{"id":"USN-3364-3","summary":"linux-aws, linux-gke vulnerabilities","details":"It was discovered that the Linux kernel did not properly initialize a Wake-\non-Lan data structure. A local attacker could use this to expose sensitive\ninformation (kernel memory). (CVE-2014-9900)\n\nIt was discovered that the Linux kernel did not properly restrict access to\n/proc/iomem. A local attacker could use this to expose sensitive\ninformation. (CVE-2015-8944)\n\nAlexander Potapenko discovered a race condition in the Advanced Linux Sound\nArchitecture (ALSA) subsystem in the Linux kernel. A local attacker could\nuse this to expose sensitive information (kernel memory).\n(CVE-2017-1000380)\n\nLi Qiang discovered that the DRM driver for VMware Virtual GPUs in the\nLinux kernel did not properly validate some ioctl arguments. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2017-7346)\n\nJann Horn discovered that bpf in Linux kernel does not restrict the output\nof the print_bpf_insn function. A local attacker could use this to obtain\nsensitive address information. (CVE-2017-9150)\n\nMurray McAllister discovered that the DRM driver for VMware Virtual GPUs in\nthe Linux kernel did not properly initialize memory. A local attacker could\nuse this to expose sensitive information (kernel memory). (CVE-2017-9605)\n","modified":"2026-02-10T04:41:10Z","published":"2017-07-25T23:09:15Z","related":["UBUNTU-CVE-2014-9900","UBUNTU-CVE-2015-8944","UBUNTU-CVE-2017-1000380","UBUNTU-CVE-2017-7346","UBUNTU-CVE-2017-9150","UBUNTU-CVE-2017-9605"],"upstream":["CVE-2014-9900","CVE-2015-8944","CVE-2017-1000380","CVE-2017-7346","CVE-2017-9150","CVE-2017-9605","UBUNTU-CVE-2014-9900","UBUNTU-CVE-2015-8944","UBUNTU-CVE-2017-1000380","UBUNTU-CVE-2017-7346","UBUNTU-CVE-2017-9150","UBUNTU-CVE-2017-9605"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3364-3"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-9900"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-8944"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-7346"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-9150"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-9605"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-1000380"}],"affected":[{"package":{"name":"linux-aws","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/linux-aws@4.4.0-1026.35?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.4.0-1026.35"}]}],"versions":["4.4.0-1001.10","4.4.0-1003.12","4.4.0-1004.13","4.4.0-1007.16","4.4.0-1009.18","4.4.0-1011.20","4.4.0-1012.21","4.4.0-1013.22","4.4.0-1016.25","4.4.0-1017.26","4.4.0-1018.27","4.4.0-1020.29","4.4.0-1022.31"],"ecosystem_specific":{"binaries":[{"binary_name":"linux-aws-cloud-tools-4.4.0-1026","binary_version":"4.4.0-1026.35"},{"binary_name":"linux-aws-headers-4.4.0-1026","binary_version":"4.4.0-1026.35"},{"binary_name":"linux-aws-tools-4.4.0-1026","binary_version":"4.4.0-1026.35"},{"binary_name":"linux-cloud-tools-4.4.0-1026-aws","binary_version":"4.4.0-1026.35"},{"binary_name":"linux-headers-4.4.0-1026-aws","binary_version":"4.4.0-1026.35"},{"binary_name":"linux-image-4.4.0-1026-aws","binary_version":"4.4.0-1026.35"},{"binary_name":"linux-tools-4.4.0-1026-aws","binary_version":"4.4.0-1026.35"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3364-3.json","cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2014-9900"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2015-8944"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2017-7346"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2017-9150"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2017-9605"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2017-1000380"}],"ecosystem":"Ubuntu:16.04:LTS"}}},{"package":{"name":"linux-gke","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/linux-gke@4.4.0-1022.22?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.4.0-1022.22"}]}],"versions":["4.4.0-1003.3","4.4.0-1005.6","4.4.0-1006.6","4.4.0-1008.8","4.4.0-1009.9","4.4.0-1010.10","4.4.0-1012.12","4.4.0-1013.13","4.4.0-1014.14","4.4.0-1016.16","4.4.0-1018.18"],"ecosystem_specific":{"binaries":[{"binary_name":"linux-cloud-tools-4.4.0-1022-gke","binary_version":"4.4.0-1022.22"},{"binary_name":"linux-gke-cloud-tools-4.4.0-1022","binary_version":"4.4.0-1022.22"},{"binary_name":"linux-gke-headers-4.4.0-1022","binary_version":"4.4.0-1022.22"},{"binary_name":"linux-gke-tools-4.4.0-1022","binary_version":"4.4.0-1022.22"},{"binary_name":"linux-headers-4.4.0-1022-gke","binary_version":"4.4.0-1022.22"},{"binary_name":"linux-image-4.4.0-1022-gke","binary_version":"4.4.0-1022.22"},{"binary_name":"linux-image-extra-4.4.0-1022-gke","binary_version":"4.4.0-1022.22"},{"binary_name":"linux-tools-4.4.0-1022-gke","binary_version":"4.4.0-1022.22"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3364-3.json","cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2014-9900"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2015-8944"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2017-7346"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2017-9150"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2017-9605"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2017-1000380"}],"ecosystem":"Ubuntu:16.04:LTS"}}}],"schema_version":"1.7.3"}