USN-3485-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-3485-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-3485-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-3485-1
Related
  • CVE-2017-15265
  • CVE-2017-15299
  • CVE-2017-15649
  • CVE-2017-15951
  • CVE-2017-16525
  • CVE-2017-16526
  • CVE-2017-16527
  • CVE-2017-16529
  • CVE-2017-16530
  • CVE-2017-16531
  • CVE-2017-16533
  • CVE-2017-16534
  • CVE-2017-16535
Published
2017-11-21T05:36:29.402318Z
Modified
2017-11-21T05:36:29.402318Z
Summary
linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
Details

It was discovered that a race condition existed in the ALSA subsystem of the Linux kernel when creating and deleting a port via ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15265)

Eric Biggers discovered that the key management subsystem in the Linux kernel did not properly restrict adding a key that already exists but is uninstantiated. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15299)

It was discovered that a race condition existed in the packet fanout implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15649)

Eric Biggers discovered a race condition in the key management subsystem of the Linux kernel around keys in a negative state. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15951)

Andrey Konovalov discovered a use-after-free vulnerability in the USB serial console driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16525)

Andrey Konovalov discovered that the Ultra Wide Band driver in the Linux kernel did not properly check for an error condition. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16526)

Andrey Konovalov discovered that the ALSA subsystem in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16527)

Andrey Konovalov discovered that the ALSA subsystem in the Linux kernel did not properly validate USB audio buffer descriptors. A physically proximate attacker could use this cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16529)

Andrey Konovalov discovered that the USB unattached storage driver in the Linux kernel contained out-of-bounds error when handling alternative settings. A physically proximate attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16530)

Andrey Konovalov discovered that the USB subsystem in the Linux kernel did not properly validate USB interface association descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16531)

Andrey Konovalov discovered that the USB subsystem in the Linux kernel did not properly validate USB HID descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16533)

Andrey Konovalov discovered that the USB subsystem in the Linux kernel did not properly validate CDC metadata. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16534)

Andrey Konovalov discovered that the USB subsystem in the Linux kernel did not properly validate USB BOS metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16535)

References

Affected packages

Ubuntu:16.04:LTS / linux

Package

Name
linux

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-101.124

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-4.4.0-101-generic-lpae": "4.4.0-101.124",
            "linux-image-4.4.0-101-lowlatency": "4.4.0-101.124",
            "linux-image-4.4.0-101-powerpc64-emb": "4.4.0-101.124",
            "linux-image-4.4.0-101-generic": "4.4.0-101.124",
            "linux-image-4.4.0-101-powerpc64-smp": "4.4.0-101.124",
            "linux-image-extra-4.4.0-101-generic": "4.4.0-101.124",
            "linux-image-4.4.0-101-powerpc-smp": "4.4.0-101.124",
            "linux-image-4.4.0-101-powerpc-e500mc": "4.4.0-101.124"
        }
    ]
}

Ubuntu:16.04:LTS / linux-kvm

Package

Name
linux-kvm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-1010.15

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-4.4.0-1010-kvm": "4.4.0-1010.15"
        }
    ]
}

Ubuntu:16.04:LTS / linux-snapdragon

Package

Name
linux-snapdragon

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-1079.84

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-4.4.0-1079-snapdragon": "4.4.0-1079.84"
        }
    ]
}

Ubuntu:16.04:LTS / linux-aws

Package

Name
linux-aws

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-1041.50

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-4.4.0-1041-aws": "4.4.0-1041.50"
        }
    ]
}

Ubuntu:16.04:LTS / linux-raspi2

Package

Name
linux-raspi2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-1077.85

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-4.4.0-1077-raspi2": "4.4.0-1077.85"
        }
    ]
}

Ubuntu:16.04:LTS / linux-gke

Package

Name
linux-gke

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-1034.34

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-4.4.0-1034-gke": "4.4.0-1034.34",
            "linux-image-extra-4.4.0-1034-gke": "4.4.0-1034.34"
        }
    ]
}