USN-3364-3

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-3364-3

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3364-3.json

JSON Data

https://api.osv.dev/v1/vulns/USN-3364-3

Related

Published

2017-07-25T23:09:15.040077Z

Modified

2017-07-25T23:09:15.040077Z

Summary

linux-aws, linux-gke vulnerabilities

Details

It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2014-9900)

It was discovered that the Linux kernel did not properly restrict access to /proc/iomem. A local attacker could use this to expose sensitive information. (CVE-2015-8944)

Alexander Potapenko discovered a race condition in the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-1000380)

Li Qiang discovered that the DRM driver for VMware Virtual GPUs in the Linux kernel did not properly validate some ioctl arguments. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7346)

Jann Horn discovered that bpf in Linux kernel does not restrict the output of the printbpfinsn function. A local attacker could use this to obtain sensitive address information. (CVE-2017-9150)

Murray McAllister discovered that the DRM driver for VMware Virtual GPUs in the Linux kernel did not properly initialize memory. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-9605)

References

Affected packages

Ubuntu:16.04:LTS / linux-aws

Package

Name: linux-aws
Purl: pkg:deb/ubuntu/linux-aws?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.4.0-1026.35

Affected versions

4.*

4.4.0-1001.10

4.4.0-1003.12

4.4.0-1004.13

4.4.0-1007.16

4.4.0-1009.18

4.4.0-1011.20

4.4.0-1012.21

4.4.0-1013.22

4.4.0-1016.25

4.4.0-1017.26

4.4.0-1018.27

4.4.0-1020.29

4.4.0-1022.31

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "4.4.0-1026.35",
            "binary_name": "linux-aws-cloud-tools-4.4.0-1026"
        },
        {
            "binary_version": "4.4.0-1026.35",
            "binary_name": "linux-aws-cloud-tools-4.4.0-1026-dbgsym"
        },
        {
            "binary_version": "4.4.0-1026.35",
            "binary_name": "linux-aws-headers-4.4.0-1026"
        },
        {
            "binary_version": "4.4.0-1026.35",
            "binary_name": "linux-aws-tools-4.4.0-1026"
        },
        {
            "binary_version": "4.4.0-1026.35",
            "binary_name": "linux-aws-tools-4.4.0-1026-dbgsym"
        },
        {
            "binary_version": "4.4.0-1026.35",
            "binary_name": "linux-cloud-tools-4.4.0-1026-aws"
        },
        {
            "binary_version": "4.4.0-1026.35",
            "binary_name": "linux-headers-4.4.0-1026-aws"
        },
        {
            "binary_version": "4.4.0-1026.35",
            "binary_name": "linux-image-4.4.0-1026-aws"
        },
        {
            "binary_version": "4.4.0-1026.35",
            "binary_name": "linux-image-4.4.0-1026-aws-dbgsym"
        },
        {
            "binary_version": "4.4.0-1026.35",
            "binary_name": "linux-tools-4.4.0-1026-aws"
        }
    ]
}

Ubuntu:16.04:LTS / linux-gke

Package

Name: linux-gke
Purl: pkg:deb/ubuntu/linux-gke?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.4.0-1022.22

Affected versions

4.*

4.4.0-1003.3

4.4.0-1005.6

4.4.0-1006.6

4.4.0-1008.8

4.4.0-1009.9

4.4.0-1010.10

4.4.0-1012.12

4.4.0-1013.13

4.4.0-1014.14

4.4.0-1016.16

4.4.0-1018.18

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "4.4.0-1022.22",
            "binary_name": "linux-cloud-tools-4.4.0-1022-gke"
        },
        {
            "binary_version": "4.4.0-1022.22",
            "binary_name": "linux-gke-cloud-tools-4.4.0-1022"
        },
        {
            "binary_version": "4.4.0-1022.22",
            "binary_name": "linux-gke-cloud-tools-4.4.0-1022-dbgsym"
        },
        {
            "binary_version": "4.4.0-1022.22",
            "binary_name": "linux-gke-headers-4.4.0-1022"
        },
        {
            "binary_version": "4.4.0-1022.22",
            "binary_name": "linux-gke-tools-4.4.0-1022"
        },
        {
            "binary_version": "4.4.0-1022.22",
            "binary_name": "linux-gke-tools-4.4.0-1022-dbgsym"
        },
        {
            "binary_version": "4.4.0-1022.22",
            "binary_name": "linux-headers-4.4.0-1022-gke"
        },
        {
            "binary_version": "4.4.0-1022.22",
            "binary_name": "linux-image-4.4.0-1022-gke"
        },
        {
            "binary_version": "4.4.0-1022.22",
            "binary_name": "linux-image-4.4.0-1022-gke-dbgsym"
        },
        {
            "binary_version": "4.4.0-1022.22",
            "binary_name": "linux-image-extra-4.4.0-1022-gke"
        },
        {
            "binary_version": "4.4.0-1022.22",
            "binary_name": "linux-tools-4.4.0-1022-gke"
        }
    ]
}