usn-3361-1
Vulnerability from osv_ubuntu
Published
2017-07-21 09:59
Modified
2026-06-03 10:45
Summary
linux-hwe vulnerabilities
Details

USN-3358-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Please note that this update changes the Linux HWE kernel to the 4.10 based kernel from Ubuntu 17.04, superseding the 4.8 based HWE kernel from Ubuntu 16.10.

Ben Harris discovered that the Linux kernel would strip extended privilege attributes of files when performing a failed unprivileged system call. A local attacker could use this to cause a denial of service. (CVE-2015-1350)

Ralf Spenneberg discovered that the ext4 implementation in the Linux kernel did not properly validate meta block groups. An attacker with physical access could use this to specially craft an ext4 image that causes a denial of service (system crash). (CVE-2016-10208)

Peter Pi discovered that the colormap handling for frame buffer devices in the Linux kernel contained an integer overflow. A local attacker could use this to disclose sensitive information (kernel memory). (CVE-2016-8405)

It was discovered that an integer overflow existed in the InfiniBand RDMA over ethernet (RXE) transport implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-8636)

Vlad Tsyrklevich discovered an integer overflow vulnerability in the VFIO PCI driver for the Linux kernel. A local attacker with access to a vfio PCI device file could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-9083, CVE-2016-9084)

CAI Qian discovered that the sysctl implementation in the Linux kernel did not properly perform reference counting in some situations. An unprivileged attacker could use this to cause a denial of service (system hang). (CVE-2016-9191)

It was discovered that the keyring implementation in the Linux kernel in some situations did not prevent special internal keyrings from being joined by userspace keyrings. A privileged local attacker could use this to bypass module verification. (CVE-2016-9604)

Dmitry Vyukov, Andrey Konovalov, Florian Westphal, and Eric Dumazet discovered that the netfiler subsystem in the Linux kernel mishandled IPv6 packet reassembly. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-9755)

Andy Lutomirski and Willy Tarreau discovered that the KVM implementation in the Linux kernel did not properly emulate instructions on the SS segment register. A local attacker in a guest virtual machine could use this to cause a denial of service (guest OS crash) or possibly gain administrative privileges in the guest OS. (CVE-2017-2583)

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel improperly emulated certain instructions. A local attacker could use this to obtain sensitive information (kernel memory). (CVE-2017-2584)

Dmitry Vyukov discovered that KVM implementation in the Linux kernel improperly emulated the VMXON instruction. A local attacker in a guest OS could use this to cause a denial of service (memory consumption) in the host OS. (CVE-2017-2596)

It was discovered that SELinux in the Linux kernel did not properly handle empty writes to /proc/pid/attr. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-2618)

Daniel Jiang discovered that a race condition existed in the ipv4 ping socket implementation in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2017-2671)

It was discovered that the freelist-randomization in the SLAB memory allocator allowed duplicate freelist entries. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-5546)

It was discovered that the KLSI KL5KUSB105 serial-to-USB device driver in the Linux kernel did not properly initialize memory related to logging. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-5549)

It was discovered that a fencepost error existed in the pipe_advance() function in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-5550)

It was discovered that the Linux kernel did not clear the setgid bit during a setxattr call on a tmpfs filesystem. A local attacker could use this to gain elevated group privileges. (CVE-2017-5551)

Murray McAllister discovered that an integer overflow existed in the VideoCore DRM driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-5576)

Gareth Evans discovered that the shm IPC subsystem in the Linux kernel did not properly restrict mapping page zero. A local privileged attacker could use this to execute arbitrary code. (CVE-2017-5669)

Andrey Konovalov discovered an out-of-bounds access in the IPv6 Generic Routing Encapsulation (GRE) tunneling implementation in the Linux kernel. An attacker could use this to possibly expose sensitive information. (CVE-2017-5897)

Andrey Konovalov discovered that the IPv4 implementation in the Linux kernel did not properly handle invalid IP options in some situations. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2017-5970)

Di Shen discovered that a race condition existed in the perf subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. (CVE-2017-6001)

Dmitry Vyukov discovered that the Linux kernel did not properly handle TCP packets with the URG flag. A remote attacker could use this to cause a denial of service. (CVE-2017-6214)

Andrey Konovalov discovered that the LLC subsytem in the Linux kernel did not properly set up a destructor in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-6345)

It was discovered that a race condition existed in the AF_PACKET handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-6346)

Andrey Konovalov discovered that the IP layer in the Linux kernel made improper assumptions about internal data layout when performing checksums. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-6347)

Dmitry Vyukov discovered race conditions in the Infrared (IrDA) subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (deadlock). (CVE-2017-6348)

Dmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux kernel contained a stack-based buffer overflow. A local attacker with access to an sg device could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7187)

It was discovered that a NULL pointer dereference existed in the Direct Rendering Manager (DRM) driver for VMWare devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7261)

It was discovered that the USB Cypress HID drivers for the Linux kernel did not properly validate reported information from the device. An attacker with physical access could use this to expose sensitive information (kernel memory). (CVE-2017-7273)

Eric Biggers discovered a memory leak in the keyring implementation in the Linux kernel. A local attacker could use this to cause a denial of service (memory consumption). (CVE-2017-7472)

It was discovered that an information leak existed in the set_mempolicy and mbind compat syscalls in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-7616)

Sabrina Dubroca discovered that the asynchronous cryptographic hash (ahash) implementation in the Linux kernel did not properly handle a full request queue. A local attacker could use this to cause a denial of service (infinite recursion). (CVE-2017-7618)

Tuomas Haanpää and Ari Kauppi discovered that the NFSv2 and NFSv3 server implementations in the Linux kernel did not properly handle certain long RPC replies. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-7645)

Tommi Rantala and Brad Spengler discovered that the memory manager in the Linux kernel did not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism. A local attacker with access to /dev/mem could use this to expose sensitive information or possibly execute arbitrary code. (CVE-2017-7889)

Tuomas Haanpää and Ari Kauppi discovered that the NFSv2 and NFSv3 server implementations in the Linux kernel did not properly check for the end of buffer. A remote attacker could use this to craft requests that cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7895)

It was discovered that an integer underflow existed in the Edgeport USB Serial Converter device driver of the Linux kernel. An attacker with physical access could use this to expose sensitive information (kernel memory). (CVE-2017-8924)

It was discovered that the USB ZyXEL omni.net LCD PLUS driver in the Linux kernel did not properly perform reference counting. A local attacker could use this to cause a denial of service (tty exhaustion). (CVE-2017-8925)

Jann Horn discovered that bpf in Linux kernel does not restrict the output of the print_bpf_insn function. A local attacker could use this to obtain sensitive address information. (CVE-2017-9150)

References
https://ubuntu.com/security/notices/USN-3361-1 ADVISORY
https://ubuntu.com/security/CVE-2015-1350 REPORT
https://ubuntu.com/security/CVE-2016-8405 REPORT
https://ubuntu.com/security/CVE-2016-8636 REPORT
https://ubuntu.com/security/CVE-2016-9083 REPORT
https://ubuntu.com/security/CVE-2016-9084 REPORT
https://ubuntu.com/security/CVE-2016-9191 REPORT
https://ubuntu.com/security/CVE-2016-9604 REPORT
https://ubuntu.com/security/CVE-2016-9755 REPORT
https://ubuntu.com/security/CVE-2016-10208 REPORT
https://ubuntu.com/security/CVE-2017-2583 REPORT
https://ubuntu.com/security/CVE-2017-2584 REPORT
https://ubuntu.com/security/CVE-2017-2596 REPORT
https://ubuntu.com/security/CVE-2017-2618 REPORT
https://ubuntu.com/security/CVE-2017-2671 REPORT
https://ubuntu.com/security/CVE-2017-5546 REPORT
https://ubuntu.com/security/CVE-2017-5549 REPORT
https://ubuntu.com/security/CVE-2017-5550 REPORT
https://ubuntu.com/security/CVE-2017-5551 REPORT
https://ubuntu.com/security/CVE-2017-5576 REPORT
https://ubuntu.com/security/CVE-2017-5669 REPORT
https://ubuntu.com/security/CVE-2017-5897 REPORT
https://ubuntu.com/security/CVE-2017-5970 REPORT
https://ubuntu.com/security/CVE-2017-6001 REPORT
https://ubuntu.com/security/CVE-2017-6214 REPORT
https://ubuntu.com/security/CVE-2017-6345 REPORT
https://ubuntu.com/security/CVE-2017-6346 REPORT
https://ubuntu.com/security/CVE-2017-6347 REPORT
https://ubuntu.com/security/CVE-2017-6348 REPORT
https://ubuntu.com/security/CVE-2017-7187 REPORT
https://ubuntu.com/security/CVE-2017-7261 REPORT
https://ubuntu.com/security/CVE-2017-7273 REPORT
https://ubuntu.com/security/CVE-2017-7472 REPORT
https://ubuntu.com/security/CVE-2017-7616 REPORT
https://ubuntu.com/security/CVE-2017-7618 REPORT
https://ubuntu.com/security/CVE-2017-7645 REPORT
https://ubuntu.com/security/CVE-2017-7889 REPORT
https://ubuntu.com/security/CVE-2017-7895 REPORT
https://ubuntu.com/security/CVE-2017-8924 REPORT
https://ubuntu.com/security/CVE-2017-8925 REPORT
https://ubuntu.com/security/CVE-2017-9150 REPORT

{
  "affected": [
    {
      "database_specific": {
        "cves_map": {
          "cves": [],
          "ecosystem": "Ubuntu:16.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "block-modules-4.10.0-27-generic-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "block-modules-4.10.0-27-generic-lpae-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "crypto-modules-4.10.0-27-generic-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "crypto-modules-4.10.0-27-generic-lpae-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "dasd-extra-modules-4.10.0-27-generic-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "dasd-modules-4.10.0-27-generic-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "fat-modules-4.10.0-27-generic-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "fat-modules-4.10.0-27-generic-lpae-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "fb-modules-4.10.0-27-generic-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "firewire-core-modules-4.10.0-27-generic-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "floppy-modules-4.10.0-27-generic-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "fs-core-modules-4.10.0-27-generic-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "fs-core-modules-4.10.0-27-generic-lpae-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "fs-secondary-modules-4.10.0-27-generic-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "fs-secondary-modules-4.10.0-27-generic-lpae-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "input-modules-4.10.0-27-generic-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "input-modules-4.10.0-27-generic-lpae-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "ipmi-modules-4.10.0-27-generic-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "ipmi-modules-4.10.0-27-generic-lpae-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "irda-modules-4.10.0-27-generic-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "irda-modules-4.10.0-27-generic-lpae-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "kernel-image-4.10.0-27-generic-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "kernel-image-4.10.0-27-generic-lpae-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "linux-cloud-tools-4.10.0-27-generic",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "linux-cloud-tools-4.10.0-27-lowlatency",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "linux-headers-4.10.0-27",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "linux-headers-4.10.0-27-generic",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "linux-headers-4.10.0-27-generic-lpae",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "linux-headers-4.10.0-27-lowlatency",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "linux-hwe-cloud-tools-4.10.0-27",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "linux-hwe-tools-4.10.0-27",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "linux-hwe-udebs-generic",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "linux-hwe-udebs-generic-lpae",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "linux-image-4.10.0-27-generic",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "linux-image-4.10.0-27-generic-lpae",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "linux-image-4.10.0-27-lowlatency",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "linux-image-extra-4.10.0-27-generic",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "linux-source-4.10.0",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "linux-tools-4.10.0-27-generic",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "linux-tools-4.10.0-27-generic-lpae",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "linux-tools-4.10.0-27-lowlatency",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "md-modules-4.10.0-27-generic-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "md-modules-4.10.0-27-generic-lpae-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "message-modules-4.10.0-27-generic-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "mouse-modules-4.10.0-27-generic-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "mouse-modules-4.10.0-27-generic-lpae-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "multipath-modules-4.10.0-27-generic-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "multipath-modules-4.10.0-27-generic-lpae-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "nfs-modules-4.10.0-27-generic-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "nfs-modules-4.10.0-27-generic-lpae-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "nic-modules-4.10.0-27-generic-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "nic-modules-4.10.0-27-generic-lpae-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "nic-pcmcia-modules-4.10.0-27-generic-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "nic-shared-modules-4.10.0-27-generic-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "nic-shared-modules-4.10.0-27-generic-lpae-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "nic-usb-modules-4.10.0-27-generic-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "nic-usb-modules-4.10.0-27-generic-lpae-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "parport-modules-4.10.0-27-generic-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "parport-modules-4.10.0-27-generic-lpae-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "pata-modules-4.10.0-27-generic-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "pcmcia-modules-4.10.0-27-generic-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "pcmcia-storage-modules-4.10.0-27-generic-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "plip-modules-4.10.0-27-generic-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "plip-modules-4.10.0-27-generic-lpae-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "ppp-modules-4.10.0-27-generic-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "ppp-modules-4.10.0-27-generic-lpae-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "sata-modules-4.10.0-27-generic-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "sata-modules-4.10.0-27-generic-lpae-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "scsi-modules-4.10.0-27-generic-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "scsi-modules-4.10.0-27-generic-lpae-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "serial-modules-4.10.0-27-generic-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "storage-core-modules-4.10.0-27-generic-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "storage-core-modules-4.10.0-27-generic-lpae-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "usb-modules-4.10.0-27-generic-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "usb-modules-4.10.0-27-generic-lpae-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "virtio-modules-4.10.0-27-generic-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "vlan-modules-4.10.0-27-generic-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          },
          {
            "binary_name": "vlan-modules-4.10.0-27-generic-lpae-di",
            "binary_version": "4.10.0-27.30~16.04.2"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:16.04:LTS",
        "name": "linux-hwe",
        "purl": "pkg:deb/ubuntu/linux-hwe@4.10.0-27.30~16.04.2?arch=source\u0026distro=xenial"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.10.0-27.30~16.04.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "4.8.0-36.36~16.04.1",
        "4.8.0-39.42~16.04.1",
        "4.8.0-41.44~16.04.1",
        "4.8.0-42.45~16.04.1",
        "4.8.0-44.47~16.04.1",
        "4.8.0-45.48~16.04.1",
        "4.8.0-46.49~16.04.1",
        "4.8.0-49.52~16.04.1",
        "4.8.0-51.54~16.04.1",
        "4.8.0-52.55~16.04.1",
        "4.8.0-53.56~16.04.1",
        "4.8.0-54.57~16.04.1",
        "4.8.0-56.61~16.04.1",
        "4.8.0-58.63~16.04.1"
      ]
    }
  ],
  "aliases": [],
  "details": "USN-3358-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.\nThis update provides the corresponding updates for the Linux Hardware\nEnablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Please\nnote that this update changes the Linux HWE kernel to the 4.10 based\nkernel from Ubuntu 17.04, superseding the 4.8 based HWE kernel from\nUbuntu 16.10.\n\nBen Harris discovered that the Linux kernel would strip extended privilege\nattributes of files when performing a failed unprivileged system call. A\nlocal attacker could use this to cause a denial of service. (CVE-2015-1350)\n\nRalf Spenneberg discovered that the ext4 implementation in the Linux kernel\ndid not properly validate meta block groups. An attacker with physical\naccess could use this to specially craft an ext4 image that causes a denial\nof service (system crash). (CVE-2016-10208)\n\nPeter Pi discovered that the colormap handling for frame buffer devices in\nthe Linux kernel contained an integer overflow. A local attacker could use\nthis to disclose sensitive information (kernel memory). (CVE-2016-8405)\n\nIt was discovered that an integer overflow existed in the InfiniBand RDMA\nover ethernet (RXE) transport implementation in the Linux kernel. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2016-8636)\n\nVlad Tsyrklevich discovered an integer overflow vulnerability in the VFIO\nPCI driver for the Linux kernel. A local attacker with access to a vfio PCI\ndevice file could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2016-9083, CVE-2016-9084)\n\nCAI Qian discovered that the sysctl implementation in the Linux kernel did\nnot properly perform reference counting in some situations. An unprivileged\nattacker could use this to cause a denial of service (system hang).\n(CVE-2016-9191)\n\nIt was discovered that the keyring implementation in the Linux kernel in\nsome situations did not prevent special internal keyrings from being joined\nby userspace keyrings. A privileged local attacker could use this to bypass\nmodule verification. (CVE-2016-9604)\n\nDmitry Vyukov, Andrey Konovalov, Florian Westphal, and Eric Dumazet\ndiscovered that the netfiler subsystem in the Linux kernel mishandled IPv6\npacket reassembly. A local user could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2016-9755)\n\nAndy Lutomirski and Willy Tarreau discovered that the KVM implementation in\nthe Linux kernel did not properly emulate instructions on the SS segment\nregister. A local attacker in a guest virtual machine could use this to\ncause a denial of service (guest OS crash) or possibly gain administrative\nprivileges in the guest OS. (CVE-2017-2583)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel\nimproperly emulated certain instructions. A local attacker could use this\nto obtain sensitive information (kernel memory). (CVE-2017-2584)\n\nDmitry Vyukov discovered that KVM implementation in the Linux kernel\nimproperly emulated the VMXON instruction. A local attacker in a guest OS\ncould use this to cause a denial of service (memory consumption) in the\nhost OS. (CVE-2017-2596)\n\nIt was discovered that SELinux in the Linux kernel did not properly handle\nempty writes to /proc/pid/attr. A local attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-2618)\n\nDaniel Jiang discovered that a race condition existed in the ipv4 ping\nsocket implementation in the Linux kernel. A local privileged attacker\ncould use this to cause a denial of service (system crash). (CVE-2017-2671)\n\nIt was discovered that the freelist-randomization in the SLAB memory\nallocator allowed duplicate freelist entries. A local attacker could use\nthis to cause a denial of service (system crash). (CVE-2017-5546)\n\nIt was discovered that the KLSI KL5KUSB105 serial-to-USB device driver in\nthe Linux kernel did not properly initialize memory related to logging. A\nlocal attacker could use this to expose sensitive information (kernel\nmemory). (CVE-2017-5549)\n\nIt was discovered that a fencepost error existed in the pipe_advance()\nfunction in the Linux kernel. A local attacker could use this to expose\nsensitive information (kernel memory). (CVE-2017-5550)\n\nIt was discovered that the Linux kernel did not clear the setgid bit during\na setxattr call on a tmpfs filesystem. A local attacker could use this to\ngain elevated group privileges. (CVE-2017-5551)\n\nMurray McAllister discovered that an integer overflow existed in the\nVideoCore DRM driver of the Linux kernel. A local attacker could use this\nto cause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2017-5576)\n\nGareth Evans discovered that the shm IPC subsystem in the Linux kernel did\nnot properly restrict mapping page zero. A local privileged attacker could\nuse this to execute arbitrary code. (CVE-2017-5669)\n\nAndrey Konovalov discovered an out-of-bounds access in the IPv6 Generic\nRouting Encapsulation (GRE) tunneling implementation in the Linux kernel.\nAn attacker could use this to possibly expose sensitive information.\n(CVE-2017-5897)\n\nAndrey Konovalov discovered that the IPv4 implementation in the Linux\nkernel did not properly handle invalid IP options in some situations. An\nattacker could use this to cause a denial of service or possibly execute\narbitrary code. (CVE-2017-5970)\n\nDi Shen discovered that a race condition existed in the perf subsystem of\nthe Linux kernel. A local attacker could use this to cause a denial of\nservice or possibly gain administrative privileges. (CVE-2017-6001)\n\nDmitry Vyukov discovered that the Linux kernel did not properly handle TCP\npackets with the URG flag. A remote attacker could use this to cause a\ndenial of service. (CVE-2017-6214)\n\nAndrey Konovalov discovered that the LLC subsytem in the Linux kernel did\nnot properly set up a destructor in certain situations. A local attacker\ncould use this to cause a denial of service (system crash). (CVE-2017-6345)\n\nIt was discovered that a race condition existed in the AF_PACKET handling\ncode in the Linux kernel. A local attacker could use this to cause a denial\nof service (system crash) or possibly execute arbitrary code.\n(CVE-2017-6346)\n\nAndrey Konovalov discovered that the IP layer in the Linux kernel made\nimproper assumptions about internal data layout when performing checksums.\nA local attacker could use this to cause a denial of service (system crash)\nor possibly execute arbitrary code. (CVE-2017-6347)\n\nDmitry Vyukov discovered race conditions in the Infrared (IrDA) subsystem\nin the Linux kernel. A local attacker could use this to cause a denial of\nservice (deadlock). (CVE-2017-6348)\n\nDmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux\nkernel contained a stack-based buffer overflow. A local attacker with\naccess to an sg device could use this to cause a denial of service (system\ncrash) or possibly execute arbitrary code. (CVE-2017-7187)\n\nIt was discovered that a NULL pointer dereference existed in the Direct\nRendering Manager (DRM) driver for VMWare devices in the Linux kernel. A\nlocal attacker could use this to cause a denial of service (system crash).\n(CVE-2017-7261)\n\nIt was discovered that the USB Cypress HID drivers for the Linux kernel did\nnot properly validate reported information from the device. An attacker\nwith physical access could use this to expose sensitive information (kernel\nmemory). (CVE-2017-7273)\n\nEric Biggers discovered a memory leak in the keyring implementation in the\nLinux kernel. A local attacker could use this to cause a denial of service\n(memory consumption). (CVE-2017-7472)\n\nIt was discovered that an information leak existed in the set_mempolicy and\nmbind compat syscalls in the Linux kernel. A local attacker could use this\nto expose sensitive information (kernel memory). (CVE-2017-7616)\n\nSabrina Dubroca discovered that the asynchronous cryptographic hash (ahash)\nimplementation in the Linux kernel did not properly handle a full request\nqueue. A local attacker could use this to cause a denial of service\n(infinite recursion). (CVE-2017-7618)\n\nTuomas Haanp\u00e4\u00e4 and Ari Kauppi discovered that the NFSv2 and NFSv3 server\nimplementations in the Linux kernel did not properly handle certain long\nRPC replies. A remote attacker could use this to cause a denial of service\n(system crash). (CVE-2017-7645)\n\nTommi Rantala and Brad Spengler discovered that the memory manager in the\nLinux kernel did not properly enforce the CONFIG_STRICT_DEVMEM protection\nmechanism. A local attacker with access to /dev/mem could use this to\nexpose sensitive information or possibly execute arbitrary code.\n(CVE-2017-7889)\n\nTuomas Haanp\u00e4\u00e4 and Ari Kauppi discovered that the NFSv2 and NFSv3 server\nimplementations in the Linux kernel did not properly check for the end of\nbuffer. A remote attacker could use this to craft requests that cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-7895)\n\nIt was discovered that an integer underflow existed in the Edgeport USB\nSerial Converter device driver of the Linux kernel. An attacker with\nphysical access could use this to expose sensitive information (kernel\nmemory). (CVE-2017-8924)\n\nIt was discovered that the USB ZyXEL omni.net LCD PLUS driver in the Linux\nkernel did not properly perform reference counting. A local attacker could\nuse this to cause a denial of service (tty exhaustion). (CVE-2017-8925)\n\nJann Horn discovered that bpf in Linux kernel does not restrict the output\nof the print_bpf_insn function. A local attacker could use this to obtain\nsensitive address information. (CVE-2017-9150)\n",
  "id": "USN-3361-1",
  "modified": "2026-06-03T10:45:15Z",
  "published": "2017-07-21T09:59:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-3361-1"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-1350"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-8405"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-8636"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-9083"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-9084"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-9191"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-9604"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-9755"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-10208"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-2583"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-2584"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-2596"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-2618"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-2671"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-5546"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-5549"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-5550"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-5551"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-5576"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-5669"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-5897"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-5970"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-6001"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-6214"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-6345"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-6346"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-6347"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-6348"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-7187"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-7261"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-7273"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-7472"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-7616"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-7618"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-7645"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-7889"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-7895"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-8924"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-8925"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-9150"
    }
  ],
  "related": [],
  "schema_version": "1.7.0",
  "summary": "linux-hwe vulnerabilities",
  "upstream": [
    "UBUNTU-CVE-2015-1350",
    "UBUNTU-CVE-2016-8405",
    "UBUNTU-CVE-2016-8636",
    "UBUNTU-CVE-2016-9083",
    "UBUNTU-CVE-2016-9084",
    "UBUNTU-CVE-2016-9191",
    "UBUNTU-CVE-2016-9604",
    "UBUNTU-CVE-2016-9755",
    "UBUNTU-CVE-2016-10208",
    "UBUNTU-CVE-2017-2583",
    "UBUNTU-CVE-2017-2584",
    "UBUNTU-CVE-2017-2596",
    "UBUNTU-CVE-2017-2618",
    "UBUNTU-CVE-2017-2671",
    "UBUNTU-CVE-2017-5546",
    "UBUNTU-CVE-2017-5549",
    "UBUNTU-CVE-2017-5550",
    "UBUNTU-CVE-2017-5551",
    "UBUNTU-CVE-2017-5576",
    "UBUNTU-CVE-2017-5669",
    "UBUNTU-CVE-2017-5897",
    "UBUNTU-CVE-2017-5970",
    "UBUNTU-CVE-2017-6001",
    "UBUNTU-CVE-2017-6214",
    "UBUNTU-CVE-2017-6345",
    "UBUNTU-CVE-2017-6346",
    "UBUNTU-CVE-2017-6347",
    "UBUNTU-CVE-2017-6348",
    "UBUNTU-CVE-2017-7187",
    "UBUNTU-CVE-2017-7261",
    "UBUNTU-CVE-2017-7273",
    "UBUNTU-CVE-2017-7472",
    "UBUNTU-CVE-2017-7616",
    "UBUNTU-CVE-2017-7618",
    "UBUNTU-CVE-2017-7645",
    "UBUNTU-CVE-2017-7889",
    "UBUNTU-CVE-2017-7895",
    "UBUNTU-CVE-2017-8924",
    "UBUNTU-CVE-2017-8925",
    "UBUNTU-CVE-2017-9150"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…