What is the vulnerability ID for this Ubuntu security notice?

The vulnerability ID for this Ubuntu security notice is USN-2843-3.

What is the title of this Ubuntu security notice?

The title of this Ubuntu security notice is 'USN-2843-3: Linux kernel (Raspberry Pi 2) vulnerabilities'.

Who discovered the vulnerability in the Linux kernel's ppp implementation?

郭永刚 discovered the vulnerability in the Linux kernel's ppp implementation.

What is the impact of the ppp implementation vulnerability?

The ppp implementation vulnerability can cause a denial of service (system crash).

How can a local attacker exploit the ppp implementation vulnerability?

A local attacker with the privilege to call ioctl() on /dev/ppp can exploit the ppp implementation vulnerability.

What is the vulnerability in the Linux kernel's keyring subsystem?

The vulnerability in the Linux kernel's keyring subsystem was discovered by Dmitry Vyukov.

What is the severity of this vulnerability?

The severity of this vulnerability is not mentioned in the information provided.

What version of the Linux kernel is affected by this vulnerability?

The Linux kernel version 4.2.0-1016.23 (linux-image-4.2.0-1016-raspi2) on Ubuntu 15.10 is affected by this vulnerability.

How to fix this vulnerability?

To fix this vulnerability, update to the version 4.2.0-1016.23 of linux-image-4.2.0-1016-raspi2 package on Ubuntu 15.10.

Vulnerability/
USN-2843-3

17/12/2015

USN-2843-3: Linux kernel (Raspberry Pi 2) vulnerabilities

First published: Thu Dec 17 2015(Updated: )

郭永刚 discovered that the ppp implementation in the Linux kernel did not ensure that certain slot numbers are valid. A local attacker with the privilege to call ioctl() on /dev/ppp could cause a denial of service (system crash). (CVE-2015-7799) Dmitry Vyukov discovered that the Linux kernel's keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash). (CVE-2015-7872) It was discovered that the virtual video osd test driver in the Linux kernel did not properly initialize data structures. A local attacker could use this to obtain sensitive information from the kernel. (CVE-2015-7884) It was discovered that the driver for Digi Neo and ClassicBoard devices did not properly initialize data structures. A local attacker could use this to obtain sensitive information from the kernel. (CVE-2015-7885)

Affected Software	Affected Version	How to fix
All of
ubuntu/linux-image-4.2.0-1016-raspi2	<4.2.0-1016.23	4.2.0-1016.23
	=15.10

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the vulnerability ID for this Ubuntu security notice?
The vulnerability ID for this Ubuntu security notice is USN-2843-3.
What is the title of this Ubuntu security notice?
The title of this Ubuntu security notice is 'USN-2843-3: Linux kernel (Raspberry Pi 2) vulnerabilities'.
Who discovered the vulnerability in the Linux kernel's ppp implementation?
郭永刚 discovered the vulnerability in the Linux kernel's ppp implementation.
What is the impact of the ppp implementation vulnerability?
The ppp implementation vulnerability can cause a denial of service (system crash).
How can a local attacker exploit the ppp implementation vulnerability?
A local attacker with the privilege to call ioctl() on /dev/ppp can exploit the ppp implementation vulnerability.
What is the vulnerability in the Linux kernel's keyring subsystem?
The vulnerability in the Linux kernel's keyring subsystem was discovered by Dmitry Vyukov.
What is the severity of this vulnerability?
The severity of this vulnerability is not mentioned in the information provided.
What version of the Linux kernel is affected by this vulnerability?
The Linux kernel version 4.2.0-1016.23 (linux-image-4.2.0-1016-raspi2) on Ubuntu 15.10 is affected by this vulnerability.
How to fix this vulnerability?
To fix this vulnerability, update to the version 4.2.0-1016.23 of linux-image-4.2.0-1016-raspi2 package on Ubuntu 15.10.

agent/severity
agent/references
agent/type
agent/last-modified-date
agent/first-publish-date
agent/softwarecombine
collector/usn
source/Ubuntu
anchor-related/USN-2843-2
anchor-related/USN-2842-2
anchor-related/USN-2844-1
anchor-related/USN-2886-2
anchor-related/USN-2886-1
anchor-related/USN-2841-1
anchor-related/USN-2841-2
anchor-related/USN-2842-1
anchor-related/USN-2843-1
anchor-related/USN-2823-1
anchor-related/USN-2824-1
anchor-related/USN-2840-1
anchor-related/USN-2840-2
anchor-related/USN-2829-1
anchor-related/USN-2826-1
anchor-related/USN-2829-2
agent/software-canonical-lookup
agent/event
agent/tags
agent/description
agent/title
agent/trending
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/15.10