USN-3364-3

Source
https://ubuntu.com/security/notices/USN-3364-3
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3364-3.json
JSON Data
https://api.osv.dev/v1/vulns/USN-3364-3
Related
Published
2017-07-25T23:09:15.040077Z
Modified
2017-07-25T23:09:15.040077Z
Summary
linux-aws, linux-gke vulnerabilities
Details

It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2014-9900)

It was discovered that the Linux kernel did not properly restrict access to /proc/iomem. A local attacker could use this to expose sensitive information. (CVE-2015-8944)

Alexander Potapenko discovered a race condition in the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-1000380)

Li Qiang discovered that the DRM driver for VMware Virtual GPUs in the Linux kernel did not properly validate some ioctl arguments. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7346)

Jann Horn discovered that bpf in Linux kernel does not restrict the output of the printbpfinsn function. A local attacker could use this to obtain sensitive address information. (CVE-2017-9150)

Murray McAllister discovered that the DRM driver for VMware Virtual GPUs in the Linux kernel did not properly initialize memory. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-9605)

References

Affected packages

Ubuntu:16.04:LTS / linux-aws

Package

Name
linux-aws
Purl
pkg:deb/ubuntu/linux-aws?arch=src?distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-1026.35

Affected versions

4.*

4.4.0-1001.10
4.4.0-1003.12
4.4.0-1004.13
4.4.0-1007.16
4.4.0-1009.18
4.4.0-1011.20
4.4.0-1012.21
4.4.0-1013.22
4.4.0-1016.25
4.4.0-1017.26
4.4.0-1018.27
4.4.0-1020.29
4.4.0-1022.31

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "4.4.0-1026.35",
            "binary_name": "linux-aws-cloud-tools-4.4.0-1026"
        },
        {
            "binary_version": "4.4.0-1026.35",
            "binary_name": "linux-aws-cloud-tools-4.4.0-1026-dbgsym"
        },
        {
            "binary_version": "4.4.0-1026.35",
            "binary_name": "linux-aws-headers-4.4.0-1026"
        },
        {
            "binary_version": "4.4.0-1026.35",
            "binary_name": "linux-aws-tools-4.4.0-1026"
        },
        {
            "binary_version": "4.4.0-1026.35",
            "binary_name": "linux-aws-tools-4.4.0-1026-dbgsym"
        },
        {
            "binary_version": "4.4.0-1026.35",
            "binary_name": "linux-cloud-tools-4.4.0-1026-aws"
        },
        {
            "binary_version": "4.4.0-1026.35",
            "binary_name": "linux-headers-4.4.0-1026-aws"
        },
        {
            "binary_version": "4.4.0-1026.35",
            "binary_name": "linux-image-4.4.0-1026-aws"
        },
        {
            "binary_version": "4.4.0-1026.35",
            "binary_name": "linux-image-4.4.0-1026-aws-dbgsym"
        },
        {
            "binary_version": "4.4.0-1026.35",
            "binary_name": "linux-tools-4.4.0-1026-aws"
        }
    ]
}

Ubuntu:16.04:LTS / linux-gke

Package

Name
linux-gke
Purl
pkg:deb/ubuntu/linux-gke?arch=src?distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-1022.22

Affected versions

4.*

4.4.0-1003.3
4.4.0-1005.6
4.4.0-1006.6
4.4.0-1008.8
4.4.0-1009.9
4.4.0-1010.10
4.4.0-1012.12
4.4.0-1013.13
4.4.0-1014.14
4.4.0-1016.16
4.4.0-1018.18

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "4.4.0-1022.22",
            "binary_name": "linux-cloud-tools-4.4.0-1022-gke"
        },
        {
            "binary_version": "4.4.0-1022.22",
            "binary_name": "linux-gke-cloud-tools-4.4.0-1022"
        },
        {
            "binary_version": "4.4.0-1022.22",
            "binary_name": "linux-gke-cloud-tools-4.4.0-1022-dbgsym"
        },
        {
            "binary_version": "4.4.0-1022.22",
            "binary_name": "linux-gke-headers-4.4.0-1022"
        },
        {
            "binary_version": "4.4.0-1022.22",
            "binary_name": "linux-gke-tools-4.4.0-1022"
        },
        {
            "binary_version": "4.4.0-1022.22",
            "binary_name": "linux-gke-tools-4.4.0-1022-dbgsym"
        },
        {
            "binary_version": "4.4.0-1022.22",
            "binary_name": "linux-headers-4.4.0-1022-gke"
        },
        {
            "binary_version": "4.4.0-1022.22",
            "binary_name": "linux-image-4.4.0-1022-gke"
        },
        {
            "binary_version": "4.4.0-1022.22",
            "binary_name": "linux-image-4.4.0-1022-gke-dbgsym"
        },
        {
            "binary_version": "4.4.0-1022.22",
            "binary_name": "linux-image-extra-4.4.0-1022-gke"
        },
        {
            "binary_version": "4.4.0-1022.22",
            "binary_name": "linux-tools-4.4.0-1022-gke"
        }
    ]
}