UBUNTU-CVE-2017-17864

Details

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a "pointer leak."

Affected Packages

linux-azure

Ubuntu 14.04 LTS

Fixed in:

4.15.0-1023.24~14.04.1

linux-azure

Ubuntu 16.04 LTS

Affected versions:

4.11.0-1009.94.11.0-1011.114.11.0-1013.134.11.0-1014.144.11.0-1015.154.11.0-1016.164.13.0-1005.74.13.0-1006.84.13.0-1007.94.13.0-1009.12+5 more

Fixed in:

4.15.0-1013.13~16.04.2

linux-gcp

Ubuntu 16.04 LTS

Affected versions:

4.10.0-1004.44.10.0-1006.64.10.0-1007.74.10.0-1008.84.10.0-1009.94.13.0-1002.54.13.0-1006.94.13.0-1007.104.13.0-1008.114.13.0-1011.15+5 more

Fixed in:

4.15.0-1014.14~16.04.1

linux-hwe

Ubuntu 16.04 LTS

Affected versions:

4.10.0-27.30~16.04.24.10.0-28.32~16.04.24.10.0-30.34~16.04.14.10.0-32.36~16.04.14.10.0-33.37~16.04.14.10.0-35.39~16.04.14.10.0-37.41~16.04.14.10.0-38.42~16.04.14.10.0-40.44~16.04.14.10.0-42.46~16.04.1+24 more

Fixed in:

4.15.0-24.26~16.04.1

References

REPORT

http://www.openwall.com/lists/oss-security/2017/12/24/1

REPORT

https://ubuntu.com/security/CVE-2017-17864

REPORT

https://ubuntu.com/security/notices/USN-3523-1

REPORT

https://ubuntu.com/security/notices/USN-3523-2

REPORT

https://ubuntu.com/security/notices/USN-3523-3

REPORT

https://www.cve.org/CVERecord?id=CVE-2017-17864