USN-3207-1

Details

It was discovered that a use-after-free vulnerability existed in the block device layer of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2016-7910)

Dmitry Vyukov discovered a use-after-free vulnerability in the sys_ioprio_get() function in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2016-7911)

Andrey Konovalov discovered a use-after-free vulnerability in the DCCP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2017-6074)

Affected Packages

linux

Ubuntu 14.04 LTS

Fixed in:

3.13.0-110.157

References

REPORT

https://ubuntu.com/security/CVE-2016-7910

REPORT

https://ubuntu.com/security/CVE-2016-7911

REPORT

https://ubuntu.com/security/CVE-2017-6074

ADVISORY

https://ubuntu.com/security/notices/USN-3207-1