First published: Tue May 22 2018(Updated: )
It was discovered that the netlink subsystem in the Linux kernel did not properly restrict observations of netlink messages to the appropriate net namespace. A local attacker could use this to expose sensitive information (kernel netlink traffic). (CVE-2017-17449) Tuba Yavuz discovered that a double-free error existed in the USBTV007 driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17975) It was discovered that a race condition existed in the Device Mapper component of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18203) It was discovered that an infinite loop could occur in the madvise(2) implementation in the Linux kernel in certain circumstances. A local attacker could use this to cause a denial of service (system hang). (CVE-2017-18208) Silvio Cesare discovered a buffer overwrite existed in the NCPFS implementation in the Linux kernel. A remote attacker controlling a malicious NCPFS server could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-8822)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/linux-image-4.13.0-1020-raspi2 | <4.13.0-1020.21 | 4.13.0-1020.21 |
Ubuntu Ubuntu | =17.10 | |
All of | ||
ubuntu/linux-image-raspi2 | <4.13.0.1020.18 | 4.13.0.1020.18 |
Ubuntu Ubuntu | =17.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)
The vulnerability ID for this advisory is CVE-2017-17449.
CVE-2017-17449 allows a local attacker to expose sensitive information by observing kernel netlink traffic.
This vulnerability affects Ubuntu 17.10 with the Linux kernel version linux-image-4.13.0-1020-raspi2 up to 4.13.0-1020.21.
Yes, the fix for this vulnerability is to upgrade the Linux kernel to version 4.13.0-1020.21 for linux-image-4.13.0-1020-raspi2.
You can find more information about this vulnerability at the following references: [CVE-2017-17449](https://ubuntu.com/security/CVE-2017-17449), [CVE-2017-17975](https://ubuntu.com/security/CVE-2017-17975), [CVE-2017-18203](https://ubuntu.com/security/CVE-2017-18203).