CVE-2017-9242 in Ubuntu

CVE-2017-9242

Priority

Medium

Description

The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls.

Ubuntu-Description

It was discovered that the IPv6 stack in the Linux kernel was performing
its over write consistency check after the data was actually overwritten. A
local attacker could exploit this flaw to cause a denial of service (system
crash).

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
https://git.kernel.org/linus/232cd35d0804cc241eb887bb8d4d9b3b9881c64a
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=232cd35d0804cc241eb887bb8d4d9b3b9881c64a
https://github.com/torvalds/linux/commit/232cd35d0804cc241eb887bb8d4d9b3b9881c64a
https://patchwork.ozlabs.org/patch/764880/
http://www.ubuntu.com/usn/usn-3342-1
http://www.ubuntu.com/usn/usn-3343-1
http://www.ubuntu.com/usn/usn-3344-1
http://www.ubuntu.com/usn/usn-3344-2
http://www.ubuntu.com/usn/usn-3345-1
http://www.ubuntu.com/usn/usn-3343-2
http://www.ubuntu.com/usn/usn-3342-2

Package

Source: linux-lts-trusty (LP Ubuntu Debian)

Upstream:	released (4.12~rc3)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	released (3.13.0-123.172~precise1)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-lts-wily (LP Ubuntu Debian)

Upstream:	released (4.12~rc3)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (end-of-life)
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-kvm (LP Ubuntu Debian)

Upstream:	released (4.12~rc3)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected (4.4.0-1004.9)
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source tree: https://github.com/bq/aquaris-E5

linux-vegetahd:

needed

Package

Source: linux-lts-quantal (LP Ubuntu Debian)

Upstream:	released (4.12~rc3)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	ignored (end-of-life)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Patches:

Package

Source: linux-gke (LP Ubuntu Debian)

Upstream:	released (4.12~rc3)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-1018.18)
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux (LP Ubuntu Debian)

Upstream:	released (4.12~rc3)
Ubuntu 17.10 (Artful Aardvark):	not-affected (4.10.0-26.30)
Ubuntu 12.04 ESM (Precise Pangolin):	ignored (was needed ESM criteria)
Ubuntu 14.04 LTS (Trusty Tahr):	released (3.13.0-123.172)
Ubuntu Core 15.04:	ignored (was needed ESM criteria)
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-83.106)
Ubuntu 17.04 (Zesty Zapus):	released (4.10.0-26.30)

Patches:

Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Fixed by 232cd35d0804cc241eb887bb8d4d9b3b9881c64a

Package

Source: linux-ti-omap4 (LP Ubuntu Debian)

Upstream:	released (4.12~rc3)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-lts-raring (LP Ubuntu Debian)

Upstream:	released (4.12~rc3)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	ignored (end-of-life)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-armadaxp (LP Ubuntu Debian)

Upstream:	released (4.12~rc3)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-linaro-shared (LP Ubuntu Debian)

Upstream:	released (4.12~rc3)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-maguro (LP Ubuntu Debian)

Upstream:	released (4.12~rc3)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (abandoned)
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-lts-xenial (LP Ubuntu Debian)

Upstream:	released (4.12~rc3)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	released (4.4.0-83.106~14.04.1)
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-lts-saucy (LP Ubuntu Debian)

Upstream:	released (4.12~rc3)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	ignored (end-of-life)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-gcp (LP Ubuntu Debian)

Upstream:	released (4.12~rc3)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected (4.10.0-1004.4)
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-hwe-edge (LP Ubuntu Debian)

Upstream:	released (4.12~rc3)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.10.0-26.30~16.04.1)
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-manta (LP Ubuntu Debian)

Upstream:	released (4.12~rc3)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (abandoned)
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-azure (LP Ubuntu Debian)

Upstream:	released (4.12~rc3)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected (4.11.0-1009.9)
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-grouper (LP Ubuntu Debian)

Upstream:	released (4.12~rc3)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (abandoned)
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-linaro-vexpress (LP Ubuntu Debian)

Upstream:	released (4.12~rc3)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-qcm-msm (LP Ubuntu Debian)

Upstream:	released (4.12~rc3)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-lts-vivid (LP Ubuntu Debian)

Upstream:	released (4.12~rc3)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (was needed now end-of-life)
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-aws (LP Ubuntu Debian)

Upstream:	released (4.12~rc3)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	pending (4.4.0-1001.1)
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-1022.31)
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-raspi2 (LP Ubuntu Debian)

Upstream:	released (4.12~rc3)
Ubuntu 17.10 (Artful Aardvark):	not-affected (4.10.0-1010.13)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	ignored (end-of-life)
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-1061.69)
Ubuntu 17.04 (Zesty Zapus):	released (4.10.0-1010.13)

Package

Source: linux-snapdragon (LP Ubuntu Debian)

Upstream:	released (4.12~rc3)
Ubuntu 17.10 (Artful Aardvark):	not-affected (4.4.0-1063.68)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-1063.68)
Ubuntu 17.04 (Zesty Zapus):	released (4.4.0-1063.68)

Package

Source: linux-mako (LP Ubuntu Debian)

Upstream:	released (4.12~rc3)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (abandoned)
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (abandoned)
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-linaro-omap (LP Ubuntu Debian)

Upstream:	released (4.12~rc3)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-euclid (LP Ubuntu Debian)

Upstream:	released (4.12~rc3)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-lts-utopic (LP Ubuntu Debian)

Upstream:	released (4.12~rc3)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (end-of-life)
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-goldfish (LP Ubuntu Debian)

Upstream:	released (4.12~rc3)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (abandoned)
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	needed
Ubuntu 17.04 (Zesty Zapus):	needed

Package

Source: linux-hwe (LP Ubuntu Debian)

Upstream:	released (4.12~rc3)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.8.0-58.63~16.04.1)
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source tree: https://github.com/bq/aquaris-E4.5

linux-krillin:

needed

Package

Source: linux-flo (LP Ubuntu Debian)

Upstream:	released (4.12~rc3)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (abandoned)
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (abandoned)
Ubuntu 17.04 (Zesty Zapus):	DNE

More Information

Updated: 2017-09-13 23:14:39 UTC (commit 13316)