USN-2545-1

Description

linux-lts-utopic vulnerabilities A flaw was discovered in the automatic loading of modules in the crypto subsystem of the Linux kernel. A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. (CVE-2013-7421) A flaw was discovered in the crypto subsystem when screening module names for automatic module loading if the name contained a valid crypto module name, eg. vfat(aes). A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. (CVE-2014-9644) Sun Baoliang discovered a use after free flaw in the Linux kernel's SCTP (Stream Control Transmission Protocol) subsystem during INIT collisions. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges on the system. (CVE-2015-1421) Marcelo Leitner discovered a flaw in the Linux kernel's routing of packets to too many different dsts/too fast. A remote attacker can exploit this flaw to cause a denial of service (system crash). (CVE-2015-1465)

Affected Systems

• ubuntu•linux-lts-utopic

  < 3.16.0-33.44~14.04.1

References (5)

• https://ubuntu.com/security/notices/USN-2545-1
• https://ubuntu.com/security/CVE-2013-7421
• https://ubuntu.com/security/CVE-2014-9644
• https://ubuntu.com/security/CVE-2015-1421
• https://ubuntu.com/security/CVE-2015-1465