USN-3291-1

Details

Dmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux kernel contained a stack-based buffer overflow. A local attacker with access to an sg device could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7187)

It was discovered that a NULL pointer dereference existed in the Direct Rendering Manager (DRM) driver for VMWare devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7261)

Li Qiang discovered that an integer overflow vulnerability existed in the Direct Rendering Manager (DRM) driver for VMWare devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7294)

It was discovered that an information leak existed in the set_mempolicy and mbind compat syscalls in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-7616)

Affected Packages

Ubuntu:16.04:LTSlinux

Fixed in:

4.4.0-78.99

References

REPORThttps://ubuntu.com/security/CVE-2017-7187 REPORThttps://ubuntu.com/security/CVE-2017-7261 REPORThttps://ubuntu.com/security/CVE-2017-7294 REPORThttps://ubuntu.com/security/CVE-2017-7616 ADVISORYhttps://ubuntu.com/security/notices/USN-3291-1

USN-3291-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline