[USN-3798-1] Linux kernel vulnerabilities
Several security issues were fixed in the Linux kernel.
Dmitry Vyukov discovered that the key management subsystem in the Linux
kernel did not properly restrict adding a key that already exists but is
negatively instantiated. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2015-8539)
It was discovered that a use-after-free vulnerability existed in the device
driver for XCeive xc2028/xc3028 tuners in the Linux kernel. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2016-7913)
Pengfei Ding (丁鹏飞), Chenfu Bao (包沉浮), and Lenx Wei (韦韬)
discovered a race condition in the generic SCSI driver (sg) of the Linux
kernel. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2017-0794)
Eric Biggers discovered that the key management subsystem in the Linux
kernel did not properly restrict adding a key that already exists but is
uninstantiated. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2017-15299)
It was discovered that a NULL pointer dereference could be triggered in the
OCFS2 file system implementation in the Linux kernel. A local attacker
could use this to cause a denial of service (system crash).
(CVE-2017-18216)
Luo Quan and Wei Yang discovered that a race condition existed in the
Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel when
handling ioctl()s. A local attacker could use this to cause a denial of
service (system deadlock). (CVE-2018-1000004)
范龙飞 discovered that a race condition existed in the Advanced Linux
Sound Architecture (ALSA) subsystem of the Linux kernel that could lead to
a use- after-free or an out-of-bounds buffer access. A local attacker with
access to /dev/snd/seq could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2018-7566)
It was discovered that a buffer overflow existed in the NFC Logical Link
Control Protocol (llcp) implementation in the Linux kernel. An attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2018-9518)
Package | Affected Version |
---|---|
pkg:deb/ubuntu/linux-image-extra-3.13.0-161-generic?distro=trusty | < 3.13.0-161.211 |
pkg:deb/ubuntu/linux-image-3.13.0-161-powerpc64-smp?distro=trusty | < 3.13.0-161.211 |
pkg:deb/ubuntu/linux-image-3.13.0-161-powerpc64-emb?distro=trusty | < 3.13.0-161.211 |
pkg:deb/ubuntu/linux-image-3.13.0-161-powerpc-smp?distro=trusty | < 3.13.0-161.211 |
pkg:deb/ubuntu/linux-image-3.13.0-161-powerpc-e500mc?distro=trusty | < 3.13.0-161.211 |
pkg:deb/ubuntu/linux-image-3.13.0-161-powerpc-e500?distro=trusty | < 3.13.0-161.211 |
pkg:deb/ubuntu/linux-image-3.13.0-161-lowlatency?distro=trusty | < 3.13.0-161.211 |
pkg:deb/ubuntu/linux-image-3.13.0-161-generic?distro=trusty | < 3.13.0-161.211 |
pkg:deb/ubuntu/linux-image-3.13.0-161-generic-lpae?distro=trusty | < 3.13.0-161.211 |
- ID
- USN-3798-1
- Severity
- medium
- URL
- https://ubuntu.com/security/notices/USN-3798-1
- Published
-
2018-10-23T02:46:56
(5 years ago) - Modified
-
2018-10-23T02:46:56
(5 years ago) - Other Advisories
-
- ALAS-2017-925
- DSA-4187-1
- DSA-4188-1
- ELSA-2018-0151
- ELSA-2018-1062
- ELSA-2018-2384
- ELSA-2018-2390
- ELSA-2018-4108
- ELSA-2018-4109
- ELSA-2018-4110
- ELSA-2018-4200
- ELSA-2018-4211
- ELSA-2018-4246
- ELSA-2018-4250
- ELSA-2018-4301
- ELSA-2018-4307
- ELSA-2019-4316
- ELSA-2019-4317
- ELSA-2020-5912
- ELSA-2021-9473
- FEDORA-2017-aa9927961f
- FEDORA-2017-c110ac0eb1
- FEDORA-2017-cafcdbdde5
- FEDORA-2018-1c80fea1cd
- FEDORA-2018-1e033dc308
- FEDORA-2018-2a0f8b2c9d
- FEDORA-2018-2ee3411cb8
- FEDORA-2018-2f6df9abfb
- FEDORA-2018-49bda79bd5
- FEDORA-2018-4ca01704a2
- FEDORA-2018-6367a17aa3
- FEDORA-2018-79d7c3d2df
- FEDORA-2018-8484550fff
- FEDORA-2018-884a105c04
- FEDORA-2018-93c2e74446
- FEDORA-2018-94315e9a6b
- FEDORA-2018-9d0e4e40b5
- FEDORA-2018-b57db4753c
- FEDORA-2018-b68776e5b0
- FEDORA-2018-b997780dca
- FEDORA-2018-c0a1284064
- FEDORA-2018-c449dc1c9c
- FEDORA-2018-d09a73ce72
- FEDORA-2018-d77cc41f35
- FEDORA-2018-d82b617d6c
- FEDORA-2018-e71875c4aa
- FEDORA-2018-e8f793bbfc
- RHSA-2018:0151
- RHSA-2018:0152
- RHSA-2018:0676
- RHSA-2018:1062
- RHSA-2018:2384
- RHSA-2018:2390
- RHSA-2018:2395
- SSA:2018-142-01
- SUSE-SU-2016:0168-1
- SUSE-SU-2016:0335-1
- SUSE-SU-2016:0336-1
- SUSE-SU-2016:0337-1
- SUSE-SU-2016:0339-1
- SUSE-SU-2016:0380-1
- SUSE-SU-2016:0381-1
- SUSE-SU-2016:0383-1
- SUSE-SU-2016:0384-1
- SUSE-SU-2016:0386-1
- SUSE-SU-2016:0387-1
- SUSE-SU-2016:0434-1
- SUSE-SU-2016:0585-1
- SUSE-SU-2016:0911-1
- SUSE-SU-2016:1102-1
- SUSE-SU-2016:1203-1
- SUSE-SU-2016:1937-1
- SUSE-SU-2016:2074-1
- SUSE-SU-2017:0181-1
- SUSE-SU-2017:0407-1
- SUSE-SU-2017:0464-1
- SUSE-SU-2017:0471-1
- SUSE-SU-2018:0383-1
- SUSE-SU-2018:0416-1
- SUSE-SU-2018:0437-1
- SUSE-SU-2018:0482-1
- SUSE-SU-2018:0525-1
- SUSE-SU-2018:0555-1
- SUSE-SU-2018:0660-1
- SUSE-SU-2018:0834-1
- SUSE-SU-2018:0841-1
- SUSE-SU-2018:0848-1
- SUSE-SU-2018:0986-1
- SUSE-SU-2018:0988-1
- SUSE-SU-2018:0989-1
- SUSE-SU-2018:0990-1
- SUSE-SU-2018:0991-1
- SUSE-SU-2018:0992-1
- SUSE-SU-2018:0993-1
- SUSE-SU-2018:0994-1
- SUSE-SU-2018:0995-1
- SUSE-SU-2018:0996-1
- SUSE-SU-2018:0997-1
- SUSE-SU-2018:0998-1
- SUSE-SU-2018:0999-1
- SUSE-SU-2018:1000-1
- SUSE-SU-2018:1001-1
- SUSE-SU-2018:1002-1
- SUSE-SU-2018:1003-1
- SUSE-SU-2018:1004-1
- SUSE-SU-2018:1005-1
- SUSE-SU-2018:1006-1
- SUSE-SU-2018:1007-1
- SUSE-SU-2018:1008-1
- SUSE-SU-2018:1009-1
- SUSE-SU-2018:1010-1
- SUSE-SU-2018:1011-1
- SUSE-SU-2018:1012-1
- SUSE-SU-2018:1013-1
- SUSE-SU-2018:1014-1
- SUSE-SU-2018:1015-1
- SUSE-SU-2018:1016-1
- SUSE-SU-2018:1018-1
- SUSE-SU-2018:1019-1
- SUSE-SU-2018:1020-1
- SUSE-SU-2018:1021-1
- SUSE-SU-2018:1022-1
- SUSE-SU-2018:1023-1
- SUSE-SU-2018:1024-1
- SUSE-SU-2018:1025-1
- SUSE-SU-2018:1026-1
- SUSE-SU-2018:1027-1
- SUSE-SU-2018:1028-1
- SUSE-SU-2018:1029-1
- SUSE-SU-2018:1030-1
- SUSE-SU-2018:1031-1
- SUSE-SU-2018:1032-1
- SUSE-SU-2018:1033-1
- SUSE-SU-2018:1034-1
- SUSE-SU-2018:1035-1
- SUSE-SU-2018:1080-1
- SUSE-SU-2018:1172-1
- SUSE-SU-2018:1309-1
- USN-3312-1
- USN-3312-2
- USN-3485-1
- USN-3485-2
- USN-3485-3
- USN-3507-1
- USN-3507-2
- USN-3631-1
- USN-3631-2
- USN-3776-1
- USN-3776-2
- USN-3798-2
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:deb/ubuntu/linux-image-extra-3.13.0-161-generic?distro=trusty | ubuntu | linux-image-extra-3.13.0-161-generic | < 3.13.0-161.211 | trusty | ||
Affected | pkg:deb/ubuntu/linux-image-3.13.0-161-powerpc64-smp?distro=trusty | ubuntu | linux-image-3.13.0-161-powerpc64-smp | < 3.13.0-161.211 | trusty | ||
Affected | pkg:deb/ubuntu/linux-image-3.13.0-161-powerpc64-emb?distro=trusty | ubuntu | linux-image-3.13.0-161-powerpc64-emb | < 3.13.0-161.211 | trusty | ||
Affected | pkg:deb/ubuntu/linux-image-3.13.0-161-powerpc-smp?distro=trusty | ubuntu | linux-image-3.13.0-161-powerpc-smp | < 3.13.0-161.211 | trusty | ||
Affected | pkg:deb/ubuntu/linux-image-3.13.0-161-powerpc-e500mc?distro=trusty | ubuntu | linux-image-3.13.0-161-powerpc-e500mc | < 3.13.0-161.211 | trusty | ||
Affected | pkg:deb/ubuntu/linux-image-3.13.0-161-powerpc-e500?distro=trusty | ubuntu | linux-image-3.13.0-161-powerpc-e500 | < 3.13.0-161.211 | trusty | ||
Affected | pkg:deb/ubuntu/linux-image-3.13.0-161-lowlatency?distro=trusty | ubuntu | linux-image-3.13.0-161-lowlatency | < 3.13.0-161.211 | trusty | ||
Affected | pkg:deb/ubuntu/linux-image-3.13.0-161-generic?distro=trusty | ubuntu | linux-image-3.13.0-161-generic | < 3.13.0-161.211 | trusty | ||
Affected | pkg:deb/ubuntu/linux-image-3.13.0-161-generic-lpae?distro=trusty | ubuntu | linux-image-3.13.0-161-generic-lpae | < 3.13.0-161.211 | trusty |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |