USN-3762-1

Details

It was discovered that the VirtIO subsystem in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2018-1118)

Seunghun Han discovered an information leak in the ACPI handling code in the Linux kernel when handling early termination of ACPI table loading. A local attacker could use this to expose sensitive informal (kernel address locations). (CVE-2017-13695)

Affected Packages

Ubuntu:18.04:LTSlinux

Fixed in:

4.15.0-34.37

Ubuntu:18.04:LTSlinux-aws

Fixed in:

4.15.0-1021.21

Ubuntu:18.04:LTSlinux-azure

Fixed in:

4.15.0-1023.24

Ubuntu:18.04:LTSlinux-gcp

Fixed in:

4.15.0-1019.20

Ubuntu:18.04:LTSlinux-kvm

Fixed in:

4.15.0-1021.21

Ubuntu:18.04:LTSlinux-raspi2

Fixed in:

4.15.0-1022.24

References

REPORThttps://ubuntu.com/security/CVE-2017-13695 REPORThttps://ubuntu.com/security/CVE-2018-1118 ADVISORYhttps://ubuntu.com/security/notices/USN-3762-1

USN-3762-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline