CVE-2018-7755
CVSS5.0
发布时间 :2018-03-08 02:29:01
修订时间 :2018-07-12 21:29:03
NMP    

[原文]An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR.


[CNNVD]CNNVD数据暂缺。


[机译]译文暂缺.

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-200 [信息暴露]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7755
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7755
(官方数据源) NVD

- 其它链接及资源

https://lkml.org/lkml/2018/3/7/1116
(VENDOR_ADVISORY)  MISC  https://lkml.org/lkml/2018/3/7/1116
https://usn.ubuntu.com/3695-1/
(UNKNOWN)  UBUNTU  USN-3695-1
https://usn.ubuntu.com/3695-2/
(UNKNOWN)  UBUNTU  USN-3695-2
https://usn.ubuntu.com/3696-1/
(UNKNOWN)  UBUNTU  USN-3696-1
https://usn.ubuntu.com/3696-2/
(UNKNOWN)  UBUNTU  USN-3696-2
https://usn.ubuntu.com/3697-1/
(UNKNOWN)  UBUNTU  USN-3697-1
https://usn.ubuntu.com/3697-2/
(UNKNOWN)  UBUNTU  USN-3697-2
https://usn.ubuntu.com/3698-1/
(UNKNOWN)  UBUNTU  USN-3698-1
https://usn.ubuntu.com/3698-2/
(UNKNOWN)  UBUNTU  USN-3698-2

- 漏洞信息 (F148403)

Ubuntu Security Notice USN-3698-1 (PacketStormID:F148403)
2018-07-02 00:00:00
Ubuntu  security.ubuntu.com
advisory,denial of service,kernel,local
linux,ubuntu
CVE-2017-12154,CVE-2017-12193,CVE-2017-15265,CVE-2018-1130,CVE-2018-3665,CVE-2018-5750,CVE-2018-5803,CVE-2018-6927,CVE-2018-7755,CVE-2018-7757
[点击下载]

Ubuntu Security Notice 3698-1 - It was discovered that the nested KVM implementation in the Linux kernel in some situations did not properly prevent second level guests from reading and writing the hardware CR8 register. A local attacker in a guest could use this to cause a denial of service. Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array implementation in the Linux kernel sometimes did not properly handle adding a new entry. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

=========================================================================
Ubuntu Security Notice USN-3698-1
July 02, 2018

linux vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel

Details:

It was discovered that the nested KVM implementation in the Linux kernel in
some situations did not properly prevent second level guests from reading
and writing the hardware CR8 register. A local attacker in a guest could
use this to cause a denial of service (system crash). (CVE-2017-12154)

Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array
implementation in the Linux kernel sometimes did not properly handle adding
a new entry. A local attacker could use this to cause a denial of service
(system crash). (CVE-2017-12193)

It was discovered that a race condition existed in the ALSA subsystem of
the Linux kernel when creating and deleting a port via ioctl(). A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2017-15265)

It was discovered that a null pointer dereference vulnerability existed in
the DCCP protocol implementation in the Linux kernel. A local attacker
could use this to cause a denial of service (system crash). (CVE-2018-1130)

Julian Stecklina and Thomas Prescher discovered that FPU register states
(such as MMX, SSE, and AVX registers) which are lazily restored are
potentially vulnerable to a side channel attack. A local attacker could use
this to expose sensitive information. (CVE-2018-3665)

Wang Qize discovered that an information disclosure vulnerability existed
in the SMBus driver for ACPI Embedded Controllers in the Linux kernel. A
local attacker could use this to expose sensitive information (kernel
pointer addresses). (CVE-2018-5750)

It was discovered that the SCTP Protocol implementation in the Linux kernel
did not properly validate userspace provided payload lengths in some
situations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2018-5803)

It was discovered that an integer overflow error existed in the futex
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash). (CVE-2018-6927)

It was discovered that an information leak vulnerability existed in the
floppy driver in the Linux kernel. A local attacker could use this to
expose sensitive information (kernel memory). (CVE-2018-7755)

It was discovered that a memory leak existed in the SAS driver subsystem of
the Linux kernel. A local attacker could use this to cause a denial of
service (memory exhaustion). (CVE-2018-7757)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  linux-image-3.13.0-153-generic  3.13.0-153.203
  linux-image-3.13.0-153-generic-lpae  3.13.0-153.203
  linux-image-3.13.0-153-lowlatency  3.13.0-153.203
  linux-image-3.13.0-153-powerpc-e500  3.13.0-153.203
  linux-image-3.13.0-153-powerpc-e500mc  3.13.0-153.203
  linux-image-3.13.0-153-powerpc-smp  3.13.0-153.203
  linux-image-3.13.0-153-powerpc64-emb  3.13.0-153.203
  linux-image-3.13.0-153-powerpc64-smp  3.13.0-153.203
  linux-image-generic             3.13.0.153.163
  linux-image-generic-lpae        3.13.0.153.163
  linux-image-lowlatency          3.13.0.153.163
  linux-image-powerpc-e500        3.13.0.153.163
  linux-image-powerpc-e500mc      3.13.0.153.163
  linux-image-powerpc-smp         3.13.0.153.163
  linux-image-powerpc64-emb       3.13.0.153.163
  linux-image-powerpc64-smp       3.13.0.153.163

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://usn.ubuntu.com/usn/usn-3698-1
  CVE-2017-12154, CVE-2017-12193, CVE-2017-15265, CVE-2018-1130,
  CVE-2018-3665, CVE-2018-5750, CVE-2018-5803, CVE-2018-6927,
  CVE-2018-7755, CVE-2018-7757

Package Information:
  https://launchpad.net/ubuntu/+source/linux/3.13.0-153.203
    

- 漏洞信息 (F148402)

Ubuntu Security Notice USN-3696-1 (PacketStormID:F148402)
2018-07-02 00:00:00
Ubuntu  security.ubuntu.com
advisory,denial of service,overflow,kernel,local
linux,ubuntu
CVE-2017-13695,CVE-2017-18255,CVE-2017-18257,CVE-2018-1000204,CVE-2018-10021,CVE-2018-10087,CVE-2018-10124,CVE-2018-3665,CVE-2018-5814,CVE-2018-7755
[点击下载]

Ubuntu Security Notice 3696-1 - It was discovered that an integer overflow existed in the perf subsystem of the Linux kernel. A local attacker could use this to cause a denial of service. Wei Fang discovered an integer overflow in the F2FS filesystem implementation in the Linux kernel. A local attacker could use this to cause a denial of service. It was discovered that an information leak existed in the generic SCSI driver in the Linux kernel. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

=========================================================================
Ubuntu Security Notice USN-3696-1
July 02, 2018

linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-kvm: Linux kernel for cloud environments
- linux-raspi2: Linux kernel for Raspberry Pi 2
- linux-snapdragon: Linux kernel for Snapdragon processors

Details:

It was discovered that an integer overflow existed in the perf subsystem of
the Linux kernel. A local attacker could use this to cause a denial of
service (system crash). (CVE-2017-18255)

Wei Fang discovered an integer overflow in the F2FS filesystem
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service. (CVE-2017-18257)

It was discovered that an information leak existed in the generic SCSI
driver in the Linux kernel. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2018-1000204)

It was discovered that the wait4() system call in the Linux kernel did not
properly validate its arguments in some situations. A local attacker could
possibly use this to cause a denial of service. (CVE-2018-10087)

It was discovered that the kill() system call implementation in the Linux
kernel did not properly validate its arguments in some situations. A local
attacker could possibly use this to cause a denial of service.
(CVE-2018-10124)

Julian Stecklina and Thomas Prescher discovered that FPU register states
(such as MMX, SSE, and AVX registers) which are lazily restored are
potentially vulnerable to a side channel attack. A local attacker could use
this to expose sensitive information. (CVE-2018-3665)

Jakub Jirasek discovered that multiple use-after-errors existed in the
USB/IP implementation in the Linux kernel. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2018-5814)

It was discovered that an information leak vulnerability existed in the
floppy driver in the Linux kernel. A local attacker could use this to
expose sensitive information (kernel memory). (CVE-2018-7755)

Seunghun Han discovered an information leak in the ACPI handling code in
the Linux kernel when handling early termination of ACPI table loading. A
local attacker could use this to expose sensitive informal (kernel address
locations). (CVE-2017-13695)

It was discovered that a memory leak existed in the Serial Attached SCSI
(SAS) implementation in the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (memory exhaustion).
(CVE-2018-10021)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  linux-image-4.4.0-1029-kvm      4.4.0-1029.34
  linux-image-4.4.0-1062-aws      4.4.0-1062.71
  linux-image-4.4.0-1092-raspi2   4.4.0-1092.100
  linux-image-4.4.0-1095-snapdragon  4.4.0-1095.100
  linux-image-4.4.0-130-generic   4.4.0-130.156
  linux-image-4.4.0-130-generic-lpae  4.4.0-130.156
  linux-image-4.4.0-130-lowlatency  4.4.0-130.156
  linux-image-4.4.0-130-powerpc-e500mc  4.4.0-130.156
  linux-image-4.4.0-130-powerpc-smp  4.4.0-130.156
  linux-image-4.4.0-130-powerpc64-emb  4.4.0-130.156
  linux-image-4.4.0-130-powerpc64-smp  4.4.0-130.156
  linux-image-aws                 4.4.0.1062.64
  linux-image-generic             4.4.0.130.136
  linux-image-generic-lpae        4.4.0.130.136
  linux-image-kvm                 4.4.0.1029.28
  linux-image-lowlatency          4.4.0.130.136
  linux-image-powerpc-e500mc      4.4.0.130.136
  linux-image-powerpc-smp         4.4.0.130.136
  linux-image-powerpc64-emb       4.4.0.130.136
  linux-image-powerpc64-smp       4.4.0.130.136
  linux-image-raspi2              4.4.0.1092.92
  linux-image-snapdragon          4.4.0.1095.87

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://usn.ubuntu.com/usn/usn-3696-1
  CVE-2017-13695, CVE-2017-18255, CVE-2017-18257, CVE-2018-1000204,
  CVE-2018-10021, CVE-2018-10087, CVE-2018-10124, CVE-2018-3665,
  CVE-2018-5814, CVE-2018-7755

Package Information:
  https://launchpad.net/ubuntu/+source/linux/4.4.0-130.156
  https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1062.71
  https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1029.34
  https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1092.100
  https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1095.100
    

- 漏洞信息 (F148401)

Ubuntu Security Notice USN-3695-1 (PacketStormID:F148401)
2018-07-02 00:00:00
Ubuntu  security.ubuntu.com
advisory,denial of service,kernel,local
linux,ubuntu
CVE-2018-1094,CVE-2018-10940,CVE-2018-1095,CVE-2018-11508,CVE-2018-7755
[点击下载]

Ubuntu Security Notice 3695-1 - Wen Xu discovered that the ext4 file system implementation in the Linux kernel did not properly initialize the crc32c checksum driver. A local attacker could use this to cause a denial of service. It was discovered that the cdrom driver in the Linux kernel contained an incorrect bounds check. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

=========================================================================
Ubuntu Security Notice USN-3695-1
July 02, 2018

linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem, linux-raspi2 vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-kvm: Linux kernel for cloud environments
- linux-oem: Linux kernel for OEM processors
- linux-raspi2: Linux kernel for Raspberry Pi 2

Details:

Wen Xu discovered that the ext4 file system implementation in the Linux
kernel did not properly initialize the crc32c checksum driver. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2018-1094)

It was discovered that the cdrom driver in the Linux kernel contained an
incorrect bounds check. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2018-10940)

Wen Xu discovered that the ext4 file system implementation in the Linux
kernel did not properly validate xattr sizes. A local attacker could use
this to cause a denial of service (system crash). (CVE-2018-1095)

Jann Horn discovered that the 32 bit adjtimex() syscall implementation for
64 bit Linux kernels did not properly initialize memory returned to user
space in some situations. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2018-11508)

It was discovered that an information leak vulnerability existed in the
floppy driver in the Linux kernel. A local attacker could use this to
expose sensitive information (kernel memory). (CVE-2018-7755)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  linux-image-4.15.0-1010-gcp     4.15.0-1010.10
  linux-image-4.15.0-1011-aws     4.15.0-1011.11
  linux-image-4.15.0-1012-kvm     4.15.0-1012.12
  linux-image-4.15.0-1013-raspi2  4.15.0-1013.14
  linux-image-4.15.0-1014-azure   4.15.0-1014.14
  linux-image-4.15.0-24-generic   4.15.0-24.26
  linux-image-4.15.0-24-generic-lpae  4.15.0-24.26
  linux-image-4.15.0-24-lowlatency  4.15.0-24.26
  linux-image-4.15.0-24-snapdragon  4.15.0-24.26
  linux-image-aws                 4.15.0.1011.11
  linux-image-azure               4.15.0.1014.14
  linux-image-gcp                 4.15.0.1010.12
  linux-image-generic             4.15.0.24.26
  linux-image-generic-lpae        4.15.0.24.26
  linux-image-gke                 4.15.0.1010.12
  linux-image-kvm                 4.15.0.1012.12
  linux-image-lowlatency          4.15.0.24.26
  linux-image-oem                 4.15.0.1009.11
  linux-image-raspi2              4.15.0.1013.11
  linux-image-snapdragon          4.15.0.24.26

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://usn.ubuntu.com/usn/usn-3695-1
  CVE-2018-1094, CVE-2018-10940, CVE-2018-1095, CVE-2018-11508,
  CVE-2018-7755

Package Information:
  https://launchpad.net/ubuntu/+source/linux/4.15.0-24.26
  https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1011.11
  https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1014.14
  https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1010.10
  https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1012.12
  https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1009.12
  https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1013.14
    

- 漏洞信息 (F148400)

Ubuntu Security Notice USN-3695-2 (PacketStormID:F148400)
2018-07-02 00:00:00
Ubuntu  security.ubuntu.com
advisory,denial of service,kernel,local,vulnerability
linux,ubuntu
CVE-2018-1094,CVE-2018-10940,CVE-2018-1095,CVE-2018-11508,CVE-2018-7755
[点击下载]

Ubuntu Security Notice 3695-2 - USN-3695-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Wen Xu discovered that the ext4 file system implementation in the Linux kernel did not properly initialize the crc32c checksum driver. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

=========================================================================
Ubuntu Security Notice USN-3695-2
July 02, 2018

linux-hwe, linux-azure vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-hwe: Linux hardware enablement (HWE) kernel

Details:

USN-3695-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu
16.04 LTS.

Wen Xu discovered that the ext4 file system implementation in the Linux
kernel did not properly initialize the crc32c checksum driver. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2018-1094)

It was discovered that the cdrom driver in the Linux kernel contained an
incorrect bounds check. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2018-10940)

Wen Xu discovered that the ext4 file system implementation in the Linux
kernel did not properly validate xattr sizes. A local attacker could use
this to cause a denial of service (system crash). (CVE-2018-1095)

Jann Horn discovered that the 32 bit adjtimex() syscall implementation for
64 bit Linux kernels did not properly initialize memory returned to user
space in some situations. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2018-11508)

It was discovered that an information leak vulnerability existed in the
floppy driver in the Linux kernel. A local attacker could use this to
expose sensitive information (kernel memory). (CVE-2018-7755)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  linux-image-4.15.0-1014-azure   4.15.0-1014.14~16.04.1
  linux-image-4.15.0-24-generic   4.15.0-24.26~16.04.1
  linux-image-4.15.0-24-generic-lpae  4.15.0-24.26~16.04.1
  linux-image-4.15.0-24-lowlatency  4.15.0-24.26~16.04.1
  linux-image-azure               4.15.0.1014.21
  linux-image-generic-hwe-16.04   4.15.0.24.46
  linux-image-generic-lpae-hwe-16.04  4.15.0.24.46
  linux-image-lowlatency-hwe-16.04  4.15.0.24.46

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://usn.ubuntu.com/usn/usn-3695-2
  https://usn.ubuntu.com/usn/usn-3695-1
  CVE-2018-1094, CVE-2018-10940, CVE-2018-1095, CVE-2018-11508,
  CVE-2018-7755

Package Information:
  https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1014.14~16.04.1
  https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-24.26~16.04.1
    

- 漏洞信息 (F148408)

Ubuntu Security Notice USN-3698-2 (PacketStormID:F148408)
2018-07-03 00:00:00
Ubuntu  security.ubuntu.com
advisory,denial of service,kernel,local,vulnerability
linux,ubuntu
CVE-2017-12154,CVE-2017-12193,CVE-2017-15265,CVE-2018-1130,CVE-2018-3665,CVE-2018-5750,CVE-2018-5803,CVE-2018-6927,CVE-2018-7755,CVE-2018-7757
[点击下载]

Ubuntu Security Notice 3698-2 - USN-3698-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the nested KVM implementation in the Linux kernel in some situations did not properly prevent second level guests from reading and writing the hardware CR8 register. A local attacker in a guest could use this to cause a denial of service. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3698-2
July 02, 2018

linux-lts-trusty vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise ESM

Details:

USN-3698-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu
12.04 ESM.

It was discovered that the nested KVM implementation in the Linux kernel in
some situations did not properly prevent second level guests from reading
and writing the hardware CR8 register. A local attacker in a guest could
use this to cause a denial of service (system crash). (CVE-2017-12154)

Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array
implementation in the Linux kernel sometimes did not properly handle adding
a new entry. A local attacker could use this to cause a denial of service
(system crash). (CVE-2017-12193)

It was discovered that a race condition existed in the ALSA subsystem of
the Linux kernel when creating and deleting a port via ioctl(). A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2017-15265)

It was discovered that a null pointer dereference vulnerability existed in
the DCCP protocol implementation in the Linux kernel. A local attacker
could use this to cause a denial of service (system crash). (CVE-2018-1130)

Julian Stecklina and Thomas Prescher discovered that FPU register states
(such as MMX, SSE, and AVX registers) which are lazily restored are
potentially vulnerable to a side channel attack. A local attacker could use
this to expose sensitive information. (CVE-2018-3665)

Wang Qize discovered that an information disclosure vulnerability existed
in the SMBus driver for ACPI Embedded Controllers in the Linux kernel. A
local attacker could use this to expose sensitive information (kernel
pointer addresses). (CVE-2018-5750)

It was discovered that the SCTP Protocol implementation in the Linux kernel
did not properly validate userspace provided payload lengths in some
situations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2018-5803)

It was discovered that an integer overflow error existed in the futex
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash). (CVE-2018-6927)

It was discovered that an information leak vulnerability existed in the
floppy driver in the Linux kernel. A local attacker could use this to
expose sensitive information (kernel memory). (CVE-2018-7755)

It was discovered that a memory leak existed in the SAS driver subsystem of
the Linux kernel. A local attacker could use this to cause a denial of
service (memory exhaustion). (CVE-2018-7757)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  linux-image-3.13.0-153-generic  3.13.0-153.203~precise1
  linux-image-3.13.0-153-generic-lpae  3.13.0-153.203~precise1
  linux-image-generic-lpae-lts-trusty  3.13.0.153.143
  linux-image-generic-lts-trusty  3.13.0.153.143

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://usn.ubuntu.com/usn/usn-3698-2
  https://usn.ubuntu.com/usn/usn-3698-1
  CVE-2017-12154, CVE-2017-12193, CVE-2017-15265, CVE-2018-1130,
  CVE-2018-3665, CVE-2018-5750, CVE-2018-5803, CVE-2018-6927,
  CVE-2018-7755, CVE-2018-7757

    

- 漏洞信息 (F148407)

Ubuntu Security Notice USN-3697-2 (PacketStormID:F148407)
2018-07-03 00:00:00
Ubuntu  security.ubuntu.com
advisory,denial of service,kernel,local,protocol
linux,ubuntu
CVE-2018-1130,CVE-2018-11508,CVE-2018-5750,CVE-2018-5803,CVE-2018-6927,CVE-2018-7755,CVE-2018-7757
[点击下载]

Ubuntu Security Notice 3697-2 - It was discovered that a null pointer dereference vulnerability existed in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Jann Horn discovered that the 32 bit adjtimex syscall implementation for 64 bit Linux kernels did not properly initialize memory returned to user space in some situations. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3697-2
July 02, 2018

linux-oem vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-oem: Linux kernel for OEM processors

Details:

It was discovered that a null pointer dereference vulnerability existed in
the DCCP protocol implementation in the Linux kernel. A local attacker
could use this to cause a denial of service (system crash). (CVE-2018-1130)

Jann Horn discovered that the 32 bit adjtimex() syscall implementation for
64 bit Linux kernels did not properly initialize memory returned to user
space in some situations. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2018-11508)

Wang Qize discovered that an information disclosure vulnerability existed
in the SMBus driver for ACPI Embedded Controllers in the Linux kernel. A
local attacker could use this to expose sensitive information (kernel
pointer addresses). (CVE-2018-5750)

It was discovered that the SCTP Protocol implementation in the Linux kernel
did not properly validate userspace provided payload lengths in some
situations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2018-5803)

It was discovered that an integer overflow error existed in the futex
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash). (CVE-2018-6927)

It was discovered that an information leak vulnerability existed in the
floppy driver in the Linux kernel. A local attacker could use this to
expose sensitive information (kernel memory). (CVE-2018-7755)

It was discovered that a memory leak existed in the SAS driver subsystem of
the Linux kernel. A local attacker could use this to cause a denial of
service (memory exhaustion). (CVE-2018-7757)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  linux-image-4.13.0-1031-oem     4.13.0-1031.35
  linux-image-oem                 4.13.0.1031.36

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://usn.ubuntu.com/usn/usn-3697-2
  https://usn.ubuntu.com/usn/usn-3697-1
  CVE-2018-1130, CVE-2018-11508, CVE-2018-5750, CVE-2018-5803,
  CVE-2018-6927, CVE-2018-7755, CVE-2018-7757

Package Information:
  https://launchpad.net/ubuntu/+source/linux-oem/4.13.0-1031.35

    

- 漏洞信息 (F148405)

Ubuntu Security Notice USN-3696-2 (PacketStormID:F148405)
2018-07-03 00:00:00
Ubuntu  security.ubuntu.com
advisory,denial of service,overflow,kernel,local,vulnerability
linux,ubuntu
CVE-2017-13695,CVE-2017-18255,CVE-2017-18257,CVE-2018-1000204,CVE-2018-10021,CVE-2018-10087,CVE-2018-10124,CVE-2018-3665,CVE-2018-5814,CVE-2018-7755
[点击下载]

Ubuntu Security Notice 3696-2 - USN-3696-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that an integer overflow existed in the perf subsystem of the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3696-2
July 02, 2018

linux-lts-xenial, linux-aws vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty

Details:

USN-3696-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.

It was discovered that an integer overflow existed in the perf subsystem of
the Linux kernel. A local attacker could use this to cause a denial of
service (system crash). (CVE-2017-18255)

Wei Fang discovered an integer overflow in the F2FS filesystem
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service. (CVE-2017-18257)

It was discovered that an information leak existed in the generic SCSI
driver in the Linux kernel. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2018-1000204)

It was discovered that the wait4() system call in the Linux kernel did not
properly validate its arguments in some situations. A local attacker could
possibly use this to cause a denial of service. (CVE-2018-10087)

It was discovered that the kill() system call implementation in the Linux
kernel did not properly validate its arguments in some situations. A local
attacker could possibly use this to cause a denial of service.
(CVE-2018-10124)

Julian Stecklina and Thomas Prescher discovered that FPU register states
(such as MMX, SSE, and AVX registers) which are lazily restored are
potentially vulnerable to a side channel attack. A local attacker could use
this to expose sensitive information. (CVE-2018-3665)

Jakub Jirasek discovered that multiple use-after-errors existed in the
USB/IP implementation in the Linux kernel. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2018-5814)

It was discovered that an information leak vulnerability existed in the
floppy driver in the Linux kernel. A local attacker could use this to
expose sensitive information (kernel memory). (CVE-2018-7755)

Seunghun Han discovered an information leak in the ACPI handling code in
the Linux kernel when handling early termination of ACPI table loading. A
local attacker could use this to expose sensitive informal (kernel address
locations). (CVE-2017-13695)

It was discovered that a memory leak existed in the Serial Attached SCSI
(SAS) implementation in the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (memory exhaustion).
(CVE-2018-10021)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  linux-image-4.4.0-1024-aws      4.4.0-1024.25
  linux-image-4.4.0-130-generic   4.4.0-130.156~14.04.1
  linux-image-4.4.0-130-generic-lpae  4.4.0-130.156~14.04.1
  linux-image-4.4.0-130-lowlatency  4.4.0-130.156~14.04.1
  linux-image-4.4.0-130-powerpc-e500mc  4.4.0-130.156~14.04.1
  linux-image-4.4.0-130-powerpc-smp  4.4.0-130.156~14.04.1
  linux-image-4.4.0-130-powerpc64-emb  4.4.0-130.156~14.04.1
  linux-image-4.4.0-130-powerpc64-smp  4.4.0-130.156~14.04.1
  linux-image-aws                 4.4.0.1024.24
  linux-image-generic-lpae-lts-xenial  4.4.0.130.110
  linux-image-generic-lts-xenial  4.4.0.130.110
  linux-image-lowlatency-lts-xenial  4.4.0.130.110
  linux-image-powerpc-e500mc-lts-xenial  4.4.0.130.110
  linux-image-powerpc-smp-lts-xenial  4.4.0.130.110
  linux-image-powerpc64-emb-lts-xenial  4.4.0.130.110
  linux-image-powerpc64-smp-lts-xenial  4.4.0.130.110

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://usn.ubuntu.com/usn/usn-3696-2
  https://usn.ubuntu.com/usn/usn-3696-1
  CVE-2017-13695, CVE-2017-18255, CVE-2017-18257, CVE-2018-1000204,
  CVE-2018-10021, CVE-2018-10087, CVE-2018-10124, CVE-2018-3665,
  CVE-2018-5814, CVE-2018-7755

Package Information:
  https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1024.25
  https://launchpad.net/ubuntu/+source/linux-lts-xenial/4.4.0-130.156~14.04.1

    

- 漏洞信息 (F148406)

Ubuntu Security Notice USN-3697-1 (PacketStormID:F148406)
2018-07-03 00:00:00
Ubuntu  security.ubuntu.com
advisory,denial of service,kernel,local,protocol
linux,ubuntu
CVE-2018-1130,CVE-2018-11508,CVE-2018-5750,CVE-2018-5803,CVE-2018-6927,CVE-2018-7755,CVE-2018-7757
[点击下载]

Ubuntu Security Notice 3697-1 - It was discovered that a null pointer dereference vulnerability existed in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Jann Horn discovered that the 32 bit adjtimex syscall implementation for 64 bit Linux kernels did not properly initialize memory returned to user space in some situations. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3697-1
July 02, 2018

linux, linux-raspi2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.10

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-raspi2: Linux kernel for Raspberry Pi 2

Details:

It was discovered that a null pointer dereference vulnerability existed in
the DCCP protocol implementation in the Linux kernel. A local attacker
could use this to cause a denial of service (system crash). (CVE-2018-1130)

Jann Horn discovered that the 32 bit adjtimex() syscall implementation for
64 bit Linux kernels did not properly initialize memory returned to user
space in some situations. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2018-11508)

Wang Qize discovered that an information disclosure vulnerability existed
in the SMBus driver for ACPI Embedded Controllers in the Linux kernel. A
local attacker could use this to expose sensitive information (kernel
pointer addresses). (CVE-2018-5750)

It was discovered that the SCTP Protocol implementation in the Linux kernel
did not properly validate userspace provided payload lengths in some
situations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2018-5803)

It was discovered that an integer overflow error existed in the futex
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash). (CVE-2018-6927)

It was discovered that an information leak vulnerability existed in the
floppy driver in the Linux kernel. A local attacker could use this to
expose sensitive information (kernel memory). (CVE-2018-7755)

It was discovered that a memory leak existed in the SAS driver subsystem of
the Linux kernel. A local attacker could use this to cause a denial of
service (memory exhaustion). (CVE-2018-7757)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
  linux-image-4.13.0-1023-raspi2  4.13.0-1023.24
  linux-image-4.13.0-46-generic   4.13.0-46.51
  linux-image-4.13.0-46-generic-lpae  4.13.0-46.51
  linux-image-4.13.0-46-lowlatency  4.13.0-46.51
  linux-image-generic             4.13.0.46.49
  linux-image-generic-lpae        4.13.0.46.49
  linux-image-lowlatency          4.13.0.46.49
  linux-image-raspi2              4.13.0.1023.21

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://usn.ubuntu.com/usn/usn-3697-1
  CVE-2018-1130, CVE-2018-11508, CVE-2018-5750, CVE-2018-5803,
  CVE-2018-6927, CVE-2018-7755, CVE-2018-7757

Package Information:
  https://launchpad.net/ubuntu/+source/linux/4.13.0-46.51
  https://launchpad.net/ubuntu/+source/linux-raspi2/4.13.0-1023.24

    

- 漏洞信息 (F148420)

Kernel Live Patch Security Notice LSN-0040-1 (PacketStormID:F148420)
2018-07-05 00:00:00
Benjamin M. Romer  
advisory,denial of service,kernel,local
linux
CVE-2018-1092,CVE-2018-1093,CVE-2018-3665,CVE-2018-7755
[点击下载]

Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service (system crash) when mounted. It was discovered that an information leak vulnerability existed in the floppy driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). Various other issues were also addressed.

==========================================================================
Kernel Live Patch Security Notice 0040-1
July 03, 2018

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu:

| Series           | Base kernel  | Arch     | flavors          |
|------------------+--------------+----------+------------------|
| Ubuntu 14.04 LTS | 4.4.0        | amd64    | generic          |
| Ubuntu 14.04 LTS | 4.4.0        | amd64    | lowlatency       |
| Ubuntu 16.04 LTS | 4.4.0        | amd64    | generic          |
| Ubuntu 16.04 LTS | 4.4.0        | amd64    | lowlatency       |
| Ubuntu 18.04 LTS | 4.15.0       | amd64    | generic          |
| Ubuntu 18.04 LTS | 4.15.0       | amd64    | lowlatency       |

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux: Linux kernel

Details:

Wen Xu discovered that the ext4 filesystem implementation in the Linux
kernel did not properly handle corrupted meta data in some situations. An
attacker could use this to specially craft an ext4 file system that caused
a denial of service (system crash) when mounted. (CVE-2018-1093)

Wen Xu discovered that the ext4 filesystem implementation in the Linux
kernel did not properly handle corrupted meta data in some situations. An
attacker could use this to specially craft an ext4 file system that caused
a denial of service (system crash) when mounted. (CVE-2018-1092)

It was discovered that an information leak vulnerability existed in the
floppy driver in the Linux kernel. A local attacker could use this to
expose sensitive information (kernel memory). (CVE-2018-7755)

Julian Stecklina and Thomas Prescher discovered that FPU register states
(such as MMX, SSE, and AVX registers) which are lazy restored are
potentially vulnerable to a side channel attack. A local attacker could use
this to expose sensitive information. (CVE-2018-3665)

Update instructions:

The problem can be corrected by updating your livepatches to the following
versions:

| Kernel                   | Version  | flavors                  |
|--------------------------+----------+--------------------------|
| 4.4.0-124.148            | 40.6     | lowlatency, generic      |
| 4.4.0-124.148~14.04.1    | 40.6     | generic, lowlatency      |
| 4.4.0-127.153            | 40.6     | lowlatency, generic      |
| 4.4.0-127.153~14.04.1    | 40.6     | lowlatency, generic      |
| 4.4.0-128.154            | 40.6     | generic, lowlatency      |
| 4.4.0-128.154~14.04.1    | 40.6     | generic, lowlatency      |
| 4.15.0-20.21             | 40.7     | generic, lowlatency      |
| 4.15.0-22.24             | 40.7     | lowlatency, generic      |
| 4.15.0-23.25             | 40.7     | lowlatency, generic      |

References:
  CVE-2018-1093, CVE-2018-1092, CVE-2018-7755, CVE-2018-3665

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
    
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站