USN-2843-2

Description

linux-lts-wily vulnerabilities Jan Beulich discovered that the KVM svm hypervisor implementation in the Linux kernel did not properly catch Debug exceptions on AMD processors. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS. (CVE-2015-8104) 郭永刚 discovered that the ppp implementation in the Linux kernel did not ensure that certain slot numbers are valid. A local attacker with the privilege to call ioctl() on /dev/ppp could cause a denial of service (system crash). (CVE-2015-7799) Dmitry Vyukov discovered that the Linux kernel's keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash). (CVE-2015-7872) It was discovered that the virtual video osd test driver in the Linux kernel did not properly initialize data structures. A local attacker could use this to obtain sensitive information from the kernel. (CVE-2015-7884) It was discovered that the driver for Digi Neo and ClassicBoard devices did not properly initialize data structures. A local attacker could use this to obtain sensitive information from the kernel. (CVE-2015-7885)

Affected Systems

• ubuntu•linux-lts-wily

  < 4.2.0-21.25~14.04.1

References (6)

• https://ubuntu.com/security/notices/USN-2843-2
• https://ubuntu.com/security/CVE-2015-7799
• https://ubuntu.com/security/CVE-2015-7872
• https://ubuntu.com/security/CVE-2015-7884
• https://ubuntu.com/security/CVE-2015-7885
• https://ubuntu.com/security/CVE-2015-8104