*** This bug is a security vulnerability *** You have been subscribed to a public security bug by Seth Arnold (seth-arnold):
Dear Launchpad Ubuntu Team, An error related to the "ppp_cp_parse_cr()" function (hdlc_ppp.c) can be exploited to trigger an infinite loop or an out-of-bounds read memory access via a specially crafted packet. The vulnerability is reported in versions 5.4.x prior to 5.4.68, 4.19.x prior to 4.19.148, 4.14.x prior to 4.14.200, 4.9.x prior to 4.9.238, and 4.4.x prior to 4.4.238. The following software is affected by the described vulnerability: Linux Kernel 4.14.x Linux Kernel 4.19.x Linux Kernel 4.4.x Linux Kernel 4.9.x Linux Kernel 5.4.x References 1. https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.12 2. https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.68 3. https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.148 4. https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.200 5. https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.238 6. https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.238 7. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=66d42ed8b25b64eb63111a2b8582c5afc8bf1105 The issue affects Ubuntu 16 LTS. Please provide an update. Best regards, it0001 ** Affects: linux (Ubuntu) Importance: Undecided Status: New -- Linux Kernel "ppp_cp_parse_cr()" Denial of Service Vulnerability https://bugs.launchpad.net/bugs/1898742 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
