{"id":"USN-3656-1","summary":"linux-raspi2, linux-snapdragon vulnerabilities","details":"Tuba Yavuz discovered that a double-free error existed in the USBTV007\ndriver of the Linux kernel. A local attacker could use this to cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-17975)\n\nIt was discovered that a race condition existed in the F2FS implementation\nin the Linux kernel. A local attacker could use this to cause a denial of\nservice (system crash). (CVE-2017-18193)\n\nIt was discovered that a buffer overflow existed in the Hisilicon HNS\nEthernet Device driver in the Linux kernel. A local attacker could use this\nto cause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2017-18222)\n\nIt was discovered that the netfilter subsystem in the Linux kernel did not\nvalidate that rules containing jumps contained user-defined chains. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2018-1065)\n\nIt was discovered that the netfilter subsystem of the Linux kernel did not\nproperly validate ebtables offsets. A local attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-1068)\n\nIt was discovered that a null pointer dereference vulnerability existed in\nthe DCCP protocol implementation in the Linux kernel. A local attacker\ncould use this to cause a denial of service (system crash). (CVE-2018-1130)\n\nIt was discovered that the SCTP Protocol implementation in the Linux kernel\ndid not properly validate userspace provided payload lengths in some\nsituations. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2018-5803)\n\nIt was discovered that a double free error existed in the block layer\nsubsystem of the Linux kernel when setting up a request queue. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2018-7480)\n\nIt was discovered that a memory leak existed in the SAS driver subsystem of\nthe Linux kernel. A local attacker could use this to cause a denial of\nservice (memory exhaustion). (CVE-2018-7757)\n\nIt was discovered that a race condition existed in the x86 machine check\nhandler in the Linux kernel. A local privileged attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-7995)\n\nEyal Itkin discovered that the USB displaylink video adapter driver in the\nLinux kernel did not properly validate mmap offsets sent from userspace. A\nlocal attacker could use this to expose sensitive information (kernel\nmemory) or possibly execute arbitrary code. (CVE-2018-8781)\n\nSilvio Cesare discovered a buffer overwrite existed in the NCPFS\nimplementation in the Linux kernel. A remote attacker controlling a\nmalicious NCPFS server could use this to cause a denial of service (system\ncrash) or possibly execute arbitrary code. (CVE-2018-8822)\n","modified":"2026-02-10T04:41:21Z","published":"2018-05-22T22:42:32Z","related":["UBUNTU-CVE-2017-17975","UBUNTU-CVE-2017-18193","UBUNTU-CVE-2017-18222","UBUNTU-CVE-2018-1065","UBUNTU-CVE-2018-1068","UBUNTU-CVE-2018-1130","UBUNTU-CVE-2018-5803","UBUNTU-CVE-2018-7480","UBUNTU-CVE-2018-7757","UBUNTU-CVE-2018-7995","UBUNTU-CVE-2018-8781","UBUNTU-CVE-2018-8822"],"upstream":["CVE-2017-17975","CVE-2017-18193","CVE-2017-18222","CVE-2018-1065","CVE-2018-1068","CVE-2018-1130","CVE-2018-5803","CVE-2018-7480","CVE-2018-7757","CVE-2018-7995","CVE-2018-8781","CVE-2018-8822","UBUNTU-CVE-2017-17975","UBUNTU-CVE-2017-18193","UBUNTU-CVE-2017-18222","UBUNTU-CVE-2018-1065","UBUNTU-CVE-2018-1068","UBUNTU-CVE-2018-1130","UBUNTU-CVE-2018-5803","UBUNTU-CVE-2018-7480","UBUNTU-CVE-2018-7757","UBUNTU-CVE-2018-7995","UBUNTU-CVE-2018-8781","UBUNTU-CVE-2018-8822"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3656-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-17975"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-18193"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-18222"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-1065"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-1068"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-1130"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-5803"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-7480"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-7757"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-7995"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-8781"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-8822"}],"affected":[{"package":{"name":"linux-raspi2","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/linux-raspi2@4.4.0-1090.98?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.4.0-1090.98"}]}],"versions":["4.2.0-1013.19","4.2.0-1014.21","4.3.0-1006.6","4.4.0-1003.4","4.4.0-1004.5","4.4.0-1009.10","4.4.0-1010.12","4.4.0-1010.13","4.4.0-1012.16","4.4.0-1016.22","4.4.0-1017.23","4.4.0-1019.25","4.4.0-1021.27","4.4.0-1023.29","4.4.0-1027.33","4.4.0-1029.36","4.4.0-1034.41","4.4.0-1038.45","4.4.0-1040.47","4.4.0-1042.49","4.4.0-1044.51","4.4.0-1046.53","4.4.0-1048.55","4.4.0-1050.57","4.4.0-1051.58","4.4.0-1052.59","4.4.0-1054.61","4.4.0-1055.62","4.4.0-1057.64","4.4.0-1059.67","4.4.0-1061.69","4.4.0-1065.73","4.4.0-1067.75","4.4.0-1069.77","4.4.0-1070.78","4.4.0-1071.79","4.4.0-1074.82","4.4.0-1075.83","4.4.0-1076.84","4.4.0-1077.85","4.4.0-1079.87","4.4.0-1080.88","4.4.0-1082.90","4.4.0-1085.93","4.4.0-1086.94","4.4.0-1087.95","4.4.0-1089.97"],"ecosystem_specific":{"binaries":[{"binary_version":"4.4.0-1090.98","binary_name":"linux-headers-4.4.0-1090-raspi2"},{"binary_version":"4.4.0-1090.98","binary_name":"linux-image-4.4.0-1090-raspi2"},{"binary_version":"4.4.0-1090.98","binary_name":"linux-raspi2-headers-4.4.0-1090"},{"binary_version":"4.4.0-1090.98","binary_name":"linux-raspi2-tools-4.4.0-1090"},{"binary_version":"4.4.0-1090.98","binary_name":"linux-tools-4.4.0-1090-raspi2"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3656-1.json","cves_map":{"ecosystem":"Ubuntu:16.04:LTS","cves":[{"id":"CVE-2017-17975","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2017-18193","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2017-18222","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2018-1065","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2018-1068","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2018-1130","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2018-5803","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2018-7480","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2018-7757","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2018-7995","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2018-8781","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2018-8822","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}]}}},{"package":{"name":"linux-snapdragon","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/linux-snapdragon@4.4.0-1093.98?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.4.0-1093.98"}]}],"versions":["4.4.0-1012.12","4.4.0-1013.14","4.4.0-1013.15","4.4.0-1015.18","4.4.0-1019.22","4.4.0-1020.23","4.4.0-1022.25","4.4.0-1024.27","4.4.0-1026.29","4.4.0-1030.33","4.4.0-1032.36","4.4.0-1035.39","4.4.0-1039.43","4.4.0-1042.46","4.4.0-1044.48","4.4.0-1046.50","4.4.0-1047.51","4.4.0-1048.52","4.4.0-1050.54","4.4.0-1051.55","4.4.0-1053.57","4.4.0-1054.58","4.4.0-1055.59","4.4.0-1057.61","4.4.0-1058.62","4.4.0-1059.63","4.4.0-1061.66","4.4.0-1063.68","4.4.0-1067.72","4.4.0-1069.74","4.4.0-1071.76","4.4.0-1072.77","4.4.0-1073.78","4.4.0-1076.81","4.4.0-1077.82","4.4.0-1078.83","4.4.0-1079.84","4.4.0-1081.86","4.4.0-1082.87","4.4.0-1084.89","4.4.0-1087.92","4.4.0-1088.93","4.4.0-1090.95","4.4.0-1092.97"],"ecosystem_specific":{"binaries":[{"binary_version":"4.4.0-1093.98","binary_name":"linux-headers-4.4.0-1093-snapdragon"},{"binary_version":"4.4.0-1093.98","binary_name":"linux-image-4.4.0-1093-snapdragon"},{"binary_version":"4.4.0-1093.98","binary_name":"linux-snapdragon-headers-4.4.0-1093"},{"binary_version":"4.4.0-1093.98","binary_name":"linux-snapdragon-tools-4.4.0-1093"},{"binary_version":"4.4.0-1093.98","binary_name":"linux-tools-4.4.0-1093-snapdragon"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3656-1.json","cves_map":{"ecosystem":"Ubuntu:16.04:LTS","cves":[{"id":"CVE-2017-17975","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2017-18193","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2017-18222","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2018-1065","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2018-1068","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2018-1130","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2018-5803","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2018-7480","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2018-7757","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2018-7995","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2018-8781","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2018-8822","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}]}}}],"schema_version":"1.7.3"}