1. Home
  2. Security Advisories
  3. Ubuntu
  4. USN-3847-1

[USN-3847-1] Linux kernel vulnerabilities

Severity Medium
Affected Packages 12
CVEs 7
Info Packages Vulnerabilities

Several security issues were fixed in the Linux kernel.

It was discovered that a race condition existed in the raw MIDI driver for
the Linux kernel, leading to a double free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2018-10902)

It was discovered that an integer overrun vulnerability existed in the
POSIX timers implementation in the Linux kernel. A local attacker could use
this to cause a denial of service. (CVE-2018-12896)

Noam Rathaus discovered that a use-after-free vulnerability existed in the
Infiniband implementation in the Linux kernel. An attacker could use this
to cause a denial of service (system crash). (CVE-2018-14734)

It was discovered that the YUREX USB device driver for the Linux kernel did
not properly restrict user space reads or writes. A physically proximate
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2018-16276)

It was discovered that the BPF verifier in the Linux kernel did not
correctly compute numeric bounds in some situations. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2018-18445)

Kanda Motohiro discovered that writing extended attributes to an XFS file
system in the Linux kernel in certain situations could cause an error
condition to occur. A local attacker could use this to cause a denial of
service. (CVE-2018-18690)

It was discovered that an integer overflow vulnerability existed in the
CDROM driver of the Linux kernel. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2018-18710)

Package Affected Version
pkg:deb/ubuntu/linux-image-unsigned-4.15.0-43-lowlatency?distro=bionic < 4.15.0-43.46
pkg:deb/ubuntu/linux-image-unsigned-4.15.0-43-generic?distro=bionic < 4.15.0-43.46
pkg:deb/ubuntu/linux-image-unsigned-4.15.0-1036-azure?distro=bionic < 4.15.0-1036.38
pkg:deb/ubuntu/linux-image-unsigned-4.15.0-1030-oem?distro=bionic < 4.15.0-1030.35
pkg:deb/ubuntu/linux-image-unsigned-4.15.0-1026-gcp?distro=bionic < 4.15.0-1026.27
pkg:deb/ubuntu/linux-image-4.15.0-43-snapdragon?distro=bionic < 4.15.0-43.46
pkg:deb/ubuntu/linux-image-4.15.0-43-lowlatency?distro=bionic < 4.15.0-43.46
pkg:deb/ubuntu/linux-image-4.15.0-43-generic?distro=bionic < 4.15.0-43.46
pkg:deb/ubuntu/linux-image-4.15.0-43-generic-lpae?distro=bionic < 4.15.0-43.46
pkg:deb/ubuntu/linux-image-4.15.0-1031-aws?distro=bionic < 4.15.0-1031.33
pkg:deb/ubuntu/linux-image-4.15.0-1030-raspi2?distro=bionic < 4.15.0-1030.32
pkg:deb/ubuntu/linux-image-4.15.0-1028-kvm?distro=bionic < 4.15.0-1028.28
ID
USN-3847-1
Severity
medium
URL
https://ubuntu.com/security/notices/USN-3847-1
Published
2018-12-20T22:39:41
(5 years ago)
Modified
2018-12-20T22:39:41
(5 years ago)
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:deb/ubuntu/linux-image-unsigned-4.15.0-43-lowlatency?distro=bionic ubuntu linux-image-unsigned-4.15.0-43-lowlatency < 4.15.0-43.46 bionic
Affected pkg:deb/ubuntu/linux-image-unsigned-4.15.0-43-generic?distro=bionic ubuntu linux-image-unsigned-4.15.0-43-generic < 4.15.0-43.46 bionic
Affected pkg:deb/ubuntu/linux-image-unsigned-4.15.0-1036-azure?distro=bionic ubuntu linux-image-unsigned-4.15.0-1036-azure < 4.15.0-1036.38 bionic
Affected pkg:deb/ubuntu/linux-image-unsigned-4.15.0-1030-oem?distro=bionic ubuntu linux-image-unsigned-4.15.0-1030-oem < 4.15.0-1030.35 bionic
Affected pkg:deb/ubuntu/linux-image-unsigned-4.15.0-1026-gcp?distro=bionic ubuntu linux-image-unsigned-4.15.0-1026-gcp < 4.15.0-1026.27 bionic
Affected pkg:deb/ubuntu/linux-image-4.15.0-43-snapdragon?distro=bionic ubuntu linux-image-4.15.0-43-snapdragon < 4.15.0-43.46 bionic
Affected pkg:deb/ubuntu/linux-image-4.15.0-43-lowlatency?distro=bionic ubuntu linux-image-4.15.0-43-lowlatency < 4.15.0-43.46 bionic
Affected pkg:deb/ubuntu/linux-image-4.15.0-43-generic?distro=bionic ubuntu linux-image-4.15.0-43-generic < 4.15.0-43.46 bionic
Affected pkg:deb/ubuntu/linux-image-4.15.0-43-generic-lpae?distro=bionic ubuntu linux-image-4.15.0-43-generic-lpae < 4.15.0-43.46 bionic
Affected pkg:deb/ubuntu/linux-image-4.15.0-1031-aws?distro=bionic ubuntu linux-image-4.15.0-1031-aws < 4.15.0-1031.33 bionic
Affected pkg:deb/ubuntu/linux-image-4.15.0-1030-raspi2?distro=bionic ubuntu linux-image-4.15.0-1030-raspi2 < 4.15.0-1030.32 bionic
Affected pkg:deb/ubuntu/linux-image-4.15.0-1028-kvm?distro=bionic ubuntu linux-image-4.15.0-1028-kvm < 4.15.0-1028.28 bionic
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date