Ubuntu update for Linux kernel (Trusty HWE)
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 24 |
| CVE-ID | CVE-2017-0750 CVE-2017-0861 CVE-2017-1000407 CVE-2017-12153 CVE-2017-12190 CVE-2017-12192 CVE-2017-14051 CVE-2017-14140 CVE-2017-14156 CVE-2017-14489 CVE-2017-15102 CVE-2017-15115 CVE-2017-15274 CVE-2017-15868 CVE-2017-16525 CVE-2017-17450 CVE-2017-17806 CVE-2017-18017 CVE-2017-5669 CVE-2017-7542 CVE-2017-7889 CVE-2017-8824 CVE-2018-5333 CVE-2018-5344 |
| CWE-ID | CWE-787 CWE-416 CWE-399 CWE-476 CWE-401 CWE-190 CWE-264 CWE-200 CWE-20 CWE-121 CWE-835 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #10 is available. Public exploit code for vulnerability #22 is available. Public exploit code for vulnerability #23 is available. |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 24 vulnerabilities.
1) Privilege escalation
EUVDB-ID: #VU10708
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-0750
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause a DoS condition on the target system.
The weakness exists in the Flash-Friendly File System (f2fs) in the Linux kernel due to an out-of-bounds write error. A local attacker can construct a malicious file system that, when mounted, cause a denial of service (system crash) or possibly execute arbitrary code.
Update the affected packages
Ubuntu: 12.04
CPE2.3 External linkshttps://www.ubuntu.com/usn/usn-3583-2/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU9961
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-0861
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in snd_pcm_info() function in the ALSA subsystem. A local user can perform a denial of service attack.
Update the affected packages
Ubuntu: 12.04
CPE2.3https://www.ubuntu.com/usn/usn-3583-2/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource management error
EUVDB-ID: #VU9655
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-1000407
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to the possibility of flooding the diagnostic port 0x80. A local user can trigger an exception and cause a kernel panic.
Update the affected packages
Ubuntu: 12.04
CPE2.3https://www.ubuntu.com/usn/usn-3583-2/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) NULL pointer dereference
EUVDB-ID: #VU8694
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-12153
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
A security flaw was discovered in the nl80211_set_rekey_data() function
in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This
function does not check whether the required attributes are present in
a Netlink request. This request can be issued by a user with the
CAP_NET_ADMIN capability and may result in a NULL pointer dereference
and system crash.
Update the affected packages
Ubuntu: 12.04
CPE2.3https://www.ubuntu.com/usn/usn-3583-2/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Memory leak
EUVDB-ID: #VU10709
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-12190
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to an out-of-memory condition. A local attacker can cause a memory leak and possible system lock up.
Update the affected packages
Ubuntu: 12.04
CPE2.3https://www.ubuntu.com/usn/usn-3583-2/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) NULL pointer dereference
EUVDB-ID: #VU10711
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-12192
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists in the Key Management sub component of the Linux kernel when trying to issue a KEYTCL_READ on a negative key due to a NULL pointer dereference. A local attacker can cause the kernel and service to crash.
Update the affected packages
Ubuntu: 12.04
CPE2.3https://www.ubuntu.com/usn/usn-3583-2/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Integer overflow
EUVDB-ID: #VU10715
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-14051
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.ct due to an integer overflow. A local attacker can gain root access and cause the service to crash.
Update the affected packages
Ubuntu: 12.04
CPE2.3https://www.ubuntu.com/usn/usn-3583-2/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Information disclosure
EUVDB-ID: #VU10718
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-14140
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists in mm/migrate.c due to improper check of the effective UID. A local attacker can learn the memory layout of a setuid executable despite ASLR and expose sensitive information.
MitigationUpdate the affected packages
Ubuntu: 12.04
CPE2.3https://www.ubuntu.com/usn/usn-3583-2/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Information disclosure
EUVDB-ID: #VU10719
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-14156
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain sensitive information on the target system.
The weakness exists in the drivers/video/fbdev/aty/atyfb_base.c due to improper initialization of a certain data structure. A local attacker can read locations associated with padding bytes and obtain sensitive information from kernel stack memory.
Update the affected packages
Ubuntu: 12.04
CPE2.3https://www.ubuntu.com/usn/usn-3583-2/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Denial of service
EUVDB-ID: #VU10720
Risk: Low
CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2017-14489
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists in the drivers/scsi/scsi_transport_iscsi.c due to leveraging incorrect length validation. A local attacker can cause a denial of service.
Update the affected packages
Ubuntu: 12.04
CPE2.3https://www.ubuntu.com/usn/usn-3583-2/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
11) NULL pointer dereference
EUVDB-ID: #VU9515
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-15102
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges.
The vulnerability exists due to a race condition and a NULL pointer dereference within tower_probe() function in drivers/usb/misc/legousbtower.c in Linux kernel before 4.8.1. A local user with physical access to the computer and ability to insert USB flash drive can execute arbitrary code with escalated privileges. The USB device would have to delay the control message in tower_probe and accept the control urb in tower_open whilst guest code initiated a write to the device file as tower_delete is called from the error in tower_probe.
According to vendor this security issue exists since 2003.
Update the affected packages
Ubuntu: 12.04
CPE2.3https://www.ubuntu.com/usn/usn-3583-2/
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Use-after-free error
EUVDB-ID: #VU9764
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-15115
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to the sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel does not check whether the intended netns is used in a peel-off action. A local attacker can make specially crafted system calls, trigger use-after-free error and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
Update the affected packages
Ubuntu: 12.04
CPE2.3https://www.ubuntu.com/usn/usn-3583-2/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) NULL pointer dereference
EUVDB-ID: #VU10721
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-15274
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists in he security/keys/keyctl.c due to a NULL pointer dereference. A local attacker can create a specially crafted add_key or keyctl system call and cause a denial of service.
Update the affected packages
Ubuntu: 12.04
CPE2.3https://www.ubuntu.com/usn/usn-3583-2/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Privilege escalation
EUVDB-ID: #VU9959
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-15868
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to elevate privileges on the system.
The vulnerability exists due to abet check of l2cap socket availability in the bnep_add_connection() function in net/bluetooth/bnep/core.c. A local user can execute arbitrary code with elevated privileges.
Update the affected packages
Ubuntu: 12.04
CPE2.3https://www.ubuntu.com/usn/usn-3583-2/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Use-after-free error
EUVDB-ID: #VU9151
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-16525
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to use-after-free error in usb_serial_console_disconnect function in drivers/usb/serial/console.c. A local attacker can use a specially crafted USB device and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
Update the affected packages
Ubuntu: 12.04
CPE2.3https://www.ubuntu.com/usn/usn-3583-2/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Security restrictions bypass
EUVDB-ID: #VU9770
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-17450
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass security restrictions on the target system.
The weakness exists due to net/netfilter/xt_osf.c in the Linux kernel through does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations. A local attacker can bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces.
Update the affected packages
Ubuntu: 12.04
CPE2.3https://www.ubuntu.com/usn/usn-3583-2/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Stack-based buffer overflow
EUVDB-ID: #VU9776
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-17806
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to the HMAC implementation (crypto/hmac.c) in the Linux kernel does not validate that the underlying cryptographic hash algorithm is unkeyed. A local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) can execute a specially crafted sequence of system calls that encounter a missing SHA-3 initialization, trigger kernel stack buffer overflow and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
Update the affected packages
Ubuntu: 12.04
CPE2.3https://www.ubuntu.com/usn/usn-3583-2/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Use-after-free error
EUVDB-ID: #VU10678
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2017-18017
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition no the target system.
The weakness exists in the tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel due to use-after-free error. A remote attacker can leverage the presence of xt_TCPMSS in an iptables action, trigger memory corruption and cause the system to crash.
Update the affected packages
Ubuntu: 12.04
CPE2.3https://www.ubuntu.com/usn/usn-3583-2/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Security restrictions bypass
EUVDB-ID: #VU6650
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-5669
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass security restriction on the target system.
The weakness exists in the do_shmat function in ipc/shm.c due to improper restriction of the address calculated by a certain rounding operation. A local attacker can map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context.
Update the affected packages
Ubuntu: 12.04
CPE2.3https://www.ubuntu.com/usn/usn-3583-2/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Denial of service
EUVDB-ID: #VU10722
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-7542
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists in the ip6_find_1stfragopt function in net/ipv6/output_core.c due to leveraging the ability to open a raw socket. A local attacker can trigger integer overflow and infinite loop and cause a denial of service.
Update the affected packages
Ubuntu: 12.04
CPE2.3https://www.ubuntu.com/usn/usn-3583-2/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Information disclosure
EUVDB-ID: #VU10724
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-7889
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain access to potentially sensitive information.
The weakness exists in the CONFIG_STRICT_DEVMEM protection mechanism due to an improper enforcement. A local attacker can read or write to kernel memory locations in the first megabyte and bypass slab-allocation access restrictions.
Update the affected packages
Ubuntu: 12.04
CPE2.3https://www.ubuntu.com/usn/usn-3583-2/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Use-after-free error
EUVDB-ID: #VU9767
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2017-8824
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to gain elevated privileges or cause DoS condition on the target system.
The weakness exists due to an error in the dccp_disconnect function in net/dccp/proto.c in the Linux kernel. A local attacker can make specially crafted AF_UNSPEC connect system call during the DCCP_LISTEN state, trigger use-after-free error and gain root privileges or cause the system to crash.
Update the affected packages
Ubuntu: 12.04
CPE2.3https://www.ubuntu.com/usn/usn-3583-2/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
23) Null pointer dereference
EUVDB-ID: #VU10001
Risk: Medium
CVSSv4.0: 8.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:A/U:Green]
CVE-ID: CVE-2018-5333
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the rds_cmsg_atomic function due to insufficient handling of user-supplied input. A remote attacker can send a specially crafted HTTP request, trigger NULL pointer dereference and cause the system to crash.
Update the affected packages
Ubuntu: 12.04
CPE2.3https://www.ubuntu.com/usn/usn-3583-2/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
24) Use-after-free error
EUVDB-ID: #VU10725
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-5344
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause a DoS condition on the target system.
The weakness exists in the drivers/block/loop.c mishandles lo_release serialization due to use-after-free error. A local attacker can trigger memory corruption and cause the service to crash or execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Update the affected packages
Ubuntu: 12.04
CPE2.3https://www.ubuntu.com/usn/usn-3583-2/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
