USN-3582-1 -- linux-imageID: oval:org.secpod.oval:def:703993 | Date: (C)2018-02-23 (M)2024-04-17 |
Class: PATCH | Family: unix |
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Details: Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Laurent Guerby discovered that the mbcache feature in the ext2 and ext4 filesystems in the Linux kernel improperly handled xattr block caching. A local attacker could use this to cause a denial of service. Vitaly Mayatskikh discovered that the SCSI subsystem in the Linux kernel did not properly track reference counts when merging buffers. A local attacker could use this to cause a denial of service . ChunYu Wang discovered that a use-after-free vulnerability existed in the SCTP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code, Mohamed Ghannam discovered a use-after-free vulnerability in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. USN-3540-1 mitigated CVE-2017-5715 for the amd64 architecture in Ubuntu 16.04 LTS. This update provides the compiler-based retpoline kernel mitigation for the amd64 and i386 architectures. Original advisory Several security issues were fixed in the Linux kernel.
Product: |
linux-image |
linux-image-4.4 |
linux-image-generic-4.4 |
linux-image-aws-4.4 |
linux-image-lowlatency-4.4 |
linux-image-kvm-4.4 |