{"id":"USN-3007-1","summary":"linux-raspi2 vulnerabilities","details":"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux\nkernel incorrectly enables scatter/gather I/O. A remote attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap()\nhandler of a lower filesystem that did not implement one, causing a\nrecursive page fault to occur. A local unprivileged attacker could use to\ncause a denial of service (system crash) or possibly execute arbitrary code\nwith administrative privileges. (CVE-2016-1583)\n\nMultiple race conditions where discovered in the Linux kernel's ext4 file\nsystem. A local user could exploit this flaw to cause a denial of service\n(disk corruption) by writing to a page that is associated with a different\nusers file after unsynchronized hole punching and page-fault handling.\n(CVE-2015-8839)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An attacker\nwith physical access could use this to cause a denial of service (system\ncrash). (CVE-2016-2187)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress\nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest\nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2\nSupport implementations in the Linux kernel. A local attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket\ninterface (rtnetlink) implementation in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4486)\n\nJann Horn discovered that the extended Berkeley Packet Filter (eBPF)\nimplementation in the Linux kernel could overflow reference counters on\nsystems with more than 32GB of physical ram and with RLIMIT_MEMLOCK set to\ninfinite. A local unprivileged attacker could use to create a use-after-\nfree situation, causing a denial of service (system crash) or possibly gain\nadministrative privileges. (CVE-2016-4558)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel\ncould be coerced into overwriting kernel memory. A local unprivileged\nattacker could use this to possibly gain administrative privileges on\nsystems where InifiniBand related kernel modules are loaded.\n(CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle\npropagated mounts correctly. A local unprivileged attacker could use this\nto cause a denial of service (system crash). (CVE-2016-4581)\n","modified":"2026-02-10T04:41:00Z","published":"2016-06-10T06:58:42Z","related":["UBUNTU-CVE-2015-8839","UBUNTU-CVE-2016-1583","UBUNTU-CVE-2016-2117","UBUNTU-CVE-2016-2187","UBUNTU-CVE-2016-3961","UBUNTU-CVE-2016-4485","UBUNTU-CVE-2016-4486","UBUNTU-CVE-2016-4558","UBUNTU-CVE-2016-4565","UBUNTU-CVE-2016-4581"],"upstream":["CVE-2015-8839","CVE-2016-1583","CVE-2016-2117","CVE-2016-2187","CVE-2016-3961","CVE-2016-4485","CVE-2016-4486","CVE-2016-4558","CVE-2016-4565","CVE-2016-4581","UBUNTU-CVE-2015-8839","UBUNTU-CVE-2016-1583","UBUNTU-CVE-2016-2117","UBUNTU-CVE-2016-2187","UBUNTU-CVE-2016-3961","UBUNTU-CVE-2016-4485","UBUNTU-CVE-2016-4486","UBUNTU-CVE-2016-4558","UBUNTU-CVE-2016-4565","UBUNTU-CVE-2016-4581"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3007-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-8839"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-1583"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-2117"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-2187"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-3961"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-4485"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-4486"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-4558"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-4565"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-4581"}],"affected":[{"package":{"name":"linux-raspi2","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/linux-raspi2@4.4.0-1012.16?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.4.0-1012.16"}]}],"versions":["4.2.0-1013.19","4.2.0-1014.21","4.3.0-1006.6","4.4.0-1003.4","4.4.0-1004.5","4.4.0-1009.10","4.4.0-1010.12","4.4.0-1010.13"],"ecosystem_specific":{"binaries":[{"binary_name":"linux-headers-4.4.0-1012-raspi2","binary_version":"4.4.0-1012.16"},{"binary_name":"linux-image-4.4.0-1012-raspi2","binary_version":"4.4.0-1012.16"},{"binary_name":"linux-raspi2-headers-4.4.0-1012","binary_version":"4.4.0-1012.16"},{"binary_name":"linux-raspi2-tools-4.4.0-1012","binary_version":"4.4.0-1012.16"},{"binary_name":"linux-tools-4.4.0-1012-raspi2","binary_version":"4.4.0-1012.16"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3007-1.json","cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2015-8839"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"high"}],"id":"CVE-2016-1583"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"high"}],"id":"CVE-2016-2117"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-2187"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-3961"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-4485"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-4486"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-4558"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-4565"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-4581"}],"ecosystem":"Ubuntu:16.04:LTS"}}}],"schema_version":"1.7.3"}