What is the severity of USN-2334-1?

USN-2334-1 is classified as a medium severity vulnerability due to the potential for information disclosure and denial of service.

How do I fix USN-2334-1?

To fix USN-2334-1, upgrade to the linux-image package version 3.2.0-68.102 or later.

What systems are affected by USN-2334-1?

USN-2334-1 affects Ubuntu 12.04 with specific linux-image packages such as linux-image-3.2.0-68-generic.

What are the potential impacts of USN-2334-1?

Exploitation of USN-2334-1 could lead to unauthorized access to sensitive data or cause system instability.

Is there a specific patch for USN-2334-1?

Yes, the patch for USN-2334-1 is included in the linux-image package update to version 3.2.0-68.102.

Vulnerability/
USN-2334-1

CWE

190 416 476

2/9/2014

USN-2334-1: Linux kernel vulnerabilities

First published: Tue Sep 02 2014(Updated: )

An flaw was discovered in the Linux kernel's audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS). (CVE-2014-3917) An information leak was discovered in the rd_mcp backend of the iSCSI target subsystem in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. (CVE-2014-4027) Sasha Levin reported an issue with the Linux kernel's shared memory subsystem when used with range notifications and hole punching. A local user could exploit this flaw to cause a denial of service. (CVE-2014-4171) Toralf Förster reported an error in the Linux kernels syscall auditing on 32 bit x86 platforms. A local user could exploit this flaw to cause a denial of service (OOPS and system crash). (CVE-2014-4508) An information leak was discovered in the control implemenation of the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2014-4652) A use-after-free flaw was discovered in the Advanced Linux Sound Architecture (ALSA) control implementation of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash). (CVE-2014-4653) A authorization bug was discovered with the snd_ctl_elem_add function of the Advanced Linux Sound Architecture (ALSA) in the Linux kernel. A local user could exploit his bug to cause a denial of service (remove kernel controls). (CVE-2014-4654) A flaw discovered in how the snd_ctl_elem function of the Advanced Linux Sound Architecture (ALSA) handled a reference count. A local user could exploit this flaw to cause a denial of service (integer overflow and limit bypass). (CVE-2014-4655) An integer overflow flaw was discovered in the control implementation of the Advanced Linux Sound Architecture (ALSA). A local user could exploit this flaw to cause a denial of service (system crash). (CVE-2014-4656) An integer underflow flaw was discovered in the Linux kernel's handling of the backlog value for certain SCTP packets. A remote attacker could exploit this flaw to cause a denial of service (socket outage) via a crafted SCTP packet. (CVE-2014-4667) Jason Gunthorpe reported a flaw with SCTP authentication in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (NULL pointer dereference and OOPS). (CVE-2014-5077)

Affected Software	Affected Version	How to fix
All of
ubuntu/linux-image-3.2.0-68-generic-pae	<3.2.0-68.102	3.2.0-68.102
Ubuntu 22.04 LTS	=12.04
All of
ubuntu/linux-image-3.2.0-68-powerpc64-smp	<3.2.0-68.102	3.2.0-68.102
Ubuntu 22.04 LTS	=12.04
All of
ubuntu/linux-image-3.2.0-68-generic	<3.2.0-68.102	3.2.0-68.102
Ubuntu 22.04 LTS	=12.04
All of
ubuntu/linux-image-3.2.0-68-virtual	<3.2.0-68.102	3.2.0-68.102
Ubuntu 22.04 LTS	=12.04
All of
ubuntu/linux-image-3.2.0-68-omap	<3.2.0-68.102	3.2.0-68.102
Ubuntu 22.04 LTS	=12.04
All of
ubuntu/linux-image-3.2.0-68-powerpc-smp	<3.2.0-68.102	3.2.0-68.102
Ubuntu 22.04 LTS	=12.04
All of
ubuntu/linux-image-3.2.0-68-highbank	<3.2.0-68.102	3.2.0-68.102
Ubuntu 22.04 LTS	=12.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the severity of USN-2334-1?
USN-2334-1 is classified as a medium severity vulnerability due to the potential for information disclosure and denial of service.
How do I fix USN-2334-1?
To fix USN-2334-1, upgrade to the linux-image package version 3.2.0-68.102 or later.
What systems are affected by USN-2334-1?
USN-2334-1 affects Ubuntu 12.04 with specific linux-image packages such as linux-image-3.2.0-68-generic.
What are the potential impacts of USN-2334-1?
Exploitation of USN-2334-1 could lead to unauthorized access to sensitive data or cause system instability.
Is there a specific patch for USN-2334-1?
Yes, the patch for USN-2334-1 is included in the linux-image package update to version 3.2.0-68.102.

agent/severity
agent/references
agent/type
agent/first-publish-date
agent/last-modified-date
agent/title
agent/weakness
agent/description
agent/event
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/usn
source/Ubuntu
agent/software-canonical-lookup
agent/software-canonical-lookup-request
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu 22.04 lts
version/ubuntu 22.04 lts/12.04