First published: Thu Nov 05 2015(Updated: )
Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service (system crash). (CVE-2015-7613) It was discovered that the Linux kernel did not check if a new IPv6 MTU set by a user space application was valid. A remote attacker could forge a route advertisement with an invalid MTU that a user space daemon like NetworkManager would honor and apply to the kernel, causing a denial of service. (CVE-2015-0272) It was discovered that in certain situations, a directory could be renamed outside of a bind mounted location. An attacker could use this to escape bind mount containment and gain access to sensitive information. (CVE-2015-2925) Moein Ghasemzadeh discovered that the USB WhiteHEAT serial driver contained hardcoded attributes about the USB devices. An attacker could construct a fake WhiteHEAT USB device that, when inserted, causes a denial of service (system crash). (CVE-2015-5257)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/linux-image-3.2.0-93-omap | <3.2.0-93.133 | 3.2.0-93.133 |
=12.04 | ||
All of | ||
ubuntu/linux-image-3.2.0-93-generic | <3.2.0-93.133 | 3.2.0-93.133 |
=12.04 | ||
All of | ||
ubuntu/linux-image-3.2.0-93-powerpc-smp | <3.2.0-93.133 | 3.2.0-93.133 |
=12.04 | ||
All of | ||
ubuntu/linux-image-3.2.0-93-powerpc64-smp | <3.2.0-93.133 | 3.2.0-93.133 |
=12.04 | ||
All of | ||
ubuntu/linux-image-3.2.0-93-virtual | <3.2.0-93.133 | 3.2.0-93.133 |
=12.04 | ||
All of | ||
ubuntu/linux-image-3.2.0-93-generic-pae | <3.2.0-93.133 | 3.2.0-93.133 |
=12.04 | ||
All of | ||
ubuntu/linux-image-3.2.0-93-highbank | <3.2.0-93.133 | 3.2.0-93.133 |
=12.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)
The severity of USN-2792-1 is high.
A local attacker can exploit CVE-2015-7613 to escalate their privileges, expose confidential information, or cause a denial of service (system crash).
Ubuntu version 12.04 is affected by USN-2792-1.
Linux kernel versions 3.2.0-93.133 and below should be updated to fix USN-2792-1.
You can find more information about USN-2792-1 at https://ubuntu.com/security/CVE-2015-0272, https://ubuntu.com/security/CVE-2015-2925, and https://ubuntu.com/security/CVE-2015-5257.