CVE-2017-9150
Publication date 22 May 2017
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls.
From the Ubuntu Security Team
Jann Horn discovered that bpf in Linux kernel does not restrict the output of the print_bpf_insn function. A local attacker could use this to obtain sensitive address information.
Status
Package | Ubuntu Release | Status |
---|---|---|
linux | ||
16.04 LTS xenial |
Fixed 4.4.0-87.110
|
|
14.04 LTS trusty |
Not affected
|
|
linux-armadaxp | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-aws | ||
16.04 LTS xenial |
Fixed 4.4.0-1026.35
|
|
14.04 LTS trusty |
Not affected
|
|
linux-azure | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty |
Not affected
|
|
linux-euclid | ||
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-flo | ||
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-gcp | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-gke | ||
16.04 LTS xenial |
Fixed 4.4.0-1022.22
|
|
14.04 LTS trusty | Not in release | |
linux-goldfish | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-grouper | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-hwe | ||
16.04 LTS xenial |
Fixed 4.10.0-27.30~16.04.2
|
|
14.04 LTS trusty | Not in release | |
linux-hwe-edge | ||
16.04 LTS xenial |
Fixed 4.10.0-27.30~16.04.2
|
|
14.04 LTS trusty | Not in release | |
linux-kvm | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-linaro-omap | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-linaro-shared | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-linaro-vexpress | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-quantal | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-raring | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-saucy | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-trusty | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-utopic | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-vivid | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Ignored | |
linux-lts-wily | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-xenial | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty |
Fixed 4.4.0-87.110~14.04.1
|
|
linux-maguro | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-mako | ||
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-manta | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-oem | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-qcm-msm | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-raspi2 | ||
16.04 LTS xenial |
Fixed 4.4.0-1065.73
|
|
14.04 LTS trusty | Not in release | |
linux-snapdragon | ||
16.04 LTS xenial |
Fixed 4.4.0-1067.72
|
|
14.04 LTS trusty | Not in release | |
linux-ti-omap4 | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release |
Patch details
Package | Patch details |
---|---|
linux |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.5 · Medium |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
References
Related Ubuntu Security Notices (USN)
- USN-3364-3
- Linux kernel (AWS, GKE) vulnerabilities
- 25 July 2017
- USN-3364-1
- Linux kernel vulnerabilities
- 24 July 2017
- USN-3364-2
- Linux kernel (Xenial HWE) vulnerabilities
- 24 July 2017
- USN-3361-1
- Linux kernel (HWE) vulnerabilities
- 21 July 2017
- USN-3345-1
- Linux kernel vulnerabilities
- 29 June 2017
- USN-3359-1
- Linux kernel vulnerabilities
- 20 July 2017
Other references
- https://git.kernel.org/linus/0d0e57697f162da4aa218b5feafe614fb666db07
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d0e57697f162da4aa218b5feafe614fb666db07
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.1
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1251
- https://github.com/torvalds/linux/commit/0d0e57697f162da4aa218b5feafe614fb666db07
- https://www.cve.org/CVERecord?id=CVE-2017-9150