USN-3358-1: Linux kernel vulnerabilities
First published: Thu Jul 20 2017(Updated: )
It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2014-9900) Alexander Potapenko discovered a race condition in the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-1000380) Li Qiang discovered that the DRM driver for VMware Virtual GPUs in the Linux kernel did not properly validate some ioctl arguments. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7346) Murray McAllister discovered that the DRM driver for VMware Virtual GPUs in the Linux kernel did not properly initialize memory. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-9605)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/linux-image-4.10.0-28-generic-lpae | <4.10.0-28.32 | 4.10.0-28.32 |
| =17.04 | ||
| All of | ||
| ubuntu/linux-image-generic-lpae | <4.10.0.28.29 | 4.10.0.28.29 |
| =17.04 | ||
| All of | ||
| ubuntu/linux-image-4.10.0-28-generic | <4.10.0-28.32 | 4.10.0-28.32 |
| =17.04 | ||
| All of | ||
| ubuntu/linux-image-generic | <4.10.0.28.29 | 4.10.0.28.29 |
| =17.04 | ||
| All of | ||
| ubuntu/linux-image-4.10.0-28-lowlatency | <4.10.0-28.32 | 4.10.0-28.32 |
| =17.04 | ||
| All of | ||
| ubuntu/linux-image-4.10.0-1011-raspi2 | <4.10.0-1011.14 | 4.10.0-1011.14 |
| =17.04 | ||
| All of | ||
| ubuntu/linux-image-lowlatency | <4.10.0.28.29 | 4.10.0.28.29 |
| =17.04 | ||
| All of | ||
| ubuntu/linux-image-raspi2 | <4.10.0.1011.13 | 4.10.0.1011.13 |
| =17.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2014-9900
- https://ubuntu.com/security/CVE-2017-1000380
- https://ubuntu.com/security/CVE-2017-7346
- https://ubuntu.com/security/CVE-2017-9605
- https://ubuntu.com/security/notices/USN-3364-3
- https://ubuntu.com/security/notices/USN-3364-1
- https://ubuntu.com/security/notices/USN-3364-2
- https://ubuntu.com/security/notices/USN-3371-1
- https://ubuntu.com/security/notices/USN-3359-1
- https://ubuntu.com/security/notices/USN-3360-1
- https://ubuntu.com/security/notices/USN-3360-2
- https://launchpad.net/ubuntu/+source/linux/4.10.0-28.32
- https://launchpad.net/ubuntu/+source/linux-raspi2/4.10.0-1011.14
- https://ubuntu.com/security/notices/USN-3358-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the severity of CVE-2014-9900?
The severity of CVE-2014-9900 is moderate.
How can a local attacker exploit CVE-2014-9900?
A local attacker can exploit CVE-2014-9900 to expose sensitive information in kernel memory.
Which versions of Ubuntu are affected by CVE-2014-9900?
Ubuntu 17.04 is affected by CVE-2014-9900.
What is the remedy for CVE-2014-9900?
The remedy for CVE-2014-9900 is to update to Linux kernel version 4.10.0-28.32 or later.
Where can I find more information about CVE-2014-9900?
You can find more information about CVE-2014-9900 on the Ubuntu website.
- agent/severity
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- collector/usn
- source/Ubuntu
- anchor-related/USN-3364-3
- anchor-related/USN-3364-1
- anchor-related/USN-3364-2
- anchor-related/USN-3371-1
- anchor-related/USN-3359-1
- anchor-related/USN-3360-1
- anchor-related/USN-3360-2
- agent/software-canonical-lookup
- agent/title
- agent/weakness
- agent/tags
- agent/description
- agent/event
- agent/trending
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/17.04