A use-after-free flaw was found in the way the Linux kernel"s Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system. A vulnerability was found in the Linux kernel. When file permissions are modified via chmod and the user is not in the owning group or capable of CAP_FSETID, the setgid bit is cleared in inode_change_ok. Setting a POSIX ACL via setxattr sets the file permissions as well as the new ACL, but doesn"t clear the setgid bit in a similar way; this allows to bypass the check in chmod. A vulnerability was found in the Linux kernel in "tmpfs" file system. When file permissions are modified via "chmod" and the user is not in the owning group or capable of CAP_FSETID, the setgid bit is cleared in inode_change_ok. Setting a POSIX ACL via "setxattr" sets the file permissions as well as the new ACL, but doesn"t clear the setgid bit in a similar way; this allows to bypass the check in "chmod". An issue was found in the Linux kernel ipv6 implementation of GRE tunnels which allows a remote attacker to trigger an out-of-bounds access. It was discovered that an application may trigger a BUG_ON in sctp_wait_for_sndbuf if the socket tx buffer is full, a thread is waiting on it to queue more data, and meanwhile another thread peels off the association being used by the first thread