Headline
RHSA-2023:1103: Red Hat Security Advisory: kpatch-patch security update
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-4378: A stack overflow flaw was found in the Linux kernel’s SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-03-07
Updated:
2023-03-07
RHSA-2023:1103 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: kpatch-patch security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
Security Fix(es):
- kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64
Fixes
- BZ - 2152548 - CVE-2022-4378 kernel: stack overflow in do_proc_dointvec and proc_skip_spaces
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2
SRPM
kpatch-patch-4_18_0-193_90_1-1-4.el8_2.src.rpm
SHA-256: bbd8b3734dd7b072471e5b8509171d50460f1220c373a52229a2e8ef617e3050
kpatch-patch-4_18_0-193_91_1-1-4.el8_2.src.rpm
SHA-256: 25764dcf7388b215908afb2905304a4b115ff870936052c83c2e2f0336801145
kpatch-patch-4_18_0-193_93_1-1-3.el8_2.src.rpm
SHA-256: 12d1624d5ee73118af55d6ba22db2ea47ba2bb8cd115d07d0bece338d54b9697
kpatch-patch-4_18_0-193_95_1-1-2.el8_2.src.rpm
SHA-256: 7cd2b7ad0e8e4169179a1a04c0a8dfc1ca442c3010c521e85e414ac077dd2ad5
kpatch-patch-4_18_0-193_98_1-1-1.el8_2.src.rpm
SHA-256: e9ac5e3dcd4bc083884317c3709de5471c4e10f8478cec36bc5ecbc992ca6615
ppc64le
kpatch-patch-4_18_0-193_90_1-1-4.el8_2.ppc64le.rpm
SHA-256: 510a73b4a59501a6a65d37a4400401a0ebc2546aa82682b970b5ae2ed5219062
kpatch-patch-4_18_0-193_90_1-debuginfo-1-4.el8_2.ppc64le.rpm
SHA-256: 5cf60d250c5705b8f44f3b9560506d6b169dd7d21efaf3c08bf25be7aecd1951
kpatch-patch-4_18_0-193_90_1-debugsource-1-4.el8_2.ppc64le.rpm
SHA-256: 848ed001a3cdf85176a360bfef16549891d54ee7fbe8a8536583d7d12a2eb069
kpatch-patch-4_18_0-193_91_1-1-4.el8_2.ppc64le.rpm
SHA-256: c01f22c18319f94cfbd5ddca488a0c094764b347c849383fb23c115e84b784f3
kpatch-patch-4_18_0-193_91_1-debuginfo-1-4.el8_2.ppc64le.rpm
SHA-256: a51d2407e6f620c6677029744d37764ce3d0fb6b468fb6f13bc81e3bba38cc99
kpatch-patch-4_18_0-193_91_1-debugsource-1-4.el8_2.ppc64le.rpm
SHA-256: 8ba16aefbf35900e40b4234f8b3ef9e5e801ce6ea005d06e8c3ee0666fb9ba09
kpatch-patch-4_18_0-193_93_1-1-3.el8_2.ppc64le.rpm
SHA-256: d4f13a58d8f18354ac9a30eea4bab54eb01f398c7585ee6fee9cffb543931f78
kpatch-patch-4_18_0-193_93_1-debuginfo-1-3.el8_2.ppc64le.rpm
SHA-256: 285b31967fcd6b8e71b3e49d28ceebeaea6e74f6d1a46ea86c97f520bb60d05a
kpatch-patch-4_18_0-193_93_1-debugsource-1-3.el8_2.ppc64le.rpm
SHA-256: 8301f8a9ac6064a6354c0b3a630eec940d9567564aeaa3d7acd3b0ca1160fe99
kpatch-patch-4_18_0-193_95_1-1-2.el8_2.ppc64le.rpm
SHA-256: 081598fc2103ae410f813a5e79aa23fef9752f93f595de616f8a9164a693ec16
kpatch-patch-4_18_0-193_95_1-debuginfo-1-2.el8_2.ppc64le.rpm
SHA-256: c0f1ae599ed4ac9831cb81d7a72b660d394112c4166b26fd256012f97511e125
kpatch-patch-4_18_0-193_95_1-debugsource-1-2.el8_2.ppc64le.rpm
SHA-256: f705d6107f65162394380e0d13152f512dac6c613a9d53a5db82b3f732addaee
kpatch-patch-4_18_0-193_98_1-1-1.el8_2.ppc64le.rpm
SHA-256: ee6a3acf208e327d6586cec453ac8a68bff8a0b14e3185886b5b6f77b414e567
kpatch-patch-4_18_0-193_98_1-debuginfo-1-1.el8_2.ppc64le.rpm
SHA-256: 2c5be72f0f1ff40597194051ea79c7084b55aeba0fc9edb1e95cf60df39a112b
kpatch-patch-4_18_0-193_98_1-debugsource-1-1.el8_2.ppc64le.rpm
SHA-256: 6c0425cb5b04407f63b90e0c0e731b69af83c7459c00fee49615c7eab0f097d9
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2
SRPM
kpatch-patch-4_18_0-193_90_1-1-4.el8_2.src.rpm
SHA-256: bbd8b3734dd7b072471e5b8509171d50460f1220c373a52229a2e8ef617e3050
kpatch-patch-4_18_0-193_91_1-1-4.el8_2.src.rpm
SHA-256: 25764dcf7388b215908afb2905304a4b115ff870936052c83c2e2f0336801145
kpatch-patch-4_18_0-193_93_1-1-3.el8_2.src.rpm
SHA-256: 12d1624d5ee73118af55d6ba22db2ea47ba2bb8cd115d07d0bece338d54b9697
kpatch-patch-4_18_0-193_95_1-1-2.el8_2.src.rpm
SHA-256: 7cd2b7ad0e8e4169179a1a04c0a8dfc1ca442c3010c521e85e414ac077dd2ad5
kpatch-patch-4_18_0-193_98_1-1-1.el8_2.src.rpm
SHA-256: e9ac5e3dcd4bc083884317c3709de5471c4e10f8478cec36bc5ecbc992ca6615
x86_64
kpatch-patch-4_18_0-193_90_1-1-4.el8_2.x86_64.rpm
SHA-256: caa54a2850ae7cdd3b3b2192934e8ce3d5a2c979443c1735de9eb78384d0f5d7
kpatch-patch-4_18_0-193_90_1-debuginfo-1-4.el8_2.x86_64.rpm
SHA-256: 6fde5522f1abd2da0c3a1b300405a0db5dbc1b6d23c5544ae374c50c4817ca06
kpatch-patch-4_18_0-193_90_1-debugsource-1-4.el8_2.x86_64.rpm
SHA-256: 1ed570d6e6a3c0b4449588ae98098a5f5a263379c80189716443fb3e58af5f52
kpatch-patch-4_18_0-193_91_1-1-4.el8_2.x86_64.rpm
SHA-256: c82b8c6142275f63bb02c9decbc4aa74b082d2f70383b6cb2a02f3b2a9741378
kpatch-patch-4_18_0-193_91_1-debuginfo-1-4.el8_2.x86_64.rpm
SHA-256: fb4e9ec2aefd92f936ed42d2c447c8f5b0fd1005d8324f44d52d59fac389f6df
kpatch-patch-4_18_0-193_91_1-debugsource-1-4.el8_2.x86_64.rpm
SHA-256: 5e7c178d18c966124d8c8673c90e3c0b5940a31f22d212f83a30ef0df585a4d4
kpatch-patch-4_18_0-193_93_1-1-3.el8_2.x86_64.rpm
SHA-256: 4abb7fa533812516b4bec35b5c1f1552c69f56616488cf516aea19fa4879db9d
kpatch-patch-4_18_0-193_93_1-debuginfo-1-3.el8_2.x86_64.rpm
SHA-256: 1fd023e2c50dc79da065f659e1ea5475fcead2a05c2f0aa1d8f1f27003689dab
kpatch-patch-4_18_0-193_93_1-debugsource-1-3.el8_2.x86_64.rpm
SHA-256: a49c6bfc1536d80d4b0ecb6c2355f0d1c9d2a61111eaf7977154a0a3c45f70be
kpatch-patch-4_18_0-193_95_1-1-2.el8_2.x86_64.rpm
SHA-256: 04441e919805beca26dcd378b82826c2f191df0bcb4d1a45afde9f8eeca03c1c
kpatch-patch-4_18_0-193_95_1-debuginfo-1-2.el8_2.x86_64.rpm
SHA-256: 96845e454801474fd7f6852fe183c0031b511cc2c0e4f4d62da4ee1a164021ed
kpatch-patch-4_18_0-193_95_1-debugsource-1-2.el8_2.x86_64.rpm
SHA-256: 508c31933305fbd30152dba340f9744e6f5066bf309dcd74a27dbb8454393b15
kpatch-patch-4_18_0-193_98_1-1-1.el8_2.x86_64.rpm
SHA-256: 25df5d3d535f6df464ede9a755f3afa16c532120be289bd56be95efba1729100
kpatch-patch-4_18_0-193_98_1-debuginfo-1-1.el8_2.x86_64.rpm
SHA-256: 6f2467524ca3a501b7b8647de50de5ea1ec08ece1d3178bebb515bbe2d88958c
kpatch-patch-4_18_0-193_98_1-debugsource-1-1.el8_2.x86_64.rpm
SHA-256: ed462fcef9b898553ae7c0af0422c30e09fc3114941c5cdb9be9f2b15d3d40e5
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
IBM Security Guardium 11.3 could allow an authenticated user to cause a denial of service due to improper input validation. IBM X-Force ID: 240903.
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges. * CVE-2022-4378: A stack ove...
Red Hat Security Advisory 2023-2083-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.5 General Availability release images, which fix bugs and security updates container images. Issues addressed include denial of service and server-side request forgery vulnerabilities.
An update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4378: A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.
An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4378: A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.
An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4269: A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of se...
An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4269: A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of...
Red Hat OpenShift Container Platform release 4.10.55 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issu...
Red Hat Security Advisory 2023-1203-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include denial of service, integer overflow, and use-after-free vulnerabilities.
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges. * CVE-2022-4269: A flaw was fou...
Red Hat Security Advisory 2023-1109-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.
Red Hat Security Advisory 2023-1091-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.
An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4378: A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially esc...
An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4378: A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. * CVE-2022-42703: A memory leak flaw with use-after-free capability was found in the Linux kernel. The VMA mm/rmap.c ...
Ubuntu Security Notice 5920-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code.
Ubuntu Security Notice 5919-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code.
Red Hat Security Advisory 2023-0945-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges. * CVE-2022-4378: A stack overflow flaw was found in th...
An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2873: An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system. * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP blue...
Ubuntu Security Notice 5883-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2 implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Red Hat Security Advisory 2023-0858-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.
Ubuntu Security Notice 5814-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5809-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5803-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamas Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.