CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
10.1%
USN-2751-1 Linux Kernel (Vivid HWE) Vulnerability
Medium to Low
Canonical Ubuntu
Several security issues were fixed in the kernel.
Benjamin Randazzo discovered an information leak in the md (multiple device) driver when the bitmap_info.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel. (CVE-2015-5697)
Marc-AndrΓ© Lureau discovered that the vhost driver did not properly release the userspace provided log file descriptor. A privileged attacker could use this to cause a denial of service (resource exhaustion). (CVE-2015-6252)
_Severity is medium unless otherwise noted.
_
Users of affected versions should apply the following mitigation:
Benjamin Randazzo and Marc-AndrΓ© Lureau