[USN-3070-1] Linux kernel vulnerabilities
Several security issues were fixed in the kernel.
A missing permission check when settings ACLs was discovered in nfsd. A
local user could exploit this flaw to gain access to any file by setting an
ACL. (CVE-2016-1237)
Kangjie Lu discovered an information leak in the Reliable Datagram Sockets
(RDS) implementation in the Linux kernel. A local attacker could use this
to obtain potentially sensitive information from kernel memory.
(CVE-2016-5244)
James Patrick-Evans discovered that the airspy USB device driver in the
Linux kernel did not properly handle certain error conditions. An attacker
with physical access could use this to cause a denial of service (memory
consumption). (CVE-2016-5400)
Yue Cao et al discovered a flaw in the TCP implementation's handling of
challenge acks in the Linux kernel. A remote attacker could use this to
cause a denial of service (reset connection) or inject content into an TCP
stream. (CVE-2016-5696)
Pengfei Wang discovered a race condition in the MIC VOP driver in the Linux
kernel. A local attacker could use this to cause a denial of service
(system crash) or obtain potentially sensitive information from kernel
memory. (CVE-2016-5728)
Cyril Bur discovered that on PowerPC platforms, the Linux kernel mishandled
transactional memory state on exec(). A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2016-5828)
It was discovered that a heap based buffer overflow existed in the USB HID
driver in the Linux kernel. A local attacker could use this cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2016-5829)
It was discovered that the OverlayFS implementation in the Linux kernel did
not properly verify dentry state before proceeding with unlink and rename
operations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2016-6197)
Package | Affected Version |
---|---|
pkg:deb/ubuntu/linux-image-extra-4.4.0-36-generic?distro=xenial | < 4.4.0-36.55 |
pkg:deb/ubuntu/linux-image-4.4.0-36-powerpc64-smp?distro=xenial | < 4.4.0-36.55 |
pkg:deb/ubuntu/linux-image-4.4.0-36-powerpc64-emb?distro=xenial | < 4.4.0-36.55 |
pkg:deb/ubuntu/linux-image-4.4.0-36-powerpc-smp?distro=xenial | < 4.4.0-36.55 |
pkg:deb/ubuntu/linux-image-4.4.0-36-powerpc-e500mc?distro=xenial | < 4.4.0-36.55 |
pkg:deb/ubuntu/linux-image-4.4.0-36-lowlatency?distro=xenial | < 4.4.0-36.55 |
pkg:deb/ubuntu/linux-image-4.4.0-36-generic?distro=xenial | < 4.4.0-36.55 |
pkg:deb/ubuntu/linux-image-4.4.0-36-generic-lpae?distro=xenial | < 4.4.0-36.55 |
- ID
- USN-3070-1
- Severity
- medium
- URL
- https://ubuntu.com/security/notices/USN-3070-1
- Published
-
2016-08-29T19:01:14
(8 years ago) - Modified
-
2016-08-29T19:01:14
(8 years ago) - Other Advisories
-
- ALAS-2016-726
- DSA-3607-1
- DSA-3616-1
- DSA-3659-1
- ELSA-2016-1633
- ELSA-2016-1664
- ELSA-2016-2006
- ELSA-2016-2574
- ELSA-2016-3587
- ELSA-2016-3594
- ELSA-2016-3595
- ELSA-2016-3623
- ELSA-2016-3624
- ELSA-2016-3625
- ELSA-2020-5533
- ELSA-2020-5670
- FEDORA-2016-1c409313f4
- FEDORA-2016-30e3636e79
- FEDORA-2016-3daf782dfa
- FEDORA-2016-73a733f4d9
- FEDORA-2016-754e4768d8
- FEDORA-2016-784d5526d8
- FEDORA-2016-80edb9d511
- FEDORA-2016-9a16b2e14e
- FEDORA-2016-e0f3fcd7df
- RHSA-2016:1632
- RHSA-2016:1633
- RHSA-2016:1664
- RHSA-2016:1847
- RHSA-2016:1875
- RHSA-2016:2006
- RHSA-2016:2574
- RHSA-2016:2584
- SUSE-SU-2016:1672-1
- SUSE-SU-2016:1690-1
- SUSE-SU-2016:1937-1
- SUSE-SU-2016:1985-1
- SUSE-SU-2016:2018-1
- SUSE-SU-2016:2105-1
- SUSE-SU-2016:2174-1
- SUSE-SU-2016:2175-1
- SUSE-SU-2016:2177-1
- SUSE-SU-2016:2178-1
- SUSE-SU-2016:2179-1
- SUSE-SU-2016:2180-1
- SUSE-SU-2016:2181-1
- SUSE-SU-2016:2245-1
- SUSE-SU-2016:2912-1
- SUSE-SU-2016:2976-1
- SUSE-SU-2016:3069-1
- SUSE-SU-2016:3304-1
- SUSE-SU-2017:0333-1
- SUSE-SU-2017:0437-1
- SUSE-SU-2017:0471-1
- SUSE-SU-2017:1102-1
- USN-3053-1
- USN-3070-2
- USN-3070-3
- USN-3070-4
- USN-3071-1
- USN-3071-2
- USN-3072-1
- USN-3072-2
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:deb/ubuntu/linux-image-extra-4.4.0-36-generic?distro=xenial | ubuntu | linux-image-extra-4.4.0-36-generic | < 4.4.0-36.55 | xenial | ||
Affected | pkg:deb/ubuntu/linux-image-4.4.0-36-powerpc64-smp?distro=xenial | ubuntu | linux-image-4.4.0-36-powerpc64-smp | < 4.4.0-36.55 | xenial | ||
Affected | pkg:deb/ubuntu/linux-image-4.4.0-36-powerpc64-emb?distro=xenial | ubuntu | linux-image-4.4.0-36-powerpc64-emb | < 4.4.0-36.55 | xenial | ||
Affected | pkg:deb/ubuntu/linux-image-4.4.0-36-powerpc-smp?distro=xenial | ubuntu | linux-image-4.4.0-36-powerpc-smp | < 4.4.0-36.55 | xenial | ||
Affected | pkg:deb/ubuntu/linux-image-4.4.0-36-powerpc-e500mc?distro=xenial | ubuntu | linux-image-4.4.0-36-powerpc-e500mc | < 4.4.0-36.55 | xenial | ||
Affected | pkg:deb/ubuntu/linux-image-4.4.0-36-lowlatency?distro=xenial | ubuntu | linux-image-4.4.0-36-lowlatency | < 4.4.0-36.55 | xenial | ||
Affected | pkg:deb/ubuntu/linux-image-4.4.0-36-generic?distro=xenial | ubuntu | linux-image-4.4.0-36-generic | < 4.4.0-36.55 | xenial | ||
Affected | pkg:deb/ubuntu/linux-image-4.4.0-36-generic-lpae?distro=xenial | ubuntu | linux-image-4.4.0-36-generic-lpae | < 4.4.0-36.55 | xenial |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |