USN-3160-1

Details

CAI Qian discovered that shared bind mounts in a mount namespace exponentially added entries without restriction to the Linux kernel's mount table. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6213)

It was discovered that a race condition existed in the procfs environ_read function in the Linux kernel, leading to an integer underflow. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2016-7916)

Affected Packages

Ubuntu:14.04:LTSlinux

Fixed in:

3.13.0-106.153

References

REPORThttps://ubuntu.com/security/CVE-2016-6213 REPORThttps://ubuntu.com/security/CVE-2016-7916 ADVISORYhttps://ubuntu.com/security/notices/USN-3160-1

USN-3160-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline