[USN-3508-1] Linux kernel vulnerabilities

Severity High

CVEs 3

Several security issues were fixed in the Linux kernel.

Mohamed Ghannam discovered that a use-after-free vulnerability existed in
the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-16939)

It was discovered that the Linux kernel did not properly handle copy-on-
write of transparent huge pages. A local attacker could use this to cause a
denial of service (application crashes) or possibly gain administrative
privileges. (CVE-2017-1000405)

Yonggang Guo discovered that a race condition existed in the driver
subsystem in the Linux kernel. A local attacker could use this to possibly
gain administrative privileges. (CVE-2017-12146)

ID

USN-3508-1

Severity

high

Severity from

CVE-2017-16939

URL

https://ubuntu.com/security/notices/USN-3508-1

Published