Linux kernel (Trusty HWE) vulnerability

2017-03-29T00:00:00
ID USN-3250-2
Type ubuntu
Reporter Ubuntu
Modified 2017-03-29T00:00:00

Description

USN-3250-1 fixed a vulnerability in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS.

It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges.