CVE-2014-9900 Ubuntu Security Notification for Linux-hwe Vulnerabilities (USN-3371-1)

It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure.

A race condition in the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel.

It was discovered that the DRM driver for VMware Virtual GPUs in the Linux kernel did not properly validate some ioctl arguments.

It was discovered that the DRM driver for VMware Virtual GPUs in the Linux kernel did not properly initialize memory.

A local attacker could use this to expose sensitive information (kernel memory). (CVE-2014-9900)

A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-1000380)

A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7346)

A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-9605)

Refer to Ubuntu advisory USN-3371-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3371-1: 16.04 (Xenial) on src (linux-image-4.10.0-28-lowlatency)

USN-3371-1: 16.04 (Xenial) on src (linux-image-lowlatency-hwe-16.04)

USN-3371-1: 16.04 (Xenial) on src (linux-image-4.10.0-28-generic)

USN-3371-1: 16.04 (Xenial) on src (linux-image-4.10.0-28-generic-lpae)

USN-3371-1: 16.04 (Xenial) on src (linux-image-generic-hwe-16.04)

USN-3371-1: 16.04 (Xenial) on src (linux-image-generic-lpae-hwe-16.04)