DSA-3128-1 linux -- linuxID: oval:org.secpod.oval:def:601913 | Date: (C)2015-01-22 (M)2024-03-20 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or information leaks. CVE-2013-6885 It was discovered that under specific circumstances, a combination of write operations to write-combined memory and locked CPU instructions may cause a core hang on AMD 16h 00h through 0Fh processors. A local user can use this flaw to mount a denial of service via a crafted application. A local unprivileged user could potentially use this flaw to leak kernel stack addresses and thus allowing to bypass the ASLR protection mechanism. CVE-2014-9419 It was found that on Linux kernels compiled with the 32 bit interfaces a malicious user program can do a partial ASLR bypass through TLS base addresses leak when attacking other programs. CVE-2014-9529 It was discovered that the Linux kernel is affected by a race condition flaw when doing key garbage collection, allowing local users to cause a denial of service . CVE-2014-9584 It was found that the Linux kernel does not validate a length value in the Extensions Reference System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.