ELSA-2015-0726 -- Oracle kernel_python-perf_perfID: oval:org.secpod.oval:def:1500956 | Date: (C)2015-03-30 (M)2024-02-19 |
Class: PATCH | Family: unix |
The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel"s Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. * A use-after-free flaw was found in the way the Linux kernel"s SCTP implementation handled authentication key reference counting during INIT collisions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.
Product: |
kernel |
python-perf |
perf |