USN-2332-1: Linux kernel vulnerabilities
First published: Tue Sep 02 2014(Updated: )
A bug was discovered in the handling of pathname components when used with an autofs direct mount. A local user could exploit this flaw to cause a denial of service (system crash) via an open system call. (CVE-2014-0203) Toralf Förster reported an error in the Linux kernels syscall auditing on 32 bit x86 platforms. A local user could exploit this flaw to cause a denial of service (OOPS and system crash). (CVE-2014-4508) An information leak was discovered in the control implemenation of the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2014-4652) A use-after-free flaw was discovered in the Advanced Linux Sound Architecture (ALSA) control implementation of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash). (CVE-2014-4653) A authorization bug was discovered with the snd_ctl_elem_add function of the Advanced Linux Sound Architecture (ALSA) in the Linux kernel. A local user could exploit his bug to cause a denial of service (remove kernel controls). (CVE-2014-4654) A flaw discovered in how the snd_ctl_elem function of the Advanced Linux Sound Architecture (ALSA) handled a reference count. A local user could exploit this flaw to cause a denial of service (integer overflow and limit bypass). (CVE-2014-4655) An integer overflow flaw was discovered in the control implementation of the Advanced Linux Sound Architecture (ALSA). A local user could exploit this flaw to cause a denial of service (system crash). (CVE-2014-4656) An integer underflow flaw was discovered in the Linux kernel's handling of the backlog value for certain SCTP packets. A remote attacker could exploit this flaw to cause a denial of service (socket outage) via a crafted SCTP packet. (CVE-2014-4667) Jason Gunthorpe reported a flaw with SCTP authentication in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (NULL pointer dereference and OOPS). (CVE-2014-5077)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/linux-image-2.6.32-65-versatile | <2.6.32-65.131 | 2.6.32-65.131 |
| Ubuntu 22.04 LTS | =10.04 | |
| All of | ||
| ubuntu/linux-image-2.6.32-65-sparc64-smp | <2.6.32-65.131 | 2.6.32-65.131 |
| Ubuntu 22.04 LTS | =10.04 | |
| All of | ||
| ubuntu/linux-image-2.6.32-65-lpia | <2.6.32-65.131 | 2.6.32-65.131 |
| Ubuntu 22.04 LTS | =10.04 | |
| All of | ||
| ubuntu/linux-image-2.6.32-65-powerpc | <2.6.32-65.131 | 2.6.32-65.131 |
| Ubuntu 22.04 LTS | =10.04 | |
| All of | ||
| ubuntu/linux-image-2.6.32-65-preempt | <2.6.32-65.131 | 2.6.32-65.131 |
| Ubuntu 22.04 LTS | =10.04 | |
| All of | ||
| ubuntu/linux-image-2.6.32-65-generic-pae | <2.6.32-65.131 | 2.6.32-65.131 |
| Ubuntu 22.04 LTS | =10.04 | |
| All of | ||
| ubuntu/linux-image-2.6.32-65-virtual | <2.6.32-65.131 | 2.6.32-65.131 |
| Ubuntu 22.04 LTS | =10.04 | |
| All of | ||
| ubuntu/linux-image-2.6.32-65-386 | <2.6.32-65.131 | 2.6.32-65.131 |
| Ubuntu 22.04 LTS | =10.04 | |
| All of | ||
| ubuntu/linux-image-2.6.32-65-generic | <2.6.32-65.131 | 2.6.32-65.131 |
| Ubuntu 22.04 LTS | =10.04 | |
| All of | ||
| ubuntu/linux-image-2.6.32-65-ia64 | <2.6.32-65.131 | 2.6.32-65.131 |
| Ubuntu 22.04 LTS | =10.04 | |
| All of | ||
| ubuntu/linux-image-2.6.32-65-server | <2.6.32-65.131 | 2.6.32-65.131 |
| Ubuntu 22.04 LTS | =10.04 | |
| All of | ||
| ubuntu/linux-image-2.6.32-65-powerpc64-smp | <2.6.32-65.131 | 2.6.32-65.131 |
| Ubuntu 22.04 LTS | =10.04 | |
| All of | ||
| ubuntu/linux-image-2.6.32-65-powerpc-smp | <2.6.32-65.131 | 2.6.32-65.131 |
| Ubuntu 22.04 LTS | =10.04 | |
| All of | ||
| ubuntu/linux-image-2.6.32-65-sparc64 | <2.6.32-65.131 | 2.6.32-65.131 |
| Ubuntu 22.04 LTS | =10.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2014-0203
- https://ubuntu.com/security/CVE-2014-4508
- https://ubuntu.com/security/CVE-2014-4652
- https://ubuntu.com/security/CVE-2014-4653
- https://ubuntu.com/security/CVE-2014-4654
- https://ubuntu.com/security/CVE-2014-4655
- https://ubuntu.com/security/CVE-2014-4656
- https://ubuntu.com/security/CVE-2014-4667
- https://ubuntu.com/security/CVE-2014-5077
- https://ubuntu.com/security/notices/USN-2333-1
- https://ubuntu.com/security/notices/USN-2334-1
- https://ubuntu.com/security/notices/USN-2336-1
- https://ubuntu.com/security/notices/USN-2337-1
- https://ubuntu.com/security/notices/USN-2335-1
- https://ubuntu.com/security/notices/USN-2358-1
- https://ubuntu.com/security/notices/USN-2359-1
- https://launchpad.net/ubuntu/+source/linux/2.6.32-65.131
- https://ubuntu.com/security/notices/USN-2332-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the severity of USN-2332-1?
The severity of USN-2332-1 is classified as high due to the potential for local denial of service attacks.
How do I fix USN-2332-1?
To fix USN-2332-1, users should update their Linux kernel packages to version 2.6.32-65.131 or later.
What software is affected by USN-2332-1?
USN-2332-1 affects various Linux kernel packages specifically for Ubuntu 10.04, including linux-image-2.6.32-65.*.
Can USN-2332-1 be exploited remotely?
No, USN-2332-1 is a local vulnerability and can only be exploited by a local user with access to the system.
Is there a workaround for USN-2332-1?
There are no known workarounds for USN-2332-1; the only remedy is to apply the necessary kernel updates.
- agent/severity
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/title
- agent/weakness
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu 22.04 lts
- version/ubuntu 22.04 lts/10.04