What is the severity of USN-2565-1?

The severity of USN-2565-1 is high due to the potential for an attacker to bypass ASLR protections.

How do I fix USN-2565-1?

To fix USN-2565-1, users should upgrade to the specified patched version of the Linux kernel, which is 3.16.0-34.45.

What versions of Ubuntu are affected by USN-2565-1?

USN-2565-1 affects Ubuntu 14.10 running specific versions of Linux kernel packages.

Can USN-2565-1 lead to privilege escalation?

Yes, USN-2565-1 can potentially lead to privilege escalation by exploiting the integer overflow vulnerability.

What types of attacks can exploit USN-2565-1?

Attackers could exploit USN-2565-1 primarily through local exploits that target the stack randomization feature.

Vulnerability/
USN-2565-1

CWE

190

9/4/2015

USN-2565-1: Linux kernel vulnerabilities

First published: Thu Apr 09 2015(Updated: )

An integer overflow was discovered in the stack randomization feature of the Linux kernel on 64 bit platforms. A local attacker could exploit this flaw to bypass the Address Space Layout Randomization (ASLR) protection mechanism. (CVE-2015-1593) An information leak was discovered in the Linux Kernel's handling of userspace configuration of the link layer control (LLC). A local user could exploit this flaw to read data from other sysctl settings. (CVE-2015-2041) An information leak was discovered in how the Linux kernel handles setting the Reliable Datagram Sockets (RDS) settings. A local user could exploit this flaw to read data from other sysctl settings. (CVE-2015-2042) A memory corruption flaw was discovered in the Linux kernel's scsi subsystem. A local attacker could potentially exploit this flaw to cause a denial of service (system crash). (CVE-2015-4036)

Affected Software	Affected Version	How to fix
All of
ubuntu/linux-image-3.16.0-34-generic-lpae	<3.16.0-34.45	3.16.0-34.45
Ubuntu gir1.2-packagekitglib-1.0	=14.10
All of
ubuntu/linux-image-3.16.0-34-lowlatency	<3.16.0-34.45	3.16.0-34.45
Ubuntu gir1.2-packagekitglib-1.0	=14.10
All of
ubuntu/linux-image-3.16.0-34-generic	<3.16.0-34.45	3.16.0-34.45
Ubuntu gir1.2-packagekitglib-1.0	=14.10
All of
ubuntu/linux-image-3.16.0-34-powerpc64-emb	<3.16.0-34.45	3.16.0-34.45
Ubuntu gir1.2-packagekitglib-1.0	=14.10
All of
ubuntu/linux-image-3.16.0-34-powerpc-smp	<3.16.0-34.45	3.16.0-34.45
Ubuntu gir1.2-packagekitglib-1.0	=14.10
All of
ubuntu/linux-image-3.16.0-34-powerpc64-smp	<3.16.0-34.45	3.16.0-34.45
Ubuntu gir1.2-packagekitglib-1.0	=14.10
All of
ubuntu/linux-image-3.16.0-34-powerpc-e500mc	<3.16.0-34.45	3.16.0-34.45
Ubuntu gir1.2-packagekitglib-1.0	=14.10

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the severity of USN-2565-1?
The severity of USN-2565-1 is high due to the potential for an attacker to bypass ASLR protections.
How do I fix USN-2565-1?
To fix USN-2565-1, users should upgrade to the specified patched version of the Linux kernel, which is 3.16.0-34.45.
What versions of Ubuntu are affected by USN-2565-1?
USN-2565-1 affects Ubuntu 14.10 running specific versions of Linux kernel packages.
Can USN-2565-1 lead to privilege escalation?
Yes, USN-2565-1 can potentially lead to privilege escalation by exploiting the integer overflow vulnerability.
What types of attacks can exploit USN-2565-1?
Attackers could exploit USN-2565-1 primarily through local exploits that target the stack randomization feature.

agent/severity
agent/type
agent/first-publish-date
agent/last-modified-date
agent/weakness
agent/references
agent/title
agent/description
agent/event
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/usn
source/Ubuntu
agent/software-canonical-lookup
agent/software-canonical-lookup-request
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu gir1.2-packagekitglib-1.0
version/ubuntu gir1.2-packagekitglib-1.0/14.10