Status for at least one of the CVEs in Debian is here: https://security-tracker.debian.org/tracker/CVE-2014-8133 (currently unfixed)
How can this/these be exploited?
Is there any information whether the fix is in 3.18.1, which was released yesterday?
> This is likely to be easy to exploit for privilege escalation, except on systems with SMAP or UDEREF
Another reminder why everyone should be using https://grsecurity.net which provides these mitigations to the Linux kernel via patches. GRSecurity has had SMAP aka KERNEXEC for a long time as well as UDEREF https://grsecurity.net/~spender/uderef.txt
If you keep any sensitive data on a Linux server you should seriously consider grsec.
Even last week there was an ASLR bypass posted on OSS-security which of-course grsec already protected you against http://seclists.org/oss-sec/2014/q4/908
There is a lot of drama around the fact Linux core devs don't adopt these patches by default. But regardless Linux is pretty insecure by default and grsec makes privesc via various classes of exploits significantly harder.