What is the severity of USN-2546-1?

The severity of USN-2546-1 is critical due to the potential for local users to exploit the vulnerability and gain administrative privileges.

How do I fix USN-2546-1?

To fix USN-2546-1, upgrade to linux-image version 3.16.0-33.44 or later.

Which Ubuntu version is affected by USN-2546-1?

USN-2546-1 affects Ubuntu version 14.10.

What component of the system does USN-2546-1 impact?

USN-2546-1 impacts the crypto subsystem of the Linux kernel.

Can USN-2546-1 be exploited remotely?

No, USN-2546-1 requires local access to exploit the vulnerability.

Vulnerability/
USN-2546-1

CWE

416

24/3/2015

USN-2546-1: Linux kernel vulnerabilities

First published: Tue Mar 24 2015(Updated: )

A flaw was discovered in the automatic loading of modules in the crypto subsystem of the Linux kernel. A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. (CVE-2013-7421) A flaw was discovered in the crypto subsystem when screening module names for automatic module loading if the name contained a valid crypto module name, eg. vfat(aes). A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. (CVE-2014-9644) Sun Baoliang discovered a use after free flaw in the Linux kernel's SCTP (Stream Control Transmission Protocol) subsystem during INIT collisions. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges on the system. (CVE-2015-1421) Marcelo Leitner discovered a flaw in the Linux kernel's routing of packets to too many different dsts/too fast. A remote attacker on the same subnet can exploit this flaw to cause a denial of service (system crash). (CVE-2015-1465)

Affected Software	Affected Version	How to fix
All of
ubuntu/linux-image-3.16.0-33-powerpc-e500mc	<3.16.0-33.44	3.16.0-33.44
Ubuntu gir1.2-packagekitglib-1.0	=14.10
All of
ubuntu/linux-image-3.16.0-33-powerpc-smp	<3.16.0-33.44	3.16.0-33.44
Ubuntu gir1.2-packagekitglib-1.0	=14.10
All of
ubuntu/linux-image-3.16.0-33-powerpc64-emb	<3.16.0-33.44	3.16.0-33.44
Ubuntu gir1.2-packagekitglib-1.0	=14.10
All of
ubuntu/linux-image-3.16.0-33-powerpc64-smp	<3.16.0-33.44	3.16.0-33.44
Ubuntu gir1.2-packagekitglib-1.0	=14.10
All of
ubuntu/linux-image-3.16.0-33-lowlatency	<3.16.0-33.44	3.16.0-33.44
Ubuntu gir1.2-packagekitglib-1.0	=14.10
All of
ubuntu/linux-image-3.16.0-33-generic	<3.16.0-33.44	3.16.0-33.44
Ubuntu gir1.2-packagekitglib-1.0	=14.10
All of
ubuntu/linux-image-3.16.0-33-generic-lpae	<3.16.0-33.44	3.16.0-33.44
Ubuntu gir1.2-packagekitglib-1.0	=14.10

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the severity of USN-2546-1?
The severity of USN-2546-1 is critical due to the potential for local users to exploit the vulnerability and gain administrative privileges.
How do I fix USN-2546-1?
To fix USN-2546-1, upgrade to linux-image version 3.16.0-33.44 or later.
Which Ubuntu version is affected by USN-2546-1?
USN-2546-1 affects Ubuntu version 14.10.
What component of the system does USN-2546-1 impact?
USN-2546-1 impacts the crypto subsystem of the Linux kernel.
Can USN-2546-1 be exploited remotely?
No, USN-2546-1 requires local access to exploit the vulnerability.

agent/type
agent/severity
agent/first-publish-date
agent/last-modified-date
agent/weakness
agent/references
agent/title
agent/description
agent/event
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/usn
source/Ubuntu
agent/software-canonical-lookup
agent/software-canonical-lookup-request
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu gir1.2-packagekitglib-1.0
version/ubuntu gir1.2-packagekitglib-1.0/14.10