USN-3444-1

Advisory lineage Upstream: 6 Downstream: 0

Upstream

CVE-2017-12134 CVE-2017-14106 CVE-2017-14140 UBUNTU-CVE-2017-12134 UBUNTU-CVE-2017-14106 UBUNTU-CVE-2017-14140

Published: 10 Oct 2017, 23:29

Last modified:22 Apr 2026, 09:39

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

10 Oct 2017, 23:29

Published

Vulnerability first disclosed

22 Apr 2026, 09:39

Last Modified

Vulnerability information updated

Description

linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities Jan H. Schönherr discovered that the Xen subsystem did not properly handle block IO merges correctly in some situations. An attacker in a guest vm could use this to cause a denial of service (host crash) or possibly gain administrative privileges in the host. (CVE-2017-12134) Andrey Konovalov discovered that a divide-by-zero error existed in the TCP stack implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14106) Otto Ebeling discovered that the memory manager in the Linux kernel did not properly check the effective UID in some situations. A local attacker could use this to expose sensitive information. (CVE-2017-14140)

Affected Systems

ubuntu•linux
< 4.4.0-97.120
ubuntu•linux-aws
< 4.4.0-1038.47
ubuntu•linux-gke
< 4.4.0-1032.32
ubuntu•linux-kvm
< 4.4.0-1008.13
ubuntu•linux-raspi2
< 4.4.0-1075.83
ubuntu•linux-snapdragon
< 4.4.0-1077.82

USN-3444-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (4)