First published: Fri Aug 24 2018(Updated: )
It was discovered that the generic SCSI driver in the Linux kernel did not properly enforce permissions on kernel memory access. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2017-13168) Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10876, CVE-2018-10879) Wen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10877) Wen Xu discovered that an out-of-bounds write vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10878, CVE-2018-10882) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly keep meta-data information consistent in some situations. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10881) Shankara Pailoor discovered that the JFS filesystem implementation in the Linux kernel contained a buffer overflow when handling extended attributes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-12233) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly handle an error condition with a corrupted xfs image. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13094) It was discovered that the Linux kernel did not properly handle setgid file creation when performed by a non-member of the group. A local attacker could use this to gain elevated privileges. (CVE-2018-13405) Silvio Cesare discovered that the generic VESA frame buffer driver in the Linux kernel contained an integer overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-13406)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/linux-image-4.4.0-1032-kvm | <4.4.0-1032.38 | 4.4.0-1032.38 |
=16.04 | ||
All of | ||
ubuntu/linux-image-4.4.0-1066-aws | <4.4.0-1066.76 | 4.4.0-1066.76 |
=16.04 | ||
All of | ||
ubuntu/linux-image-4.4.0-1095-raspi2 | <4.4.0-1095.103 | 4.4.0-1095.103 |
=16.04 | ||
All of | ||
ubuntu/linux-image-4.4.0-1099-snapdragon | <4.4.0-1099.104 | 4.4.0-1099.104 |
=16.04 | ||
All of | ||
ubuntu/linux-image-4.4.0-134-generic | <4.4.0-134.160 | 4.4.0-134.160 |
=16.04 | ||
All of | ||
ubuntu/linux-image-4.4.0-134-generic-lpae | <4.4.0-134.160 | 4.4.0-134.160 |
=16.04 | ||
All of | ||
ubuntu/linux-image-4.4.0-134-lowlatency | <4.4.0-134.160 | 4.4.0-134.160 |
=16.04 | ||
All of | ||
ubuntu/linux-image-4.4.0-134-powerpc-e500mc | <4.4.0-134.160 | 4.4.0-134.160 |
=16.04 | ||
All of | ||
ubuntu/linux-image-4.4.0-134-powerpc-smp | <4.4.0-134.160 | 4.4.0-134.160 |
=16.04 | ||
All of | ||
ubuntu/linux-image-4.4.0-134-powerpc64-emb | <4.4.0-134.160 | 4.4.0-134.160 |
=16.04 | ||
All of | ||
ubuntu/linux-image-4.4.0-134-powerpc64-smp | <4.4.0-134.160 | 4.4.0-134.160 |
=16.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)
The severity of USN-3753-1 is not specified.
To fix USN-3753-1, update the affected Linux kernel packages to the required version.
The following Linux kernel packages are affected by USN-3753-1: linux-image-4.4.0-1032-kvm, linux-image-4.4.0-1066-aws, linux-image-4.4.0-1095-raspi2, linux-image-4.4.0-1099-snapdragon, linux-image-4.4.0-134-generic, linux-image-4.4.0-134-generic-lpae, linux-image-4.4.0-134-lowlatency, linux-image-4.4.0-134-powerpc-e500mc, linux-image-4.4.0-134-powerpc-smp, linux-image-4.4.0-134-powerpc64-emb, linux-image-4.4.0-134-powerpc64-smp.
The following CVEs are associated with USN-3753-1: CVE-2017-13168, CVE-2018-10876, CVE-2018-10877.
You can get more information about USN-3753-1 from the following references: [Link 1](https://ubuntu.com/security/CVE-2017-13168), [Link 2](https://ubuntu.com/security/CVE-2018-10876), [Link 3](https://ubuntu.com/security/CVE-2018-10877).