USN-3822-1

Details

Jim Mattson discovered that the KVM implementation in the Linux kernel mismanages the #BP and #OF exceptions. A local attacker in a guest virtual machine could use this to cause a denial of service (guest OS crash). (CVE-2016-9588)

It was discovered that the generic SCSI driver in the Linux kernel did not properly enforce permissions on kernel memory access. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2017-13168)

Andrey Konovalov discovered that the CDC USB Ethernet driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16649)

It was discovered that an integer overflow existed in the CD-ROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-16658)

It was discovered that an integer overflow existed in the HID Bluetooth implementation in the Linux kernel that could lead to a buffer overwrite. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-9363)

Affected Packages

Ubuntu:14.04:LTSlinux

Fixed in:

3.13.0-162.212

References

REPORThttps://ubuntu.com/security/CVE-2016-9588 REPORThttps://ubuntu.com/security/CVE-2017-13168 REPORThttps://ubuntu.com/security/CVE-2017-16649 REPORThttps://ubuntu.com/security/CVE-2018-16658 REPORThttps://ubuntu.com/security/CVE-2018-9363 ADVISORYhttps://ubuntu.com/security/notices/USN-3822-1

USN-3822-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline