USN-3444-1

Details

Jan H. Schönherr discovered that the Xen subsystem did not properly handle block IO merges correctly in some situations. An attacker in a guest vm could use this to cause a denial of service (host crash) or possibly gain administrative privileges in the host. (CVE-2017-12134)

Andrey Konovalov discovered that a divide-by-zero error existed in the TCP stack implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14106)

Otto Ebeling discovered that the memory manager in the Linux kernel did not properly check the effective UID in some situations. A local attacker could use this to expose sensitive information. (CVE-2017-14140)

Affected Packages

Ubuntu:16.04:LTSlinux

Fixed in:

4.4.0-97.120

Ubuntu:16.04:LTSlinux-aws

Fixed in:

4.4.0-1038.47

Ubuntu:16.04:LTSlinux-gke

Fixed in:

4.4.0-1032.32

Ubuntu:16.04:LTSlinux-kvm

Fixed in:

4.4.0-1008.13

Ubuntu:16.04:LTSlinux-raspi2

Fixed in:

4.4.0-1075.83

Ubuntu:16.04:LTSlinux-snapdragon

Fixed in:

4.4.0-1077.82

References

REPORThttps://ubuntu.com/security/CVE-2017-12134 REPORThttps://ubuntu.com/security/CVE-2017-14106 REPORThttps://ubuntu.com/security/CVE-2017-14140 ADVISORYhttps://ubuntu.com/security/notices/USN-3444-1

USN-3444-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline