USN-2544-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-2544-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-2544-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-2544-1
Related
  • CVE-2013-7421
  • CVE-2014-7822
  • CVE-2014-9644
  • CVE-2014-9728
  • CVE-2014-9729
  • CVE-2014-9730
  • CVE-2014-9731
  • CVE-2015-0274
Published
2015-03-24T09:22:29.468765Z
Modified
2015-03-24T09:22:29.468765Z
Summary
linux vulnerabilities
Details

Eric Windisch discovered flaw in how the Linux kernel's XFS file system replaces remote attributes. A local access with access to an XFS file system could exploit this flaw to escalate their privileges. (CVE-2015-0274)

A flaw was discovered in the automatic loading of modules in the crypto subsystem of the Linux kernel. A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. (CVE-2013-7421)

The Linux kernel's splice system call did not correctly validate its parameters. A local, unprivileged user could exploit this flaw to cause a denial of service (system crash). (CVE-2014-7822)

A flaw was discovered in the crypto subsystem when screening module names for automatic module loading if the name contained a valid crypto module name, eg. vfat(aes). A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. (CVE-2014-9644)

Carl H Lunde discovered that the UDF file system (CONFIGUDFFS) failed to verify symlink size info. A local attacker, who is able to mount a malicous UDF file system image, could exploit this flaw to cause a denial of service (system crash) or possibly cause other undesired behaviors. (CVE-2014-9728)

Carl H Lunde discovered that the UDF file system (CONFIGUDFFS) did not valid inode size information . A local attacker, who is able to mount a malicous UDF file system image, could exploit this flaw to cause a denial of service (system crash) or possibly cause other undesired behaviors. (CVE-2014-9729)

Carl H Lunde discovered that the UDF file system (CONFIGUDFFS) did not correctly verify the component length for symlinks. A local attacker, who is able to mount a malicous UDF file system image, could exploit this flaw to cause a denial of service (system crash) or possibly cause other undesired behaviors. (CVE-2014-9730)

Carl H Lunde discovered an information leak in the UDF file system (CONFIGUDFFS). A local attacker, who is able to mount a malicous UDF file system image, could exploit this flaw to read potential sensitve kernel memory. (CVE-2014-9731)

References

Affected packages

Ubuntu:14.04:LTS / linux

Package

Name
linux

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.13.0-48.80

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-3.13.0-48-powerpc64-smp": "3.13.0-48.80",
            "linux-image-extra-3.13.0-48-generic": "3.13.0-48.80",
            "linux-image-3.13.0-48-generic-lpae": "3.13.0-48.80",
            "linux-image-3.13.0-48-powerpc-smp": "3.13.0-48.80",
            "linux-image-3.13.0-48-powerpc-e500mc": "3.13.0-48.80",
            "linux-image-3.13.0-48-powerpc64-emb": "3.13.0-48.80",
            "linux-image-3.13.0-48-powerpc-e500": "3.13.0-48.80",
            "linux-image-3.13.0-48-lowlatency": "3.13.0-48.80",
            "linux-image-3.13.0-48-generic": "3.13.0-48.80"
        }
    ]
}