USN-2887-1

Details

It was discovered that a use-after-free vulnerability existed in the AF_UNIX implementation in the Linux kernel. A local attacker could use crafted epoll_ctl calls to cause a denial of service (system crash) or expose sensitive information. (CVE-2013-7446)

It was discovered that the KVM implementation in the Linux kernel did not properly restore the values of the Programmable Interrupt Timer (PIT). A user-assisted attacker in a KVM guest could cause a denial of service in the host (system crash). (CVE-2015-7513)

Sasha Levin discovered that the Reliable Datagram Sockets (RDS) implementation in the Linux kernel had a race condition when checking whether a socket was bound or not. A local attacker could use this to cause a denial of service (system crash). (CVE-2015-7990)

It was discovered that the Btrfs implementation in the Linux kernel incorrectly handled compressed inline extants on truncation. A local attacker could use this to expose sensitive information. (CVE-2015-8374)

Affected Packages

linux

Ubuntu 14.04 LTS

Fixed in:

3.13.0-77.121

References

REPORThttps://ubuntu.com/security/CVE-2013-7446 REPORThttps://ubuntu.com/security/CVE-2015-7513 REPORThttps://ubuntu.com/security/CVE-2015-7990 REPORThttps://ubuntu.com/security/CVE-2015-8374 ADVISORYhttps://ubuntu.com/security/notices/USN-2887-1

USN-2887-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline