[USN-3484-2] Linux kernel (HWE) vulnerability
Severity
High
Affected Packages
4
CVEs
1
The system could be made to crash or run programs as an administrator.
USN-3484-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS.
It was discovered that the KVM subsystem in the Linux kernel did not
properly keep track of nested levels in guest page tables. A local attacker
in a guest VM could use this to cause a denial of service (host OS crash)
or possibly execute arbitrary code in the host OS.
Package | Affected Version |
---|---|
pkg:deb/ubuntu/linux-image-extra-4.10.0-40-generic?distro=xenial | < 4.10.0-40.44~16.04.1 |
pkg:deb/ubuntu/linux-image-4.10.0-40-lowlatency?distro=xenial | < 4.10.0-40.44~16.04.1 |
pkg:deb/ubuntu/linux-image-4.10.0-40-generic?distro=xenial | < 4.10.0-40.44~16.04.1 |
pkg:deb/ubuntu/linux-image-4.10.0-40-generic-lpae?distro=xenial | < 4.10.0-40.44~16.04.1 |
- ID
- USN-3484-2
- Severity
- high
- URL
- https://ubuntu.com/security/notices/USN-3484-2
- Published
-
2017-11-21T06:23:50
(6 years ago) - Modified
-
2017-11-21T06:23:50
(6 years ago) - Other Advisories
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:deb/ubuntu/linux-image-extra-4.10.0-40-generic?distro=xenial | ubuntu | linux-image-extra-4.10.0-40-generic | < 4.10.0-40.44~16.04.1 | xenial | ||
Affected | pkg:deb/ubuntu/linux-image-4.10.0-40-lowlatency?distro=xenial | ubuntu | linux-image-4.10.0-40-lowlatency | < 4.10.0-40.44~16.04.1 | xenial | ||
Affected | pkg:deb/ubuntu/linux-image-4.10.0-40-generic?distro=xenial | ubuntu | linux-image-4.10.0-40-generic | < 4.10.0-40.44~16.04.1 | xenial | ||
Affected | pkg:deb/ubuntu/linux-image-4.10.0-40-generic-lpae?distro=xenial | ubuntu | linux-image-4.10.0-40-generic-lpae | < 4.10.0-40.44~16.04.1 | xenial |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |