| Beschreibung: | Summary:
The remote host is missing an update for the 'linux'
package(s) announced via the referenced advisory.
Vulnerability Insight:
Jann Horn discovered that microprocessors
utilizing speculative execution and indirect branch prediction may allow
unauthorized memory reads via sidechannel attacks. This flaw is known as
Meltdown. A local attacker could use this to expose sensitive information,
including kernel memory. (CVE-2017-5754) Jann Horn discovered that the Berkeley
Packet Filter (BPF) implementation in the Linux kernel did not properly check
the relationship between pointer values and the BPF stack. A local attacker
could use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-17863) Jann Horn discovered that the Berkeley Packet
Filter (BPF) implementation in the Linux kernel improperly performed sign
extension in some situations. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code. (CVE-2017-16995)
Alexei Starovoitov discovered that the Berkeley Packet Filter (BPF)
implementation in the Linux kernel contained a branch-pruning logic issue around
unreachable code. A local attacker could use this to cause a denial of service.
(CVE-2017-17862) Jann Horn discovered that the Berkeley Packet Filter (BPF)
implementation in the Linux kernel mishandled pointer data values in some
situations. A local attacker could use this to expose sensitive information
(kernel memory). (CVE-2017-17864)
Affected Software/OS:
linux on Ubuntu 17.10
Solution:
Please Install the Updated Packages.
CVSS Score:
7.2
CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
