CVE-2017-16995: Ubuntu Server Local Escalation Vulnerability
The latest version of Ubuntu Server was revealed to have a local privilege escalation vulnerability. This vulnerability (CVE-2017-16995) has been fixed in previous versions, but it has reappeared in the latest version. The attacker can directly gain root privileges through this vulnerability.
PriorityHighDescriptionThe check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension.Ubuntu-DescriptionJann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
$ sudo sysctl kernel.unprivileged_bpf_disabled=1
$ echo kernel.unprivileged_bpf_disabled=1 | \
sudo tee /etc/sysctl.d/90-CVE-2017-16995-CVE-2017-16996.conf