Debian Linux Security Advisory 3607-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
0d223b304d17753a1ce52094557c77094582be1a5339c862d34ee91a630a21d9
Ubuntu Security Notice 3021-2 - Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.
a1920ccfc4f4c6e5f276bfd5d75431b8b3ae7cb57f8387df52a131fbfbe2120f
Ubuntu Security Notice 3021-1 - Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.
a58aea903cc903ad65202dc2ce64c473a75d915b0fa02a508452f77673343643
Ubuntu Security Notice 3004-1 - Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.
15260f2bae937ffefd89474b5d45b197be79a2c3c629d596664ff46374144290
Ubuntu Security Notice 3003-1 - Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.
5fed2838234a44d1730852206ba9626415e7a2b237d203c9b8f4f0a0ae120b95
Ubuntu Security Notice 3002-1 - Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.
6a304214d70136724253b137a128ced305938a2bcf77b7f57cc2fd2056cb00d0
Ubuntu Security Notice 3001-1 - Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.
cbd8722998ecacafce7f0e191f217dc2e6164d45016680a92f8639cf152856bf
Ubuntu Security Notice 3000-1 - Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.
330259ee5fb5e92854cb2c2d2d644d62e3fa8b04b3260f39927986db6fab5b70
Ubuntu Security Notice 2998-1 - Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.
6ac8e40a1a58889071f681c070f97687fbc0499845baf46496f6035c2db81bc6
Ubuntu Security Notice 2989-1 - Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. Jason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. Various other issues were also addressed.
176f40d6b9ca149610db188404fb65b5dd57970bcbf0fa0ce08d2db323c1cc4d
Ubuntu Security Notice 2965-4 - Jann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel did not properly reference count file descriptors, leading to a use-after-free. A local unprivileged attacker could use this to gain administrative privileges. Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). Various other issues were also addressed.
b980b1fb461a05f96b89931ea8854c8fb764d3a6a3ea6ec9be99cb03392277a0
Ubuntu Security Notice 2965-3 - Jann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel did not properly reference count file descriptors, leading to a use-after-free. A local unprivileged attacker could use this to gain administrative privileges. Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). Various other issues were also addressed.
4e5b67ecd64a48a40bb846ae2b44ca9d5d6f5587e29332b9503dcdb6f3cc3bce
Ubuntu Security Notice 2965-1 - Jann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel did not properly reference count file descriptors, leading to a use-after-free. A local unprivileged attacker could use this to gain administrative privileges. Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). Various other issues were also addressed.
962749c42e747d98bec1018a0419b51785f0f882d0fec9774fb21cb7fa004936
Ubuntu Security Notice 2965-2 - USN-2965-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel did not properly reference count file descriptors, leading to a use-after-free. A local unprivileged attacker could use this to gain administrative privileges. Various other issues were also addressed.
6b52d036c57f1e7c2af2ead1821e8dddc36f23e6a3f79a1abfec9c19421a8b56