USN-3674-1

Details

It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1068)

It was discovered that a NULL pointer dereference existed in the RDS (Reliable Datagram Sockets) protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-7492)

Eyal Itkin discovered that the USB displaylink video adapter driver in the Linux kernel did not properly validate mmap offsets sent from userspace. A local attacker could use this to expose sensitive information (kernel memory) or possibly execute arbitrary code. (CVE-2018-8781)

Xingyuan Lin discovered that a out-of-bounds read existed in the USB Video Class (UVC) driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-0627)

Affected Packages

Ubuntu:14.04:LTSlinux

Fixed in:

3.13.0-151.201

References

REPORThttps://ubuntu.com/security/CVE-2017-0627 REPORThttps://ubuntu.com/security/CVE-2018-1068 REPORThttps://ubuntu.com/security/CVE-2018-7492 REPORThttps://ubuntu.com/security/CVE-2018-8781 ADVISORYhttps://ubuntu.com/security/notices/USN-3674-1

USN-3674-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline