USN-3655-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-3655-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-3655-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-3655-1
Related
  • CVE-2017-12134
  • CVE-2017-13220
  • CVE-2017-13305
  • CVE-2017-17449
  • CVE-2017-18079
  • CVE-2017-18203
  • CVE-2017-18204
  • CVE-2017-18208
  • CVE-2017-18221
  • CVE-2018-3639
  • CVE-2018-8822
  • https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Variant4
Published
2018-05-22T03:36:42.866568Z
Modified
2018-05-22T03:36:42.866568Z
Summary
linux vulnerabilities
Details

Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2018-3639)

Jan H. Schönherr discovered that the Xen subsystem did not properly handle block IO merges correctly in some situations. An attacker in a guest vm could use this to cause a denial of service (host crash) or possibly gain administrative privileges in the host. (CVE-2017-12134)

It was discovered that the Bluetooth HIP Protocol implementation in the Linux kernel did not properly validate HID connection setup information. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-13220)

It was discovered that a buffer overread vulnerability existed in the keyring subsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2017-13305)

It was discovered that the netlink subsystem in the Linux kernel did not properly restrict observations of netlink messages to the appropriate net namespace. A local attacker could use this to expose sensitive information (kernel netlink traffic). (CVE-2017-17449)

It was discovered that a race condition existed in the i8042 serial device driver implementation in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18079)

It was discovered that a race condition existed in the Device Mapper component of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18203)

It was discovered that a race condition existed in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18204)

It was discovered that an infinite loop could occur in the madvise(2) implementation in the Linux kernel in certain circumstances. A local attacker could use this to cause a denial of service (system hang). (CVE-2017-18208)

Kefeng Wang discovered that a race condition existed in the memory locking implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2017-18221)

Silvio Cesare discovered a buffer overwrite existed in the NCPFS implementation in the Linux kernel. A remote attacker controlling a malicious NCPFS server could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-8822)

References

Affected packages

Ubuntu:14.04:LTS / linux

Package

Name
linux

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.13.0-149.199

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-3.13.0-149-generic": "3.13.0-149.199",
            "linux-image-extra-3.13.0-149-generic": "3.13.0-149.199",
            "linux-image-3.13.0-149-powerpc-e500mc": "3.13.0-149.199",
            "linux-image-3.13.0-149-powerpc64-smp": "3.13.0-149.199",
            "linux-image-3.13.0-149-powerpc64-emb": "3.13.0-149.199",
            "linux-image-3.13.0-149-generic-lpae": "3.13.0-149.199",
            "linux-image-3.13.0-149-lowlatency": "3.13.0-149.199",
            "linux-image-3.13.0-149-powerpc-smp": "3.13.0-149.199",
            "linux-image-3.13.0-149-powerpc-e500": "3.13.0-149.199"
        }
    ]
}