USN-3697-2

See a problem?
Source
https://ubuntu.com/security/notices/USN-3697-2
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3697-2.json
JSON Data
https://api.osv.dev/v1/vulns/USN-3697-2
Related
Published
2018-07-02T20:05:04.497080Z
Modified
2018-07-02T20:05:04.497080Z
Summary
linux-oem vulnerabilities
Details

It was discovered that a null pointer dereference vulnerability existed in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1130)

Jann Horn discovered that the 32 bit adjtimex() syscall implementation for 64 bit Linux kernels did not properly initialize memory returned to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-11508)

Wang Qize discovered that an information disclosure vulnerability existed in the SMBus driver for ACPI Embedded Controllers in the Linux kernel. A local attacker could use this to expose sensitive information (kernel pointer addresses). (CVE-2018-5750)

It was discovered that the SCTP Protocol implementation in the Linux kernel did not properly validate userspace provided payload lengths in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5803)

It was discovered that an integer overflow error existed in the futex implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-6927)

It was discovered that an information leak vulnerability existed in the floppy driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-7755)

It was discovered that a memory leak existed in the SAS driver subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-7757)

References

Affected packages

Ubuntu:16.04:LTS / linux-oem

Package

Name
linux-oem
Purl
pkg:deb/ubuntu/linux-oem@4.13.0-1031.35?arch=src?distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.13.0-1031.35

Affected versions

4.*

4.13.0-1008.9
4.13.0-1010.11
4.13.0-1012.13
4.13.0-1015.16
4.13.0-1017.18
4.13.0-1019.20
4.13.0-1020.21
4.13.0-1021.23
4.13.0-1022.24
4.13.0-1024.27
4.13.0-1026.29
4.13.0-1028.31
4.13.0-1030.33

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "floppy-modules-4.13.0-1031-oem-di": "4.13.0-1031.35",
            "block-modules-4.13.0-1031-oem-di": "4.13.0-1031.35",
            "linux-oem-tools-4.13.0-1031": "4.13.0-1031.35",
            "message-modules-4.13.0-1031-oem-di": "4.13.0-1031.35",
            "irda-modules-4.13.0-1031-oem-di": "4.13.0-1031.35",
            "crypto-modules-4.13.0-1031-oem-di": "4.13.0-1031.35",
            "mouse-modules-4.13.0-1031-oem-di": "4.13.0-1031.35",
            "pcmcia-storage-modules-4.13.0-1031-oem-di": "4.13.0-1031.35",
            "nic-modules-4.13.0-1031-oem-di": "4.13.0-1031.35",
            "vlan-modules-4.13.0-1031-oem-di": "4.13.0-1031.35",
            "scsi-modules-4.13.0-1031-oem-di": "4.13.0-1031.35",
            "input-modules-4.13.0-1031-oem-di": "4.13.0-1031.35",
            "firewire-core-modules-4.13.0-1031-oem-di": "4.13.0-1031.35",
            "ppp-modules-4.13.0-1031-oem-di": "4.13.0-1031.35",
            "linux-headers-4.13.0-1031-oem": "4.13.0-1031.35",
            "storage-core-modules-4.13.0-1031-oem-di": "4.13.0-1031.35",
            "sata-modules-4.13.0-1031-oem-di": "4.13.0-1031.35",
            "usb-modules-4.13.0-1031-oem-di": "4.13.0-1031.35",
            "fat-modules-4.13.0-1031-oem-di": "4.13.0-1031.35",
            "linux-oem-headers-4.13.0-1031": "4.13.0-1031.35",
            "serial-modules-4.13.0-1031-oem-di": "4.13.0-1031.35",
            "multipath-modules-4.13.0-1031-oem-di": "4.13.0-1031.35",
            "kernel-image-4.13.0-1031-oem-di": "4.13.0-1031.35",
            "linux-image-4.13.0-1031-oem": "4.13.0-1031.35",
            "pata-modules-4.13.0-1031-oem-di": "4.13.0-1031.35",
            "pcmcia-modules-4.13.0-1031-oem-di": "4.13.0-1031.35",
            "linux-tools-4.13.0-1031-oem": "4.13.0-1031.35",
            "plip-modules-4.13.0-1031-oem-di": "4.13.0-1031.35",
            "linux-udebs-oem": "4.13.0-1031.35",
            "virtio-modules-4.13.0-1031-oem-di": "4.13.0-1031.35",
            "fs-secondary-modules-4.13.0-1031-oem-di": "4.13.0-1031.35",
            "nic-usb-modules-4.13.0-1031-oem-di": "4.13.0-1031.35",
            "linux-image-4.13.0-1031-oem-dbgsym": "4.13.0-1031.35",
            "fb-modules-4.13.0-1031-oem-di": "4.13.0-1031.35",
            "md-modules-4.13.0-1031-oem-di": "4.13.0-1031.35",
            "ipmi-modules-4.13.0-1031-oem-di": "4.13.0-1031.35",
            "nic-pcmcia-modules-4.13.0-1031-oem-di": "4.13.0-1031.35",
            "nic-shared-modules-4.13.0-1031-oem-di": "4.13.0-1031.35",
            "nfs-modules-4.13.0-1031-oem-di": "4.13.0-1031.35",
            "linux-oem-tools-4.13.0-1031-dbgsym": "4.13.0-1031.35",
            "parport-modules-4.13.0-1031-oem-di": "4.13.0-1031.35",
            "fs-core-modules-4.13.0-1031-oem-di": "4.13.0-1031.35"
        }
    ]
}