UBUNTU-CVE-2015-3288

Details

mm/memory.c in the Linux kernel before 4.1.4 mishandles anonymous pages, which allows local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero.

Affected Packages

Ubuntu:14.04:LTSlinux

Affected versions:

3.11.0-12.193.12.0-1.33.12.0-2.53.12.0-2.73.12.0-3.83.12.0-3.93.12.0-4.103.12.0-4.123.12.0-5.133.12.0-7.15+89 more

Fixed in:

3.13.0-101.148

Ubuntu:16.04:LTSlinux

Fixed in:

4.2.0-16.19

Ubuntu:14.04:LTSlinux-aws

Fixed in:

4.4.0-1002.2

Ubuntu:16.04:LTSlinux-aws

Fixed in:

4.4.0-1001.10

Ubuntu:16.04:LTSlinux-gke

Fixed in:

4.4.0-1003.3

Ubuntu:16.04:LTSlinux-hwe

Fixed in:

4.8.0-36.36~16.04.1

Ubuntu:14.04:LTSlinux-lts-utopic

Affected versions:

3.16.0-25.33~14.04.23.16.0-26.35~14.04.13.16.0-28.37~14.04.13.16.0-28.38~14.04.13.16.0-29.39~14.04.13.16.0-30.40~14.04.13.16.0-31.41~14.04.13.16.0-31.43~14.04.13.16.0-33.44~14.04.13.16.0-34.45~14.04.1+15 more

Fixed in:

3.16.0-50.66~14.04.1

Ubuntu:14.04:LTSlinux-lts-vivid

Affected versions:

3.19.0-18.18~14.04.13.19.0-20.20~14.04.13.19.0-21.21~14.04.13.19.0-22.22~14.04.13.19.0-23.24~14.04.13.19.0-25.26~14.04.13.19.0-26.28~14.04.1

Fixed in:

3.19.0-28.30~14.04.1

Ubuntu:14.04:LTSlinux-lts-wily

Fixed in:

4.2.0-18.22~14.04.1

Ubuntu:14.04:LTSlinux-lts-xenial

Fixed in:

4.4.0-13.29~14.04.1

Ubuntu:16.04:LTSlinux-raspi2

Fixed in:

4.2.0-1013.19

Ubuntu:16.04:LTSlinux-snapdragon

Fixed in:

4.4.0-1012.12

References

REPORThttps://git.kernel.org/linus/6b7339f4c31ad69c8e9c0b2859276e22cf72176d REPORThttps://ubuntu.com/security/CVE-2015-3288 REPORThttps://ubuntu.com/security/notices/USN-3127-1 REPORThttps://ubuntu.com/security/notices/USN-3127-2 REPORThttps://www.cve.org/CVERecord?id=CVE-2015-3288

UBUNTU-CVE-2015-3288

Details

Affected Packages

References

CVSS Analysis

Related

Ecosystems

Timeline