USN-3695-1

Details

Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly initialize the crc32c checksum driver. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1094)

It was discovered that the cdrom driver in the Linux kernel contained an incorrect bounds check. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-10940)

Wen Xu discovered that the ext4 file system implementation in the Linux kernel did not properly validate xattr sizes. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1095)

Jann Horn discovered that the 32 bit adjtimex() syscall implementation for 64 bit Linux kernels did not properly initialize memory returned to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-11508)

It was discovered that an information leak vulnerability existed in the floppy driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-7755)

Affected Packages

Ubuntu:18.04:LTSlinux

Fixed in:

4.15.0-24.26

Ubuntu:18.04:LTSlinux-aws

Fixed in:

4.15.0-1011.11

Ubuntu:18.04:LTSlinux-azure

Fixed in:

4.15.0-1014.14

Ubuntu:18.04:LTSlinux-gcp

Fixed in:

4.15.0-1010.10

Ubuntu:18.04:LTSlinux-kvm

Fixed in:

4.15.0-1012.12

Ubuntu:18.04:LTSlinux-oem

Fixed in:

4.15.0-1009.12

Ubuntu:18.04:LTSlinux-raspi2

Fixed in:

4.15.0-1013.14

References

REPORThttps://ubuntu.com/security/CVE-2018-1094 REPORThttps://ubuntu.com/security/CVE-2018-10940 REPORThttps://ubuntu.com/security/CVE-2018-1095 REPORThttps://ubuntu.com/security/CVE-2018-11508 REPORThttps://ubuntu.com/security/CVE-2018-7755 ADVISORYhttps://ubuntu.com/security/notices/USN-3695-1

USN-3695-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline