USN-3910-1

Details

It was discovered that the f2fs filesystem implementation in the Linux kernel did not handle the noflush_merge mount option correctly. An attacker could use this to cause a denial of service (system crash). (CVE-2017-18241)

It was discovered that the procfs filesystem did not properly handle processes mapping some memory elements onto files. A local attacker could use this to block utilities that examine the procfs filesystem to report operating system state, such as ps(1). (CVE-2018-1120)

Hui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19985)

It was discovered that multiple integer overflows existed in the hugetlbfs implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-7740)

Jann Horn discovered a race condition in the fork() system call in the Linux kernel. A local attacker could use this to gain access to services that cache authorizations. (CVE-2019-6133)

Affected Packages

Ubuntu:16.04:LTSlinux

Fixed in:

4.4.0-143.169

Ubuntu:16.04:LTSlinux-aws

Fixed in:

4.4.0-1077.87

Ubuntu:16.04:LTSlinux-kvm

Fixed in:

4.4.0-1041.47

Ubuntu:16.04:LTSlinux-raspi2

Fixed in:

4.4.0-1104.112

Ubuntu:16.04:LTSlinux-snapdragon

Fixed in:

4.4.0-1108.113

References

REPORThttps://ubuntu.com/security/CVE-2017-18241 REPORThttps://ubuntu.com/security/CVE-2018-1120 REPORThttps://ubuntu.com/security/CVE-2018-19985 REPORThttps://ubuntu.com/security/CVE-2018-7740 REPORThttps://ubuntu.com/security/CVE-2019-6133 ADVISORYhttps://ubuntu.com/security/notices/USN-3910-1

USN-3910-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline