Description: | Summary: The remote host is missing an update for the 'linux' package(s) announced via the referenced advisory.
Vulnerability Insight: Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5754) Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel did not properly check the relationship between pointer values and the BPF stack. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17863) Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16995) Alexei Starovoitov discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel contained a branch-pruning logic issue around unreachable code. A local attacker could use this to cause a denial of service. (CVE-2017-17862) Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel mishandled pointer data values in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-17864)
Affected Software/OS: linux on Ubuntu 17.10
Solution: Please Install the Updated Packages.
CVSS Score: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
|