| Revision Date: | 2017-02-06 | Version: | 1 | | Title: | CVE-2017-5550 on Ubuntu 16.04 LTS (xenial) - medium. | | Description: | Off-by-one error in the pipe_advance function in lib/iov_iter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportunistic circumstances by reading from a pipe after an incorrect buffer-release decision. It was discovered that a fencepost error existed in the pipe_advance() function in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory).
| | Family: | unix | Class: | vulnerability | | Status: | | Reference(s): | CVE-2017-5550
| | Platform(s): | Ubuntu 16.04 LTS
| Product(s): | | | Definition Synopsis | | Ubuntu 16.04 LTS (xenial) is installed. AND Package Information
NOT While related to the CVE in some way, the 'linux' package in xenial is not affected.
OR NOT While related to the CVE in some way, the 'linux-aws' package in xenial is not affected.
OR NOT While related to the CVE in some way, the 'linux-azure' package in xenial is not affected (note: '4.11.0-1009.9').
OR NOT While related to the CVE in some way, the 'linux-azure-edge' package in xenial is not affected (note: '4.15.0-1002.2').
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'was needed ESM criteria').
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
OR NOT While related to the CVE in some way, the 'linux-gcp' package in xenial is not affected (note: '4.10.0-1004.4').
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'was needed now end-of-life').
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
OR NOT While related to the CVE in some way, the 'linux-hwe' package in xenial is not affected (note: '4.10.0-27.30~16.04.2').
OR NOT While related to the CVE in some way, the 'linux-hwe-edge' package in xenial is not affected (note: '4.10.0-27.30~16.04.2').
OR NOT While related to the CVE in some way, the 'linux-kvm' package in xenial is not affected.
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
OR NOT While related to the CVE in some way, the 'linux-oem' package in xenial is not affected (note: '4.13.0-1008.9').
OR NOT While related to the CVE in some way, the 'linux-raspi2' package in xenial is not affected.
OR NOT While related to the CVE in some way, the 'linux-snapdragon' package in xenial is not affected.
|
|