USN-3508-2: Linux kernel (HWE) vulnerabilities
First published: Thu Dec 07 2017(Updated: )
USN-3508-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16939) It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages. A local attacker could use this to cause a denial of service (application crashes) or possibly gain administrative privileges. (CVE-2017-1000405) Yonggang Guo discovered that a race condition existed in the driver subsystem in the Linux kernel. A local attacker could use this to possibly gain administrative privileges. (CVE-2017-12146)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/linux-image-4.10.0-42-generic | <4.10.0-42.46~16.04.1 | 4.10.0-42.46~16.04.1 |
| Ubuntu gir1.2-packagekitglib-1.0 | =16.04 | |
| All of | ||
| ubuntu/linux-image-4.10.0-42-generic-lpae | <4.10.0-42.46~16.04.1 | 4.10.0-42.46~16.04.1 |
| Ubuntu gir1.2-packagekitglib-1.0 | =16.04 | |
| All of | ||
| ubuntu/linux-image-4.10.0-42-lowlatency | <4.10.0-42.46~16.04.1 | 4.10.0-42.46~16.04.1 |
| Ubuntu gir1.2-packagekitglib-1.0 | =16.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2017-1000405
- https://ubuntu.com/security/CVE-2017-12146
- https://ubuntu.com/security/CVE-2017-16939
- https://ubuntu.com/security/notices/USN-3510-1
- https://ubuntu.com/security/notices/USN-3510-2
- https://ubuntu.com/security/notices/USN-3511-1
- https://ubuntu.com/security/notices/USN-3507-1
- https://ubuntu.com/security/notices/USN-3507-2
- https://ubuntu.com/security/notices/USN-3509-1
- https://ubuntu.com/security/notices/USN-3509-2
- https://ubuntu.com/security/notices/USN-3508-1
- https://launchpad.net/ubuntu/+source/linux-hwe/4.10.0-42.46~16.04.1
- https://ubuntu.com/security/notices/USN-3508-2 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the severity of USN-3508-2?
The severity of USN-3508-2 is not specified in the information provided.
How do I determine if my system is affected by USN-3508-2?
You can determine if your system is affected by USN-3508-2 by checking the installed version of the Linux kernel against the affected versions specified in the information.
How do I fix USN-3508-2?
You can fix USN-3508-2 by updating the Linux kernel to the specified remedy version.
Where can I find more information about USN-3508-2?
You can find more information about USN-3508-2 on the Ubuntu Security Notices website using the provided references.
What are the CWE IDs associated with USN-3508-2?
The CWE IDs associated with USN-3508-2 are CWE-416 and CWE-362.
- agent/severity
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/title
- agent/references
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu gir1.2-packagekitglib-1.0
- version/ubuntu gir1.2-packagekitglib-1.0/16.04