CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
92.7%
USN-3265-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.
It was discovered that a use-after-free flaw existed in the filesystem
encryption subsystem in the Linux kernel. A local attacker could use this
to cause a denial of service (system crash). (CVE-2017-7374)
Andrey Konovalov discovered an out-of-bounds access in the IPv6 Generic
Routing Encapsulation (GRE) tunneling implementation in the Linux kernel.
An attacker could use this to possibly expose sensitive information.
(CVE-2017-5897)
Andrey Konovalov discovered that the IPv4 implementation in the Linux
kernel did not properly handle invalid IP options in some situations. An
attacker could use this to cause a denial of service or possibly execute
arbitrary code. (CVE-2017-5970)
Gareth Evans discovered that the shm IPC subsystem in the Linux kernel did
not properly restrict mapping page zero. A local privileged attacker could
use this to execute arbitrary code. (CVE-2017-5669)
Alexander Popov discovered that a race condition existed in the Stream
Control Transmission Protocol (SCTP) implementation in the Linux kernel. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2017-5986)
Dmitry Vyukov discovered that the Linux kernel did not properly handle TCP
packets with the URG flag. A remote attacker could use this to cause a
denial of service. (CVE-2017-6214)
Andrey Konovalov discovered that the LLC subsytem in the Linux kernel did
not properly set up a destructor in certain situations. A local attacker
could use this to cause a denial of service (system crash). (CVE-2017-6345)
It was discovered that a race condition existed in the AF_PACKET handling
code in the Linux kernel. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2017-6346)
Andrey Konovalov discovered that the IP layer in the Linux kernel made
improper assumptions about internal data layout when performing checksums.
A local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2017-6347)
Dmitry Vyukov discovered race conditions in the Infrared (IrDA) subsystem
in the Linux kernel. A local attacker could use this to cause a denial of
service (deadlock). (CVE-2017-6348)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 14.04 | noarch | linux-image-4.4.0-75-generic | < 4.4.0-75.96~14.04.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | block-modules-4.4.0-75-generic-di | < 4.4.0-75.96~14.04.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | crypto-modules-4.4.0-75-generic-di | < 4.4.0-75.96~14.04.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | fat-modules-4.4.0-75-generic-di | < 4.4.0-75.96~14.04.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | fb-modules-4.4.0-75-generic-di | < 4.4.0-75.96~14.04.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | firewire-core-modules-4.4.0-75-generic-di | < 4.4.0-75.96~14.04.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | floppy-modules-4.4.0-75-generic-di | < 4.4.0-75.96~14.04.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | fs-core-modules-4.4.0-75-generic-di | < 4.4.0-75.96~14.04.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | fs-secondary-modules-4.4.0-75-generic-di | < 4.4.0-75.96~14.04.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | input-modules-4.4.0-75-generic-di | < 4.4.0-75.96~14.04.1 | UNKNOWN |
ubuntu.com/security/CVE-2017-5669
ubuntu.com/security/CVE-2017-5897
ubuntu.com/security/CVE-2017-5970
ubuntu.com/security/CVE-2017-5986
ubuntu.com/security/CVE-2017-6214
ubuntu.com/security/CVE-2017-6345
ubuntu.com/security/CVE-2017-6346
ubuntu.com/security/CVE-2017-6347
ubuntu.com/security/CVE-2017-6348
ubuntu.com/security/CVE-2017-7374
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
92.7%