Description
It was discovered that an integer overflow error existed in the SCSI
generic (sg) driver in the Linux kernel. A local attacker with write
permission to a SCSI generic device could use this to cause a denial of
service (system crash) or potentially escalate their privileges.
(CVE-2015-5707)
Marc-André Lureau discovered that the vhost driver did not properly
release the userspace provided log file descriptor. A privileged attacker
could use this to cause a denial of service (resource exhaustion).
(CVE-2015-6252)
It was discovered that the Linux kernel's perf subsystem did not bound
callchain backtraces on PowerPC 64. A local attacker could use this to
cause a denial of service. (CVE-2015-6526)