- Home
- CVEs with nessus.description==USN-3523-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS.
Jann Horn discovered that microprocessors utilizing speculative
execution and indirect branch prediction may allow unauthorized memory
reads via sidechannel attacks. This flaw is known as Meltdown. A local
attacker could use this to expose sensitive information, including
kernel memory. (CVE-2017-5754)
Jann Horn discovered that the Berkeley Packet Filter (BPF)
implementation in the Linux kernel did not properly check the
relationship between pointer values and the BPF stack. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2017-17863)
Jann Horn discovered that the Berkeley Packet Filter (BPF)
implementation in the Linux kernel improperly performed sign extension
in some situations. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2017-16995)
Alexei Starovoitov discovered that the Berkeley Packet Filter (BPF)
implementation in the Linux kernel contained a branch-pruning logic
issue around unreachable code. A local attacker could use this to
cause a denial of service. (CVE-2017-17862)
Jann Horn discovered that the Berkeley Packet Filter (BPF)
implementation in the Linux kernel mishandled pointer data values in
some situations. A local attacker could use this to to expose
sensitive information (kernel memory). (CVE-2017-17864).
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top