vulnerability

Ubuntu: (Multiple Advisories) (CVE-2016-3713): Linux kernel vulnerabilities

Try Surface Command
Back to search
Severity
6
CVSS
(AV:L/AC:L/Au:N/C:P/I:N/A:C)
Published
May 16, 2016
Added
May 16, 2016
Modified
Aug 18, 2025

Description

David Matlack discovered that the Kernel-based Virtual Machine (KVM)
implementation in the Linux kernel did not properly restrict variable
Memory Type Range Registers (MTRR) in KVM guests. A privileged user in a
guest VM could use this to cause a denial of service (system crash) in the
host, expose sensitive information from the host, or possibly gain
administrative privileges in the host. (CVE-2016-3713)

Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did
not properly process certificate files with tags of indefinite length. A
local unprivileged attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code with administrative
privileges. (CVE-2016-0758)

Solutions

ubuntu-upgrade-linux-image-4-2-0-36-genericubuntu-upgrade-linux-image-4-2-0-36-generic-lpaeubuntu-upgrade-linux-image-4-2-0-36-lowlatencyubuntu-upgrade-linux-image-4-2-0-36-powerpc-e500mcubuntu-upgrade-linux-image-4-2-0-36-powerpc-smpubuntu-upgrade-linux-image-4-2-0-36-powerpc64-embubuntu-upgrade-linux-image-4-2-0-36-powerpc64-smpubuntu-upgrade-linux-image-4-4-0-22-genericubuntu-upgrade-linux-image-4-4-0-22-generic-lpaeubuntu-upgrade-linux-image-4-4-0-22-lowlatencyubuntu-upgrade-linux-image-4-4-0-22-powerpc-e500mcubuntu-upgrade-linux-image-4-4-0-22-powerpc-smpubuntu-upgrade-linux-image-4-4-0-22-powerpc64-embubuntu-upgrade-linux-image-4-4-0-22-powerpc64-smp

References

    Title
    NEW

    Explore Exposure Command

    Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

    Try it today