VDB
GCVE-110-MAGEIA-2016-5
GCVE-110-MAGEIA-2016-5
Advisory Published
This kernel update is based on upstream 4.1.15 longterm kernel and fixes
the following security issues:
The __rds_conn_create function in net/rds/connection.c in the Linux kernel
through 4.2.3 allows local users to cause a denial of service (NULL pointer
dereference and system crash) or possibly have unspecified other impact by
using a socket that was not properly bound (CVE-2015-6937).
The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel
through 4.2.6 allows local users to cause a denial of service (OOPS) via
crafted keyctl commands (CVE-2015-7872).
The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in
the Linux kernel through 4.3.3 does not initialize a certain structure
member, which allows local users to obtain sensitive information from
kernel memory via a crafted application (CVE-2015-7884).
The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the
Linux kernel through 4.3.3 does not initialize a certain structure member,
which allows local users to obtain sensitive information from kernel memory
via a crafted application (CVE-2015-7885).
Felix Wilhelm discovered a race condition in the Xen paravirtualized
drivers which can cause double fetch vulnerabilities. An attacker in the
paravirtualized guest could exploit this flaw to cause a denial of service
(crash the host) or potentially execute arbitrary code on the host
(CVE-2015-8550 / XSA-155).
Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not
perform sanity checks on the device's state. An attacker could exploit
this flaw to cause a denial of service (NULL dereference) on the host
(CVE-2015-8551 / XSA-157).
Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not
perform sanity checks on the device's state. An attacker could exploit
this flaw to cause a denial of service by flooding the logging system
with WARN() messages causing the initial domain to exhaust disk space
(CVE-2015-8552 / XSA-157).
The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel
through 4.3.3 attempts to merge distinct setattr operations, which allows
local users to bypass intended access restrictions and modify the
attributes of arbitrary overlay files via a crafted application
(CVE-2015-8660).
For other fixes in this update, see the referenced changelogs.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | hamster-time-tracker | 0 (affected), 1.04-7.1.mga5 (unaffected) | — |
| Mageia | kernel-userspace-headers | 4.1.15-1.mga5 (unaffected), 0 (affected), 4.1.15-1.mga5 (unaffected), 0 (affected) | — |
| Mageia | kmod-xtables-addons | 0 (affected), 2.7-7.mga5 (unaffected), 0 (affected), 2.7-7.mga5 (unaffected) | — |
| Mageia | kernel | 0 (affected), 4.1.15-1.mga5 (unaffected), 4.1.15-1.mga5 (unaffected), 0 (affected) | — |
| Mageia | kmod-nvidia304 | 304.128-4.mga5.nonfree (unaffected), 0 (affected), 304.128-4.mga5.nonfree (unaffected), 0 (affected) | — |
| Mageia | kmod-nvidia340 | 340.93-4.mga5.nonfree (unaffected), 0 (affected), 340.93-4.mga5.nonfree (unaffected), 0 (affected) | — |
| Mageia | kmod-nvidia-current | 0 (affected), 346.96-4.mga5.nonfree (unaffected), 0 (affected), 346.96-4.mga5.nonfree (unaffected) | — |
| Mageia | kmod-broadcom-wl | 6.30.223.271-4.mga5.nonfree (unaffected), 0 (affected), 0 (affected), 6.30.223.271-4.mga5.nonfree (unaffected) | — |
| Mageia | kmod-fglrx | 15.200.1046-8.mga5.nonfree (unaffected), 0 (affected), 0 (affected), 15.200.1046-8.mga5.nonfree (unaffected) | — |
References
Browse GCVE Records
72,337 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.