USN-3509-1

Details

Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16939)

It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages. A local attacker could use this to cause a denial of service (application crashes) or possibly gain administrative privileges. (CVE-2017-1000405)

Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array implementation in the Linux kernel sometimes did not properly handle adding a new entry. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-12193)

Andrey Konovalov discovered an out-of-bounds read in the GTCO digitizer USB driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16643)

Affected Packages

Ubuntu:16.04:LTSlinux

Fixed in:

4.4.0-103.126

Ubuntu:16.04:LTSlinux-aws

Fixed in:

4.4.0-1043.52

Ubuntu:16.04:LTSlinux-kvm

Fixed in:

4.4.0-1012.17

Ubuntu:16.04:LTSlinux-raspi2

Fixed in:

4.4.0-1079.87

Ubuntu:16.04:LTSlinux-snapdragon

Fixed in:

4.4.0-1081.86

References

REPORThttps://ubuntu.com/security/CVE-2017-1000405 REPORThttps://ubuntu.com/security/CVE-2017-12193 REPORThttps://ubuntu.com/security/CVE-2017-16643 REPORThttps://ubuntu.com/security/CVE-2017-16939 ADVISORYhttps://ubuntu.com/security/notices/USN-3509-1

USN-3509-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline