CVE-2014-9900 Ubuntu Security Notification for Linux, Linux-raspi2, Linux-snapdragon Vulnerabilities (USN-3364-1)

2017年7月31日 3630点热度 0人点赞 0条评论

漏洞类别：Ubuntu

漏洞等级：

漏洞信息

It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure.

It was discovered that the Linux kernel did not properly restrict access to /proc/iomem.

A race condition in the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel.

It was discovered that the DRM driver for VMware Virtual GPUs in the Linux kernel did not properly validate some ioctl arguments.

It was discovered that bpf in Linux kernel does not restrict the output of the print_bpf_insn function.

It was discovered that the DRM driver for VMware Virtual GPUs in the Linux kernel did not properly initialize memory.

漏洞危害

A local attacker could use this to expose sensitive information (kernel memory). (CVE-2014-9900)

A local attacker could use this to expose sensitive information. (CVE-2015-8944)

A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-1000380)

A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7346)

A local attacker could use this to obtain sensitive address information. (CVE-2017-9150)

A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-9605)

解决方案

Refer to Ubuntu advisory USN-3364-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

0daybank