[USN-3507-2] Linux kernel (GCP) vulnerabilities
Several security issues were fixed in the Linux kernel.
Mohamed Ghannam discovered that a use-after-free vulnerability existed in
the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-16939)
It was discovered that the Linux kernel did not properly handle copy-on-
write of transparent huge pages. A local attacker could use this to cause a
denial of service (application crashes) or possibly gain administrative
privileges. (CVE-2017-1000405)
Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array
implementation in the Linux kernel sometimes did not properly handle adding
a new entry. A local attacker could use this to cause a denial of service
(system crash). (CVE-2017-12193)
Eric Biggers discovered that the key management subsystem in the Linux
kernel did not properly restrict adding a key that already exists but is
uninstantiated. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2017-15299)
It was discovered that a null pointer dereference error existed in the
PowerPC KVM implementation in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash). (CVE-2017-15306)
Eric Biggers discovered a race condition in the key management subsystem of
the Linux kernel around keys in a negative state. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-15951)
Package | Affected Version |
---|---|
pkg:deb/ubuntu/linux-image-extra-4.13.0-1002-gcp?distro=xenial | < 4.13.0-1002.5 |
pkg:deb/ubuntu/linux-image-4.13.0-1002-gcp?distro=xenial | < 4.13.0-1002.5 |
- ID
- USN-3507-2
- Severity
- high
- URL
- https://ubuntu.com/security/notices/USN-3507-2
- Published
-
2017-12-08T03:47:41
(6 years ago) - Modified
-
2017-12-08T03:47:41
(6 years ago) - Other Advisories
-
- ALAS-2017-925
- ALAS-2017-937
- ALAS-2018-1023
- ALAS-2018-956
- ALAS2-2018-1023
- ALAS2-2018-956
- DSA-4082-1
- ELSA-2017-3651
- ELSA-2018-0151
- ELSA-2018-1318
- ELSA-2018-4025
- ELSA-2018-4108
- ELSA-2018-4109
- ELSA-2018-4110
- ELSA-2018-4131
- FEDORA-2017-10faeda281
- FEDORA-2017-38b37120a2
- FEDORA-2017-9ea11e444d
- FEDORA-2017-9fbb35aeda
- FEDORA-2017-aa9927961f
- FEDORA-2017-b0c1f44130
- FEDORA-2017-c110ac0eb1
- FEDORA-2017-cafcdbdde5
- FEDORA-2017-ea254105cc
- FEDORA-2017-ebab38baf6
- FEDORA-2017-ef58cbde27
- FEDORA-2018-1c80fea1cd
- FEDORA-2018-1e033dc308
- FEDORA-2018-2a0f8b2c9d
- FEDORA-2018-2ee3411cb8
- FEDORA-2018-2f6df9abfb
- FEDORA-2018-49bda79bd5
- FEDORA-2018-4ca01704a2
- FEDORA-2018-6367a17aa3
- FEDORA-2018-79d7c3d2df
- FEDORA-2018-8484550fff
- FEDORA-2018-884a105c04
- FEDORA-2018-93c2e74446
- FEDORA-2018-94315e9a6b
- FEDORA-2018-9d0e4e40b5
- FEDORA-2018-b57db4753c
- FEDORA-2018-b68776e5b0
- FEDORA-2018-b997780dca
- FEDORA-2018-c0a1284064
- FEDORA-2018-c449dc1c9c
- FEDORA-2018-d77cc41f35
- FEDORA-2018-e71875c4aa
- FEDORA-2018-e8f793bbfc
- RHSA-2018:0151
- RHSA-2018:0152
- RHSA-2018:1318
- RHSA-2018:1355
- SUSE-SU-2017:3210-1
- SUSE-SU-2017:3225-1
- SUSE-SU-2017:3226-1
- SUSE-SU-2017:3249-1
- SUSE-SU-2017:3284-1
- SUSE-SU-2017:3285-1
- SUSE-SU-2017:3286-1
- SUSE-SU-2017:3287-1
- SUSE-SU-2017:3288-1
- SUSE-SU-2017:3289-1
- SUSE-SU-2017:3290-1
- SUSE-SU-2017:3291-1
- SUSE-SU-2017:3292-1
- SUSE-SU-2017:3293-1
- SUSE-SU-2017:3295-1
- SUSE-SU-2017:3296-1
- SUSE-SU-2017:3297-1
- SUSE-SU-2017:3299-1
- SUSE-SU-2017:3300-1
- SUSE-SU-2017:3301-1
- SUSE-SU-2017:3302-1
- SUSE-SU-2017:3303-1
- SUSE-SU-2017:3304-1
- SUSE-SU-2017:3305-1
- SUSE-SU-2017:3306-1
- SUSE-SU-2017:3307-1
- SUSE-SU-2017:3308-1
- SUSE-SU-2017:3309-1
- SUSE-SU-2017:3310-1
- SUSE-SU-2017:3312-1
- SUSE-SU-2017:3313-1
- SUSE-SU-2017:3314-1
- SUSE-SU-2017:3316-1
- SUSE-SU-2017:3317-1
- SUSE-SU-2017:3318-1
- SUSE-SU-2017:3319-1
- SUSE-SU-2017:3320-1
- SUSE-SU-2017:3321-1
- SUSE-SU-2017:3322-1
- SUSE-SU-2017:3323-1
- SUSE-SU-2017:3324-1
- SUSE-SU-2017:3332-1
- SUSE-SU-2017:3336-1
- SUSE-SU-2017:3337-1
- SUSE-SU-2017:3338-1
- SUSE-SU-2017:3340-1
- SUSE-SU-2017:3398-1
- SUSE-SU-2017:3410-1
- SUSE-SU-2018:0011-1
- SUSE-SU-2018:0040-1
- SUSE-SU-2018:0180-1
- SUSE-SU-2018:0213-1
- SUSE-SU-2018:0237-1
- SUSE-SU-2018:0238-1
- SUSE-SU-2018:0239-1
- SUSE-SU-2018:0240-1
- SUSE-SU-2018:0241-1
- SUSE-SU-2018:0242-1
- SUSE-SU-2018:0244-1
- SUSE-SU-2018:0245-1
- SUSE-SU-2018:0249-1
- SUSE-SU-2018:0250-1
- SUSE-SU-2018:0251-1
- SUSE-SU-2018:0252-1
- SUSE-SU-2018:0253-1
- SUSE-SU-2018:0265-1
- SUSE-SU-2018:0266-1
- SUSE-SU-2018:0268-1
- SUSE-SU-2018:0269-1
- SUSE-SU-2018:0270-1
- SUSE-SU-2018:0271-1
- SUSE-SU-2018:0272-1
- SUSE-SU-2018:0273-1
- SUSE-SU-2018:0274-1
- SUSE-SU-2018:0275-1
- SUSE-SU-2018:0276-1
- SUSE-SU-2018:0277-1
- SUSE-SU-2018:0278-1
- SUSE-SU-2018:0280-1
- SUSE-SU-2018:0281-1
- SUSE-SU-2018:0282-1
- SUSE-SU-2018:0296-1
- SUSE-SU-2018:0297-1
- SUSE-SU-2018:0340-1
- SUSE-SU-2018:0345-1
- SUSE-SU-2018:0346-1
- SUSE-SU-2018:0347-1
- SUSE-SU-2018:0785-1
- SUSE-SU-2018:0786-1
- SUSE-SU-2018:0834-1
- SUSE-SU-2018:0848-1
- SUSE-SU-2018:0986-1
- SUSE-SU-2019:0148-1
- SUSE-SU-2019:0320-1
- SUSE-SU-2020:3400-1
- SUSE-SU-2020:3449-1
- USN-3485-1
- USN-3485-2
- USN-3485-3
- USN-3507-1
- USN-3508-1
- USN-3508-2
- USN-3509-1
- USN-3509-2
- USN-3510-1
- USN-3510-2
- USN-3511-1
- USN-3698-1
- USN-3698-2
- USN-3798-1
- USN-3798-2
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:deb/ubuntu/linux-image-extra-4.13.0-1002-gcp?distro=xenial | ubuntu | linux-image-extra-4.13.0-1002-gcp | < 4.13.0-1002.5 | xenial | ||
Affected | pkg:deb/ubuntu/linux-image-4.13.0-1002-gcp?distro=xenial | ubuntu | linux-image-4.13.0-1002-gcp | < 4.13.0-1002.5 | xenial |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |