CVE-2017-17448 in Ubuntu

CVE-2017-17448

Priority

Description

net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does
not require the CAP_NET_ADMIN capability for new, get, and del operations,
which allows local users to bypass intended access restrictions because the
nfnl_cthelper_list data structure is shared across all net namespaces.

Ubuntu-Description

It was discovered that the netfilter component of the Linux did not
properly restrict access to the connection tracking helpers list. A local
attacker could use this to bypass intended access restrictions.

References

Notes

Package

Source: linux (LP Ubuntu Debian)

Upstream:	released (4.15~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	not-affected
Ubuntu 14.04 ESM (Trusty Tahr):	released (3.13.0-144.193)
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-119.143)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (4.15.0-10.11)

Patches:

Introduced by

12f7a505331e6b2754684b509f2ac8f0011ce644

Fixed by

4b380c42f7d00a395feede754f0bc2292eebe6e5

Package

Source: linux-armadaxp (LP Ubuntu Debian)

Upstream:	released (4.15~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

This package is not directly supported by the Ubuntu Security Team

Package

Source: linux-aws (LP Ubuntu Debian)

Upstream:	released (4.15~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	released (4.4.0-1016.16)
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-1054.63)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (4.15.0-1001.1)

Package

Source: linux-azure (LP Ubuntu Debian)

Upstream:	released (4.15~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	not-affected (4.15.0-1023.24~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.13.0-1014.17)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (4.15.0-1002.2)

Package

Source: linux-euclid (LP Ubuntu Debian)

Upstream:	released (4.15~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (was needed ESM criteria)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-flo (LP Ubuntu Debian)

Upstream:	released (4.15~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-gcp (LP Ubuntu Debian)

Upstream:	released (4.15~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.13.0-1012.16)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (4.15.0-1001.1)

Package

Source: linux-gke (LP Ubuntu Debian)

Upstream:	released (4.15~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (was needed now end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-goldfish (LP Ubuntu Debian)

Upstream:	released (4.15~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-grouper (LP Ubuntu Debian)

Upstream:	released (4.15~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-hwe (LP Ubuntu Debian)

Upstream:	released (4.15~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.13.0-38.43~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected

Package

Source: linux-hwe-edge (LP Ubuntu Debian)

Upstream:	released (4.15~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.13.0-38.43~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):	released (4.18.0-8.9~18.04.1)

Product

Source tree: https://github.com/bq/aquaris-E4.5

linux-krillin:

not-affected

Package

Source: linux-kvm (LP Ubuntu Debian)

Upstream:	released (4.15~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-1020.25)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (4.15.0-1002.2)

Package

Source: linux-linaro-omap (LP Ubuntu Debian)

Upstream:	released (4.15~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-linaro-shared (LP Ubuntu Debian)

Upstream:	released (4.15~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-linaro-vexpress (LP Ubuntu Debian)

Upstream:	released (4.15~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-lts-quantal (LP Ubuntu Debian)

Upstream:	released (4.15~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	ignored (end-of-life)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Patches:

This package is not directly supported by the Ubuntu Security Team

Package

Source: linux-lts-raring (LP Ubuntu Debian)

Upstream:	released (4.15~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	ignored (end-of-life)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-lts-saucy (LP Ubuntu Debian)

Upstream:	released (4.15~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	ignored (end-of-life)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

This package is not directly supported by the Ubuntu Security Team

Package

Source: linux-lts-trusty (LP Ubuntu Debian)

Upstream:	released (4.15~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	released (3.13.0-144.193~precise1)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-lts-utopic (LP Ubuntu Debian)

Upstream:	released (4.15~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [out of standard support])
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-lts-vivid (LP Ubuntu Debian)

Upstream:	released (4.15~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [was needs-triage now end-of-life])
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-lts-wily (LP Ubuntu Debian)

Upstream:	released (4.15~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [out of standard support])
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-lts-xenial (LP Ubuntu Debian)

Upstream:	released (4.15~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	released (4.4.0-119.143~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-maguro (LP Ubuntu Debian)

Upstream:	released (4.15~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-mako (LP Ubuntu Debian)

Upstream:	released (4.15~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-manta (LP Ubuntu Debian)

Upstream:	released (4.15~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-oem (LP Ubuntu Debian)

Upstream:	released (4.15~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.13.0-1022.24)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (4.15.0-1002.3)

Package

Source: linux-qcm-msm (LP Ubuntu Debian)

Upstream:	released (4.15~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-raspi2 (LP Ubuntu Debian)

Upstream:	released (4.15~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-1086.94)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (4.15.0-1006.7)

Package

Source: linux-snapdragon (LP Ubuntu Debian)

Upstream:	released (4.15~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-1088.93)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected

Package

Source: linux-ti-omap4 (LP Ubuntu Debian)

Upstream:	released (4.15~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Product

Source tree: https://github.com/bq/aquaris-E5

linux-vegetahd:

not-affected

More Information

Updated: 2019-12-05 18:48:30 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)