SB2018043007 - Ubuntu update for Linux Kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018043007

SB2018043007 - Ubuntu update for Linux Kernel

Published: April 30, 2018 Updated: May 22, 2018

Security Bulletin ID SB2018043007
Severity
Low
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 20% Low 80%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2017-13305)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists in the Upstream kernel encrypted-keys due to improper information control. A remote attacker can gain access to potentially sensitive information.


2) Denial of service (CVE-ID: CVE-2017-16538)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an error in the drivers/media/usb/dvb-usb-v2/lmedm04.c. A local attacker can use a specially crafted USB device and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

3) Race condition (CVE-ID: CVE-2018-1000004)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to race condition in the sound system. A remote attacker can trigger deadlock and cause the system to crash.

4) Privilege escalation (CVE-ID: CVE-2018-5750)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to a flaw in the acpi_smbus_hc_add() function in 'drivers/acpi/sbshc.c'. A local attacker can submit a specially crafted SBS HC printk system call to obtain potentially sensitive address information and potentially bypass kernel address space layout randomization (KASLR) security protection.


5) Memory corruption (CVE-ID: CVE-2018-7566)

The vulnerability allows a local attacker to write arbitrary files on the target system.

The weakness exists due to out-of-bounds write while ALSA sequencer core initializes the event pool on demand by invoking snd_seq_pool_init() when the first write happens and the pool is empty. A local attacker can trigger buffer overflow and use after free and reset the pool size manually via ioctl concurrently and write arbitrary files.

Remediation

Install update from vendor's website.

References