[oss-security] 20150605 Re: CVE Request: Linux Kernel Ozwpan Driver - Remote packet-of-death vulnerabilities

74669

USN-2989-1

USN-2998-1

USN-3000-1

USN-3001-1

USN-3002-1

USN-3003-1

USN-3004-1

[linux-kernel] 20150513 [PATCH 0/4] ozwpan: Four remote packet-of-death vulnerabilities

According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - A use-after-free vulnerability was found in DCCP socket     code affecting the Linux kernel since 2.6.16. This     vulnerability could allow an attacker to their escalate     privileges.(CVE-2017-8824)

  - The OZWPAN driver in the Linux kernel through 4.0.5     relies on an untrusted length field during packet     parsing, which allows remote attackers to obtain     sensitive information from kernel memory or cause a     denial of service (out-of-bounds read and system crash)     via a crafted packet.(CVE-2015-4004)

  - Integer signedness error in the MSM V4L2 video driver     for the Linux kernel 3.x, as used in Qualcomm     Innovation Center (QuIC) Android contributions for MSM     devices and other products, allows attackers to gain     privileges or cause a denial of service (array overflow     and memory corruption) via a crafted application that     triggers an msm_isp_axi_create_stream     call.(CVE-2016-2061)

  - A denial of service flaw was found in the way the Linux     kernel's XFS file system implementation ordered     directory hashes under certain conditions. A local     attacker could use this flaw to corrupt the file system     by creating directories with colliding hash values,     potentially resulting in a system crash.(CVE-2014-7283)

  - It was found that the Linux kernel's ping socket     implementation did not properly handle socket unhashing     during spurious disconnects, which could lead to a     use-after-free flaw. On x86-64 architecture systems, a     local user able to create ping sockets could use this     flaw to crash the system. On non-x86-64 architecture     systems, a local user able to create ping sockets could     use this flaw to escalate their privileges on the     system.(CVE-2015-3636)

  - Incorrect buffer length handling was found in the     ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in     the Linux kernel, which could be exploited by malicious     NCPFS servers to crash the kernel or possibly execute     an arbitrary code.(CVE-2018-8822)

  - ** DISPUTED ** Kernel Samepage Merging (KSM) in the     Linux kernel 2.6.32 through 4.x does not prevent use of     a write-timing side channel, which allows guest OS     users to defeat the ASLR protection mechanism on other     guest OS instances via a Cross-VM ASL INtrospection     (CAIN) attack. NOTE: the vendor states 'Basically if     you care about this attack vector, disable     deduplication.' Share-until-written approaches for     memory conservation among mutually untrusting tenants     are inherently detectable for information disclosure,     and can be classified as potentially misunderstood     behaviors rather than vulnerabilities.(CVE-2015-2877)

  - The tty_set_termios_ldisc() function in     'drivers/tty/tty_ldisc.c' in the Linux kernel before     4.5 allows local users to obtain sensitive information     from kernel memory by reading a tty data     structure.(CVE-2015-8964)

  - An issue was discovered in the Linux kernel through     4.17.2. vbg_misc_device_ioctl() in     drivers/virt/vboxguest/vboxguest_linux.c reads the same     user data twice with copy_from_user. The header part of     the user data is double-fetched, and a malicious user     thread can tamper with the critical variables     (hdr.size_in and hdr.size_out) in the header between     the two fetches because of a race condition, leading to     severe kernel errors, such as buffer over-accesses.
    This bug can cause a local denial of service and     information leakage.(CVE-2018-12633)

  - ** RESERVED ** This candidate has been reserved by an     organization or individual that will use it when     announcing a new security problem. When the candidate     has been publicized, the details for this candidate     will be provided.(CVE-2018-1092)

  - fs/f2fs/extent_cache.c in the Linux kernel, before     4.13, mishandles extent trees. This allows local users     to cause a denial of service via an application with     multiple threads.(CVE-2017-18193)

  - A design flaw was found in the file extended attribute     handling of the Linux kernel's handling of cached     attributes. Too many entries in the cache cause a soft     lockup while attempting to iterate the cache and access     relevant locks.(CVE-2015-8952)

  - Off-by-one error in the pipe_advance function in     lib/iov_iter.c in the Linux kernel before 4.9.5 allows     local users to obtain sensitive information from     uninitialized heap-memory locations in opportunistic     circumstances by reading from a pipe after an incorrect     buffer-release decision.(CVE-2017-5550)

  - The HMAC implementation (crypto/hmac.c) in the Linux     kernel, before 4.14.8, does not validate that the     underlying cryptographic hash algorithm is unkeyed.
    This allows a local attacker, able to use the     AF_ALG-based hash interface     (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash     algorithm (CONFIG_CRYPTO_SHA3), to cause a kernel stack     buffer overflow by executing a crafted sequence of     system calls that encounter a missing SHA-3     initialization.(CVE-2017-17806)

  - The mp_get_count function in     drivers/staging/sb105x/sb_pci_mp.c in the Linux kernel     before 3.12 does not initialize a certain data     structure, which allows local users to obtain sensitive     information from kernel stack memory via a TIOCGICOUNT     ioctl call.(CVE-2013-4516)

  - The perf_cpu_time_max_percent_handler function in     kernel/events/core.c in the Linux kernel before 4.11     allows local users to cause a denial of service     (integer overflow) or possibly have unspecified other     impact via a large value, as demonstrated by an     incorrect sample-rate calculation.(CVE-2017-18255)

  - An issue was discovered in the btrfs filesystem code in     the Linux kernel. An invalid pointer dereference in
    __del_reloc_root() in fs/btrfs/relocation.c when     mounting a crafted btrfs image could lead to a system     crash and a denial of service.(CVE-2018-14609)

  - The oz_usb_handle_ep_data function in     drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver     in the Linux kernel through 4.0.5 allows remote     attackers to cause a denial of service (divide-by-zero     error and system crash) via a crafted     packet.(CVE-2015-4003)

  - drivers/hid/hid-logitech-dj.c in the Human Interface     Device (HID) subsystem in the Linux kernel through     3.11, when CONFIG_HID_LOGITECH_DJ is enabled, allows     physically proximate attackers to cause a denial of     service (NULL pointer dereference and OOPS) or obtain     sensitive information from kernel memory via a crafted     device.(CVE-2013-2895)

  - drivers/usb/serial/cypress_m8.c in the Linux kernel     before 4.5.1 allows physically proximate attackers to     cause a denial of service (NULL pointer dereference and     system crash) via a USB device without both an     interrupt-in and an interrupt-out endpoint descriptor,     related to the cypress_generic_port_probe and     cypress_open functions.(CVE-2016-3137)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117)

Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-1583)

Jason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2015-4004)

Ralf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187)

Hector Marco and Ismael Ripoll discovered that the Linux kernel would improperly disable Address Space Layout Randomization (ASLR) for x86 processes running in 32 bit mode if stack-consumption resource limits were disabled. A local attacker could use this to make it easier to exploit an existing vulnerability in a setuid/setgid program.
(CVE-2016-3672)

Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951)

It was discovered that an out-of-bounds write could occur when handling incoming packets in the USB/IP implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-3955)

Vitaly Kuznetsov discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. An attacker in the guest OS could cause a denial of service (guest system crash).
(CVE-2016-3961)

Kangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485)

Kangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486)

Jann Horn discovered that the InfiniBand interfaces within the Linux kernel could be coerced into overwriting kernel memory. A local unprivileged attacker could use this to possibly gain administrative privileges on systems where InifiniBand related kernel modules are loaded. (CVE-2016-4565)

It was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash).
(CVE-2016-4581).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117)

Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-1583)

Jason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2015-4004)

Ralf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187)

Sergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the MCT USB RS232 Converter device driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3136)

Sergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the Cypress M8 USB device driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash).
(CVE-2016-3137)

Sergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the Linux kernel's USB driver for Digi AccelePort serial converters did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3140)

Hector Marco and Ismael Ripoll discovered that the Linux kernel would improperly disable Address Space Layout Randomization (ASLR) for x86 processes running in 32 bit mode if stack-consumption resource limits were disabled. A local attacker could use this to make it easier to exploit an existing vulnerability in a setuid/setgid program.
(CVE-2016-3672)

It was discovered that the Linux kernel's USB driver for IMS Passenger Control Unit devices did not properly validate the device's interfaces. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3689)

Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951)

It was discovered that an out-of-bounds write could occur when handling incoming packets in the USB/IP implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-3955)

Kangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485)

Kangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486)

It was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash).
(CVE-2016-4581).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117)

Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-1583)

Jason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2015-4004)

Andy Lutomirski discovered a race condition in the Linux kernel's translation lookaside buffer (TLB) handling of flush events. A local attacker could use this to cause a denial of service or possibly leak sensitive information. (CVE-2016-2069)

Ralf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187)

Hector Marco and Ismael Ripoll discovered that the Linux kernel would improperly disable Address Space Layout Randomization (ASLR) for x86 processes running in 32 bit mode if stack-consumption resource limits were disabled. A local attacker could use this to make it easier to exploit an existing vulnerability in a setuid/setgid program.
(CVE-2016-3672)

Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951)

It was discovered that an out-of-bounds write could occur when handling incoming packets in the USB/IP implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-3955)

Kangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485)

Kangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486)

It was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash).
(CVE-2016-4581).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117)

Jason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2015-4004)

Andy Lutomirski discovered a race condition in the Linux kernel's translation lookaside buffer (TLB) handling of flush events. A local attacker could use this to cause a denial of service or possibly leak sensitive information. (CVE-2016-2069)

Ralf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187)

Hector Marco and Ismael Ripoll discovered that the Linux kernel would improperly disable Address Space Layout Randomization (ASLR) for x86 processes running in 32 bit mode if stack-consumption resource limits were disabled. A local attacker could use this to make it easier to exploit an existing vulnerability in a setuid/setgid program.
(CVE-2016-3672)

Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951)

It was discovered that an out-of-bounds write could occur when handling incoming packets in the USB/IP implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-3955)

Kangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485)

Kangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486)

It was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash).
(CVE-2016-4581).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The openSUSE 13.1 kernel was updated to receive various security and bugfixes.

Following security bugs were fixed :

  - CVE-2016-0728: A reference leak in keyring handling with     join_session_keyring() could lead to local attackers     gain root privileges. (bsc#962075).

  - CVE-2015-7550: A local user could have triggered a race     between read and revoke in keyctl (bnc#958951).

  - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect     functions in drivers/net/ppp/pptp.c in the Linux kernel     did not verify an address length, which allowed local     users to obtain sensitive information from kernel memory     and bypass the KASLR protection mechanism via a crafted     application (bnc#959190).

  - CVE-2015-8543: The networking implementation in the     Linux kernel did not validate protocol identifiers for     certain protocol families, which allowed local users to     cause a denial of service (NULL function pointer     dereference and system crash) or possibly gain     privileges by leveraging CLONE_NEWUSER support to     execute a crafted SOCK_RAW application (bnc#958886).

  - CVE-2014-8989: The Linux kernel did not properly     restrict dropping of supplemental group memberships in     certain namespace scenarios, which allowed local users     to bypass intended file permissions by leveraging a     POSIX ACL containing an entry for the group category     that is more restrictive than the entry for the other     category, aka a 'negative groups' issue, related to     kernel/groups.c, kernel/uid16.c, and     kernel/user_namespace.c (bnc#906545).

  - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux     kernel on the x86_64 platform mishandles IRET faults in     processing NMIs that occurred during userspace     execution, which might allow local users to gain     privileges by triggering an NMI (bnc#937969).

  - CVE-2015-7799: The slhc_init function in     drivers/net/slip/slhc.c in the Linux kernel through     4.2.3 did not ensure that certain slot numbers are     valid, which allowed local users to cause a denial of     service (NULL pointer dereference and system crash) via     a crafted PPPIOCSMAXCID ioctl call (bnc#949936).

  - CVE-2015-8104: The KVM subsystem in the Linux kernel     through 4.2.6, and Xen 4.3.x through 4.6.x, allowed     guest OS users to cause a denial of service (host OS     panic or hang) by triggering many #DB (aka Debug)     exceptions, related to svm.c (bnc#954404).

  - CVE-2015-5307: The KVM subsystem in the Linux kernel     through 4.2.6, and Xen 4.3.x through 4.6.x, allowed     guest OS users to cause a denial of service (host OS     panic or hang) by triggering many #AC (aka Alignment     Check) exceptions, related to svm.c and vmx.c     (bnc#953527).

  - CVE-2014-9529: Race condition in the key_gc_unused_keys     function in security/keys/gc.c in the Linux kernel     allowed local users to cause a denial of service (memory     corruption or panic) or possibly have unspecified other     impact via keyctl commands that trigger access to a key     structure member during garbage collection of a key     (bnc#912202).

  - CVE-2015-7990: Race condition in the rds_sendmsg     function in net/rds/sendmsg.c in the Linux kernel     allowed local users to cause a denial of service (NULL     pointer dereference and system crash) or possibly have     unspecified other impact by using a socket that was not     properly bound. NOTE: this vulnerability exists because     of an incomplete fix for CVE-2015-6937 (bnc#952384     953052).

  - CVE-2015-6937: The __rds_conn_create function in     net/rds/connection.c in the Linux kernel allowed local     users to cause a denial of service (NULL pointer     dereference and system crash) or possibly have     unspecified other impact by using a socket that was not     properly bound (bnc#945825).

  - CVE-2015-7885: The dgnc_mgmt_ioctl function in     drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel     through 4.3.3 did not initialize a certain structure     member, which allowed local users to obtain sensitive     information from kernel memory via a crafted application     (bnc#951627).

  - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in     the Linux kernel did not validate attempted changes to     the MTU value, which allowed context-dependent attackers     to cause a denial of service (packet loss) via a value     that is (1) smaller than the minimum compliant value or     (2) larger than the MTU of an interface, as demonstrated     by a Router Advertisement (RA) message that is not     validated by a daemon, a different vulnerability than     CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is     limited to the NetworkManager product (bnc#955354).

  - CVE-2015-8767: A case can occur when sctp_accept() is     called by the user during a heartbeat timeout event     after the 4-way handshake. Since sctp_assoc_migrate()     changes both assoc->base.sk and assoc->ep, the     bh_sock_lock in sctp_generate_heartbeat_event() will be     taken with the listening socket but released with the     new association socket. The result is a deadlock on any     future attempts to take the listening socket lock.
    (bsc#961509)

  - CVE-2015-8575: Validate socket address length in     sco_sock_bind() to prevent information leak     (bsc#959399).

  - CVE-2015-8551, CVE-2015-8552: xen/pciback: For     XEN_PCI_OP_disable_msi[|x] only disable if device has     MSI(X) enabled (bsc#957990).

  - CVE-2015-8550: Compiler optimizations in the XEN PV     backend drivers could have lead to double fetch     vulnerabilities, causing denial of service or arbitrary     code execution (depending on the configuration)     (bsc#957988).

The following non-security bugs were fixed :

  - ALSA: hda - Disable 64bit address for Creative HDA     controllers (bnc#814440).

  - ALSA: hda - Fix noise problems on Thinkpad T440s     (boo#958504).

  - Input: aiptek - fix crash on detecting device without     endpoints (bnc#956708).

  - KEYS: Make /proc/keys unconditional if CONFIG_KEYS=y     (boo#956934).

  - KVM: x86: update masterclock values on TSC writes     (bsc#961739).

  - NFS: Fix a NULL pointer dereference of migration     recovery ops for v4.2 client (bsc#960839).

  - apparmor: allow SYS_CAP_RESOURCE to be sufficient to     prlimit another task (bsc#921949).

  - blktap: also call blkif_disconnect() when frontend     switched to closed (bsc#952976).

  - blktap: refine mm tracking (bsc#952976).

  - cdrom: Random writing support for BD-RE media     (bnc#959568).

  - genksyms: Handle string literals with spaces in     reference files (bsc#958510).

  - ipv4: Do not increase PMTU with Datagram Too Big message     (bsc#955224).

  - ipv6: distinguish frag queues by device for multicast     and link-local packets (bsc#955422).

  - ipv6: fix tunnel error handling (bsc#952579).

  - route: Use ipv4_mtu instead of raw rt_pmtu (bsc#955224).

  - uas: Add response iu handling (bnc#954138).

  - usbvision fix overflow of interfaces array (bnc#950998).

  - x86/evtchn: make use of PHYSDEVOP_map_pirq.

  - xen/pciback: Do not allow MSI-X ops if     PCI_COMMAND_MEMORY is not set (bsc#957990 XSA-157).

ID	Name	Product	Family	Severity
124800	EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1476)	Nessus	Huawei Local Security Checks	high
91566	Ubuntu 15.10 : linux-raspi2 vulnerabilities (USN-3004-1)	Nessus	Ubuntu Local Security Checks	critical
91565	Ubuntu 15.10 : linux vulnerabilities (USN-3003-1)	Nessus	Ubuntu Local Security Checks	critical
91564	Ubuntu 14.04 LTS : linux-lts-wily vulnerabilities (USN-3002-1)	Nessus	Ubuntu Local Security Checks	critical
91563	Ubuntu 14.04 LTS : linux-lts-vivid vulnerabilities (USN-3001-1)	Nessus	Ubuntu Local Security Checks	critical
91562	Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-3000-1)	Nessus	Ubuntu Local Security Checks	critical
91560	Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2998-1)	Nessus	Ubuntu Local Security Checks	critical
91425	Ubuntu 14.04 LTS : linux vulnerabilities (USN-2989-1)	Nessus	Ubuntu Local Security Checks	critical
88545	openSUSE Security Update : the Linux Kernel (openSUSE-2016-124)	Nessus	SuSE Local Security Checks	critical

CVE-2015-4004

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins