Vulnerability & Exploit Database

Displaying all 9 entries

Results for: CVE-2015-2041 Back to search

SUSE: CVE-2015-2041: SUSE Linux Security Advisory Vulnerability

  • Severity: 5
  • Published: April 21, 2015

net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.

USN-2565-1: Linux kernel vulnerabilities Vulnerability

  • Severity: 7
  • Published: March 16, 2015

Array index error in the tcm_vhost_make_tpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl call. NOTE: the affected function was renamed to vhost_scsi_make_tpg...

USN-2564-1: Linux kernel (Utopic HWE) vulnerabilities Vulnerability

  • Severity: 7
  • Published: March 16, 2015

Array index error in the tcm_vhost_make_tpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl call. NOTE: the affected function was renamed to vhost_scsi_make_tpg...

USN-2563-1: Linux kernel vulnerabilities Vulnerability

  • Severity: 10
  • Published: March 16, 2015

Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data.

USN-2562-1: Linux kernel (Trusty HWE) vulnerabilities Vulnerability

  • Severity: 10
  • Published: March 16, 2015

Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data.

USN-2561-1: Linux kernel (OMAP4) vulnerabilities Vulnerability

  • Severity: 7
  • Published: March 16, 2015

The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or ga...

USN-2560-1: Linux kernel vulnerabilities Vulnerability

  • Severity: 5
  • Published: March 16, 2015

The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/...

DSA-3237-1 linux -- security update Vulnerability

  • Severity: 9
  • Published: March 16, 2015

The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a...

Cent OS: CVE-2013-4299: CESA-2013:1449 (kernel) Vulnerability

  • Severity: 6
  • Published: October 24, 2013

Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device.