USN-3249-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-3249-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-3249-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-3249-1
Related
Published
2017-03-29T23:10:47.145669Z
Modified
2017-03-29T23:10:47.145669Z
Summary
linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerability
Details

It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges.

References

Affected packages

Ubuntu:16.04:LTS / linux-raspi2

Package

Name
linux-raspi2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-1051.58

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-4.4.0-1051-raspi2": "4.4.0-1051.58"
        }
    ]
}

Ubuntu:16.04:LTS / linux-gke

Package

Name
linux-gke

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-1009.9

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-4.4.0-1009-gke": "4.4.0-1009.9",
            "linux-image-extra-4.4.0-1009-gke": "4.4.0-1009.9"
        }
    ]
}

Ubuntu:16.04:LTS / linux-aws

Package

Name
linux-aws

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-1012.21

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-4.4.0-1012-aws": "4.4.0-1012.21"
        }
    ]
}

Ubuntu:16.04:LTS / linux-snapdragon

Package

Name
linux-snapdragon

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-1054.58

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-4.4.0-1054-snapdragon": "4.4.0-1054.58"
        }
    ]
}

Ubuntu:16.04:LTS / linux

Package

Name
linux

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-71.92

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-4.4.0-71-powerpc-smp": "4.4.0-71.92",
            "linux-image-4.4.0-71-generic-lpae": "4.4.0-71.92",
            "linux-image-4.4.0-71-powerpc64-smp": "4.4.0-71.92",
            "linux-image-4.4.0-71-generic": "4.4.0-71.92",
            "linux-image-4.4.0-71-lowlatency": "4.4.0-71.92",
            "linux-image-4.4.0-71-powerpc64-emb": "4.4.0-71.92",
            "linux-image-4.4.0-71-powerpc-e500mc": "4.4.0-71.92",
            "linux-image-extra-4.4.0-71-generic": "4.4.0-71.92"
        }
    ]
}