Ubuntu Security Notice 2997-1 - Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). Various other issues were also addressed.
df656efbeccd8134a69d49e30b421956bddc01476d613d8b026317f4a3e41d03
Ubuntu Security Notice 2996-1 - Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). Various other issues were also addressed.
06d71e9c2695629758cc867e221b01bf922a1b38f88de97259e83eb660611bfb
Ubuntu Security Notice 2971-3 - Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). Zach Riggle discovered that the Linux kernel's list poison feature did not take into account the mmap_min_addr value. A local attacker could use this to bypass the kernel's poison-pointer protection mechanism while attempting to exploit an existing kernel vulnerability. Various other issues were also addressed.
7b3459c73365edf29023fa136ee57f10f3d17b3557b21c7121fe1294209b22d9
Ubuntu Security Notice 2971-2 - USN-2971-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 15.10 for Ubuntu 14.04 LTS. Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). Various other issues were also addressed.
e7e575bb1102666d9a22bb82b9c053e9133e706ab71b7e298615967c59ef8f3a
Ubuntu Security Notice 2971-1 - Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). Zach Riggle discovered that the Linux kernel's list poison feature did not take into account the mmap_min_addr value. A local attacker could use this to bypass the kernel's poison-pointer protection mechanism while attempting to exploit an existing kernel vulnerability. Various other issues were also addressed.
a298f48af827e9f86cdad35b461baed9987b67b75d15c7f9200282f810c3c31d
Ubuntu Security Notice 2970-1 - Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). Ben Hawkes discovered that the Linux kernel's AIO interface allowed single writes greater than 2GB, which could cause an integer overflow when writing to certain filesystems, socket or device types. A local attacker could this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.
d98bad9db3738dcedb5cd2b681a7df98c3b453dbe10c67457bbd20c49a287913
Ubuntu Security Notice 2969-1 - Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). Ben Hawkes discovered that the Linux kernel's AIO interface allowed single writes greater than 2GB, which could cause an integer overflow when writing to certain filesystems, socket or device types. A local attacker could this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.
daec6024463964987f17413ce3bc1076005c65ece84f6d55dbffb59927c14bca
Ubuntu Security Notice 2965-4 - Jann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel did not properly reference count file descriptors, leading to a use-after-free. A local unprivileged attacker could use this to gain administrative privileges. Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). Various other issues were also addressed.
b980b1fb461a05f96b89931ea8854c8fb764d3a6a3ea6ec9be99cb03392277a0
Ubuntu Security Notice 2965-3 - Jann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel did not properly reference count file descriptors, leading to a use-after-free. A local unprivileged attacker could use this to gain administrative privileges. Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). Various other issues were also addressed.
4e5b67ecd64a48a40bb846ae2b44ca9d5d6f5587e29332b9503dcdb6f3cc3bce
Ubuntu Security Notice 2965-1 - Jann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel did not properly reference count file descriptors, leading to a use-after-free. A local unprivileged attacker could use this to gain administrative privileges. Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). Various other issues were also addressed.
962749c42e747d98bec1018a0419b51785f0f882d0fec9774fb21cb7fa004936
Ubuntu Security Notice 2965-2 - USN-2965-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel did not properly reference count file descriptors, leading to a use-after-free. A local unprivileged attacker could use this to gain administrative privileges. Various other issues were also addressed.
6b52d036c57f1e7c2af2ead1821e8dddc36f23e6a3f79a1abfec9c19421a8b56
Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of a buggy USB device requiring the iowarrior driver.
cf5a8c3c5444f99bb6ad6a488d29e6cf6dcac765a5f97f7aa248611d304cb401