1. Home
  2. Security Advisories
  3. Ubuntu
  4. USN-3507-2

[USN-3507-2] Linux kernel (GCP) vulnerabilities

Severity High
Affected Packages 2
CVEs 6
Info Packages Vulnerabilities

Several security issues were fixed in the Linux kernel.

Mohamed Ghannam discovered that a use-after-free vulnerability existed in
the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-16939)

It was discovered that the Linux kernel did not properly handle copy-on-
write of transparent huge pages. A local attacker could use this to cause a
denial of service (application crashes) or possibly gain administrative
privileges. (CVE-2017-1000405)

Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array
implementation in the Linux kernel sometimes did not properly handle adding
a new entry. A local attacker could use this to cause a denial of service
(system crash). (CVE-2017-12193)

Eric Biggers discovered that the key management subsystem in the Linux
kernel did not properly restrict adding a key that already exists but is
uninstantiated. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2017-15299)

It was discovered that a null pointer dereference error existed in the
PowerPC KVM implementation in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash). (CVE-2017-15306)

Eric Biggers discovered a race condition in the key management subsystem of
the Linux kernel around keys in a negative state. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-15951)

Package Affected Version
pkg:deb/ubuntu/linux-image-extra-4.13.0-1002-gcp?distro=xenial < 4.13.0-1002.5
pkg:deb/ubuntu/linux-image-4.13.0-1002-gcp?distro=xenial < 4.13.0-1002.5
ID
USN-3507-2
Severity
high
URL
https://ubuntu.com/security/notices/USN-3507-2
Published
2017-12-08T03:47:41
(6 years ago)
Modified
2017-12-08T03:47:41
(6 years ago)
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:deb/ubuntu/linux-image-extra-4.13.0-1002-gcp?distro=xenial ubuntu linux-image-extra-4.13.0-1002-gcp < 4.13.0-1002.5 xenial
Affected pkg:deb/ubuntu/linux-image-4.13.0-1002-gcp?distro=xenial ubuntu linux-image-4.13.0-1002-gcp < 4.13.0-1002.5 xenial
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date