CVE-2018-17977 in Ubuntu

CVE-2018-17977

Priority

Description

The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink
messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local
users to cause a denial of service (memory consumption and system hang) by
leveraging root access to execute crafted applications, as demonstrated on
CentOS 7.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17977
https://www.openwall.com/lists/oss-security/2018/10/05/5
https://bugzilla.suse.com/show_bug.cgi?id=1111609

Notes

sbeattie> reporter's detailed descriptions were in google drive
documents which have been made unavailable.

Package

Source: linux (LP Ubuntu Debian)

Upstream:	deferred (2018-10-29)
Ubuntu 12.04 ESM (Precise Pangolin):	ignored (was needs-triage ESM criteria)
Ubuntu 14.04 ESM (Trusty Tahr):	deferred (2018-10-29)
Ubuntu 16.04 LTS (Xenial Xerus):	deferred (2018-10-29)
Ubuntu 18.04 LTS (Bionic Beaver):	deferred (2018-10-29)
Ubuntu 18.10 (Cosmic Cuttlefish):	ignored (reached end-of-life)
Ubuntu 19.04 (Disco Dingo):	deferred (2018-10-29)
Ubuntu 19.10 (Eoan):	deferred (2018-10-29)

Package

Source: linux-aws (LP Ubuntu Debian)

Upstream:	deferred (2018-10-29)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	deferred (2018-10-29)
Ubuntu 16.04 LTS (Xenial Xerus):	deferred (2018-10-29)
Ubuntu 18.04 LTS (Bionic Beaver):	deferred (2018-10-29)
Ubuntu 18.10 (Cosmic Cuttlefish):	ignored (reached end-of-life)
Ubuntu 19.04 (Disco Dingo):	deferred (2018-10-29)
Ubuntu 19.10 (Eoan):	deferred (2018-10-29)

Package

Source: linux-aws-hwe (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	deferred
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE
Ubuntu 19.10 (Eoan):	DNE

Package

Source: linux-azure (LP Ubuntu Debian)

Upstream:	deferred (2018-10-29)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	deferred (2018-10-29)
Ubuntu 16.04 LTS (Xenial Xerus):	deferred (2018-10-29)
Ubuntu 18.04 LTS (Bionic Beaver):	deferred (2018-10-29)
Ubuntu 18.10 (Cosmic Cuttlefish):	ignored (reached end-of-life)
Ubuntu 19.04 (Disco Dingo):	deferred (2018-10-29)
Ubuntu 19.10 (Eoan):	deferred (2018-10-29)

Package

Source: linux-azure-edge (LP Ubuntu Debian)

Upstream:	deferred (2018-10-29)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	deferred (2018-10-29)
Ubuntu 18.04 LTS (Bionic Beaver):	deferred (2018-10-29)
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE
Ubuntu 19.10 (Eoan):	DNE

Package

Source: linux-euclid (LP Ubuntu Debian)

Upstream:	deferred (2018-10-29)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (was needs-triage ESM criteria)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE
Ubuntu 19.10 (Eoan):	DNE

Package

Source: linux-flo (LP Ubuntu Debian)

Upstream:	deferred (2018-10-29)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE
Ubuntu 19.10 (Eoan):	DNE

Package

Source: linux-gcp (LP Ubuntu Debian)

Upstream:	deferred (2018-10-29)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	deferred (2018-10-29)
Ubuntu 18.04 LTS (Bionic Beaver):	deferred (2018-10-29)
Ubuntu 18.10 (Cosmic Cuttlefish):	ignored (reached end-of-life)
Ubuntu 19.04 (Disco Dingo):	deferred (2018-10-29)
Ubuntu 19.10 (Eoan):	deferred (2018-10-29)

Package

Source: linux-gcp-edge (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	deferred
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE
Ubuntu 19.10 (Eoan):	DNE

Package

Source: linux-gke (LP Ubuntu Debian)

Upstream:	deferred (2018-10-29)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE
Ubuntu 19.10 (Eoan):	DNE

Package

Source: linux-goldfish (LP Ubuntu Debian)

Upstream:	deferred (2018-10-29)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE
Ubuntu 19.10 (Eoan):	DNE

Package

Source: linux-grouper (LP Ubuntu Debian)

Upstream:	deferred (2018-10-29)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE
Ubuntu 19.10 (Eoan):	DNE

Package

Source: linux-hwe (LP Ubuntu Debian)

Upstream:	deferred (2018-10-29)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	deferred (2018-10-29)
Ubuntu 18.04 LTS (Bionic Beaver):	deferred
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE
Ubuntu 19.10 (Eoan):	DNE

Package

Source: linux-hwe-edge (LP Ubuntu Debian)

Upstream:	deferred (2018-10-29)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	deferred (2018-10-29)
Ubuntu 18.04 LTS (Bionic Beaver):	deferred (2018-10-29)
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE
Ubuntu 19.10 (Eoan):	DNE

Package

Source: linux-kvm (LP Ubuntu Debian)

Upstream:	deferred (2018-10-29)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	deferred (2018-10-29)
Ubuntu 18.04 LTS (Bionic Beaver):	deferred (2018-10-29)
Ubuntu 18.10 (Cosmic Cuttlefish):	ignored (reached end-of-life)
Ubuntu 19.04 (Disco Dingo):	deferred (2018-10-29)
Ubuntu 19.10 (Eoan):	deferred (2018-10-29)

Package

Source: linux-lts-trusty (LP Ubuntu Debian)

Upstream:	deferred (2018-10-29)
Ubuntu 12.04 ESM (Precise Pangolin):	ignored (was needs-triage ESM criteria)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE
Ubuntu 19.10 (Eoan):	DNE

Package

Source: linux-lts-utopic (LP Ubuntu Debian)

Upstream:	deferred (2018-10-29)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [end-of-life])
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE
Ubuntu 19.10 (Eoan):	DNE

Package

Source: linux-lts-vivid (LP Ubuntu Debian)

Upstream:	deferred (2018-10-29)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [end-of-life])
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE
Ubuntu 19.10 (Eoan):	DNE

Package

Source: linux-lts-wily (LP Ubuntu Debian)

Upstream:	deferred (2018-10-29)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [end-of-life])
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE
Ubuntu 19.10 (Eoan):	DNE

Package

Source: linux-lts-xenial (LP Ubuntu Debian)

Upstream:	deferred (2018-10-29)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	deferred (2018-10-29)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE
Ubuntu 19.10 (Eoan):	DNE

Package

Source: linux-maguro (LP Ubuntu Debian)

Upstream:	deferred (2018-10-29)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE
Ubuntu 19.10 (Eoan):	DNE

Package

Source: linux-mako (LP Ubuntu Debian)

Upstream:	deferred (2018-10-29)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE
Ubuntu 19.10 (Eoan):	DNE

Package

Source: linux-manta (LP Ubuntu Debian)

Upstream:	deferred (2018-10-29)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE
Ubuntu 19.10 (Eoan):	DNE

Package

Source: linux-oem (LP Ubuntu Debian)

Upstream:	deferred (2018-10-29)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (was needs-triage now end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):	deferred (2018-10-29)
Ubuntu 18.10 (Cosmic Cuttlefish):	ignored (reached end-of-life)
Ubuntu 19.04 (Disco Dingo):	deferred (2018-10-29)
Ubuntu 19.10 (Eoan):	deferred (2018-10-29)

Package

Source: linux-oracle (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	deferred
Ubuntu 18.04 LTS (Bionic Beaver):	deferred
Ubuntu 18.10 (Cosmic Cuttlefish):	ignored (reached end-of-life)
Ubuntu 19.04 (Disco Dingo):	deferred
Ubuntu 19.10 (Eoan):	deferred

Package

Source: linux-raspi2 (LP Ubuntu Debian)

Upstream:	deferred (2018-10-29)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	deferred (2018-10-29)
Ubuntu 18.04 LTS (Bionic Beaver):	deferred (2018-10-29)
Ubuntu 18.10 (Cosmic Cuttlefish):	ignored (reached end-of-life)
Ubuntu 19.04 (Disco Dingo):	deferred (2018-10-29)
Ubuntu 19.10 (Eoan):	deferred (2018-10-29)

Package

Source: linux-snapdragon (LP Ubuntu Debian)

Upstream:	deferred (2018-10-29)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	deferred (2018-10-29)
Ubuntu 18.04 LTS (Bionic Beaver):	deferred (2018-10-29)
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	needs-triage
Ubuntu 19.10 (Eoan):	needs-triage

More Information

Updated: 2019-07-18 17:32:35 UTC (commit 649f8c6455205380e35ed054e9ea734222c716bb)