| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unprivileged process can overwrite kernel memory using rdma_ucm.ko
References:
===========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4565
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4565
Reference to the upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
commit/?id=5d43a619be6f1960702daafafe87ceab415be6bc
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes an information leak from getsockname.
References:
===========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8569
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8569
Reference to the upstream fixes:
===============================
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
patch/?id=f167b6f4244fbc8d05fcc385b1bf8e70729c9e7c
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes double-free in usb-audio triggered by invalid USB descriptor.
Reference:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2384
Reference to the upstream patch:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/patch/?id=1ea63b629c9c53af6cdde4daf166b3d31b3e9cfe
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes an information-leak vulnerability in the kernel when it
truncated a file to a smaller size which consisted of an inline
extent that was compressed.
A caller of the clone ioctl could exploit this flaw by using only
standard file-system operations without root access to read the truncated data.
Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8374
Reference to upstream patch:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
patch/?id=f1008f6d21ec52d533f7473e2e46218408fb4580
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes an open race in ALSA timer ioctls.
This flaw may lead to a use-after-free of timer instance object.
Upstream patch:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
patch/?id=ac905ca58370789645e813d8abfa5871c93e9e36
References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2546
http://seclists.org/oss-sec/2016/q1/133
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Incorrect branch fixups for eBPG allow arbitrary read
Reference to CVE assignement:
http://seclists.org/oss-sec/2016/q1/333
Reference to upstrem patch:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
patch/?id=0f912f6700a3f14481c13cbda2b9cc1b636948ac
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes USB hub invalid memory access in hub_activate().
References:
http://www.spinics.net/lists/linux-usb/msg132311.html
http://seclists.org/oss-sec/2016/q1/404
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8816
Reference to upstream patch:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/patch
/?id=a7e83b16c8d83a75c58989e845c664ecaa6e0aa6
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Unix sockets use after free - peer_wait_queue prematurely freed
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7446
References to upstream patch:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/patch/?id=5c77e26862ce604edea05b3442ed765e9756fe0f
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes a race condition flaw in the Linux kernel's IPC subsystem.
Reference to the upstream patch:
https://github.com/torvalds/linux/commit/b9a532277938
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/
commit/?id=b9a532277938798b53178d5a66af6e2915cb27cf
Other external references:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7613
http://seclists.org/oss-sec/2015/q4/7
http://www.openwall.com/lists/oss-security/2015/10/01/8
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Paul Vaduva <Paul.Vaduva@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes a buffer overflow flaw in the Linux kernel's virtio-net subsystem.
Reference to the upstream patch:
http://marc.info/?l=linux-netdev&m=143868216724068&w=2
Other external references:
http://www.openwall.com/lists/oss-security/2015/08/06/1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5156
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Paul Vaduva <Paul.Vaduva@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes a flaw which was found in the way the Linux kernel's file system
implementation handled rename operations in which the source was inside
and the destination was outside of a bind mount.
A privileged user inside a container could use this flaw to escape the bind
mount and, potentially, escalate their privileges on the system.
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2925
http://www.openwall.com/lists/oss-security/2015/04/03/7
Reference to the upstream fixes:
vfs: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/
commit/?id=397d425dc26da728396e66d392d5dcb8dac30c37
dcache: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/
commit/?id=cde93be45a8a90d8c264c776fab63487b5038a65
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Paul Vaduva <Paul.Vaduva@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes possible use-after-free vulnerability in keyring facility.
Introduced by:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/
?id=3a50597de8635cd05133bd12c95681c82fe7b878
References:
http://perception-point.io/2016/01/14/analysis-and-exploitation-of-
a-linux-kernel-vulnerability-cve-2016-0728/
https://bugzilla.redhat.com/show_bug.cgi?id=1297475
Red Hat KCS article:
https://access.redhat.com/articles/2131021
Patch is taken from:
https://bugzilla.redhat.com/attachment.cgi?id=1116563
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes NULL pointer dereference in USB WhiteHEAT serial.
Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5257
Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
patch/?id=44f73be485f66dfeca7c6a5e334a7a11b97a4151
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes vhost fd leak in ioctl VHOST_SET_LOG_FD
References:
===========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6252
http://www.openwall.com/lists/oss-security/2015/08/18/3
Upstream fix:
=============
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
patch/?id=7932c0bd7740f4cd2aa168d3ce0199e7af7d72d5
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes information leak in md driver of the Linux kernel.
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5697
Upstream fix 4.1 kernel:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
patch/?id=33afeac21b9cb79ad8fc5caf239af89c79e25e1e
Upstream fix for 3.19 kernel (from stable kernel.3.18):
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
patch/?id=e46e18eb387767fa26356417210ef41d0855ef1e
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes Race condition when sending message on unbound socket causing NULL
pointer dereference.
CVE-2015-7990 is a complete fix for CVE-2015-6937.
References:
https://lkml.org/lkml/2015/10/16/530
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7990
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes NULL pointer dereference in net/rds/connection.c
Upstream patch:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/
?id=74e98eb085889b0d2d4908f59f6e00026063014f
Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6937
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes denial of service due to memory leak in add_key()
References:
http://www.openwall.com/lists/oss-security/2015/07/27/7
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1333
Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/stable/
linux-stable.git/commit/?id=4fd5dc9eece297f49f16f82422ead3a28b11ea70
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
|
|
|
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
|
