OVAL Reference oval:com.ubuntu.trusty:def:20162548000

Oval Definition:

oval:com.ubuntu.trusty:def:20162548000

Revision Date:	2016-04-27	Version:	1
Title:	CVE-2016-2548 on Ubuntu 14.04 LTS (trusty) - medium.
Description:	sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop action, which allows local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions. Dmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework's handling of high resolution timers did not properly manage its data structures. A local attacker could use this to cause a denial of service (system hang or crash) or possibly execute arbitrary code.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2016-2548
Platform(s):	Ubuntu 14.04 LTS	Product(s):
Definition Synopsis
Ubuntu 14.04 LTS (trusty) is installed. AND Package Information The 'linux' package in trusty was vulnerable but has been fixed (note: '3.13.0-83.127'). OR NOT While related to the CVE in some way, the 'linux-aws' package in trusty is not affected (note: '4.4.0-1002.2'). OR While related to the CVE in some way, a decision has been made to ignore it. OR While related to the CVE in some way, a decision has been made to ignore it. OR While related to the CVE in some way, a decision has been made to ignore it. OR The 'linux-lts-utopic' package in trusty was vulnerable but has been fixed (note: '3.16.0-67.87~14.04.1'). OR The 'linux-lts-vivid' package in trusty was vulnerable but has been fixed (note: '3.19.0-56.62~14.04.1'). OR The 'linux-lts-wily' package in trusty was vulnerable but has been fixed (note: '4.2.0-30.35~14.04.1'). OR NOT While related to the CVE in some way, the 'linux-lts-xenial' package in trusty is not affected (note: '4.4.0-13.29~14.04.1'). OR While related to the CVE in some way, a decision has been made to ignore it. OR While related to the CVE in some way, a decision has been made to ignore it. OR While related to the CVE in some way, a decision has been made to ignore it.

BACK