What is the vulnerability ID for this advisory?

The vulnerability ID for this advisory is USN-2947-3.

What is the severity of USN-2947-3?

The severity of USN-2947-3 is not mentioned in the advisory.

What software is affected by USN-2947-3?

The Linux kernel (Raspberry Pi 2) with version 4.2.0-1028.36 on Ubuntu 15.10 is affected by USN-2947-3.

How can the vulnerability be exploited?

The advisory does not provide specific information on how the vulnerability can be exploited.

How do I fix USN-2947-3?

To fix USN-2947-3, upgrade to version 4.2.0-1028.36 of the linux-image-4.2.0-1028-raspi2 package on Ubuntu 15.10.

Vulnerability/
USN-2947-3

CWE

416

6/4/2016

USN-2947-3: Linux kernel (Raspberry Pi 2) vulnerabilities

First published: Wed Apr 06 2016(Updated: )

Ralf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly validate the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7833) Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2015-8812) Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux Extended Verification Module (EVM). An attacker could use this to affect system integrity. (CVE-2016-2085) It was discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel did not correctly compute branch offsets for backward jumps after ctx expansion. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-2383) David Herrmann discovered that the Linux kernel incorrectly accounted file descriptors to the original opener for in-flight file descriptors sent over a unix domain socket. A local attacker could use this to cause a denial of service (resource exhaustion). (CVE-2016-2550) It was discovered that the Linux kernel did not enforce limits on the amount of data allocated to buffer pipes. A local attacker could use this to cause a denial of service (resource exhaustion). (CVE-2016-2847)

Affected Software	Affected Version	How to fix
All of
ubuntu/linux-image-4.2.0-1028-raspi2	<4.2.0-1028.36	4.2.0-1028.36
Ubuntu Ubuntu	=15.10

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the vulnerability ID for this advisory?
The vulnerability ID for this advisory is USN-2947-3.
What is the severity of USN-2947-3?
The severity of USN-2947-3 is not mentioned in the advisory.
What software is affected by USN-2947-3?
The Linux kernel (Raspberry Pi 2) with version 4.2.0-1028.36 on Ubuntu 15.10 is affected by USN-2947-3.
How can the vulnerability be exploited?
The advisory does not provide specific information on how the vulnerability can be exploited.
How do I fix USN-2947-3?
To fix USN-2947-3, upgrade to version 4.2.0-1028.36 of the linux-image-4.2.0-1028-raspi2 package on Ubuntu 15.10.

agent/severity
agent/references
agent/type
agent/last-modified-date
agent/first-publish-date
collector/usn
source/Ubuntu
anchor-related/USN-2947-1
anchor-related/USN-2948-1
anchor-related/USN-2929-1
anchor-related/USN-2929-2
anchor-related/USN-2967-2
anchor-related/USN-2967-1
anchor-related/USN-2947-2
anchor-related/USN-2932-1
anchor-related/USN-2946-1
anchor-related/USN-2946-2
anchor-related/USN-2949-1
anchor-related/USN-2965-2
agent/software-canonical-lookup
agent/event
agent/tags
agent/softwarecombine
agent/description
agent/title
agent/weakness
agent/trending
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/15.10