USN-3378-1

Advisory lineage Upstream: 8 Downstream: 0
Published: 03 Aug 2017, 16:52
Last modified:22 Apr 2026, 09:37

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

03 Aug 2017, 16:52
Published
Vulnerability first disclosed
22 Apr 2026, 09:37
Last Modified
Vulnerability information updated

Description

linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the Linux kernel. An unprivileged local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2017-7533) It was discovered that the Linux kernel did not properly restrict RLIMIT_STACK size. A local attacker could use this in conjunction with another vulnerability to possibly execute arbitrary code. (CVE-2017-1000365) 李强 discovered that the Virtio GPU driver in the Linux kernel did not properly free memory in some situations. A local attacker could use this to cause a denial of service (memory consumption). (CVE-2017-10810) 石磊 discovered that the RxRPC Kerberos 5 ticket handling code in the Linux kernel did not properly verify metadata. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7482)

Affected Systems

  • ubuntulinux

    < 4.4.0-89.112

  • ubuntulinux-aws

    < 4.4.0-1028.37

  • ubuntulinux-gke

    < 4.4.0-1024.24

  • ubuntulinux-raspi2

    < 4.4.0-1067.75

  • ubuntulinux-snapdragon

    < 4.4.0-1069.74

References (5)