Broken isolation for some of 'ip ntable' settings.
General protection fault in sendmsg() -> netlink_sendmsg() -> netlink_unicast().
NULL pointer dereference in write() -> netlink_sendmsg() -> netlink_unicast().
iptables: forwarding does not work with '--netfilter full'.
kvm: use after free in complete_emulated_mmio.
Linux kernel built with the Kernel-based Virtual Machine(CONFIG_KVM) support is vulnerable to a use after free flaw. It could occur on x86 platform, when emulating instructions fxsave, fxrstor, sgdt, etc. A user/process could use this flaw to crash the host kernel resulting in DoS.
kvm: vmx/svm potential privilege escalation inside guest.
Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to an incorrect segment selector (SS) value error. The error could occur while loading values into the SS register in long mode. A user/process inside guest could use this flaw to crash the guest resulting in DoS or potentially escalate their privileges inside guest.
fs/fadvise: a way was needed to deactivate pages after cached reads.
Support for FADV_DEACTIVATE flag (fs/fadvise) was added to the kernel to address this.
Keys: general protection fault in trusted_update().
A flaw was found in the handling of negatively instantiated keys in the Linux kernel. A local unprivileged user can use this vulnerability to crash the system.
Potential double free in netlink_dump().
A double free vulnerability was found in netlink_dump(), which could cause a denial of service or possibly other unspecified impact.
A BUG() statement can be hit in net/ipv4/tcp_input.c.
It was discovered that the Linux kernel since 3.6-rc1 with net.ipv4.tcp_fastopen set to 1 can hit BUG() statement in tcp_collapse() function after making a number of certain syscalls leading to a possible system crash.
Null pointer dereference in trace_writeback_dirty_page().
An attempt to move page mapped by AIO ring buffer to the other node triggers NULL pointer dereference at trace_writeback_dirty_page(), because aio_fs_backing_dev_info.dev is 0.