Linux kernel (Xenial HWE) vulnerability

2017-03-30T00:00:00
ID USN-3249-2
Type ubuntu
Reporter Ubuntu
Modified 2017-03-30T00:00:00

Description

USN-3249-1 fixed a vulnerability in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.

It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges.