USN-3695-1

Description

linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem, linux-raspi2 vulnerabilities Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly initialize the crc32c checksum driver. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1094) It was discovered that the cdrom driver in the Linux kernel contained an incorrect bounds check. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-10940) Wen Xu discovered that the ext4 file system implementation in the Linux kernel did not properly validate xattr sizes. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1095) Jann Horn discovered that the 32 bit adjtimex() syscall implementation for 64 bit Linux kernels did not properly initialize memory returned to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-11508) It was discovered that an information leak vulnerability existed in the floppy driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-7755)

Affected Systems

• ubuntu•linux

  < 4.15.0-24.26

• ubuntu•linux-aws

  < 4.15.0-1011.11

• ubuntu•linux-azure

  < 4.15.0-1014.14

• ubuntu•linux-gcp

  < 4.15.0-1010.10

• ubuntu•linux-kvm

  < 4.15.0-1012.12

• ubuntu•linux-oem

  < 4.15.0-1009.12

• ubuntu•linux-raspi2

  < 4.15.0-1013.14

References (6)

• https://ubuntu.com/security/notices/USN-3695-1
• https://ubuntu.com/security/CVE-2018-1094
• https://ubuntu.com/security/CVE-2018-1095
• https://ubuntu.com/security/CVE-2018-7755
• https://ubuntu.com/security/CVE-2018-10940
• https://ubuntu.com/security/CVE-2018-11508