Red Hat Security Advisory 2015-2636-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a container could use this flaw to escape the bind mount and, potentially, escalate their privileges on the system. It was found that the x86 ISA is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way delivering of benign exceptions such as #AC and #DB is handled. A privileged user inside a guest could use these flaws to create denial of service conditions on the host kernel.
4c9d3dc7b4a5862f13ddb25c6fe1d7ed8bae4329d542c363dd404d810e5e5967
Red Hat Security Advisory 2015-2587-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a container could use this flaw to escape the bind mount and, potentially, escalate their privileges on the system. It was found that the x86 ISA is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way delivering of benign exceptions such as #AC is handled. A privileged user inside a guest could use this flaw to create denial of service conditions on the host kernel.
7c10b5b27343af2c74bf31bd63e001e77554ed3df9654b75aad0b83c56e51efc
Red Hat Security Advisory 2015-2411-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a container could use this flaw to escape the bind mount and, potentially, escalate their privileges on the system. A race condition flaw was found in the way the Linux kernel's IPC subsystem initialized certain fields in an IPC object structure that were later used for permission checking before inserting the object into a globally visible list. A local, unprivileged user could potentially use this flaw to elevate their privileges on the system.
4ebb6d7591b02e0740e1a4134740ddd99527157811e2ec9e82dc7ce5145182a6
Red Hat Security Advisory 2015-2152-02 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a container could use this flaw to escape the bind mount and, potentially, escalate their privileges on the system. A race condition flaw was found in the way the Linux kernel's IPC subsystem initialized certain fields in an IPC object structure that were later used for permission checking before inserting the object into a globally visible list. A local, unprivileged user could potentially use this flaw to elevate their privileges on the system.
06dbad210262abe32fe40f41673bf1f3c59cc04c20cc43a1e532a4849a8b46c6
Ubuntu Security Notice 2797-1 - It was discovered that the Linux kernel did not check if a new IPv6 MTU set by a user space application was valid. A remote attacker could forge a route advertisement with an invalid MTU that a user space daemon like NetworkManager would honor and apply to the kernel, causing a denial of service. It was discovered that in certain situations, a directory could be renamed outside of a bind mounted location. An attacker could use this to escape bind mount containment and gain access to sensitive information. Various other issues were also addressed.
dd05d11b3e84b3326131f4cb20c0dccdf1f459f2b7d53a4da9e0fab17349eefa
Ubuntu Security Notice 2798-1 - It was discovered that in certain situations, a directory could be renamed outside of a bind mounted location. An attacker could use this to escape bind mount containment and gain access to sensitive information. Moein Ghasemzadeh discovered that the USB WhiteHEAT serial driver contained hardcoded attributes about the USB devices. An attacker could construct a fake WhiteHEAT USB device that, when inserted, causes a denial of service (system crash). Various other issues were also addressed.
6649cd17ec172a9028297c6a84efa56fd8d1bb0dd8b66dfd953dff08842d3201
Ubuntu Security Notice 2796-1 - Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service (system crash). It was discovered that the Linux kernel did not check if a new IPv6 MTU set by a user space application was valid. A remote attacker could forge a route advertisement with an invalid MTU that a user space daemon like NetworkManager would honor and apply to the kernel, causing a denial of service. Various other issues were also addressed.
ec2814a6a29dab65687108ce18fe6e877d64ef6509eb0fdd95d3435b0edf7faf
Ubuntu Security Notice 2794-1 - It was discovered that in certain situations, a directory could be renamed outside of a bind mounted location. An attacker could use this to escape bind mount containment and gain access to sensitive information. Moein Ghasemzadeh discovered that the USB WhiteHEAT serial driver contained hardcoded attributes about the USB devices. An attacker could construct a fake WhiteHEAT USB device that, when inserted, causes a denial of service (system crash). Various other issues were also addressed.
d72db36d467063f69248cba2ae0538f9bd93137e88956d418b4d1dc459905462
Ubuntu Security Notice 2792-1 - Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service (system crash). It was discovered that the Linux kernel did not check if a new IPv6 MTU set by a user space application was valid. A remote attacker could forge a route advertisement with an invalid MTU that a user space daemon like NetworkManager would honor and apply to the kernel, causing a denial of service. Various other issues were also addressed.
9ff4283bbb732f6c23c7eb717c0f43455a871ded8bccdfef5307f089c2ff468a
Ubuntu Security Notice 2795-1 - It was discovered that in certain situations, a directory could be renamed outside of a bind mounted location. An attacker could use this to escape bind mount containment and gain access to sensitive information. Moein Ghasemzadeh discovered that the USB WhiteHEAT serial driver contained hardcoded attributes about the USB devices. An attacker could construct a fake WhiteHEAT USB device that, when inserted, causes a denial of service (system crash). Various other issues were also addressed.
6eb29057a4db55f8f04ae5018e54336f3a2e3aa5db0fd199bbf9510c2e577ba5
Ubuntu Security Notice 2799-1 - It was discovered that in certain situations, a directory could be renamed outside of a bind mounted location. An attacker could use this to escape bind mount containment and gain access to sensitive information. Moein Ghasemzadeh discovered that the USB WhiteHEAT serial driver contained hardcoded attributes about the USB devices. An attacker could construct a fake WhiteHEAT USB device that, when inserted, causes a denial of service (system crash). Various other issues were also addressed.
450ae6ee55e79e39be901da50667be2a167fb55a0a72d556efd8ccbf7a9eccd5
Debian Linux Security Advisory 3372-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, unauthorised information disclosure or unauthorised information modification.
307334c9a5eff72ba64a9e315472120a161622f5ea8a1063d37e73e088dcd4e3
Debian Linux Security Advisory 3364-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service.
8bf9da5be4e19bd80a46b0d6dca4e33f958d1700f95fd2553a38de299594cc34