Main Vulnerability Database SB2017091812

SB2017091812 - Ubuntu update for Linux kernel

Published: September 18, 2017

Security Bulletin ID SB2017091812

Severity

Low

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Adjecent network

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Stack-based buffer overflow (CVE-ID: CVE-2017-1000251)

The vulnerability allows an adjacent attacker to execute arbitrary code on the host system.

The weakness exists due to a stack-based buffer overflow in the processing of L2CAP configuration. An adjacent attacker can submit a specially crafted Bluetooth protocol, trigger memory corruption in the Bluetooth stack and execute arbitrary code in kernel space.

Successful exploitation of the vulnerability may result in host system compromise.

2) Privilege escalation (CVE-ID: CVE-2017-10663)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to improper validation of the blkoff and segno arrays by the sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel. a local attacker can execute arbitrary code with root privileges.

Remediation

Install update from vendor's website.

References

http://www.ubuntu.com/usn/usn-3420-1/