[USN-3511-1] Linux kernel (Azure) vulnerabilities

Severity High

Affected Packages 2

CVEs 2

Several security issues were fixed in the Linux kernel.

Mohamed Ghannam discovered that a use-after-free vulnerability existed in
the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-16939)

It was discovered that the Linux kernel did not properly handle copy-on-
write of transparent huge pages. A local attacker could use this to cause a
denial of service (application crashes) or possibly gain administrative
privileges. (CVE-2017-1000405)

Package	Affected Version
pkg:deb/ubuntu/linux-image-extra-4.11.0-1016-azure?distro=xenial	< 4.11.0-1016.16
pkg:deb/ubuntu/linux-image-4.11.0-1016-azure?distro=xenial	< 4.11.0-1016.16

ID

USN-3511-1

Severity

high

URL

https://ubuntu.com/security/notices/USN-3511-1

Published

2017-12-08T00:34:29
(6 years ago)

Modified

2017-12-08T00:34:29
(6 years ago)

Other Advisories

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:deb/ubuntu/linux-image-extra-4.11.0-1016-azure?distro=xenial	ubuntu	linux-image-extra-4.11.0-1016-azure	< 4.11.0-1016.16	xenial
Affected	pkg:deb/ubuntu/linux-image-4.11.0-1016-azure?distro=xenial	ubuntu	linux-image-4.11.0-1016-azure	< 4.11.0-1016.16	xenial

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date