Your submission was sent successfully! Close

CVE-2016-4805

Published: 23 May 2016

Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions.

From the Ubuntu security team

Baozeng Ding discovered a use-after-free issue in the generic PPP layer in the Linux kernel. A local attacker could use this to cause a denial of service (system crash).

Notes

AuthorNote
jdstrand
android kernels (flo, goldfish, grouper, maguro, mako and manta) are
not supported on the Ubuntu Touch 14.10 and earlier preview kernels
linux-lts-saucy no longer receives official support
linux-lts-quantal no longer receives official support
Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
precise
Released (3.2.0-105.146)
trusty
Released (3.13.0-86.130)
upstream
Released (4.6~rc1)
wily
Released (4.2.0-36.41)
xenial
Released (4.4.0-22.39)
yakkety Not vulnerable
(4.4.0-22.39)
zesty Not vulnerable
(4.8.0-22.24)
Patches:
Introduced by

273ec51dd7ceaa76e038875d85061ec856d8905e

Fixed by 1f461dcdd296eecedaffffc6bae2bfa90bd7eb89
linux-armadaxp
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was released [3.2.0-1668.93])
trusty Does not exist

upstream
Released (4.6~rc1)
wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

This package is not directly supported by the Ubuntu Security Team
linux-aws
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Not vulnerable
(4.4.0-1002.2)
upstream
Released (4.6~rc1)
xenial Not vulnerable
(4.4.0-1001.10)
yakkety Does not exist

zesty Does not exist

linux-flo
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist
(trusty was ignored)
upstream
Released (4.6~rc1)
wily Ignored
(reached end-of-life)
xenial Ignored
(abandoned)
yakkety Ignored
(abandoned)
zesty Does not exist

linux-gke
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

upstream
Released (4.6~rc1)
xenial Not vulnerable
(4.4.0-1003.3)
yakkety Does not exist

zesty Does not exist

linux-goldfish
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist
(trusty was ignored)
upstream
Released (4.6~rc1)
wily Ignored
(reached end-of-life)
xenial Ignored
(abandoned)
yakkety Ignored
(abandoned)
zesty Ignored
(abandoned)
linux-grouper
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist
(trusty was ignored)
upstream
Released (4.6~rc1)
wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-hwe
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

upstream
Released (4.6~rc1)
xenial Not vulnerable
(4.8.0-36.36~16.04.1)
yakkety Does not exist

zesty Does not exist

linux-hwe-edge
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

upstream
Released (4.6~rc1)
xenial Not vulnerable
(4.8.0-36.36~16.04.1)
yakkety Does not exist

zesty Does not exist

linux-linaro-omap
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was ignored [abandoned])
trusty Does not exist

upstream
Released (4.6~rc1)
wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-linaro-shared
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was ignored [abandoned])
trusty Does not exist

upstream
Released (4.6~rc1)
wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-linaro-vexpress
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was ignored [abandoned])
trusty Does not exist

upstream
Released (4.6~rc1)
wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-lts-quantal
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was ignored [end-of-life])
trusty Does not exist

upstream
Released (4.6~rc1)
wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

This package is not directly supported by the Ubuntu Security Team
linux-lts-raring
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was ignored [end-of-life])
trusty Does not exist

upstream
Released (4.6~rc1)
wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-lts-saucy
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was ignored [end-of-life])
trusty Does not exist

upstream
Released (4.6~rc1)
wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

This package is not directly supported by the Ubuntu Security Team
linux-lts-trusty
Launchpad, Ubuntu, Debian
precise
Released (3.13.0-86.130~precise1)
trusty Does not exist

upstream
Released (4.6~rc1)
wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-lts-utopic
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist
(trusty was ignored [out of standard support])
upstream
Released (4.6~rc1)
wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-lts-vivid
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist
(trusty was released [3.19.0-59.65~14.04.1])
upstream
Released (4.6~rc1)
wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-lts-wily
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist
(trusty was released [4.2.0-36.41~14.04.1])
upstream
Released (4.6~rc1)
wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-lts-xenial
Launchpad, Ubuntu, Debian
precise Does not exist

trusty
Released (4.4.0-22.39~14.04.1)
upstream
Released (4.6~rc1)
wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-maguro
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist
(trusty was ignored)
upstream
Released (4.6~rc1)
wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-mako
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist
(trusty was ignored)
upstream
Released (4.6~rc1)
wily Ignored
(reached end-of-life)
xenial Ignored
(abandoned)
yakkety Ignored
(abandoned)
zesty Does not exist

linux-manta
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist
(trusty was ignored)
upstream
Released (4.6~rc1)
wily Ignored
(reached end-of-life)
xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-qcm-msm
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was ignored [abandoned])
trusty Does not exist

upstream
Released (4.6~rc1)
wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-raspi2
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

upstream
Released (4.6~rc1)
wily
Released (4.2.0-1029.37)
xenial
Released (4.4.0-1010.12)
yakkety Not vulnerable
(4.4.0-1010.12)
zesty Not vulnerable
(4.8.0-1013.15)
linux-snapdragon
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

upstream
Released (4.6~rc1)
wily Does not exist

xenial
Released (4.4.0-1013.14)
yakkety Not vulnerable
(4.4.0-1013.14)
zesty Not vulnerable
(4.4.0-1029.32)
linux-ti-omap4
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was released [3.2.0-1483.110])
trusty Does not exist

upstream
Released (4.6~rc1)
wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist