USN-3581-1 -- linux-imageID: oval:org.secpod.oval:def:703992 | Date: (C)2018-02-23 (M)2024-02-19 |
Class: PATCH | Family: unix |
linux: Linux kernel Details: Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. ChunYu Wang discovered that a use-after-free vulnerability existed in the SCTP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code, Mohamed Ghannam discovered a use-after-free vulnerability in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. USN-3541-1 mitigated CVE-2017-5715 for the amd64 architecture in Ubuntu 17.10. This update provides the compiler-based retpoline kernel mitigation for the amd64 and i386 architectures. Original advisory Several security issues were fixed in the Linux kernel.
Product: |
linux-image |
linux-image-generic-4.13 |
linux-image-lowlatency-4.13 |