USN-3507-2
Vulnerability Summary
Timeline
Description
linux-gcp vulnerabilities Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16939) It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages. A local attacker could use this to cause a denial of service (application crashes) or possibly gain administrative privileges. (CVE-2017-1000405) Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array implementation in the Linux kernel sometimes did not properly handle adding a new entry. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-12193) Eric Biggers discovered that the key management subsystem in the Linux kernel did not properly restrict adding a key that already exists but is uninstantiated. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15299) It was discovered that a null pointer dereference error existed in the PowerPC KVM implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-15306) Eric Biggers discovered a race condition in the key management subsystem of the Linux kernel around keys in a negative state. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15951)
Affected Systems
- ubuntu•linux-gcp
< 4.13.0-1002.5
References (7)
- https://ubuntu.com/security/notices/USN-3507-2
- https://ubuntu.com/security/CVE-2017-12193
- https://ubuntu.com/security/CVE-2017-15299
- https://ubuntu.com/security/CVE-2017-15306
- https://ubuntu.com/security/CVE-2017-15951
- https://ubuntu.com/security/CVE-2017-16939
- https://ubuntu.com/security/CVE-2017-1000405