all the processors' cache. However, there is an error in this protocol and a consequence is that there may be a sequence of instructions and hardware interrupts that grant access to a memory area which should be unreachable.

An attacker can therefore trigger a synchronization error of processor' TLB in the Linux kernel, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2016-2070

Linux kernel: denial of service via TCP congestion management

Synthesis of the vulnerability

An attacker can send a malicious TCP packet sequence to a host running Linux, in order to trigger a denial of service.
Impacted products: Linux.
Severity: 2/4.
Creation date: 25/01/2016.
Identifiers: CVE-2016-2070, VIGILANCE-VUL-18811.

Description of the vulnerability

The Linux kernel implements the flow control for TCP connections with the Proportional Rate Reduction algorithm defined in the RFC 6937.

However, in this implementation, there are some packet sequences which leads to a division by 0 while processing a received packet. While the kernel runs in interrupt context, this exception is a fatal error which stops the whole kernel.

An attacker can therefore send a malicious TCP packet sequence to a host running Linux, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2016-2053

Linux kernel: denial of service via public_key_verify_signature

Synthesis of the vulnerability

An attacker can submit an ill formed X.509 certificate to the function public_key_verify_signature() of the Linux kernel, in order to trigger a denial of service.
Impacted products: Android OS, Linux, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Creation date: 25/01/2016.
Identifiers: 1300237, CERTFR-2016-AVI-267, CVE-2016-2053, openSUSE-SU-2016:1641-1, openSUSE-SU-2016:2144-1, openSUSE-SU-2016:2184-1, RHSA-2016:2574-02, RHSA-2016:2584-02, SUSE-SU-2016:1672-1, SUSE-SU-2016:1690-1, SUSE-SU-2016:1937-1, SUSE-SU-2016:1985-1, SUSE-SU-2016:2105-1, SUSE-SU-2016:2245-1, VIGILANCE-VUL-18810.

Description of the vulnerability

The Linux kernel cau use public keys from X.509 certificates.

Before public keys are used, they must be validated. However, the certificate parser does not check all the constraints and there is an ill formed certificate the processing of which will trigger an assertion violation in public_key_verify_signature(), which leads to a kernel panic.

An attacker can therefore submit an ill formed X.509 certificate to the function public_key_verify_signature() of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2008-7316 CVE-2015-8785

Linux kernel: infinite loop of FUSE

Synthesis of the vulnerability

An attacker can generate an infinite loop in the FUSE module of the Linux kernel, in order to trigger a denial of service.
Impacted products: Debian, Linux, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 25/01/2016.
Identifiers: CERTFR-2016-AVI-044, CERTFR-2016-AVI-069, CERTFR-2016-AVI-073, CERTFR-2016-AVI-082, CERTFR-2016-AVI-103, CERTFR-2016-AVI-110, CVE-2008-7316, CVE-2015-8785, DSA-3503-1, openSUSE-SU-2016:1008-1, openSUSE-SU-2016:2144-1, openSUSE-SU-2016:2649-1, SUSE-SU-2016:0585-1, SUSE-SU-2016:0785-1, SUSE-SU-2016:0911-1, SUSE-SU-2016:1102-1, SUSE-SU-2016:1203-1, SUSE-SU-2016:1764-1, SUSE-SU-2016:2074-1, USN-2886-1, USN-2886-2, USN-2907-1, USN-2907-2, USN-2908-1, USN-2908-2, USN-2908-3, USN-2908-4, USN-2908-5, USN-2909-1, USN-2909-2, USN-2910-1, USN-2910-2, VIGILANCE-VUL-18809.

Description of the vulnerability

FUSE is an interface that allows filesystems be implemented by a user space program, instead of a kernel module.

The kernel includes an interface that delegates system calls related to a file from a FUSE mount to the related user process. A write into a file may be specified by passing a list of pairs (pointer, length) to the kernel. However, when the list starts with a 0 length pair, the kernel fails to progress in the list traversal, so the system call never terminates.

An attacker can therefore generate an infinite loop in the FUSE module of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2015-8539

Linux kernel: privilege escalation via keyctl update

Synthesis of the vulnerability

A local attacker can use a Negatively Instantiated key on the Linux kernel, in order to escalate his privileges.
Impacted products: Linux, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Creation date: 19/01/2016.
Identifiers: CERTFR-2016-AVI-073, CERTFR-2016-AVI-110, CVE-2015-8539, openSUSE-SU-2016:0280-1, openSUSE-SU-2016:2649-1, RHSA-2018:0151-01, RHSA-2018:0152-01, SUSE-SU-2016:0168-1, SUSE-SU-2016:0585-1, SUSE-SU-2016:0911-1, SUSE-SU-2016:1102-1, SUSE-SU-2016:1203-1, SUSE-SU-2016:1937-1, SUSE-SU-2016:2074-1, VIGILANCE-VUL-18753.

Description of the vulnerability

The Linux kernel can store cryptographic keys, which are managed using keyctl.

However, a local attacker can alter a key with errors (Negatively Instantiated, KEY_FLAG_NEGATIVE).

A local attacker can therefore use a Negatively Instantiated key on the Linux kernel, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2013-4312

Linux kernel: denial of service via Limits

Synthesis of the vulnerability

A local attacker can bypass limits on the Linux kernel, in order to trigger a denial of service.
Impacted products: Debian, Fedora, NSM Central Manager, NSMXpress, Linux, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 19/01/2016.
Identifiers: CERTFR-2016-AVI-069, CERTFR-2016-AVI-082, CERTFR-2016-AVI-099, CERTFR-2016-AVI-159, CERTFR-2017-AVI-034, CVE-2013-4312, DSA-3448-1, DSA-3503-1, FEDORA-2016-2f25d12c51, FEDORA-2016-5d43766e33, JSA10853, RHSA-2016:0855-01, RHSA-2016:2574-02, RHSA-2016:2584-02, SUSE-SU-2016:2245-1, SUSE-SU-2016:2976-1, SUSE-SU-2016:3069-1, SUSE-SU-2017:0333-1, USN-2908-1, USN-2908-2, USN-2908-3, USN-2908-4, USN-2908-5, USN-2929-1, USN-2929-2, USN-2931-1, USN-2932-1, USN-2967-1, USN-2967-2, VIGILANCE-VUL-18752.

Description of the vulnerability

Resource limits can be defined for each process.

However, a local attacker can bypass these limits.

A local attacker can therefore bypass limits on the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2015-7566

Linux kernel: denial of service via Visor clie_5_attach

Synthesis of the vulnerability

An attacker can plug a malicious USB device, in order to trigger a denial of service in the visor driver of the Linux kernel.
Impacted products: Debian, Fedora, Linux, openSUSE, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 19/01/2016.
Identifiers: CERTFR-2016-AVI-082, CERTFR-2016-AVI-099, CERTFR-2016-AVI-114, CERTFR-2016-AVI-159, CVE-2015-7566, DSA-3448-1, DSA-3503-1, FEDORA-2016-26e19f042a, FEDORA-2016-5d43766e33, FEDORA-2016-b59fd603be, openSUSE-SU-2016:2144-1, openSUSE-SU-2016:2649-1, OS-S 2016-09, SUSE-SU-2016:1203-1, SUSE-SU-2016:1672-1, SUSE-SU-2016:1707-1, SUSE-SU-2016:1764-1, SUSE-SU-2016:2074-1, USN-2929-1, USN-2929-2, USN-2930-1, USN-2930-2, USN-2930-3, USN-2932-1, USN-2948-1, USN-2948-2, USN-2967-1, USN-2967-2, VIGILANCE-VUL-18751.

Description of the vulnerability

The Linux kernel contains a visor driver for Handspring Visor USB devices.

However, a malicious USB device forces the clie_5_attach() function of the drivers/usb/serial/visor.c file to dereference a NULL pointer.

An attacker can therefore plug a malicious USB device, in order to trigger a denial of service in the visor driver of the Linux kernel.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2016-0723

Linux kernel: use after free via TIOCGETD

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via TIOCGETD on the Linux kernel, in order to trigger a denial of service.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, FortiClient, FortiOS, Android OS, Linux, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 19/01/2016.
Identifiers: CERTFR-2016-AVI-070, CERTFR-2016-AVI-073, CERTFR-2016-AVI-082, CERTFR-2016-AVI-099, CERTFR-2016-AVI-103, CERTFR-2016-AVI-110, CERTFR-2016-AVI-114, CERTFR-2016-AVI-159, CVE-2016-0723, DSA-3448-1, DSA-3503-1, FEDORA-2016-2f25d12c51, FEDORA-2016-5d43766e33, FG-IR-16-013, FG-IR-16-041, openSUSE-SU-2016:0537-1, openSUSE-SU-2016:1008-1, openSUSE-SU-2016:2649-1, SOL43650115, SUSE-SU-2016:0585-1, SUSE-SU-2016:0785-1, SUSE-SU-2016:0911-1, SUSE-SU-2016:1102-1, SUSE-SU-2016:1203-1, SUSE-SU-2016:1764-1, SUSE-SU-2016:2074-1, USN-2929-1, USN-2929-2, USN-2930-1, USN-2930-2, USN-2930-3, USN-2932-1, USN-2948-1, USN-2948-2, USN-2967-1, USN-2967-2, VIGILANCE-VUL-18750.

Description of the vulnerability

The TIOCGETD returns the "Line Discipline" of the tty terminal.

However, the function implementing this ioctl frees a memory area before reusing it.

An attacker can therefore force the usage of a freed memory area via TIOCGETD on the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2016-0728

Linux kernel: use after free via join_session_keyring

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via the join_session_keyring() function of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Blue Coat CAS, Brocade Network Advisor, Brocade vTM, Debian, Fedora, Linux, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu, WindRiver Linux.
Severity: 2/4.
Creation date: 19/01/2016.
Identifiers: BSA-2016-004, CVE-2016-0728, CVE-2016-7028-REJECT, DSA-3448-1, FEDORA-2016-26e19f042a, FEDORA-2016-5d43766e33, FEDORA-2016-b59fd603be, openSUSE-SU-2016:0280-1, openSUSE-SU-2016:0301-1, openSUSE-SU-2016:0318-1, RHSA-2016:0064-01, RHSA-2016:0065-01, RHSA-2016:0068-01, RHSA-2016:0103-01, SA112, SUSE-SU-2016:0186-1, SUSE-SU-2016:0205-1, USN-2870-1, USN-2870-2, USN-2871-1, USN-2871-2, USN-2872-1, USN-2872-2, USN-2872-3, USN-2873-1, VIGILANCE-VUL-18749.

Description of the vulnerability

The Linux kernel can store cryptographic keys, which are managed using keyctl.

However, if the join_session_keyring() function is used on a keyring currently in usage, a counter is not updated. This counter can then overflow, and force the object to be freed, but it is still used later.

An attacker can therefore force the usage of a freed memory area via the join_session_keyring() function of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Linux kernel: