Oval Definition:	oval:com.ubuntu.trusty:def:20158575000
Revision Date: 2016-02-07 Version: 1 Title: CVE-2015-8575 on Ubuntu 14.04 LTS (trusty) - medium. Description: The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application. David Miller discovered that the Bluetooth implementation in the Linux kernel did not properly validate the socket address length for Synchronous Connection-Oriented (SCO) sockets. A local attacker could use this to expose sensitive information. Family: unix Class: vulnerability Status: Reference(s): CVE-2015-8575 Platform(s): Ubuntu 14.04 LTS Product(s): Definition Synopsis Ubuntu 14.04 LTS (trusty) is installed. AND Package Information The 'linux' package in trusty was vulnerable but has been fixed (note: '3.13.0-79.123'). OR NOT While related to the CVE in some way, the 'linux-aws' package in trusty is not affected (note: '4.4.0-1002.2'). OR While related to the CVE in some way, a decision has been made to ignore it. OR While related to the CVE in some way, a decision has been made to ignore it. OR While related to the CVE in some way, a decision has been made to ignore it. OR The 'linux-lts-utopic' package in trusty was vulnerable but has been fixed (note: '3.16.0-60.80~14.04.1'). OR The 'linux-lts-vivid' package in trusty was vulnerable but has been fixed (note: '3.19.0-51.57~14.04.1'). OR The 'linux-lts-wily' package in trusty was vulnerable but has been fixed (note: '4.2.0-27.32~14.04.1'). OR NOT While related to the CVE in some way, the 'linux-lts-xenial' package in trusty is not affected (note: '4.4.0-13.29~14.04.1'). OR While related to the CVE in some way, a decision has been made to ignore it. OR While related to the CVE in some way, a decision has been made to ignore it. OR While related to the CVE in some way, a decision has been made to ignore it.
BACK