[USN-2978-1] Linux kernel vulnerabilities
Several security issues were fixed in the kernel.
David Matlack discovered that the Kernel-based Virtual Machine (KVM)
implementation in the Linux kernel did not properly restrict variable
Memory Type Range Registers (MTRR) in KVM guests. A privileged user in a
guest VM could use this to cause a denial of service (system crash) in the
host, expose sensitive information from the host, or possibly gain
administrative privileges in the host. (CVE-2016-3713)
Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did
not properly process certificate files with tags of indefinite length. A
local unprivileged attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code with administrative
privileges. (CVE-2016-0758)
- ID
- USN-2978-1
- Severity
- high
- Severity from
- CVE-2016-0758
- URL
- https://ubuntu.com/security/notices/USN-2978-1
- Published
-
2016-05-16T17:31:19
(8 years ago) - Modified
-
2016-05-16T17:31:19
(8 years ago) - Other Advisories
-
- ALAS-2016-703
- ELSA-2016-1033
- ELSA-2016-3559
- ELSA-2016-3565
- ELSA-2018-4300
- ELSA-2018-4301
- ELSA-2019-4316
- FEDORA-2016-06f1572324
- FEDORA-2016-2363b37a98
- FEDORA-2016-84fdc82b74
- FEDORA-2016-f8739a80b0
- RHSA-2016:1033
- RHSA-2016:1051
- SUSE-SU-2016:1672-1
- SUSE-SU-2016:1690-1
- SUSE-SU-2016:1937-1
- SUSE-SU-2016:1961-1
- SUSE-SU-2016:1985-1
- SUSE-SU-2016:1994-1
- SUSE-SU-2016:1995-1
- SUSE-SU-2016:2000-1
- SUSE-SU-2016:2001-1
- SUSE-SU-2016:2002-1
- SUSE-SU-2016:2003-1
- SUSE-SU-2016:2005-1
- SUSE-SU-2016:2006-1
- SUSE-SU-2016:2007-1
- SUSE-SU-2016:2009-1
- SUSE-SU-2016:2010-1
- SUSE-SU-2016:2011-1
- SUSE-SU-2016:2014-1
- SUSE-SU-2016:2105-1
- SUSE-SU-2016:2245-1
- USN-2975-1
- USN-2975-2
- USN-2976-1
- USN-2977-1
- USN-2978-2
- USN-2978-3
- USN-2979-1
- USN-2979-2
- USN-2979-3
- USN-2979-4
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |