USN-2853-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-2853-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-2853-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-2853-1
Related
  • CVE-2015-8550
  • CVE-2015-8551
  • CVE-2015-8552
  • CVE-2015-8709
Published
2015-12-20T12:07:13.384818Z
Modified
2015-12-20T12:07:13.384818Z
Summary
linux-lts-wily vulnerabilities
Details

Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service (crash the host) or potentially execute arbitrary code on the host. (CVE-2015-8550)

Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform consistency checks on the device's state. An attacker could exploit this flaw to cause a denial of service (NULL dereference) on the host. (CVE-2015-8551)

Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform consistency checks on the device's state. An attacker could exploit this flaw to cause a denial of service by flooding the logging system with WARN() messages causing the initial domain to exhaust disk space. (CVE-2015-8552)

Jann Horn discovered a ptrace issue with user namespaces in the Linux kernel. The namespace owner could potentially exploit this flaw by ptracing a root owned process entering the user namespace to elevate its privileges and potentially gain access outside of the namespace. (http://bugs.launchpad.net/bugs/1527374, CVE-2015-8709)

References

Affected packages

Ubuntu:14.04:LTS / linux-lts-wily

Package

Name
linux-lts-wily

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.2.0-22.27~14.04.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-4.2.0-22-powerpc-smp": "4.2.0-22.27~14.04.1",
            "linux-image-4.2.0-22-generic": "4.2.0-22.27~14.04.1",
            "linux-image-4.2.0-22-lowlatency": "4.2.0-22.27~14.04.1",
            "linux-image-extra-4.2.0-22-generic": "4.2.0-22.27~14.04.1",
            "linux-image-4.2.0-22-generic-lpae": "4.2.0-22.27~14.04.1",
            "linux-image-4.2.0-22-powerpc64-smp": "4.2.0-22.27~14.04.1",
            "linux-image-4.2.0-22-powerpc-e500mc": "4.2.0-22.27~14.04.1",
            "linux-image-4.2.0-22-powerpc64-emb": "4.2.0-22.27~14.04.1"
        }
    ]
}