USN-3161-4: Linux kernel (Qualcomm Snapdragon) vulnerabilities
USN-3161-4: Linux kernel (Qualcomm Snapdragon) vulnerabilities Ubuntu Security Notice USN-3161-4 20th December, 2016 linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-snapdragon – Linux kernel for Snapdragon Processors Details Tilman Schmidt and Sasha Levin discovered a use-after-free condition in theTTY implementation in the Linux kernel. A local attacker could use this toexpose sensitive information (kernel memory). (CVE-2015-8964) It was discovered that the Video For Linux Two (v4l2) implementation in theLinux kernel did not properly handle multiple planes when processing aVIDIOC_DQBUF ioctl(). A local attacker could use this to cause a denial ofservice (system crash) or possibly execute arbitrary code. (CVE-2016-4568) CAI Qian discovered that shared bind mounts in a mount namespaceexponentially added entries without restriction to the Linux kernel's mounttable. A [ more… ]