MGASA-2015-0210

Advisory lineage Upstream: 3 Downstream: 0
Published: 11 May 2015, 20:10
Last modified:16 Apr 2026, 06:23

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

11 May 2015, 20:10
Published
Vulnerability first disclosed
16 Apr 2026, 06:23
Last Modified
Vulnerability information updated

Description

Updated kernel packages fix security vulnerabilities This kernel update is based on upstream -longterm 3.14.41 and fixes the following security issues: net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers (CVE-2014-8160). The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction (CVE-2015-0239). It was found that the Linux kernel's ping socket implementation didn't properly handle socket unhashing during spurious disconnects which could lead to use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On non-x86-64 architecture systems, a local user able to create ping sockets could use this flaw to increase their privileges on the system. Note: By default ping sockets are disabled on the system (net.ipv4.ping_group_range = 1 0) and have to be explicitly enabled by the system administrator for specific user groups in order to exploit this issue (CVE-2015-3636). For other fixes in this update, see the referenced changelogs.

Affected Systems

  • mageiakernel

    < 3.14.41-1.mga4

  • mageiakernel-userspace-headers

    < 3.14.41-1.mga4

  • mageiakmod-broadcom-wl

    < 6.30.223.141-52.mga4.nonfree

  • mageiakmod-fglrx

    < 14.010.1006-22.mga4.nonfree

  • mageiakmod-nvidia-current

    < 331.113-7.mga4.nonfree

  • mageiakmod-nvidia173

    < 173.14.39-37.mga4.nonfree

  • mageiakmod-nvidia304

    < 304.125-7.mga4.nonfree

  • mageiakmod-vboxadditions

    < 4.3.26-7.mga4

  • mageiakmod-virtualbox

    < 4.3.26-7.mga4

  • mageiakmod-xtables-addons

    < 2.5-17.mga4

References (4)