UbuntuUSN-3071-2Linux kernel (Trusty HWE) vulnerabilities
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.6 High
AI Score
Confidence
High
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.005 Low
EPSS
Percentile
75.4%
Releases
- Ubuntu 12.04
Packages
- linux-lts-trusty - Linux hardware enablement kernel from Trusty for Precise
Details
USN-3071-1 fixed vulnerabilities in the Linux kernel for Ubuntu
14.04 LTS. This update provides the corresponding updates for the
Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for
Ubuntu 12.04 LTS.
Kangjie Lu discovered an information leak in the Reliable Datagram Sockets
(RDS) implementation in the Linux kernel. A local attacker could use this
to obtain potentially sensitive information from kernel memory.
(CVE-2016-5244)
Yue Cao et al discovered a flaw in the TCP implementation’s handling of
challenge acks in the Linux kernel. A remote attacker could use this to
cause a denial of service (reset connection) or inject content into an TCP
stream. (CVE-2016-5696)
Pengfei Wang discovered a race condition in the MIC VOP driver in the Linux
kernel. A local attacker could use this to cause a denial of service
(system crash) or obtain potentially sensitive information from kernel
memory. (CVE-2016-5728)
Cyril Bur discovered that on PowerPC platforms, the Linux kernel mishandled
transactional memory state on exec(). A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2016-5828)
It was discovered that a heap based buffer overflow existed in the USB HID
driver in the Linux kernel. A local attacker could use this cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2016-5829)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 12.04 | noarch | linux-image-3.13.0-95-generic | < 3.13.0-95.142~precise1 | UNKNOWN |
| Ubuntu | 12.04 | noarch | block-modules-3.13.0-95-generic-di | < 3.13.0-95.142~precise1 | UNKNOWN |
| Ubuntu | 12.04 | noarch | crypto-modules-3.13.0-95-generic-di | < 3.13.0-95.142~precise1 | UNKNOWN |
| Ubuntu | 12.04 | noarch | fat-modules-3.13.0-95-generic-di | < 3.13.0-95.142~precise1 | UNKNOWN |
| Ubuntu | 12.04 | noarch | fb-modules-3.13.0-95-generic-di | < 3.13.0-95.142~precise1 | UNKNOWN |
| Ubuntu | 12.04 | noarch | firewire-core-modules-3.13.0-95-generic-di | < 3.13.0-95.142~precise1 | UNKNOWN |
| Ubuntu | 12.04 | noarch | floppy-modules-3.13.0-95-generic-di | < 3.13.0-95.142~precise1 | UNKNOWN |
| Ubuntu | 12.04 | noarch | fs-core-modules-3.13.0-95-generic-di | < 3.13.0-95.142~precise1 | UNKNOWN |
| Ubuntu | 12.04 | noarch | fs-secondary-modules-3.13.0-95-generic-di | < 3.13.0-95.142~precise1 | UNKNOWN |
| Ubuntu | 12.04 | noarch | input-modules-3.13.0-95-generic-di | < 3.13.0-95.142~precise1 | UNKNOWN |
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.6 High
AI Score
Confidence
High
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.005 Low
EPSS
Percentile
75.4%