- Vulnerability/
- USN-3147-1
USN-3147-1: Linux kernel vulnerabilities
First published: Wed Nov 30 2016(Updated: )
Andreas Gruenbacher and Jan Kara discovered that the filesystem implementation in the Linux kernel did not clear the setgid bit during a setxattr call. A local attacker could use this to possibly elevate group privileges. (CVE-2016-7097) Marco Grassi discovered that the driver for Areca RAID Controllers in the Linux kernel did not properly validate control messages. A local attacker could use this to cause a denial of service (system crash) or possibly gain privileges. (CVE-2016-7425)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/linux-image-powerpc-smp | <4.8.0.28.37 | 4.8.0.28.37 |
| =16.10 | ||
| All of | ||
| ubuntu/linux-image-powerpc-e500mc | <4.8.0.28.37 | 4.8.0.28.37 |
| =16.10 | ||
| All of | ||
| ubuntu/linux-image-generic | <4.8.0.28.37 | 4.8.0.28.37 |
| =16.10 | ||
| All of | ||
| ubuntu/linux-image-4.8.0-28-lowlatency | <4.8.0-28.30 | 4.8.0-28.30 |
| =16.10 | ||
| All of | ||
| ubuntu/linux-image-lowlatency | <4.8.0.28.37 | 4.8.0.28.37 |
| =16.10 | ||
| All of | ||
| ubuntu/linux-image-4.8.0-28-generic | <4.8.0-28.30 | 4.8.0-28.30 |
| =16.10 | ||
| All of | ||
| ubuntu/linux-image-4.8.0-28-powerpc-e500mc | <4.8.0-28.30 | 4.8.0-28.30 |
| =16.10 | ||
| All of | ||
| ubuntu/linux-image-4.8.0-28-powerpc64-emb | <4.8.0-28.30 | 4.8.0-28.30 |
| =16.10 | ||
| All of | ||
| ubuntu/linux-image-generic-lpae | <4.8.0.28.37 | 4.8.0.28.37 |
| =16.10 | ||
| All of | ||
| ubuntu/linux-image-4.8.0-28-powerpc-smp | <4.8.0-28.30 | 4.8.0-28.30 |
| =16.10 | ||
| All of | ||
| ubuntu/linux-image-powerpc64-emb | <4.8.0.28.37 | 4.8.0.28.37 |
| =16.10 | ||
| All of | ||
| ubuntu/linux-image-4.8.0-28-generic-lpae | <4.8.0-28.30 | 4.8.0-28.30 |
| =16.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2016-7097
- https://ubuntu.com/security/CVE-2016-7425
- https://ubuntu.com/security/notices/USN-3162-2
- https://ubuntu.com/security/notices/USN-3161-4
- https://ubuntu.com/security/notices/USN-3161-3
- https://ubuntu.com/security/notices/USN-3146-2
- https://ubuntu.com/security/notices/USN-3146-1
- https://ubuntu.com/security/notices/USN-3422-2
- https://ubuntu.com/security/notices/USN-3422-1
- https://ubuntu.com/security/notices/USN-3144-1
- https://ubuntu.com/security/notices/USN-3145-1
- https://ubuntu.com/security/notices/USN-3145-2
- https://ubuntu.com/security/notices/USN-3144-2
- https://launchpad.net/ubuntu/+source/linux/4.8.0-28.30
- https://ubuntu.com/security/notices/USN-3147-1 (Advisory)
Frequently Asked Questions
What is the vulnerability ID for this advisory?
The vulnerability ID for this advisory is CVE-2016-7097.
How can a local attacker exploit this vulnerability?
A local attacker can exploit this vulnerability by using it to possibly elevate group privileges.
Which Linux kernel versions are affected by this vulnerability?
This vulnerability affects Linux kernel versions 4.8.0-28.30 and 4.8.0.28.37.
What is the severity of this vulnerability?
The severity of this vulnerability is not specified in the advisory.
How do I fix this vulnerability?
To fix this vulnerability, update to Linux kernel version 4.8.0-28.30 or 4.8.0.28.37.
- agent/severity
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- collector/usn
- source/Ubuntu
- anchor-related/USN-3162-2
- anchor-related/USN-3161-4
- anchor-related/USN-3161-3
- anchor-related/USN-3146-2
- anchor-related/USN-3146-1
- anchor-related/USN-3422-2
- anchor-related/USN-3422-1
- anchor-related/USN-3144-1
- anchor-related/USN-3145-1
- anchor-related/USN-3145-2
- anchor-related/USN-3144-2
- agent/software-canonical-lookup
- agent/event
- agent/title
- agent/tags
- agent/description
- agent/references
- agent/trending
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/16.10