What is the severity of USN-3677-1?

The severity of USN-3677-1 is high.

How do I fix USN-3677-1?

To fix USN-3677-1, update your Linux kernel to version 4.13.0-45.50 or later.

What is the CVE ID for the vulnerability in USN-3677-1?

The CVE ID for the vulnerability in USN-3677-1 is CVE-2018-1068.

Is this vulnerability exploitable locally or remotely?

This vulnerability can be exploited locally.

Are there any known workarounds for this vulnerability?

There are no known workarounds for this vulnerability.

Vulnerability/
USN-3677-1

CWE

476

11/6/2018

USN-3677-1: Linux kernel vulnerabilities

First published: Mon Jun 11 2018(Updated: )

It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1068) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service (system crash) when mounted. (CVE-2018-1092) It was discovered that a NULL pointer dereference existed in the RDS (Reliable Datagram Sockets) protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-7492) It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2018-8087) Eyal Itkin discovered that the USB displaylink video adapter driver in the Linux kernel did not properly validate mmap offsets sent from userspace. A local attacker could use this to expose sensitive information (kernel memory) or possibly execute arbitrary code. (CVE-2018-8781)

Affected Software	Affected Version	How to fix
All of
ubuntu/linux-image-4.13.0-45-generic-lpae	<4.13.0-45.50	4.13.0-45.50
	=17.10
All of
ubuntu/linux-image-4.13.0-1022-raspi2	<4.13.0-1022.23	4.13.0-1022.23
	=17.10
All of
ubuntu/linux-image-4.13.0-45-lowlatency	<4.13.0-45.50	4.13.0-45.50
	=17.10
All of
ubuntu/linux-image-generic-lpae	<4.13.0.45.48	4.13.0.45.48
	=17.10
All of
ubuntu/linux-image-generic	<4.13.0.45.48	4.13.0.45.48
	=17.10
All of
ubuntu/linux-image-4.13.0-45-generic	<4.13.0-45.50	4.13.0-45.50
	=17.10
All of
ubuntu/linux-image-lowlatency	<4.13.0.45.48	4.13.0.45.48
	=17.10
All of
ubuntu/linux-image-raspi2	<4.13.0.1022.20	4.13.0.1022.20
	=17.10

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the severity of USN-3677-1?
The severity of USN-3677-1 is high.
How do I fix USN-3677-1?
To fix USN-3677-1, update your Linux kernel to version 4.13.0-45.50 or later.
What is the CVE ID for the vulnerability in USN-3677-1?
The CVE ID for the vulnerability in USN-3677-1 is CVE-2018-1068.
Is this vulnerability exploitable locally or remotely?
This vulnerability can be exploited locally.
Are there any known workarounds for this vulnerability?
There are no known workarounds for this vulnerability.

agent/severity
agent/type
agent/first-publish-date
agent/last-modified-date
agent/softwarecombine
agent/title
agent/tags
agent/description
agent/event
agent/weakness
agent/references
collector/usn
source/Ubuntu
anchor-related/USN-3654-2
anchor-related/USN-3654-1
anchor-related/USN-3656-1
anchor-related/USN-3674-2
anchor-related/USN-3674-1
anchor-related/USN-3677-2
anchor-related/USN-3676-1
anchor-related/USN-3676-2
anchor-related/USN-3678-4
anchor-related/USN-3678-3
anchor-related/USN-3678-1
anchor-related/USN-3678-2
anchor-related/USN-3754-1
anchor-related/USN-3619-2
anchor-related/USN-3619-1
agent/software-canonical-lookup
agent/trending
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/17.10