CVE-2017-1000405 Ubuntu Security Notification for Linux, Linux-aws, Linux-kvm, Linux-raspi2, Linux-snapdragon Vulnerabilities (USN-3509-1)

2017年12月14日 1261点热度 0人点赞 0条评论

漏洞类别：Ubuntu

漏洞等级：

漏洞信息

A use-after-free vulnerability existed in the Netlink subsystem (XFRM) in the Linux kernel.

It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages.

It was discovered that the associative array implementation in the Linux kernel sometimes did not properly handle adding a new entry.

An out-of-bounds read in the GTCO digitizer USB driver for the Linux kernel.

漏洞危害

A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16939)

A local attacker could use this to cause a denial of service (application crashes) or possibly gain administrative privileges. (CVE-2017-1000405)

A local attacker could use this to cause a denial of service (system crash). (CVE-2017-12193)

A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16643)

解决方案

Refer to Ubuntu advisory USN-3509-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

0daybank