[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-USN-3583-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":114,"duplicates":115,"related":116,"reserved_at":9,"published_at":142,"modified_at":143,"state":9,"summary":144,"references_raw":146,"kevs":254,"epss":9,"epss_history":255,"metrics":256,"affected":257},"USN-3583-1","linux vulnerabilities\n\nIt was discovered that an out-of-bounds write vulnerability existed in the\nFlash-Friendly File System (f2fs) in the Linux kernel. An attacker could\nconstruct a malicious file system that, when mounted, could cause a denial\nof service (system crash) or possibly execute arbitrary code.\n(CVE-2017-0750)\n\nIt was discovered that a race condition leading to a use-after-free\nvulnerability existed in the ALSA PCM subsystem of the Linux kernel. A\nlocal attacker could use this to cause a denial of service (system crash)\nor possibly execute arbitrary code. (CVE-2017-0861)\n\nIt was discovered that the KVM implementation in the Linux kernel allowed\npassthrough of the diagnostic I/O port 0x80. An attacker in a guest VM\ncould use this to cause a denial of service (system crash) in the host OS.\n(CVE-2017-1000407)\n\nBo Zhang discovered that the netlink wireless configuration interface in\nthe Linux kernel did not properly validate attributes when handling certain\nrequests. A local attacker with the CAP_NET_ADMIN could use this to cause a\ndenial of service (system crash). (CVE-2017-12153)\n\nVitaly Mayatskikh discovered that the SCSI subsystem in the Linux kernel\ndid not properly track reference counts when merging buffers. A local\nattacker could use this to cause a denial of service (memory exhaustion).\n(CVE-2017-12190)\n\nIt was discovered that the key management subsystem in the Linux kernel did\nnot properly restrict key reads on negatively instantiated keys. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2017-12192)\n\nIt was discovered that an integer overflow existed in the sysfs interface\nfor the QLogic 24xx+ series SCSI driver in the Linux kernel. A local\nprivileged attacker could use this to cause a denial of service (system\ncrash). (CVE-2017-14051)\n\nOtto Ebeling discovered that the memory manager in the Linux kernel did not\nproperly check the effective UID in some situations. A local attacker could\nuse this to expose sensitive information. (CVE-2017-14140)\n\nIt was discovered that the ATI Radeon framebuffer driver in the Linux\nkernel did not properly initialize a data structure returned to user space.\nA local attacker could use this to expose sensitive information (kernel\nmemory). (CVE-2017-14156)\n\nChunYu Wang discovered that the iSCSI transport implementation in the Linux\nkernel did not properly validate data structures. A local attacker could\nuse this to cause a denial of service (system crash). (CVE-2017-14489)\n\nJames Patrick-Evans discovered a race condition in the LEGO USB Infrared\nTower driver in the Linux kernel. A physically proximate attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2017-15102)\n\nChunYu Wang discovered that a use-after-free vulnerability existed in the\nSCTP protocol implementation in the Linux kernel. A local attacker could\nuse this to cause a denial of service (system crash) or possibly execute\narbitrary code, (CVE-2017-15115)\n\nIt was discovered that the key management subsystem in the Linux kernel did\nnot properly handle NULL payloads with non-zero length values. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2017-15274)\n\nIt was discovered that the Bluebooth Network Encapsulation Protocol (BNEP)\nimplementation in the Linux kernel did not validate the type of socket\npassed in the BNEPCONNADD ioctl(). A local attacker with the CAP_NET_ADMIN\nprivilege could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2017-15868)\n\nAndrey Konovalov discovered a use-after-free vulnerability in the USB\nserial console driver in the Linux kernel. A physically proximate attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2017-16525)\n\nIt was discovered that the netfilter passive OS fingerprinting (xt_osf)\nmodule did not properly perform access control checks. A local attacker\ncould improperly modify the system-wide OS fingerprint list.\n(CVE-2017-17450)\n\nIt was discovered that the HMAC implementation did not validate the state\nof the underlying cryptographic hash algorithm. A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2017-17806)\n\nDenys Fedoryshchenko discovered a use-after-free vulnerability in the\nnetfilter xt_TCPMSS filter of the Linux kernel. A remote attacker could use\nthis to cause a denial of service (system crash). (CVE-2017-18017)\n\nGareth Evans discovered that the shm IPC subsystem in the Linux kernel did\nnot properly restrict mapping page zero. A local privileged attacker could\nuse this to execute arbitrary code. (CVE-2017-5669)\n\nIt was discovered that an integer overflow vulnerability existing in the\nIPv6 implementation in the Linux kernel. A local attacker could use this to\ncause a denial of service (infinite loop). (CVE-2017-7542)\n\nTommi Rantala and Brad Spengler discovered that the memory manager in the\nLinux kernel did not properly enforce the CONFIG_STRICT_DEVMEM protection\nmechanism. A local attacker with access to /dev/mem could use this to\nexpose sensitive information or possibly execute arbitrary code.\n(CVE-2017-7889)\n\nMohamed Ghannam discovered a use-after-free vulnerability in the DCCP\nprotocol implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2017-8824)\n\nMohamed Ghannam discovered a null pointer dereference in the RDS (Reliable\nDatagram Sockets) protocol implementation of the Linux kernel. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2018-5333)\n\n范龙飞 discovered that a race condition existed in loop block device\nimplementation in the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-5344)\n\nUSN-3524-1 mitigated CVE-2017-5754 (Meltdown) for the amd64\narchitecture in Ubuntu 14.04 LTS. This update provides the\ncorresponding mitigations for the ppc64el architecture. Original\nadvisory details:\n\n Jann Horn discovered that microprocessors utilizing speculative execution\n and indirect branch prediction may allow unauthorized memory reads via\n sidechannel attacks. This flaw is known as Meltdown. A local attacker could\n use this to expose sensitive information, including kernel memory.\n (CVE-2017-5754)\n\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96,98,100,102,104,106,108,110,112],{"_key":15},"CVE-2017-0750",{"_key":17},"CVE-2017-0861",{"_key":19},"CVE-2017-1000407",{"_key":21},"CVE-2017-12153",{"_key":23},"CVE-2017-12190",{"_key":25},"CVE-2017-12192",{"_key":27},"CVE-2017-14051",{"_key":29},"CVE-2017-14140",{"_key":31},"CVE-2017-14156",{"_key":33},"CVE-2017-14489",{"_key":35},"CVE-2017-15102",{"_key":37},"CVE-2017-15115",{"_key":39},"CVE-2017-15274",{"_key":41},"CVE-2017-15868",{"_key":43},"CVE-2017-16525",{"_key":45},"CVE-2017-17450",{"_key":47},"CVE-2017-17806",{"_key":49},"CVE-2017-18017",{"_key":51},"CVE-2017-5669",{"_key":53},"CVE-2017-5754",{"_key":55},"CVE-2017-7542",{"_key":57},"CVE-2017-7889",{"_key":59},"CVE-2017-8824",{"_key":61},"CVE-2018-5333",{"_key":63},"CVE-2018-5344",{"_key":65},"UBUNTU-CVE-2017-0750",{"_key":67},"UBUNTU-CVE-2017-0861",{"_key":69},"UBUNTU-CVE-2017-1000407",{"_key":71},"UBUNTU-CVE-2017-12153",{"_key":73},"UBUNTU-CVE-2017-12190",{"_key":75},"UBUNTU-CVE-2017-12192",{"_key":77},"UBUNTU-CVE-2017-14051",{"_key":79},"UBUNTU-CVE-2017-14140",{"_key":81},"UBUNTU-CVE-2017-14156",{"_key":83},"UBUNTU-CVE-2017-14489",{"_key":85},"UBUNTU-CVE-2017-15102",{"_key":87},"UBUNTU-CVE-2017-15115",{"_key":89},"UBUNTU-CVE-2017-15274",{"_key":91},"UBUNTU-CVE-2017-15868",{"_key":93},"UBUNTU-CVE-2017-16525",{"_key":95},"UBUNTU-CVE-2017-17450",{"_key":97},"UBUNTU-CVE-2017-17806",{"_key":99},"UBUNTU-CVE-2017-18017",{"_key":101},"UBUNTU-CVE-2017-5669",{"_key":103},"UBUNTU-CVE-2017-5754",{"_key":105},"UBUNTU-CVE-2017-7542",{"_key":107},"UBUNTU-CVE-2017-7889",{"_key":109},"UBUNTU-CVE-2017-8824",{"_key":111},"UBUNTU-CVE-2018-5333",{"_key":113},"UBUNTU-CVE-2018-5344",[],[],[117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141],{"_key":65},{"_key":69},{"_key":71},{"_key":75},{"_key":77},{"_key":83},{"_key":93},{"_key":95},{"_key":109},{"_key":111},{"_key":67},{"_key":73},{"_key":79},{"_key":81},{"_key":85},{"_key":87},{"_key":89},{"_key":91},{"_key":97},{"_key":99},{"_key":101},{"_key":105},{"_key":107},{"_key":113},{"_key":103},"2018-02-23T09:14:24Z","2026-04-22T09:43:37.619348Z",{"cisa_kev":145,"cisa_ransomware":145,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[147,153,158,162,166,170,174,178,182,186,190,194,198,202,206,210,214,218,222,226,230,234,238,242,246,250],{"url":148,"sources":149,"tags":151},"https://ubuntu.com/security/notices/USN-3583-1",[150],"osv_ubuntu",[152],"Advisory",{"url":154,"sources":155,"tags":156},"https://ubuntu.com/security/CVE-2017-0750",[150],[157],"REPORT",{"url":159,"sources":160,"tags":161},"https://ubuntu.com/security/CVE-2017-0861",[150],[157],{"url":163,"sources":164,"tags":165},"https://ubuntu.com/security/CVE-2017-5669",[150],[157],{"url":167,"sources":168,"tags":169},"https://ubuntu.com/security/CVE-2017-5754",[150],[157],{"url":171,"sources":172,"tags":173},"https://ubuntu.com/security/CVE-2017-7542",[150],[157],{"url":175,"sources":176,"tags":177},"https://ubuntu.com/security/CVE-2017-7889",[150],[157],{"url":179,"sources":180,"tags":181},"https://ubuntu.com/security/CVE-2017-8824",[150],[157],{"url":183,"sources":184,"tags":185},"https://ubuntu.com/security/CVE-2017-12153",[150],[157],{"url":187,"sources":188,"tags":189},"https://ubuntu.com/security/CVE-2017-12190",[150],[157],{"url":191,"sources":192,"tags":193},"https://ubuntu.com/security/CVE-2017-12192",[150],[157],{"url":195,"sources":196,"tags":197},"https://ubuntu.com/security/CVE-2017-14051",[150],[157],{"url":199,"sources":200,"tags":201},"https://ubuntu.com/security/CVE-2017-14140",[150],[157],{"url":203,"sources":204,"tags":205},"https://ubuntu.com/security/CVE-2017-14156",[150],[157],{"url":207,"sources":208,"tags":209},"https://ubuntu.com/security/CVE-2017-14489",[150],[157],{"url":211,"sources":212,"tags":213},"https://ubuntu.com/security/CVE-2017-15102",[150],[157],{"url":215,"sources":216,"tags":217},"https://ubuntu.com/security/CVE-2017-15115",[150],[157],{"url":219,"sources":220,"tags":221},"https://ubuntu.com/security/CVE-2017-15274",[150],[157],{"url":223,"sources":224,"tags":225},"https://ubuntu.com/security/CVE-2017-15868",[150],[157],{"url":227,"sources":228,"tags":229},"https://ubuntu.com/security/CVE-2017-16525",[150],[157],{"url":231,"sources":232,"tags":233},"https://ubuntu.com/security/CVE-2017-17450",[150],[157],{"url":235,"sources":236,"tags":237},"https://ubuntu.com/security/CVE-2017-17806",[150],[157],{"url":239,"sources":240,"tags":241},"https://ubuntu.com/security/CVE-2017-18017",[150],[157],{"url":243,"sources":244,"tags":245},"https://ubuntu.com/security/CVE-2017-1000407",[150],[157],{"url":247,"sources":248,"tags":249},"https://ubuntu.com/security/CVE-2018-5333",[150],[157],{"url":251,"sources":252,"tags":253},"https://ubuntu.com/security/CVE-2018-5344",[150],[157],[],[],[],[258],{"ecosystem":259,"name":260,"vendor":261,"product":260,"cpe_part":9,"purl_type":262,"purl_namespace":261,"purl_name":260,"source":9,"versions":263},"Ubuntu","linux","ubuntu","deb",[264],{"version":265,"is_range":266,"range_type":267,"version_start":9,"version_start_type":9,"version_end":268,"version_end_type":269,"fixed_in":9},"lt3_13_0_142_191",true,"ecosystem","3.13.0-142.191","excluding"]