USN-3127-1

Details

It was discovered that the compression handling code in the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel did not properly check for an integer overflow. A local attacker could use this to cause a denial of service (system crash). (CVE-2014-9904)

Kirill A. Shutemov discovered that memory manager in the Linux kernel did not properly handle anonymous pages. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. (CVE-2015-3288)

Vitaly Kuznetsov discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. An attacker in the guest OS could cause a denial of service (guest system crash). (CVE-2016-3961)

Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-7042)

Affected Packages

Ubuntu:14.04:LTSlinux

Fixed in:

3.13.0-101.148

References

REPORThttps://ubuntu.com/security/CVE-2014-9904 REPORThttps://ubuntu.com/security/CVE-2015-3288 REPORThttps://ubuntu.com/security/CVE-2016-3961 REPORThttps://ubuntu.com/security/CVE-2016-7042 ADVISORYhttps://ubuntu.com/security/notices/USN-3127-1

USN-3127-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline