PublicDateAtUSN: 2017-02-14
Candidate: CVE-2017-5970
PublicDate: 2017-02-14 06:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5970
 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=34b2cef20f19c87999fff3da4071e66937db9644
 http://www.openwall.com/lists/oss-security/2017/02/12/3
 https://bugzilla.redhat.com/show_bug.cgi?id=1421638
 https://github.com/torvalds/linux/commit/34b2cef20f19c87999fff3da4071e66937db9644
 https://patchwork.ozlabs.org/patch/724136/
 https://ubuntu.com/security/notices/USN-3265-1
 https://ubuntu.com/security/notices/USN-3265-2
 https://ubuntu.com/security/notices/USN-3361-1
 https://ubuntu.com/security/notices/USN-3422-1
 https://ubuntu.com/security/notices/USN-3422-2
Description:
 The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux
 kernel through 4.9.9 allows attackers to cause a denial of service (system
 crash) via (1) an application that makes crafted system calls or possibly
 (2) IPv4 traffic with invalid IP options.
Ubuntu-Description:
 Andrey Konovalov discovered that the IPv4 implementation in the Linux
 kernel did not properly handle invalid IP options in some situations. An
 attacker could use this to cause a denial of service or possibly execute
 arbitrary code.
Notes:
 sbeattie> upstream commit references d826eb14ecef as
   the break point, but Nicholas Leudkte's cve references
   f84af32cbca70a3c6d30463dc08c7984af11c277. The latter predates the
   former, and there is early dropping of the dst added there. even
   before the conversion in d826eb14ecef.
 tyhicks> In upstream 4.14, 61a1030 reverts the fix because 91ed1e6 removes the
   the usage of the SKB dst from __ip_options_echo(). So, an alternative fix
   for this CVE is 91ed1e6.
Bugs:
Priority: medium
Discovered-by: Andrey Konovalov
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]

Patches_linux:
 break-fix: f84af32cbca70a3c6d30463dc08c7984af11c277 34b2cef20f19c87999fff3da4071e66937db9644|91ed1e666a4ea2e260452a7d7d311ac5ae852cba
upstream_linux: released (4.10~rc8)
precise_linux: ignored (reached end-of-life)
precise/esm_linux: ignored (was needed ESM criteria)
trusty_linux: released (3.13.0-132.181)
trusty/esm_linux: released (3.13.0-132.181)
vivid/ubuntu-core_linux: ignored (was needed ESM criteria)
vivid/stable-phone-overlay_linux: DNE
xenial_linux: released (4.4.0-75.96)
esm-infra/xenial_linux: released (4.4.0-75.96)
yakkety_linux: ignored (reached end-of-life)
zesty_linux: not-affected (4.10.0-8.10)
artful_linux: not-affected (4.10.0-19.21)
bionic_linux: not-affected (4.13.0-16.19)
devel_linux: not-affected (4.13.0-16.19)

Patches_linux-ti-omap4:
upstream_linux-ti-omap4: released (4.10~rc8)
precise_linux-ti-omap4: ignored (reached end-of-life)
precise/esm_linux-ti-omap4: DNE (precise was needed)
trusty_linux-ti-omap4: DNE
trusty/esm_linux-ti-omap4: DNE
vivid/ubuntu-core_linux-ti-omap4: DNE
vivid/stable-phone-overlay_linux-ti-omap4: DNE
xenial_linux-ti-omap4: DNE
yakkety_linux-ti-omap4: DNE
zesty_linux-ti-omap4: DNE
artful_linux-ti-omap4: DNE
bionic_linux-ti-omap4: DNE
devel_linux-ti-omap4: DNE

Patches_linux-linaro-omap:
upstream_linux-linaro-omap: released (4.10~rc8)
precise_linux-linaro-omap: ignored (abandoned)
precise/esm_linux-linaro-omap: DNE (precise was ignored [abandoned])
trusty_linux-linaro-omap: DNE
trusty/esm_linux-linaro-omap: DNE
vivid/ubuntu-core_linux-linaro-omap: DNE
vivid/stable-phone-overlay_linux-linaro-omap: DNE
xenial_linux-linaro-omap: DNE
yakkety_linux-linaro-omap: DNE
zesty_linux-linaro-omap: DNE
artful_linux-linaro-omap: DNE
bionic_linux-linaro-omap: DNE
devel_linux-linaro-omap: DNE

Patches_linux-linaro-shared:
upstream_linux-linaro-shared: released (4.10~rc8)
precise_linux-linaro-shared: ignored (abandoned)
precise/esm_linux-linaro-shared: DNE (precise was ignored [abandoned])
trusty_linux-linaro-shared: DNE
trusty/esm_linux-linaro-shared: DNE
vivid/ubuntu-core_linux-linaro-shared: DNE
vivid/stable-phone-overlay_linux-linaro-shared: DNE
xenial_linux-linaro-shared: DNE
yakkety_linux-linaro-shared: DNE
zesty_linux-linaro-shared: DNE
artful_linux-linaro-shared: DNE
bionic_linux-linaro-shared: DNE
devel_linux-linaro-shared: DNE

Patches_linux-linaro-vexpress:
upstream_linux-linaro-vexpress: released (4.10~rc8)
precise_linux-linaro-vexpress: ignored (abandoned)
precise/esm_linux-linaro-vexpress: DNE (precise was ignored [abandoned])
trusty_linux-linaro-vexpress: DNE
trusty/esm_linux-linaro-vexpress: DNE
vivid/ubuntu-core_linux-linaro-vexpress: DNE
vivid/stable-phone-overlay_linux-linaro-vexpress: DNE
xenial_linux-linaro-vexpress: DNE
yakkety_linux-linaro-vexpress: DNE
zesty_linux-linaro-vexpress: DNE
artful_linux-linaro-vexpress: DNE
bionic_linux-linaro-vexpress: DNE
devel_linux-linaro-vexpress: DNE

Patches_linux-qcm-msm:
upstream_linux-qcm-msm: released (4.10~rc8)
precise_linux-qcm-msm: ignored (abandoned)
precise/esm_linux-qcm-msm: DNE (precise was ignored [abandoned])
trusty_linux-qcm-msm: DNE
trusty/esm_linux-qcm-msm: DNE
vivid/ubuntu-core_linux-qcm-msm: DNE
vivid/stable-phone-overlay_linux-qcm-msm: DNE
xenial_linux-qcm-msm: DNE
yakkety_linux-qcm-msm: DNE
zesty_linux-qcm-msm: DNE
artful_linux-qcm-msm: DNE
bionic_linux-qcm-msm: DNE
devel_linux-qcm-msm: DNE

Tags_linux-armadaxp: not-ue
Patches_linux-armadaxp:
upstream_linux-armadaxp: released (4.10~rc8)
precise_linux-armadaxp: ignored (reached end-of-life)
precise/esm_linux-armadaxp: DNE (precise was needed)
trusty_linux-armadaxp: DNE
trusty/esm_linux-armadaxp: DNE
vivid/ubuntu-core_linux-armadaxp: DNE
vivid/stable-phone-overlay_linux-armadaxp: DNE
xenial_linux-armadaxp: DNE
yakkety_linux-armadaxp: DNE
zesty_linux-armadaxp: DNE
artful_linux-armadaxp: DNE
bionic_linux-armadaxp: DNE
devel_linux-armadaxp: DNE

Tags_linux-lts-quantal: not-ue
Patches_linux-lts-quantal:
upstream_linux-lts-quantal: released (4.10~rc8)
precise_linux-lts-quantal: ignored (end-of-life)
precise/esm_linux-lts-quantal: DNE (precise was ignored [end-of-life])
trusty_linux-lts-quantal: DNE
trusty/esm_linux-lts-quantal: DNE
vivid/ubuntu-core_linux-lts-quantal: DNE
vivid/stable-phone-overlay_linux-lts-quantal: DNE
xenial_linux-lts-quantal: DNE
yakkety_linux-lts-quantal: DNE
zesty_linux-lts-quantal: DNE
artful_linux-lts-quantal: DNE
bionic_linux-lts-quantal: DNE
devel_linux-lts-quantal: DNE

Patches_linux-lts-raring:
upstream_linux-lts-raring: released (4.10~rc8)
precise_linux-lts-raring: ignored (end-of-life)
precise/esm_linux-lts-raring: DNE (precise was ignored [end-of-life])
trusty_linux-lts-raring: DNE
trusty/esm_linux-lts-raring: DNE
vivid/ubuntu-core_linux-lts-raring: DNE
vivid/stable-phone-overlay_linux-lts-raring: DNE
xenial_linux-lts-raring: DNE
yakkety_linux-lts-raring: DNE
zesty_linux-lts-raring: DNE
artful_linux-lts-raring: DNE
bionic_linux-lts-raring: DNE
devel_linux-lts-raring: DNE

Tags_linux-lts-saucy: not-ue
Patches_linux-lts-saucy:
upstream_linux-lts-saucy: released (4.10~rc8)
precise_linux-lts-saucy: ignored (end-of-life)
precise/esm_linux-lts-saucy: DNE (precise was ignored [end-of-life])
trusty_linux-lts-saucy: DNE
trusty/esm_linux-lts-saucy: DNE
vivid/ubuntu-core_linux-lts-saucy: DNE
vivid/stable-phone-overlay_linux-lts-saucy: DNE
xenial_linux-lts-saucy: DNE
yakkety_linux-lts-saucy: DNE
zesty_linux-lts-saucy: DNE
artful_linux-lts-saucy: DNE
bionic_linux-lts-saucy: DNE
devel_linux-lts-saucy: DNE

Patches_linux-lts-trusty:
upstream_linux-lts-trusty: released (4.10~rc8)
precise_linux-lts-trusty: ignored (reached end-of-life)
precise/esm_linux-lts-trusty: released (3.13.0-132.181~precise1)
trusty_linux-lts-trusty: DNE
trusty/esm_linux-lts-trusty: DNE
vivid/ubuntu-core_linux-lts-trusty: DNE
vivid/stable-phone-overlay_linux-lts-trusty: DNE
xenial_linux-lts-trusty: DNE
yakkety_linux-lts-trusty: DNE
zesty_linux-lts-trusty: DNE
artful_linux-lts-trusty: DNE
bionic_linux-lts-trusty: DNE
devel_linux-lts-trusty: DNE

Patches_linux-goldfish:
upstream_linux-goldfish: released (4.10~rc8)
precise_linux-goldfish: DNE
precise/esm_linux-goldfish: DNE
trusty_linux-goldfish: ignored
trusty/esm_linux-goldfish: DNE (trusty was ignored)
vivid/ubuntu-core_linux-goldfish: DNE
vivid/stable-phone-overlay_linux-goldfish: DNE
xenial_linux-goldfish: ignored (abandoned)
yakkety_linux-goldfish: ignored (abandoned)
zesty_linux-goldfish: ignored (abandoned)
artful_linux-goldfish: DNE
bionic_linux-goldfish: DNE
devel_linux-goldfish: DNE

Patches_linux-grouper:
upstream_linux-grouper: released (4.10~rc8)
precise_linux-grouper: DNE
precise/esm_linux-grouper: DNE
trusty_linux-grouper: ignored
trusty/esm_linux-grouper: DNE (trusty was ignored)
vivid/ubuntu-core_linux-grouper: DNE
vivid/stable-phone-overlay_linux-grouper: DNE
xenial_linux-grouper: DNE
yakkety_linux-grouper: DNE
zesty_linux-grouper: DNE
artful_linux-grouper: DNE
bionic_linux-grouper: DNE
devel_linux-grouper: DNE

Patches_linux-maguro:
upstream_linux-maguro: released (4.10~rc8)
precise_linux-maguro: DNE
precise/esm_linux-maguro: DNE
trusty_linux-maguro: ignored
trusty/esm_linux-maguro: DNE (trusty was ignored)
vivid/ubuntu-core_linux-maguro: DNE
vivid/stable-phone-overlay_linux-maguro: DNE
xenial_linux-maguro: DNE
yakkety_linux-maguro: DNE
zesty_linux-maguro: DNE
artful_linux-maguro: DNE
bionic_linux-maguro: DNE
devel_linux-maguro: DNE

Patches_linux-mako:
upstream_linux-mako: released (4.10~rc8)
precise_linux-mako: DNE
precise/esm_linux-mako: DNE
trusty_linux-mako: ignored
trusty/esm_linux-mako: DNE (trusty was ignored)
vivid/ubuntu-core_linux-mako: DNE
vivid/stable-phone-overlay_linux-mako: ignored (abandoned)
xenial_linux-mako: ignored (abandoned)
yakkety_linux-mako: ignored (abandoned)
zesty_linux-mako: DNE
artful_linux-mako: DNE
bionic_linux-mako: DNE
devel_linux-mako: DNE

Patches_linux-manta:
upstream_linux-manta: released (4.10~rc8)
precise_linux-manta: DNE
precise/esm_linux-manta: DNE
trusty_linux-manta: ignored
trusty/esm_linux-manta: DNE (trusty was ignored)
vivid/ubuntu-core_linux-manta: DNE
vivid/stable-phone-overlay_linux-manta: DNE
xenial_linux-manta: DNE
yakkety_linux-manta: DNE
zesty_linux-manta: DNE
artful_linux-manta: DNE
bionic_linux-manta: DNE
devel_linux-manta: DNE

Patches_linux-flo:
upstream_linux-flo: released (4.10~rc8)
precise_linux-flo: DNE
precise/esm_linux-flo: DNE
trusty_linux-flo: ignored
trusty/esm_linux-flo: DNE (trusty was ignored)
vivid/ubuntu-core_linux-flo: DNE
vivid/stable-phone-overlay_linux-flo: ignored (abandoned)
xenial_linux-flo: ignored (abandoned)
yakkety_linux-flo: ignored (abandoned)
zesty_linux-flo: DNE
artful_linux-flo: DNE
bionic_linux-flo: DNE
devel_linux-flo: DNE

Patches_linux-raspi2:
upstream_linux-raspi2: released (4.10~rc8)
precise_linux-raspi2: DNE
precise/esm_linux-raspi2: DNE
trusty_linux-raspi2: DNE
trusty/esm_linux-raspi2: DNE
vivid/ubuntu-core_linux-raspi2: ignored (was needs-triage now end-of-life)
vivid/stable-phone-overlay_linux-raspi2: DNE
xenial_linux-raspi2: released (4.4.0-1054.61)
yakkety_linux-raspi2: ignored (reached end-of-life)
zesty_linux-raspi2: not-affected (4.10.0-1001.3)
artful_linux-raspi2: not-affected (4.10.0-1004.6)
bionic_linux-raspi2: not-affected (4.13.0-1005.5)
devel_linux-raspi2: not-affected (4.13.0-1005.5)

Patches_linux-lts-utopic:
upstream_linux-lts-utopic: released (4.10~rc8)
precise_linux-lts-utopic: DNE
precise/esm_linux-lts-utopic: DNE
trusty_linux-lts-utopic: ignored (out of standard support)
trusty/esm_linux-lts-utopic: DNE (trusty was ignored [out of standard support])
vivid/ubuntu-core_linux-lts-utopic: DNE
vivid/stable-phone-overlay_linux-lts-utopic: DNE
xenial_linux-lts-utopic: DNE
yakkety_linux-lts-utopic: DNE
zesty_linux-lts-utopic: DNE
artful_linux-lts-utopic: DNE
bionic_linux-lts-utopic: DNE
devel_linux-lts-utopic: DNE

Patches_linux-lts-vivid:
upstream_linux-lts-vivid: released (4.10~rc8)
precise_linux-lts-vivid: DNE
precise/esm_linux-lts-vivid: DNE
trusty_linux-lts-vivid: ignored (was needed now end-of-life)
trusty/esm_linux-lts-vivid: DNE (trusty was ignored [was needed now end-of-life])
vivid/ubuntu-core_linux-lts-vivid: DNE
vivid/stable-phone-overlay_linux-lts-vivid: DNE
xenial_linux-lts-vivid: DNE
yakkety_linux-lts-vivid: DNE
zesty_linux-lts-vivid: DNE
artful_linux-lts-vivid: DNE
bionic_linux-lts-vivid: DNE
devel_linux-lts-vivid: DNE

Patches_linux-lts-wily:
upstream_linux-lts-wily: released (4.10~rc8)
precise_linux-lts-wily: DNE
precise/esm_linux-lts-wily: DNE
trusty_linux-lts-wily: ignored (out of standard support)
trusty/esm_linux-lts-wily: DNE (trusty was ignored [out of standard support])
vivid/ubuntu-core_linux-lts-wily: DNE
vivid/stable-phone-overlay_linux-lts-wily: DNE
xenial_linux-lts-wily: DNE
yakkety_linux-lts-wily: DNE
zesty_linux-lts-wily: DNE
artful_linux-lts-wily: DNE
bionic_linux-lts-wily: DNE
devel_linux-lts-wily: DNE

Patches_linux-lts-xenial:
upstream_linux-lts-xenial: released (4.10~rc8)
precise_linux-lts-xenial: DNE
precise/esm_linux-lts-xenial: DNE
trusty_linux-lts-xenial: released (4.4.0-75.96~14.04.1)
trusty/esm_linux-lts-xenial: released (4.4.0-75.96~14.04.1)
vivid/ubuntu-core_linux-lts-xenial: DNE
vivid/stable-phone-overlay_linux-lts-xenial: DNE
xenial_linux-lts-xenial: DNE
yakkety_linux-lts-xenial: DNE
zesty_linux-lts-xenial: DNE
artful_linux-lts-xenial: DNE
bionic_linux-lts-xenial: DNE
devel_linux-lts-xenial: DNE

Patches_linux-snapdragon:
upstream_linux-snapdragon: released (4.10~rc8)
precise_linux-snapdragon: DNE
precise/esm_linux-snapdragon: DNE
trusty_linux-snapdragon: DNE
trusty/esm_linux-snapdragon: DNE
vivid/ubuntu-core_linux-snapdragon: DNE
vivid/stable-phone-overlay_linux-snapdragon: DNE
xenial_linux-snapdragon: released (4.4.0-1057.61)
yakkety_linux-snapdragon: released (4.4.0-1057.61)
zesty_linux-snapdragon: released (4.4.0-1057.61)
artful_linux-snapdragon: not-affected (4.4.0-1057.61)
bionic_linux-snapdragon: not-affected
devel_linux-snapdragon: DNE

Patches_linux-aws:
upstream_linux-aws: released (4.10~rc8)
precise_linux-aws: DNE
precise/esm_linux-aws: DNE
trusty_linux-aws: not-affected (4.4.0-1002.2)
trusty/esm_linux-aws: not-affected (4.4.0-1002.2)
vivid/ubuntu-core_linux-aws: DNE
vivid/stable-phone-overlay_linux-aws: DNE
xenial_linux-aws: released (4.4.0-1016.25)
esm-infra/xenial_linux-aws: released (4.4.0-1016.25)
yakkety_linux-aws: DNE
zesty_linux-aws: DNE
artful_linux-aws: DNE
bionic_linux-aws: not-affected (4.15.0-1001.1)
devel_linux-aws: not-affected (4.15.0-1001.1)

Patches_linux-hwe:
upstream_linux-hwe: released (4.10~rc8)
precise_linux-hwe: DNE
precise/esm_linux-hwe: DNE
trusty_linux-hwe: DNE
trusty/esm_linux-hwe: DNE
vivid/ubuntu-core_linux-hwe: DNE
vivid/stable-phone-overlay_linux-hwe: DNE
xenial_linux-hwe: released (4.10.0-27.30~16.04.2)
esm-infra/xenial_linux-hwe: released (4.10.0-27.30~16.04.2)
yakkety_linux-hwe: DNE
zesty_linux-hwe: DNE
artful_linux-hwe: DNE
bionic_linux-hwe: not-affected
devel_linux-hwe: DNE

Patches_linux-hwe-edge:
upstream_linux-hwe-edge: released (4.10~rc8)
precise_linux-hwe-edge: DNE
precise/esm_linux-hwe-edge: DNE
trusty_linux-hwe-edge: DNE
trusty/esm_linux-hwe-edge: DNE
vivid/ubuntu-core_linux-hwe-edge: DNE
vivid/stable-phone-overlay_linux-hwe-edge: DNE
xenial_linux-hwe-edge: released (4.10.0-27.30~16.04.2)
esm-infra/xenial_linux-hwe-edge: released (4.10.0-27.30~16.04.2)
yakkety_linux-hwe-edge: DNE
zesty_linux-hwe-edge: DNE
artful_linux-hwe-edge: DNE
bionic_linux-hwe-edge: released (4.18.0-8.9~18.04.1)
devel_linux-hwe-edge: DNE

Patches_linux-gke:
upstream_linux-gke: released (4.10~rc8)
precise_linux-gke: DNE
precise/esm_linux-gke: DNE
trusty_linux-gke: DNE
trusty/esm_linux-gke: DNE
vivid/ubuntu-core_linux-gke: DNE
vivid/stable-phone-overlay_linux-gke: DNE
xenial_linux-gke: released (4.4.0-1012.12)
yakkety_linux-gke: DNE
zesty_linux-gke: DNE
artful_linux-gke: DNE
bionic_linux-gke: DNE
devel_linux-gke: DNE

Patches_linux-azure:
upstream_linux-azure: released (4.10~rc8)
precise/esm_linux-azure: DNE
trusty_linux-azure: not-affected (4.15.0-1023.24~14.04.1)
trusty/esm_linux-azure: not-affected (4.15.0-1023.24~14.04.1)
vivid/ubuntu-core_linux-azure: DNE
vivid/stable-phone-overlay_linux-azure: DNE
xenial_linux-azure: not-affected (4.11.0-1009.9)
esm-infra/xenial_linux-azure: not-affected (4.11.0-1009.9)
yakkety_linux-azure: DNE
zesty_linux-azure: DNE
artful_linux-azure: DNE
bionic_linux-azure: not-affected (4.15.0-1002.2)
devel_linux-azure: not-affected (4.15.0-1002.2)


Patches_linux-gcp:
upstream_linux-gcp: released (4.10~rc8)
precise/esm_linux-gcp: DNE
trusty_linux-gcp: DNE
trusty/esm_linux-gcp: DNE
vivid/ubuntu-core_linux-gcp: DNE
xenial_linux-gcp: not-affected (4.10.0-1004.4)
esm-infra/xenial_linux-gcp: not-affected (4.10.0-1004.4)
yakkety_linux-gcp: DNE
zesty_linux-gcp: DNE
artful_linux-gcp: DNE
bionic_linux-gcp: not-affected (4.15.0-1001.1)
devel_linux-gcp: not-affected (4.15.0-1001.1)

Patches_linux-kvm:
upstream_linux-kvm: released (4.10~rc8)
precise/esm_linux-kvm: DNE
trusty_linux-kvm: DNE
trusty/esm_linux-kvm: DNE
vivid/ubuntu-core_linux-kvm: DNE
xenial_linux-kvm: not-affected (4.4.0-1004.9)
esm-infra/xenial_linux-kvm: not-affected (4.4.0-1004.9)
zesty_linux-kvm: DNE
artful_linux-kvm: DNE
bionic_linux-kvm: not-affected (4.15.0-1002.2)
devel_linux-kvm: not-affected (4.15.0-1002.2)

Patches_linux-euclid:
upstream_linux-euclid: released (4.10~rc8)
precise/esm_linux-euclid: DNE
trusty_linux-euclid: DNE
trusty/esm_linux-euclid: DNE
vivid/ubuntu-core_linux-euclid: DNE
xenial_linux-euclid: ignored (was needed ESM criteria)
zesty_linux-euclid: DNE
artful_linux-euclid: DNE
bionic_linux-euclid: DNE
devel_linux-euclid: DNE

Patches_linux-oem:
upstream_linux-oem: released (4.10~rc8)
precise/esm_linux-oem: DNE
trusty_linux-oem: DNE
trusty/esm_linux-oem: DNE
xenial_linux-oem: not-affected (4.13.0-1008.9)
zesty_linux-oem: DNE
artful_linux-oem: DNE
bionic_linux-oem: not-affected (4.15.0-1002.3)
devel_linux-oem: not-affected (4.15.0-1002.3)