CVE-2017-16995
Published: 27 December 2017
The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension.
From the Ubuntu Security Team
Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Notes
Author | Note |
---|---|
tyhicks |
Mitigation for this vulnerability is available by setting the kernel.unprivileged_bpf_disabled sysctl to 1: $ sudo sysctl kernel.unprivileged_bpf_disabled=1 $ echo kernel.unprivileged_bpf_disabled=1 | \ sudo tee /etc/sysctl.d/90-CVE-2017-16995-CVE-2017-16996.conf |
smb |
Current breaks sha1 (taken from the fix patch) only makes 4.14+ affected. However upstream stable backported a fix for it. So I will modify the breaks sha1 to point to when the surrounding code was added. |
Priority
Status
Package | Release | Status |
---|---|---|
linux
Launchpad, Ubuntu, Debian |
artful |
Released
(4.13.0-25.29)
|
bionic |
Not vulnerable
(4.13.0-25.29)
|
|
trusty |
Not vulnerable
|
|
upstream |
Released
(4.15~rc5)
|
|
xenial |
Released
(4.4.0-119.143)
|
|
zesty |
Ignored
(end of life)
|
|
Patches:
Introduced by
17a5267067f3c372fec9ffb798d6eaba6b5e6a4c
|
||
linux-armadaxp
Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.15~rc5)
|
|
xenial |
Does not exist
|
|
zesty |
Does not exist
|
|
This package is not directly supported by the Ubuntu Security Team | ||
linux-aws
Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Not vulnerable
(4.15.0-1001.1)
|
|
trusty |
Released
(4.4.0-1016.16)
|
|
upstream |
Released
(4.15~rc5)
|
|
xenial |
Released
(4.4.0-1054.63)
|
|
zesty |
Does not exist
|
|
linux-azure
Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Not vulnerable
(4.15.0-1002.2)
|
|
trusty |
Not vulnerable
(4.15.0-1023.24~14.04.1)
|
|
upstream |
Released
(4.15~rc5)
|
|
xenial |
Released
(4.13.0-1005.7)
|
|
zesty |
Does not exist
|
|
linux-euclid
Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.15~rc5)
|
|
xenial |
Released
(4.4.0-9026.28)
|
|
zesty |
Does not exist
|
|
linux-flo
Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
upstream |
Released
(4.15~rc5)
|
|
xenial |
Ignored
(abandoned)
|
|
zesty |
Does not exist
|
|
linux-gcp
Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Not vulnerable
(4.15.0-1001.1)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.15~rc5)
|
|
xenial |
Released
(4.13.0-1006.9)
|
|
zesty |
Does not exist
|
|
linux-gke
Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.15~rc5)
|
|
xenial |
Not vulnerable
|
|
zesty |
Does not exist
|
|
linux-goldfish
Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
upstream |
Released
(4.15~rc5)
|
|
xenial |
Not vulnerable
|
|
zesty |
Ignored
(end of life)
|
|
linux-grouper
Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
upstream |
Released
(4.15~rc5)
|
|
xenial |
Does not exist
|
|
zesty |
Does not exist
|
|
linux-hwe
Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Not vulnerable
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.15~rc5)
|
|
xenial |
Released
(4.13.0-26.29~16.04.2)
|
|
zesty |
Does not exist
|
|
linux-hwe-edge
Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Released
(4.18.0-8.9~18.04.1)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.15~rc5)
|
|
xenial |
Released
(4.13.0-26.29~16.04.2)
|
|
zesty |
Does not exist
|
|
linux-kvm
Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Not vulnerable
(4.15.0-1002.2)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.15~rc5)
|
|
xenial |
Released
(4.4.0-1020.25)
|
|
zesty |
Does not exist
|
|
linux-linaro-omap
Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.15~rc5)
|
|
xenial |
Does not exist
|
|
zesty |
Does not exist
|
|
linux-linaro-shared
Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.15~rc5)
|
|
xenial |
Does not exist
|
|
zesty |
Does not exist
|
|
linux-linaro-vexpress
Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.15~rc5)
|
|
xenial |
Does not exist
|
|
zesty |
Does not exist
|
|
linux-lts-quantal
Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.15~rc5)
|
|
xenial |
Does not exist
|
|
zesty |
Does not exist
|
|
This package is not directly supported by the Ubuntu Security Team | ||
linux-lts-raring
Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.15~rc5)
|
|
xenial |
Does not exist
|
|
zesty |
Does not exist
|
|
linux-lts-saucy
Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.15~rc5)
|
|
xenial |
Does not exist
|
|
zesty |
Does not exist
|
|
This package is not directly supported by the Ubuntu Security Team | ||
linux-lts-trusty
Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.15~rc5)
|
|
xenial |
Does not exist
|
|
zesty |
Does not exist
|
|
linux-lts-utopic
Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [end of standard support])
|
|
upstream |
Released
(4.15~rc5)
|
|
xenial |
Does not exist
|
|
zesty |
Does not exist
|
|
linux-lts-vivid
Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
trusty |
Ignored
(end of life, was needs-triage)
|
|
upstream |
Released
(4.15~rc5)
|
|
xenial |
Does not exist
|
|
zesty |
Does not exist
|
|
linux-lts-wily
Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [end of standard support])
|
|
upstream |
Released
(4.15~rc5)
|
|
xenial |
Does not exist
|
|
zesty |
Does not exist
|
|
linux-lts-xenial
Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
trusty |
Released
(4.4.0-119.143~14.04.1)
|
|
upstream |
Released
(4.15~rc5)
|
|
xenial |
Does not exist
|
|
zesty |
Does not exist
|
|
linux-maguro
Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
upstream |
Released
(4.15~rc5)
|
|
xenial |
Does not exist
|
|
zesty |
Does not exist
|
|
linux-mako
Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
upstream |
Released
(4.15~rc5)
|
|
xenial |
Ignored
(abandoned)
|
|
zesty |
Does not exist
|
|
linux-manta
Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
upstream |
Released
(4.15~rc5)
|
|
xenial |
Does not exist
|
|
zesty |
Does not exist
|
|
linux-oem
Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Not vulnerable
(4.15.0-1002.3)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.15~rc5)
|
|
xenial |
Released
(4.13.0-1015.16)
|
|
zesty |
Does not exist
|
|
linux-qcm-msm
Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.15~rc5)
|
|
xenial |
Does not exist
|
|
zesty |
Does not exist
|
|
linux-raspi2
Launchpad, Ubuntu, Debian |
artful |
Released
(4.13.0-1011.11)
|
bionic |
Not vulnerable
(4.15.0-1006.7)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.15~rc5)
|
|
xenial |
Released
(4.4.0-1086.94)
|
|
zesty |
Ignored
(end of life)
|
|
linux-snapdragon
Launchpad, Ubuntu, Debian |
artful |
Released
(4.4.0-1088.93)
|
bionic |
Not vulnerable
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.15~rc5)
|
|
xenial |
Released
(4.4.0-1088.93)
|
|
zesty |
Ignored
(end of life)
|
|
linux-ti-omap4
Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.15~rc5)
|
|
xenial |
Does not exist
|
|
zesty |
Does not exist
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.8 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References
- http://openwall.com/lists/oss-security/2017/12/21/2
- https://ubuntu.com/security/notices/USN-3523-1
- https://ubuntu.com/security/notices/USN-3523-2
- https://ubuntu.com/security/notices/USN-3523-3
- https://ubuntu.com/security/notices/USN-3619-1
- https://ubuntu.com/security/notices/USN-3619-2
- https://ubuntu.com/security/notices/USN-3633-1
- https://www.cve.org/CVERecord?id=CVE-2017-16995
- NVD
- Launchpad
- Debian