Description
* A flaw was found in the way the Linux kernel's XFS file system handled
replacing of remote attributes under certain conditions. A local user with
access to XFS file system mount could potentially use this flaw to escalate
their privileges on the system. (CVE-2015-0274, Important)
* A flaw was found in the way the Linux kernel's splice() system call
validated its parameters. On certain file systems, a local, unprivileged
user could use this flaw to write past the maximum file size, and thus
crash the system. (CVE-2014-7822, Moderate)
* A race condition flaw was found in the Linux kernel's ext4 file system
implementation that allowed a local, unprivileged user to crash the system
by simultaneously writing to a file and toggling the O_DIRECT flag using
fcntl(F_SETFL) on that file. (CVE-2014-8086, Moderate)
* It was found that due to excessive files_lock locking, a soft lockup
could be triggered in the Linux kernel when performing asynchronous I/O
operations. A local, unprivileged user could use this flaw to crash the
system. (CVE-2014-8172, Moderate)
* A NULL pointer dereference flaw was found in the way the Linux kernel's
madvise MADV_WILLNEED functionality handled page table locking. A local,
unprivileged user could use this flaw to crash the system. (CVE-2014-8173, Moderate)