Test ID:	1.3.6.1.4.1.25623.1.0.843859
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-3848-1)
Summary:	The remote host is missing an update for the 'linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon' package(s) announced via the USN-3848-1 advisory.
Description:	Summary: The remote host is missing an update for the 'linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon' package(s) announced via the USN-3848-1 advisory. Vulnerability Insight: It was discovered that a double free existed in the AMD GPIO driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18174) It was discovered that an integer overrun vulnerability existed in the POSIX timers implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2018-12896) Kanda Motohiro discovered that writing extended attributes to an XFS file system in the Linux kernel in certain situations could cause an error condition to occur. A local attacker could use this to cause a denial of service. (CVE-2018-18690) It was discovered that an integer overflow vulnerability existed in the CDROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-18710) Affected Software/OS: 'linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon' package(s) on Ubuntu 16.04. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-18174 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=251e22abde21833b3d29577e4d8c7aaccd650eee http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8dca4a41f1ad65043a78c2338d9725f859c8d2c3 https://github.com/torvalds/linux/commit/251e22abde21833b3d29577e4d8c7aaccd650eee https://github.com/torvalds/linux/commit/8dca4a41f1ad65043a78c2338d9725f859c8d2c3 https://usn.ubuntu.com/3848-1/ https://usn.ubuntu.com/3848-2/ Common Vulnerability Exposure (CVE) ID: CVE-2018-12896 https://bugzilla.kernel.org/show_bug.cgi?id=200189 https://github.com/lcytxw/bug_repro/tree/master/bug_200189 https://github.com/torvalds/linux/commit/78c9c4dfbf8c04883941445a195276bb4bb92c76 https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html https://usn.ubuntu.com/3847-1/ https://usn.ubuntu.com/3847-2/ https://usn.ubuntu.com/3847-3/ https://usn.ubuntu.com/3849-1/ https://usn.ubuntu.com/3849-2/ Common Vulnerability Exposure (CVE) ID: CVE-2018-18690 BugTraq ID: 105753 http://www.securityfocus.com/bid/105753 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7b38460dc8e4eafba06c78f8e37099d3b34d473c https://bugzilla.kernel.org/show_bug.cgi?id=199119 https://bugzilla.suse.com/show_bug.cgi?id=1105025 https://github.com/torvalds/linux/commit/7b38460dc8e4eafba06c78f8e37099d3b34d473c Common Vulnerability Exposure (CVE) ID: CVE-2018-18710 BugTraq ID: 106041 http://www.securityfocus.com/bid/106041 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4f3aa2e1e67bb48dfbaaf1cad59013d5a5bc276 https://github.com/torvalds/linux/commit/e4f3aa2e1e67bb48dfbaaf1cad59013d5a5bc276 https://usn.ubuntu.com/3846-1/
Copyright	Copyright (C) 2018 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.