USN-3797-1

Details

Noam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2018-14734)

It was discovered that an integer overflow existed in the CD-ROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-16658)

It was discovered that an integer overflow existed in the HID Bluetooth implementation in the Linux kernel that could lead to a buffer overwrite. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-9363)

Yves Younan discovered that the CIPSO labeling implementation in the Linux kernel did not properly handle IP header options in some situations. A remote attacker could use this to specially craft network traffic that could cause a denial of service (infinite loop). (CVE-2018-10938)

Affected Packages

Ubuntu:16.04:LTSlinux

Fixed in:

4.4.0-138.164

Ubuntu:16.04:LTSlinux-aws

Fixed in:

4.4.0-1070.80

Ubuntu:16.04:LTSlinux-kvm

Fixed in:

4.4.0-1036.42

Ubuntu:16.04:LTSlinux-raspi2

Fixed in:

4.4.0-1099.107

Ubuntu:16.04:LTSlinux-snapdragon

Fixed in:

4.4.0-1103.108

References

REPORThttps://ubuntu.com/security/CVE-2018-10938 REPORThttps://ubuntu.com/security/CVE-2018-14734 REPORThttps://ubuntu.com/security/CVE-2018-16658 REPORThttps://ubuntu.com/security/CVE-2018-9363 ADVISORYhttps://ubuntu.com/security/notices/USN-3797-1

USN-3797-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline