USN-3820-3

See a problem?

Source

https://ubuntu.com/security/notices/USN-3820-3

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3820-3.json

JSON Data

https://api.osv.dev/v1/vulns/USN-3820-3

Related

CVE-2017-13168
CVE-2018-15471
CVE-2018-16658
CVE-2018-9363
UBUNTU-CVE-2017-13168
UBUNTU-CVE-2018-15471
UBUNTU-CVE-2018-16658
UBUNTU-CVE-2018-9363

Published

2018-11-14T22:55:36.272173Z

Modified

2018-11-14T22:55:36.272173Z

Summary

linux-azure vulnerabilities

Details

Felix Wilhelm discovered that the Xen netback driver in the Linux kernel did not properly perform input validation in some situations. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-15471)

It was discovered that the generic SCSI driver in the Linux kernel did not properly enforce permissions on kernel memory access. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2017-13168)

It was discovered that an integer overflow existed in the CD-ROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-16658)

It was discovered that an integer overflow existed in the HID Bluetooth implementation in the Linux kernel that could lead to a buffer overwrite. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-9363)

References

Affected packages

Ubuntu:14.04:LTS / linux-azure

Package

Name: linux-azure
Purl: pkg:deb/ubuntu/linux-azure@4.15.0-1031.32~14.04.1?arch=src?distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.15.0-1031.32~14.04.1

Affected versions

4.*

4.15.0-1023.24~14.04.1

4.15.0-1030.31~14.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "linux-headers-4.15.0-1031-azure": "4.15.0-1031.32~14.04.1",
            "linux-azure-headers-4.15.0-1031": "4.15.0-1031.32~14.04.1",
            "linux-azure-cloud-tools-4.15.0-1031-dbgsym": "4.15.0-1031.32~14.04.1",
            "linux-azure-tools-4.15.0-1031": "4.15.0-1031.32~14.04.1",
            "linux-modules-4.15.0-1031-azure": "4.15.0-1031.32~14.04.1",
            "linux-image-unsigned-4.15.0-1031-azure": "4.15.0-1031.32~14.04.1",
            "linux-azure-cloud-tools-4.15.0-1031": "4.15.0-1031.32~14.04.1",
            "linux-modules-extra-4.15.0-1031-azure": "4.15.0-1031.32~14.04.1",
            "linux-azure-tools-4.15.0-1031-dbgsym": "4.15.0-1031.32~14.04.1",
            "linux-cloud-tools-4.15.0-1031-azure": "4.15.0-1031.32~14.04.1",
            "linux-tools-4.15.0-1031-azure": "4.15.0-1031.32~14.04.1",
            "linux-image-unsigned-4.15.0-1031-azure-dbgsym": "4.15.0-1031.32~14.04.1"
        }
    ]
}