Ubuntu 16.04 LTS : linux-snapdragon vulnerability (USN-3008-1)

High Nessus Plugin ID 91570


The remote Ubuntu host is missing a security-related patch.


Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.


Update the affected linux-image-4.4-snapdragon package.

Plugin Details

Severity: High

ID: 91570

File Name: ubuntu_USN-3008-1.nasl

Version: $Revision: 2.6 $

Type: local

Agent: unix

Published: 2016/06/10

Modified: 2016/12/01

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.2

Temporal Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:ND/RC:ND


Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:X/RC:X

Vulnerability Information

CPE: p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon, cpe:/o:canonical:ubuntu_linux:16.04

Required KB Items: Host/cpu, Host/Ubuntu, Host/Ubuntu/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2016/06/10

Reference Information

CVE: CVE-2016-1583

OSVDB: 139987

USN: 3008-1