CVE-2017-17862
Publication date 27 December 2017
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service.
From the Ubuntu Security Team
Alexei Starovoitov discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel contained a branch-pruning logic issue around unreachable code. A local attacker could use this to cause a denial of service.
Status
Package | Ubuntu Release | Status |
---|---|---|
linux | 18.04 LTS bionic |
Not affected
|
16.04 LTS xenial |
Fixed 4.4.0-119.143
|
|
14.04 LTS trusty |
Not affected
|
|
linux-armadaxp | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-aws | 18.04 LTS bionic |
Not affected
|
16.04 LTS xenial |
Fixed 4.4.0-1054.63
|
|
14.04 LTS trusty |
Fixed 4.4.0-1016.16
|
|
linux-azure | 18.04 LTS bionic |
Not affected
|
16.04 LTS xenial |
Fixed 4.13.0-1005.7
|
|
14.04 LTS trusty |
Not affected
|
|
linux-euclid | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-flo | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-gcp | 18.04 LTS bionic |
Not affected
|
16.04 LTS xenial |
Fixed 4.13.0-1006.9
|
|
14.04 LTS trusty | Not in release | |
linux-gke | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-goldfish | 18.04 LTS bionic | Not in release |
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-grouper | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-hwe | 18.04 LTS bionic |
Not affected
|
16.04 LTS xenial |
Fixed 4.13.0-26.29~16.04.2
|
|
14.04 LTS trusty | Not in release | |
linux-hwe-edge | 18.04 LTS bionic |
Fixed 4.18.0-8.9~18.04.1
|
16.04 LTS xenial |
Fixed 4.13.0-26.29~16.04.2
|
|
14.04 LTS trusty | Not in release | |
linux-kvm | 18.04 LTS bionic |
Not affected
|
16.04 LTS xenial |
Fixed 4.4.0-1020.25
|
|
14.04 LTS trusty | Not in release | |
linux-linaro-omap | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-linaro-shared | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-linaro-vexpress | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-quantal | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-raring | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-saucy | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-trusty | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-utopic | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-vivid | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Ignored | |
linux-lts-wily | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-xenial | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty |
Fixed 4.4.0-119.143~14.04.1
|
|
linux-maguro | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-mako | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-manta | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-oem | 18.04 LTS bionic |
Not affected
|
16.04 LTS xenial |
Fixed 4.13.0-1015.16
|
|
14.04 LTS trusty | Not in release | |
linux-qcm-msm | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-raspi2 | 18.04 LTS bionic |
Not affected
|
16.04 LTS xenial |
Fixed 4.4.0-1086.94
|
|
14.04 LTS trusty | Not in release | |
linux-snapdragon | 18.04 LTS bionic |
Not affected
|
16.04 LTS xenial |
Fixed 4.4.0-1088.93
|
|
14.04 LTS trusty | Not in release | |
linux-ti-omap4 | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release |
Notes
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.5 · Medium |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-3523-2
- Linux kernel (HWE) vulnerabilities
- 10 January 2018
- USN-3619-2
- Linux kernel (Xenial HWE) vulnerabilities
- 5 April 2018
- USN-3619-1
- Linux kernel vulnerabilities
- 4 April 2018
- USN-3523-1
- Linux kernel vulnerabilities
- 9 January 2018
- USN-3523-3
- Linux kernel (Raspberry Pi 2) vulnerabilities
- 10 January 2018