UbuntuUSN-3509-2Linux kernel (Xenial HWE) vulnerabilities
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
High
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.002 Low
EPSS
Percentile
54.5%
Releases
- Ubuntu 14.04 ESM
Packages
- linux-aws - Linux kernel for Amazon Web Services (AWS) systems
- linux-lts-xenial - Linux hardware enablement kernel from Xenial for Trusty
Details
USN-3509-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.
Mohamed Ghannam discovered that a use-after-free vulnerability existed in
the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-16939)
It was discovered that the Linux kernel did not properly handle copy-on-
write of transparent huge pages. A local attacker could use this to cause a
denial of service (application crashes) or possibly gain administrative
privileges. (CVE-2017-1000405)
Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array
implementation in the Linux kernel sometimes did not properly handle adding
a new entry. A local attacker could use this to cause a denial of service
(system crash). (CVE-2017-12193)
Andrey Konovalov discovered an out-of-bounds read in the GTCO digitizer USB
driver for the Linux kernel. A physically proximate attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2017-16643)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 14.04 | noarch | linux-image-4.4.0-1005-aws | < 4.4.0-1005.5 | UNKNOWN |
| Ubuntu | 14.04 | noarch | linux-aws-cloud-tools-4.4.0-1005 | < 4.4.0-1005.5 | UNKNOWN |
| Ubuntu | 14.04 | noarch | linux-aws-cloud-tools-4.4.0-1005-dbgsym | < 4.4.0-1005.5 | UNKNOWN |
| Ubuntu | 14.04 | noarch | linux-aws-headers-4.4.0-1005 | < 4.4.0-1005.5 | UNKNOWN |
| Ubuntu | 14.04 | noarch | linux-aws-tools-4.4.0-1005 | < 4.4.0-1005.5 | UNKNOWN |
| Ubuntu | 14.04 | noarch | linux-aws-tools-4.4.0-1005-dbgsym | < 4.4.0-1005.5 | UNKNOWN |
| Ubuntu | 14.04 | noarch | linux-cloud-tools-4.4.0-1005-aws | < 4.4.0-1005.5 | UNKNOWN |
| Ubuntu | 14.04 | noarch | linux-headers-4.4.0-1005-aws | < 4.4.0-1005.5 | UNKNOWN |
| Ubuntu | 14.04 | noarch | linux-image-4.4.0-1005-aws-dbgsym | < 4.4.0-1005.5 | UNKNOWN |
| Ubuntu | 14.04 | noarch | linux-tools-4.4.0-1005-aws | < 4.4.0-1005.5 | UNKNOWN |
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
High
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.002 Low
EPSS
Percentile
54.5%