Oval Definition:	oval:com.ubuntu.xenial:def:20177477000
Revision Date: 2017-04-25 Version: 1 Title: CVE-2017-7477 on Ubuntu 16.04 LTS (xenial) - medium. Description: Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel through 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by leveraging the use of a MAX_SKB_FRAGS+1 size in conjunction with the NETIF_F_FRAGLIST feature, leading to an error in the skb_to_sgvec function. Jason Donenfeld discovered a heap overflow in the MACsec module in the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Family: unix Class: vulnerability Status: Reference(s): CVE-2017-7477 Platform(s): Ubuntu 16.04 LTS Product(s): Definition Synopsis Ubuntu 16.04 LTS (xenial) is installed. AND Package Information NOT While related to the CVE in some way, the 'linux' package in xenial is not affected. OR NOT While related to the CVE in some way, the 'linux-aws' package in xenial is not affected. OR NOT While related to the CVE in some way, the 'linux-flo' package in xenial is not affected. OR NOT While related to the CVE in some way, the 'linux-gke' package in xenial is not affected. OR NOT While related to the CVE in some way, the 'linux-goldfish' package in xenial is not affected. OR The 'linux-hwe' package in xenial was vulnerable but has been fixed (note: '4.8.0-52.55~16.04.1'). OR The 'linux-hwe-edge' package in xenial was vulnerable but has been fixed (note: '4.8.0-52.55~16.04.1'). OR NOT While related to the CVE in some way, the 'linux-mako' package in xenial is not affected. OR NOT While related to the CVE in some way, the 'linux-raspi2' package in xenial is not affected. OR NOT While related to the CVE in some way, the 'linux-snapdragon' package in xenial is not affected.
BACK