|
|
Subscribe / Log in / New account

kernel: two remote denial of service vulnerabilities

Package(s):kernel CVE #(s):CVE-2015-5364 CVE-2015-5366
Created:July 13, 2015 Updated:June 14, 2016
Description: From the CVE assignment email, which was evidently prompted by a tweet from grsecurity:

It appears that you are primarily asking for a CVE ID for the issue involving the absence of a cond_resched call. Use CVE-2015-5364.

However, the presence of "return -EAGAIN" may also have been a security problem in some realistic circumstances. For example, maybe there's an attacker who can't transmit a flood with invalid checksums, but can sometimes inject one packet with an invalid checksum. The goal of this attacker isn't to cause a system hang; the goal is to cause an EPOLLET epoll application to stop reading for an indefinitely long period of time. This scenario can't also be covered by CVE-2015-5364. Is it better to have no CVE ID at all, e.g., is udp_recvmsg/udpv6_recvmsg simply not intended to defend against this scenario?

Alerts:
openSUSE openSUSE-SU-2016:0301-1 kernel 2016-02-01
Scientific Linux SLSA-2016:0045-1 kernel 2016-01-19
Oracle ELSA-2016-0045 kernel 2016-01-20
CentOS CESA-2016:0045 kernel 2016-01-19
Red Hat RHSA-2016:0045-01 kernel 2016-01-19
Red Hat RHSA-2016:1225-01 kernel 2016-06-14
Red Hat RHSA-2016:1100-01 kernel 2016-05-24
Red Hat RHSA-2016:1096-01 kernel 2016-05-23
Oracle ELSA-2015-2152 kernel 2015-11-25
Oracle ELSA-2015-3098 kernel 3.8.13 2015-11-13
Oracle ELSA-2015-3098 kernel 3.8.13 2015-11-13
SUSE SUSE-SU-2015:1611-1 kernel 2015-09-23
SUSE SUSE-SU-2015:1592-1 kernel 2015-09-22
Debian-LTS DLA-310-1 linux-2.6 2015-09-21
Scientific Linux SLSA-2015:1778-1 kernel 2015-09-15
Oracle ELSA-2015-1778 kernel 2015-09-15
CentOS CESA-2015:1778 kernel 2015-09-16
Red Hat RHSA-2015:1787-01 kernel-rt 2015-09-15
Red Hat RHSA-2015:1788-01 kernel-rt 2015-09-15
Red Hat RHSA-2015:1778-01 kernel 2015-09-15
Ubuntu USN-2714-1 linux-ti-omap4 2015-08-17
Ubuntu USN-2713-1 kernel 2015-08-17
Oracle ELSA-2015-3073 kernel 2.6.32 2015-08-14
Oracle ELSA-2015-3073 kernel 2.6.32 2015-08-14
Oracle ELSA-2015-3072 kernel x.y.z 2015-08-14
Oracle ELSA-2015-3072 kernel 2.6.39 2015-08-14
Oracle ELSA-2015-3071 kernel 3.8.13 2015-08-14
Oracle ELSA-2015-3071 kernel 3.8.13 2015-08-14
Scientific Linux SLSA-2015:1623-1 kernel 2015-08-13
Oracle ELSA-2015-1623 kernel 2015-08-13
openSUSE openSUSE-SU-2015:1382-1 kernel 2015-08-14
CentOS CESA-2015:1623 kernel 2015-08-14
Red Hat RHSA-2015:1623-01 kernel 2015-08-13
Debian DSA-3329-1 kernel 2015-08-07
SUSE SUSE-SU-2015:1324-1 kernel 2015-07-31
SUSE SUSE-SU-2015:1491-1 kernel 2015-09-04
SUSE SUSE-SU-2015:1490-1 kernel 2015-09-04
SUSE SUSE-SU-2015:1488-1 kernel 2015-09-04
SUSE SUSE-SU-2015:1478-1 kernel 2015-09-02
Ubuntu USN-2683-1 linux-lts-vivid 2015-07-23
Ubuntu USN-2682-1 linux-lts-utopic 2015-07-23
Ubuntu USN-2680-1 linux-lts-trusty 2015-07-23
Ubuntu USN-2684-1 kernel 2015-07-23
Ubuntu USN-2685-1 kernel 2015-07-23
Ubuntu USN-2681-1 kernel 2015-07-23
Debian DSA-3313-1 kernel 2015-07-23
SUSE SUSE-SU-2015:1489-1 kernel 2015-09-04
SUSE SUSE-SU-2015:1487-1 kernel 2015-09-04
SUSE SUSE-SU-2015:1224-1 kernel 2015-07-10
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds