Main Vulnerability Database SB2017042402

SB2017042402 - Ubuntu update for Linux kernel (HWE)

Published: April 24, 2017

Security Bulletin ID SB2017042402

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Assertion failure (CVE-ID: CVE-2017-5986)

The vulnerability allows a local user to cause kernel panic.

The vulnerability exists due to a race condition in the sctp_wait_for_sndbuf() function in net/sctp/socket.c in the Linux kernel before 4.9.11. A local user can use userspace application to trigger a BUG_ON() system call if the socket tx buffer is full and cause kernel panic.

Successful exploitation of this vulnerability may result in denial of service condition.

Remediation

Install update from vendor's website.

References

http://www.ubuntu.com/usn/usn-3266-2/