ALT-PU-2017-2830-1
Package kernel-image-un-def updated to version 4.14.8-alt1.1 for branch sisyphus in task 197397.
Closed vulnerabilities
Published: 2017-12-27
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2017-16995
The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension.
Severity: HIGH (7.2)
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95a762e2c8c942780948091f8f2a4f32fce1ac6f
- http://openwall.com/lists/oss-security/2017/12/21/2
- http://www.securityfocus.com/bid/102288
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1454
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=a6132276ab5dcc38b3299082efeb25b948263adb
- https://github.com/torvalds/linux/commit/95a762e2c8c942780948091f8f2a4f32fce1ac6f
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3633-1/
- https://usn.ubuntu.com/usn/usn-3523-2/
- https://www.debian.org/security/2017/dsa-4073
- https://www.exploit-db.com/exploits/44298/
- https://www.exploit-db.com/exploits/45010/
- https://www.exploit-db.com/exploits/45058/
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95a762e2c8c942780948091f8f2a4f32fce1ac6f
- http://openwall.com/lists/oss-security/2017/12/21/2
- http://www.securityfocus.com/bid/102288
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1454
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=a6132276ab5dcc38b3299082efeb25b948263adb
- https://github.com/torvalds/linux/commit/95a762e2c8c942780948091f8f2a4f32fce1ac6f
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3633-1/
- https://usn.ubuntu.com/usn/usn-3523-2/
- https://www.debian.org/security/2017/dsa-4073
- https://www.exploit-db.com/exploits/44298/
- https://www.exploit-db.com/exploits/45010/
- https://www.exploit-db.com/exploits/45058/
Published: 2017-12-27
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2017-16996
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging register truncation mishandling.
Severity: HIGH (7.2)
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0c17d1d2c61936401f4702e1846e2c19b200f958
- http://openwall.com/lists/oss-security/2017/12/21/2
- http://www.securityfocus.com/bid/102267
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1454
- https://github.com/torvalds/linux/commit/0c17d1d2c61936401f4702e1846e2c19b200f958
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0c17d1d2c61936401f4702e1846e2c19b200f958
- http://openwall.com/lists/oss-security/2017/12/21/2
- http://www.securityfocus.com/bid/102267
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1454
- https://github.com/torvalds/linux/commit/0c17d1d2c61936401f4702e1846e2c19b200f958