According to Ubuntu Security Notice USN-3084-1, three security flaws are affecting the Ubuntu 16.04 LTS (Xenial Xerus) operating system and later versions, as well as any derivative. The first one is a race condition in Linux kernel’s audit subsystems, which could allow a local attacker to interrupt system-call auditing or damage the audit logs.
The second security issue is related to Linux kernel’s KVM (Kernel-based Virtual Machine) hypervisor implementation, which didn’t work correctly on PPC64 (PowerPC 64-bit) and PowerPC (PPC) platforms, thus allowing an unprivileged attacker to cause a CPU lockup in the host operating system.
Lastly, Ubuntu 16.04 LTS was affected by a race condition in Linux kernel’s Chrome OS embedded controller device driver, which would have allowed a local attacker to crash the system by causing a denial of service (DoS). This issue was discovered by Pengfei Wang.
Submitted by: Arnfried Walbrecht