[USN-1384-1] Linux kernel (Oneiric backport) vulnerabilities
Several security issues were fixed in the kernel.
A bug was discovered in the Linux kernel's calculation of OOM (Out of
memory) scores, that would result in the wrong process being killed. A user
could use this to kill the process with the highest OOM score, even if that
process belongs to another user or the system. (CVE-2011-4097)
Paolo Bonzini discovered a flaw in Linux's handling of the SG_IO ioctl
command. A local user, or user in a VM could exploit this flaw to bypass
restrictions and gain read/write access to all data on the affected block
device. (CVE-2011-4127)
A flaw was found in KVM's Programmable Interval Timer (PIT). When a virtual
interrupt control is not available a local user could use this to cause a
denial of service by starting a timer. (CVE-2011-4622)
A flaw was discovered in the XFS filesystem. If a local user mounts a
specially crafted XFS image it could potential execute arbitrary code on
the system. (CVE-2012-0038)
Andy Whitcroft discovered a that the Overlayfs filesystem was not doing the
extended permission checks needed by cgroups and Linux Security Modules
(LSMs). A local user could exploit this to by-pass security policy and
access files that should not be accessible. (CVE-2012-0055)
A flaw was found in the linux kernels IPv4 IGMP query processing. A remote
attacker could exploit this to cause a denial of service. (CVE-2012-0207)
A flaw was found in the Linux kernel's ext4 file system when mounting a
corrupt filesystem. A user-assisted remote attacker could exploit this flaw
to cause a denial of service. (CVE-2012-2100)
- ID
- USN-1384-1
- Severity
- high
- Severity from
- CVE-2012-0055
- URL
- https://ubuntu.com/security/notices/USN-1384-1
- Published
-
2012-03-06T15:50:36
(12 years ago) - Modified
-
2012-03-06T15:50:36
(12 years ago) - Other Advisories
-
- ALAS-2012-34
- ALAS-2012-55
- ALAS-2013-148
- ELSA-2011-1849
- ELSA-2011-2038
- ELSA-2012-0051
- ELSA-2012-0107
- ELSA-2012-0350
- ELSA-2012-1445
- ELSA-2012-1580
- ELSA-2012-2003
- ELSA-2012-2048
- FEDORA-2011-15323
- FEDORA-2011-15856
- FEDORA-2011-16621
- FEDORA-2011-17372
- FEDORA-2011-17388
- FEDORA-2012-0145
- FEDORA-2012-0363
- FEDORA-2012-0480
- FEDORA-2012-0492
- FEDORA-2012-0861
- FEDORA-2012-0876
- FEDORA-2012-11348
- FEDORA-2012-12684
- FEDORA-2012-1497
- FEDORA-2012-1503
- FEDORA-2012-17479
- FEDORA-2012-18691
- FEDORA-2012-20240
- FEDORA-2012-2753
- FEDORA-2012-3030
- FEDORA-2012-3350
- FEDORA-2012-3356
- FEDORA-2012-3712
- FEDORA-2012-3715
- FEDORA-2012-4410
- FEDORA-2012-6386
- FEDORA-2012-6406
- FEDORA-2012-7538
- FEDORA-2012-7594
- FEDORA-2012-8359
- FEDORA-2012-8890
- FEDORA-2012-8931
- RHSA-2011:1849
- RHSA-2012:0350
- RHSA-2012:1580
- SUSE-SU-2015:0481-1
- SUSE-SU-2015:0652-1
- USN-1356-1
- USN-1361-1
- USN-1362-1
- USN-1363-1
- USN-1364-1
- USN-1380-1
- USN-1386-1
- USN-1387-1
- USN-1388-1
- USN-1389-1
- USN-1391-1
- USN-1394-1
- USN-1404-1
- USN-1405-1
- USN-1432-1
- USN-1440-1
- USN-1458-1
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |