UBUNTU-CVE-2017-18257

Details

The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl.

Affected Packages(18 packages)

linux-aws

Ubuntu 14.04 LTS

Fixed in:

4.4.0-1024.25

linux-lts-xenial

Ubuntu 14.04 LTS

Fixed in:

4.4.0-130.156~14.04.1

linux

Ubuntu 16.04 LTS

Fixed in:

4.4.0-130.156

linux-aws

Ubuntu 16.04 LTS

Fixed in:

4.4.0-1062.71

linux-gcp

Ubuntu 16.04 LTS

Fixed in:

4.13.0-1002.5

linux-hwe

Ubuntu 16.04 LTS

Fixed in:

4.13.0-32.35~16.04.1

linux-kvm

Ubuntu 16.04 LTS

Fixed in:

4.4.0-1029.34

linux-raspi2

Ubuntu 16.04 LTS

Fixed in:

4.4.0-1092.100

linux-snapdragon

Ubuntu 16.04 LTS

Fixed in:

4.4.0-1095.100

linux-azure-fde

Ubuntu 20.04 LTS

Affected versions:

5.4.0-1063.66+cvm2.25.4.0-1063.66+cvm3.25.4.0-1064.67+cvm1.15.4.0-1065.68+cvm2.15.4.0-1067.70+cvm1.15.4.0-1068.71+cvm1.15.4.0-1069.72+cvm1.15.4.0-1070.73+cvm1.15.4.0-1072.75+cvm1.15.4.0-1073.76+cvm1.1+16 more

References

REPORT

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b86e33075ed1909d8002745b56ecf73b833db143

REPORT

https://github.com/torvalds/linux/commit/b86e33075ed1909d8002745b56ecf73b833db143

REPORT

https://ubuntu.com/security/CVE-2017-18257

ADVISORY

https://ubuntu.com/security/notices/USN-3696-1

ADVISORY

https://ubuntu.com/security/notices/USN-3696-2

REPORT

https://www.cve.org/CVERecord?id=CVE-2017-18257