| Revision Date: | 2015-01-26 | Version: | 3 |
| Title: | USN-2419-1 -- Linux kernel (Trusty HWE) vulnerabilities |
| Description: | A flaw was discovered in how the Linux kernel's KVM (Kernel VirtualMachine) subsystem handles the CR4 control register at VM entry on Intelprocessors. A local host OS user can exploit this to cause a denial ofservice (kill arbitrary processes, or system disruption) by leveraging/dev/kvm access. (CVE-2014-3690)Don Bailey discovered a flaw in the LZO decompress algorithm used by theLinux kernel. An attacker could exploit this flaw to cause a denial ofservice (memory corruption or OOPS). (CVE-2014-4608)Andy Lutomirski discovered a flaw in how the Linux kernel handlespivot_root when used with a chroot directory. A local user could exploitthis flaw to cause a denial of service (mount-tree loop). (CVE-2014-7970)Andy Lutomirski discovered that the Linux kernel was not checking theCAP_SYS_ADMIN when remounting filesystems to read-only. A local user couldexploit this flaw to cause a denial of service (loss of writability).(CVE-2014-7975) |
| Family: | unix | Class: | patch |
| Status: | ACCEPTED | Reference(s): | CVE-2014-3690
CVE-2014-4608
CVE-2014-7970
CVE-2014-7975
USN-2419-1
|
| Platform(s): | Ubuntu 12.04
| Product(s): | linux-lts-trusty
|
| Definition Synopsis |
| Ubuntu 12.04 is installed AND Packages match section
linux-image-3.13.0-40-generic-lpae is earlier than 0:3.13.0-40.69~precise1
OR linux-image-3.13.0-40-generic is earlier than 0:3.13.0-40.69~precise1
|