Details
-
Bug
-
Resolution: Fixed
-
Minor
-
None
-
None
-
None
-
3
-
9223372036854775807
Description
- An integer overflow flaw was found in the way the Linux kernel's
netfilter connection tracking implementation loaded extensions. An attacker
on a local network could potentially send a sequence of specially crafted
packets that would initiate the loading of a large number of extensions,
causing the targeted system in that network to crash. (CVE-2014-9715,
Moderate)
- A stack-based buffer overflow flaw was found in the Linux kernel's early
load microcode functionality. On a system with UEFI Secure Boot enabled, a
local, privileged user could use this flaw to increase their privileges to
the kernel (ring0) level, bypassing intended restrictions in place.
(CVE-2015-2666, Moderate)
- It was found that the Linux kernel's ping socket implementation did not
properly handle socket unhashing during spurious disconnects, which could
lead to a use-after-free flaw. On x86-64 architecture systems, a local user
able to create ping sockets could use this flaw to crash the system.
On non-x86-64 architecture systems, a local user able to create ping
sockets could use this flaw to escalate their privileges on the system.
(CVE-2015-3636, Moderate)
- It was found that the Linux kernel's TCP/IP protocol suite implementation
for IPv6 allowed the Hop Limit value to be set to a smaller value than the
default one. An attacker on a local network could use this flaw to prevent
systems on that network from sending or receiving network packets.
(CVE-2015-2922, Low)
Bugs fixed (https://bugzilla.redhat.com/):
1203712 - CVE-2015-2922 kernel: denial of service (DoS) attack against IPv6 network stacks due to improper handling of Router Advertisements.
1204722 - CVE-2015-2666 kernel: execution in the early microcode loader
1208684 - CVE-2014-9715 kernel: netfilter connection tracking extensions denial of service
1218074 - CVE-2015-3636 kernel: ping sockets: use-after-free leading to local privilege escalation