Articles by KENNETH

USN-3021-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3021-1 27th June, 2016 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details Andrey Konovalov discovered that the CDC Network Control Model USB driverin the Linux kernel did not cancel work events queued if a later erroroccurred, resulting in a use-after-free. An attacker with physical accesscould use this to cause a denial of service (system crash). (CVE-2016-3951) Kangjie Lu discovered an information leak in the core USB implementation inthe Linux kernel. A local attacker could use this to obtain potentiallysensitive information from kernel memory. (CVE-2016-4482) Jann Horn discovered that the InfiniBand interfaces within the Linux kernelcould be coerced into overwriting kernel memory. A local unprivilegedattacker could use this to possibly [ more… ]

USN-3021-2: Linux kernel (OMAP4) vulnerabilities Ubuntu Security Notice USN-3021-2 27th June, 2016 linux-ti-omap4 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-ti-omap4 – Linux kernel for OMAP4 Details Andrey Konovalov discovered that the CDC Network Control Model USB driverin the Linux kernel did not cancel work events queued if a later erroroccurred, resulting in a use-after-free. An attacker with physical accesscould use this to cause a denial of service (system crash). (CVE-2016-3951) Kangjie Lu discovered an information leak in the core USB implementation inthe Linux kernel. A local attacker could use this to obtain potentiallysensitive information from kernel memory. (CVE-2016-4482) Jann Horn discovered that the InfiniBand interfaces within the Linux kernelcould be coerced into overwriting kernel memory. A local unprivilegedattacker could use [ more… ]

USN-3018-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3018-1 27th June, 2016 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details Jesse Hertz and Tim Newsham discovered that the Linux netfilterimplementation did not correctly perform validation when handling 32 bitcompatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A localunprivileged attacker could use this to cause a denial of service (systemcrash) or execute arbitrary code with administrative privileges.(CVE-2016-4997) Kangjie Lu discovered an information leak in the core USB implementation inthe Linux kernel. A local attacker could use this to obtain potentiallysensitive information from kernel memory. (CVE-2016-4482) Jann Horn discovered that the InfiniBand interfaces within the Linux kernelcould be coerced into overwriting kernel memory. A local unprivilegedattacker could use this to [ more… ]