Oval Definition:oval:com.ubuntu.xenial:def:201710004050000000
Revision Date:2017-11-30Version:1
Title:CVE-2017-1000405 on Ubuntu 16.04 LTS (xenial) - high.
Description:The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In such case, the pmd will become dirty. This scenario breaks the new can_follow_write_pmd()'s logic - pmd can become dirty without going through a COW cycle. This bug is not as severe as the original "Dirty cow" because an ext4 file (or any other regular file) cannot be mapped using THP. Nevertheless, it does allow us to overwrite read-only huge pages. For example, the zero huge page and sealed shmem files can be overwritten (since their mapping can be populated using THP). Note that after the first write page-fault to the zero page, it will be replaced with a new fresh (and zeroed) thp. It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages. A local attacker could use this to cause a denial of service (application crashes) or possibly gain administrative privileges.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2017-1000405
Platform(s):Ubuntu 16.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 16.04 LTS (xenial) is installed.
  • AND Package Information
  • linux package in xenial was vulnerable but has been fixed (note: '4.4.0-103.126').
  • OR linux-aws package in xenial was vulnerable but has been fixed (note: '4.4.0-1043.52').
  • OR linux-azure package in xenial was vulnerable but has been fixed (note: '4.11.0-1016.16').
  • OR linux-flo: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'abandoned').
  • OR linux-gcp package in xenial was vulnerable but has been fixed (note: '4.13.0-1002.5').
  • OR linux-gke: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'was pending now end-of-life').
  • OR linux-hwe package in xenial was vulnerable but has been fixed (note: '4.10.0-42.46~16.04.1').
  • OR linux-kvm package in xenial was vulnerable but has been fixed (note: '4.4.0-1012.17').
  • OR linux-mako: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'abandoned').
  • OR linux-meta package in xenial was vulnerable but has been fixed (note: '4.4.0-103.126').
  • OR linux-meta-aws package in xenial was vulnerable but has been fixed (note: '4.4.0-1043.52').
  • OR linux-meta-azure package in xenial was vulnerable but has been fixed (note: '4.11.0-1016.16').
  • OR linux-meta-gcp package in xenial was vulnerable but has been fixed (note: '4.13.0-1002.5').
  • OR linux-meta-hwe package in xenial was vulnerable but has been fixed (note: '4.10.0-42.46~16.04.1').
  • OR linux-meta-kvm package in xenial was vulnerable but has been fixed (note: '4.4.0-1012.17').
  • OR linux-meta-raspi2 package in xenial was vulnerable but has been fixed (note: '4.4.0-1079.87').
  • OR linux-meta-snapdragon package in xenial was vulnerable but has been fixed (note: '4.4.0-1081.86').
  • OR linux-oem package in xenial was vulnerable but has been fixed (note: '4.13.0-1010.11').
  • OR linux-raspi2 package in xenial was vulnerable but has been fixed (note: '4.4.0-1079.87').
  • OR linux-signed package in xenial was vulnerable but has been fixed (note: '4.4.0-103.126').
  • OR linux-signed-azure package in xenial was vulnerable but has been fixed (note: '4.11.0-1016.16').
  • OR linux-signed-gcp package in xenial was vulnerable but has been fixed (note: '4.13.0-1002.5').
  • OR linux-signed-hwe package in xenial was vulnerable but has been fixed (note: '4.10.0-42.46~16.04.1').
  • OR linux-snapdragon package in xenial was vulnerable but has been fixed (note: '4.4.0-1081.86').
  • BACK