USN-3676-1

Details

Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 filesystem that caused a denial of service (system crash) when mounted. (CVE-2018-1092, CVE-2018-1093)

It was discovered that the cdrom driver in the Linux kernel contained an incorrect bounds check. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-10940)

It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2018-8087)

Affected Packages

Ubuntu:16.04:LTSlinux

Fixed in:

4.4.0-128.154

Ubuntu:16.04:LTSlinux-aws

Fixed in:

4.4.0-1061.70

Ubuntu:16.04:LTSlinux-kvm

Fixed in:

4.4.0-1027.32

Ubuntu:16.04:LTSlinux-raspi2

Fixed in:

4.4.0-1091.99

Ubuntu:16.04:LTSlinux-snapdragon

Fixed in:

4.4.0-1094.99

References

REPORThttps://ubuntu.com/security/CVE-2018-1092 REPORThttps://ubuntu.com/security/CVE-2018-1093 REPORThttps://ubuntu.com/security/CVE-2018-10940 REPORThttps://ubuntu.com/security/CVE-2018-8087 ADVISORYhttps://ubuntu.com/security/notices/USN-3676-1

USN-3676-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline