vulnerability

Ubuntu: (Multiple Advisories) (CVE-2015-7550): Linux kernel (Utopic HWE) vulnerabilities

Try Surface Command
Back to search
Severity
5
CVSS
(AV:L/AC:L/Au:N/C:N/I:N/A:C)
Published
Feb 7, 2016
Added
Feb 7, 2016
Modified
Aug 18, 2025

Description

It was discovered that a use-after-free vulnerability existed in the
AF_UNIX implementation in the Linux kernel. A local attacker could use
crafted epoll_ctl calls to cause a denial of service (system crash) or
expose sensitive information. (CVE-2013-7446)

It was discovered that the KVM implementation in the Linux kernel did not
properly restore the values of the Programmable Interrupt Timer (PIT). A
user-assisted attacker in a KVM guest could cause a denial of service in
the host (system crash). (CVE-2015-7513)

It was discovered that the Linux kernel keyring subsystem contained a race
between read and revoke operations. A local attacker could use this to
cause a denial of service (system crash). (CVE-2015-7550)

Sasha Levin discovered that the Reliable Datagram Sockets (RDS)
implementation in the Linux kernel had a race condition when checking
whether a socket was bound or not. A local attacker could use this to cause
a denial of service (system crash). (CVE-2015-7990)

It was discovered that the Btrfs implementation in the Linux kernel
incorrectly handled compressed inline extants on truncation. A local
attacker could use this to expose sensitive information. (CVE-2015-8374)

郭永刚 discovered that the Linux kernel networking implementation did
not validate protocol identifiers for certain protocol families, A local
attacker could use this to cause a denial of service (system crash) or
possibly gain administrative privileges. (CVE-2015-8543)

Dmitry Vyukov discovered that the pptp implementation in the Linux kernel
did not verify an address length when setting up a socket. A local attacker
could use this to craft an application that exposed sensitive information
from kernel memory. (CVE-2015-8569)

David Miller discovered that the Bluetooth implementation in the Linux
kernel did not properly validate the socket address length for Synchronous
Connection-Oriented (SCO) sockets. A local attacker could use this to
expose sensitive information. (CVE-2015-8575)

Solutions

ubuntu-upgrade-linux-image-3-13-0-79-genericubuntu-upgrade-linux-image-3-13-0-79-generic-lpaeubuntu-upgrade-linux-image-3-13-0-79-lowlatencyubuntu-upgrade-linux-image-3-13-0-79-powerpc-e500ubuntu-upgrade-linux-image-3-13-0-79-powerpc-e500mcubuntu-upgrade-linux-image-3-13-0-79-powerpc-smpubuntu-upgrade-linux-image-3-13-0-79-powerpc64-embubuntu-upgrade-linux-image-3-13-0-79-powerpc64-smpubuntu-upgrade-linux-image-3-16-0-60-genericubuntu-upgrade-linux-image-3-16-0-60-generic-lpaeubuntu-upgrade-linux-image-3-16-0-60-lowlatencyubuntu-upgrade-linux-image-3-16-0-60-powerpc-e500mcubuntu-upgrade-linux-image-3-16-0-60-powerpc-smpubuntu-upgrade-linux-image-3-16-0-60-powerpc64-embubuntu-upgrade-linux-image-3-16-0-60-powerpc64-smpubuntu-upgrade-linux-image-3-19-0-51-genericubuntu-upgrade-linux-image-3-19-0-51-generic-lpaeubuntu-upgrade-linux-image-3-19-0-51-lowlatencyubuntu-upgrade-linux-image-3-19-0-51-powerpc-e500mcubuntu-upgrade-linux-image-3-19-0-51-powerpc-smpubuntu-upgrade-linux-image-3-19-0-51-powerpc64-embubuntu-upgrade-linux-image-3-19-0-51-powerpc64-smpubuntu-upgrade-linux-image-3-2-0-1477-omap4ubuntu-upgrade-linux-image-3-2-0-99-genericubuntu-upgrade-linux-image-3-2-0-99-generic-paeubuntu-upgrade-linux-image-3-2-0-99-highbankubuntu-upgrade-linux-image-3-2-0-99-omapubuntu-upgrade-linux-image-3-2-0-99-powerpc-smpubuntu-upgrade-linux-image-3-2-0-99-powerpc64-smpubuntu-upgrade-linux-image-3-2-0-99-virtualubuntu-upgrade-linux-image-4-2-0-1022-raspi2ubuntu-upgrade-linux-image-4-2-0-27-genericubuntu-upgrade-linux-image-4-2-0-27-generic-lpaeubuntu-upgrade-linux-image-4-2-0-27-lowlatencyubuntu-upgrade-linux-image-4-2-0-27-powerpc-e500mcubuntu-upgrade-linux-image-4-2-0-27-powerpc-smpubuntu-upgrade-linux-image-4-2-0-27-powerpc64-embubuntu-upgrade-linux-image-4-2-0-27-powerpc64-smp

References

    Title
    NEW

    Explore Exposure Command

    Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

    Try it today