USN-3820-3

Source
https://ubuntu.com/security/notices/USN-3820-3
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3820-3.json
JSON Data
https://api.osv.dev/v1/vulns/USN-3820-3
Related
Published
2018-11-14T22:55:36.272173Z
Modified
2018-11-14T22:55:36.272173Z
Summary
linux-azure vulnerabilities
Details

Felix Wilhelm discovered that the Xen netback driver in the Linux kernel did not properly perform input validation in some situations. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-15471)

It was discovered that the generic SCSI driver in the Linux kernel did not properly enforce permissions on kernel memory access. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2017-13168)

It was discovered that an integer overflow existed in the CD-ROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-16658)

It was discovered that an integer overflow existed in the HID Bluetooth implementation in the Linux kernel that could lead to a buffer overwrite. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-9363)

References

Affected packages

Ubuntu:14.04:LTS / linux-azure

Package

Name
linux-azure
Purl
pkg:deb/ubuntu/linux-azure?arch=src?distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.15.0-1031.32~14.04.1

Affected versions

4.*

4.15.0-1023.24~14.04.1
4.15.0-1030.31~14.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "4.15.0-1031.32~14.04.1",
            "binary_name": "linux-azure-cloud-tools-4.15.0-1031"
        },
        {
            "binary_version": "4.15.0-1031.32~14.04.1",
            "binary_name": "linux-azure-cloud-tools-4.15.0-1031-dbgsym"
        },
        {
            "binary_version": "4.15.0-1031.32~14.04.1",
            "binary_name": "linux-azure-headers-4.15.0-1031"
        },
        {
            "binary_version": "4.15.0-1031.32~14.04.1",
            "binary_name": "linux-azure-tools-4.15.0-1031"
        },
        {
            "binary_version": "4.15.0-1031.32~14.04.1",
            "binary_name": "linux-azure-tools-4.15.0-1031-dbgsym"
        },
        {
            "binary_version": "4.15.0-1031.32~14.04.1",
            "binary_name": "linux-cloud-tools-4.15.0-1031-azure"
        },
        {
            "binary_version": "4.15.0-1031.32~14.04.1",
            "binary_name": "linux-headers-4.15.0-1031-azure"
        },
        {
            "binary_version": "4.15.0-1031.32~14.04.1",
            "binary_name": "linux-image-unsigned-4.15.0-1031-azure"
        },
        {
            "binary_version": "4.15.0-1031.32~14.04.1",
            "binary_name": "linux-image-unsigned-4.15.0-1031-azure-dbgsym"
        },
        {
            "binary_version": "4.15.0-1031.32~14.04.1",
            "binary_name": "linux-modules-4.15.0-1031-azure"
        },
        {
            "binary_version": "4.15.0-1031.32~14.04.1",
            "binary_name": "linux-modules-extra-4.15.0-1031-azure"
        },
        {
            "binary_version": "4.15.0-1031.32~14.04.1",
            "binary_name": "linux-tools-4.15.0-1031-azure"
        }
    ]
}