USN-3364-1

Details

It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2014-9900)

It was discovered that the Linux kernel did not properly restrict access to /proc/iomem. A local attacker could use this to expose sensitive information. (CVE-2015-8944)

Alexander Potapenko discovered a race condition in the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-1000380)

Li Qiang discovered that the DRM driver for VMware Virtual GPUs in the Linux kernel did not properly validate some ioctl arguments. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7346)

Jann Horn discovered that bpf in Linux kernel does not restrict the output of the print_bpf_insn function. A local attacker could use this to obtain sensitive address information. (CVE-2017-9150)

Murray McAllister discovered that the DRM driver for VMware Virtual GPUs in the Linux kernel did not properly initialize memory. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-9605)

Affected Packages

Ubuntu:16.04:LTSlinux

Fixed in:

4.4.0-87.110

Ubuntu:16.04:LTSlinux-raspi2

Fixed in:

4.4.0-1065.73

Ubuntu:16.04:LTSlinux-snapdragon

Fixed in:

4.4.0-1067.72

References

REPORThttps://ubuntu.com/security/CVE-2014-9900 REPORThttps://ubuntu.com/security/CVE-2015-8944 REPORThttps://ubuntu.com/security/CVE-2017-1000380 REPORThttps://ubuntu.com/security/CVE-2017-7346 REPORThttps://ubuntu.com/security/CVE-2017-9150 REPORThttps://ubuntu.com/security/CVE-2017-9605 ADVISORYhttps://ubuntu.com/security/notices/USN-3364-1

USN-3364-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline