USN-3820-3

Details

Felix Wilhelm discovered that the Xen netback driver in the Linux kernel did not properly perform input validation in some situations. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-15471)

It was discovered that the generic SCSI driver in the Linux kernel did not properly enforce permissions on kernel memory access. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2017-13168)

It was discovered that an integer overflow existed in the CD-ROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-16658)

It was discovered that an integer overflow existed in the HID Bluetooth implementation in the Linux kernel that could lead to a buffer overwrite. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-9363)

Affected Packages

Ubuntu:14.04:LTSlinux-azure

Fixed in:

4.15.0-1031.32~14.04.1

References

REPORThttps://ubuntu.com/security/CVE-2017-13168 REPORThttps://ubuntu.com/security/CVE-2018-15471 REPORThttps://ubuntu.com/security/CVE-2018-16658 REPORThttps://ubuntu.com/security/CVE-2018-9363 ADVISORYhttps://ubuntu.com/security/notices/USN-3820-3

USN-3820-3

Details

Affected Packages

References

Upstream

Ecosystems

Timeline