USN-3848-1

Details

It was discovered that a double free existed in the AMD GPIO driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18174)

It was discovered that an integer overrun vulnerability existed in the POSIX timers implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2018-12896)

Kanda Motohiro discovered that writing extended attributes to an XFS file system in the Linux kernel in certain situations could cause an error condition to occur. A local attacker could use this to cause a denial of service. (CVE-2018-18690)

It was discovered that an integer overflow vulnerability existed in the CDROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-18710)

Affected Packages

linux

Ubuntu 16.04 LTS

Fixed in:

4.4.0-141.167

linux-aws

Ubuntu 16.04 LTS

Fixed in:

4.4.0-1074.84

linux-kvm

Ubuntu 16.04 LTS

Fixed in:

4.4.0-1039.45

linux-raspi2

Ubuntu 16.04 LTS

Fixed in:

4.4.0-1102.110

linux-snapdragon

Ubuntu 16.04 LTS

Fixed in:

4.4.0-1106.111

References

REPORThttps://ubuntu.com/security/CVE-2017-18174 REPORThttps://ubuntu.com/security/CVE-2018-12896 REPORThttps://ubuntu.com/security/CVE-2018-18690 REPORThttps://ubuntu.com/security/CVE-2018-18710 ADVISORYhttps://ubuntu.com/security/notices/USN-3848-1

USN-3848-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline