USN-3507-2: Linux kernel (GCP) vulnerabilities
USN-3507-2: Linux kernel (GCP) vulnerabilities Ubuntu Security Notice USN-3507-2 7th December, 2017 linux-gcp vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems Details Mohamed Ghannam discovered that a use-after-free vulnerability existed inthe Netlink subsystem (XFRM) in the Linux kernel. A local attacker coulduse this to cause a denial of service (system crash) or possibly executearbitrary code. (CVE-2017-16939) It was discovered that the Linux kernel did not properly handle copy-on-write of transparent huge pages. A local attacker could use this to cause adenial of service (application crashes) or possibly gain administrativeprivileges. (CVE-2017-1000405) Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative arrayimplementation in the Linux kernel sometimes did not properly handle [ more… ]