Main Vulnerability Database SB2017103112

SB2017103112 - Ubuntu update for Linux kernel

Published: October 31, 2017

Security Bulletin ID SB2017103112

Severity

Low

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Adjecent network

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Assertion failure (CVE-ID: CVE-2017-1000252)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c.

2) Privilege escalation (CVE-ID: CVE-2017-10663)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to improper validation of the blkoff and segno arrays by the sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel. a local attacker can execute arbitrary code with root privileges.

Remediation

Install update from vendor's website.

References

http://www.ubuntu.com/usn/usn-3468-1/