USN-3420-1

Details

It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-1000251)

It was discovered that the Flash-Friendly File System (f2fs) implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-10663)

It was discovered that a buffer overflow existed in the ioctl handling code in the ISDN subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-12762)

Pengfei Wang discovered that a race condition existed in the NXP SAA7164 TV Decoder driver for the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-8831)

Affected Packages

Ubuntu:16.04:LTSlinux

Fixed in:

4.4.0-96.119

Ubuntu:16.04:LTSlinux-aws

Fixed in:

4.4.0-1035.44

Ubuntu:16.04:LTSlinux-gke

Fixed in:

4.4.0-1031.31

Ubuntu:16.04:LTSlinux-kvm

Fixed in:

4.4.0-1007.12

Ubuntu:16.04:LTSlinux-raspi2

Fixed in:

4.4.0-1074.82

Ubuntu:16.04:LTSlinux-snapdragon

Fixed in:

4.4.0-1076.81

References

REPORThttps://ubuntu.com/security/CVE-2017-1000251 REPORThttps://ubuntu.com/security/CVE-2017-10663 REPORThttps://ubuntu.com/security/CVE-2017-12762 REPORThttps://ubuntu.com/security/CVE-2017-8831 ADVISORYhttps://ubuntu.com/security/notices/USN-3420-1

USN-3420-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline