Cloud Foundry Logo
blog single gear
Security Advisory

USN-3220-2: Linux kernel (Xenial HWE) vulnerability

USN-3220-2: Linux kernel (Xenial HWE) vulnerability

Severity

High

Vendor

Canonical Ubuntu

Versions Affected

  • Ubuntu 14.04 LTS

Description

Alexander Popov discovered that the N_HDLC line discipline implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges.

Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

The Cloud Foundry team recommends upgrading to the following BOSH stemcells:

    • Upgrade 3151.x versions to 3151.12
    • Upgrade 3233.x versions to 3233.15
    • Upgrade 3263.x versions to 3263.21
    • Upgrade 3312.x versions to 3312.21
    • Upgrade 3363.x versions to 3363.10

References

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES