USN-2765-1 Linux Kernel (Vivid HWE) Vulnerability




Canonical Ubuntu

Versions Affected
  • Canonical Ubuntu 14.04 LTS

It was discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information or cause a denial of service.

Affected Pivotal Products and Versions

Severity is high unless otherwise noted.

  • BOSH: All versions of Cloud Foundry BOSH stemcells prior to v3094 are vulnerable to the aforementioned CVE.
  • Products in the PCF Suite which reference BOSH stemcell v3093 or earlier are vulnerable to the aforementioned CVE:
    • Ops Manager v1.5.6 or earlier
    • Elastic Runtime v1.5.5 or earlier
    • MySQL for Pivotal Cloud Foundry v1.6.2 or earlier
    • Session State Caching Powered by Pivotal Gemfire v1.0.2 or earlier
    • RabbitMQ for Pivotal Cloud Foundry v1.4.4 or earlier
    • Redis for Pivotal Cloud Foundry v1.4.8 or earlier

Users of affected versions should apply the following mitigation:


Dmitry Vyukov