Based on security announcements released by Canonical, this vulnerability was discovered on the basis of a recently exposed Specter CPU vulnerability that could allow a local attacker to execute arbitrary code or cause a denial of service attack (DoS attack).
The details are below:
- Ubuntu Security Notice USN-3548-1
linux vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 17.10
Summary
The system could be made to crash or run programs as an administrator.Software description
linux – Linux kernelDetails
Jay Vosburgh discovered a logic error in the x86-64 syscall entry implementation in the Linux kernel, introduced as part of the mitigations for the Spectre vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.- Ubuntu Security Notice USN-3548-2
linux-hwe, linux-azure, linux-gcp, linux-oem vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 16.04 LTS
Summary
The system could be made to crash or run programs as an administrator.Software description
linux-azure – Linux kernel for Microsoft Azure Cloud systems
linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems
linux-hwe – Linux hardware enablement (HWE) kernel
linux-oem – Linux kernel for OEM processorsDetails
USN-3548-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10.
This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS.Jay Vosburgh discovered a logic error in the x86-64 syscall entry implementation in the Linux kernel, introduced as part of the mitigations for the Spectre vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Canonical recommends that all Ubuntu 17.10 (Artful Aardvark) users install linux-image-4.13.0-32-generic 4.13.0-32.35 or linux-image-4.13.0-32-lowlatency 4.13.0-32.35 kernel images as soon as possible.
