{"id":"MGASA-2016-0014","summary":"Updated kernel-linus packages fix security vulnerabilities","details":"This kernel-linus update is based on upstream 4.1.15 longterm kernel and\nfixes the following security issues:\n\nThe virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel\nbefore 4.2 attempts to support a FRAGLIST feature without proper memory\nallocation, which allows guest OS users to cause a denial of service (buffer\noverflow and memory corruption) via a crafted sequence of fragmented packets\n(CVE-2015-5156).\n\nThe KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through\n4.6.x, allows guest OS users to cause a denial of service (host OS panic\nor hang) by triggering many #AC (aka Alignment Check) exceptions, related\nto svm.c and vmx.c (CVE-2015-5307).\n\nThe __rds_conn_create function in net/rds/connection.c in the Linux kernel\nthrough 4.2.3 allows local users to cause a denial of service (NULL pointer\ndereference and system crash) or possibly have unspecified other impact by\nusing a socket that was not properly bound (CVE-2015-6937).\n\nThe key_gc_unused_keys function in security/keys/gc.c in the Linux kernel\nthrough 4.2.6 allows local users to cause a denial of service (OOPS) via\ncrafted keyctl commands (CVE-2015-7872).\n\nThe vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in\nthe Linux kernel through 4.3.3 does not initialize a certain structure\nmember, which allows local users to obtain sensitive information from\nkernel memory via a crafted application (CVE-2015-7884).\n\nThe dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the\nLinux kernel through 4.3.3 does not initialize a certain structure member,\nwhich allows local users to obtain sensitive information from kernel memory\nvia a crafted application (CVE-2015-7885).\n\nFelix Wilhelm discovered a race condition in the Xen paravirtualized\ndrivers which can cause double fetch vulnerabilities. An attacker in the\nparavirtualized guest could exploit this flaw to cause a denial of service\n(crash the host) or potentially execute arbitrary code on the host\n(CVE-2015-8550 / XSA-155).\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service (NULL dereference) on the host\n(CVE-2015-8551 / XSA-157).\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service by flooding the logging system\nwith WARN() messages causing the initial domain to exhaust disk space\n(CVE-2015-8552 / XSA-157).\n\nThe ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel\nthrough 4.3.3 attempts to merge distinct setattr operations, which allows\nlocal users to bypass intended access restrictions and modify the\nattributes of arbitrary overlay files via a crafted application\n(CVE-2015-8660).\n\nFor other fixes in this update, see the referenced changelogs.\n","modified":"2026-02-01T03:18:40.266507Z","published":"2016-01-14T01:44:39Z","related":["CVE-2015-5156","CVE-2015-5307","CVE-2015-6937","CVE-2015-7872","CVE-2015-7884","CVE-2015-7885","CVE-2015-8550","CVE-2015-8551","CVE-2015-8552","CVE-2015-8660"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0014.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=17396"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.13"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.14"},{"type":"REPORT","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.15"}],"affected":[{"package":{"name":"kernel-linus","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/kernel-linus?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.1.15-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0014.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}