Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.843369
Kategorie:Ubuntu Local Security Checks
Titel:Ubuntu Update for linux USN-3485-1
Zusammenfassung:The remote host is missing an update for the 'linux'; package(s) announced via the referenced advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'linux'
package(s) announced via the referenced advisory.

Vulnerability Insight:
It was discovered that a race condition
existed in the ALSA subsystem of the Linux kernel when creating and deleting a
port via ioctl(). A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2017-15265) Eric Biggers
discovered that the key management subsystem in the Linux kernel did not
properly restrict adding a key that already exists but is uninstantiated. A
local attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2017-15299) It was discovered that a race
condition existed in the packet fanout implementation in the Linux kernel. A
local attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2017-15649) Eric Biggers discovered a race
condition in the key management subsystem of the Linux kernel around keys in a
negative state. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2017-15951) Andrey
Konovalov discovered a use-after-free vulnerability in the USB serial console
driver in the Linux kernel. A physically proximate attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-16525) Andrey Konovalov discovered that the Ultra Wide Band driver in
the Linux kernel did not properly check for an error condition. A physically
proximate attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2017-16526) Andrey Konovalov discovered
that the ALSA subsystem in the Linux kernel contained a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2017-16527) Andrey
Konovalov discovered that the ALSA subsystem in the Linux kernel did not
properly validate USB audio buffer descriptors. A physically proximate attacker
could use this cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-16529) Andrey Konovalov discovered that the USB
unattached storage driver in the Linux kernel contained out-of-bounds error when
handling alternative settings. A physically proximate attacker could use to
cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-16530) Andrey Konovalov discovered that the USB subsystem in the Linux
kernel did not properly validate USB interface association descriptors. A
physically proximate attacker could use this to cause a denial of service
(system crash). (CVE-2017-16531) Andrey ... Description truncated, for more
information please check the Reference URL

Affected Software/OS:
linux on Ubuntu 16.04 LTS

Solution:
Please Install the Updated Packages.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-15265
Common Vulnerability Exposure (CVE) ID: CVE-2017-15299
Common Vulnerability Exposure (CVE) ID: CVE-2017-15649
Common Vulnerability Exposure (CVE) ID: CVE-2017-15951
Common Vulnerability Exposure (CVE) ID: CVE-2017-16525
Common Vulnerability Exposure (CVE) ID: CVE-2017-16526
Common Vulnerability Exposure (CVE) ID: CVE-2017-16527
Common Vulnerability Exposure (CVE) ID: CVE-2017-16529
Common Vulnerability Exposure (CVE) ID: CVE-2017-16530
Common Vulnerability Exposure (CVE) ID: CVE-2017-16531
Common Vulnerability Exposure (CVE) ID: CVE-2017-16533
Common Vulnerability Exposure (CVE) ID: CVE-2017-16534
Common Vulnerability Exposure (CVE) ID: CVE-2017-16535
CopyrightCopyright (C) 2017 Greenbone Networks GmbH

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.