UBUNTU-CVE-2017-10663

Details

The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel before 4.12.4 does not validate the blkoff and segno arrays, which allows local users to gain privileges via unspecified vectors.

Affected Packages(144 packages)

linux

Ubuntu 22.04 LTS

Fixed in:

5.13.0-19.19

linux

Ubuntu 20.04 LTS

Affected versions:

5.3.0-18.195.3.0-24.26

Fixed in:

5.4.0-9.12

linux

Ubuntu 24.04 LTS

Fixed in:

6.5.0-9.9

linux

Ubuntu 24.10

Fixed in:

6.8.0-31.31

linux

Ubuntu 16.04 LTS

Affected versions:

4.2.0-16.194.2.0-17.214.2.0-19.234.3.0-1.104.3.0-2.114.3.0-5.164.3.0-6.174.3.0-7.184.4.0-10.254.4.0-11.26+50 more

Fixed in:

4.4.0-96.119

linux

Ubuntu 14.04 LTS

Affected versions:

3.11.0-12.193.12.0-1.33.12.0-2.53.12.0-2.73.12.0-3.83.12.0-3.93.12.0-4.103.12.0-4.123.12.0-5.133.12.0-7.15+112 more

Fixed in:

3.13.0-135.184

linux

Ubuntu 18.04 LTS

Fixed in:

4.13.0-16.19

linux-aws

Ubuntu 22.04 LTS

Fixed in:

5.13.0-1005.6

linux-aws

Ubuntu 14.04 LTS

Fixed in:

4.4.0-1002.2

linux-aws

Ubuntu 16.04 LTS

Affected versions:

4.4.0-1001.104.4.0-1003.124.4.0-1004.134.4.0-1007.164.4.0-1009.184.4.0-1011.204.4.0-1012.214.4.0-1013.224.4.0-1016.254.4.0-1017.26+8 more

Fixed in:

4.4.0-1035.44

References

REPORThttp://blog.trendmicro.com/trendlabs-security-intelligence/vulnerability-f2fs-file-system-leads-memory-corruption-android-linux/REPORThttps://ubuntu.com/security/CVE-2017-10663 REPORThttps://ubuntu.com/security/notices/USN-3420-1 REPORThttps://ubuntu.com/security/notices/USN-3420-2 REPORThttps://ubuntu.com/security/notices/USN-3468-1 REPORThttps://ubuntu.com/security/notices/USN-3468-2 REPORThttps://ubuntu.com/security/notices/USN-3468-3 REPORThttps://ubuntu.com/security/notices/USN-3470-1 REPORThttps://ubuntu.com/security/notices/USN-3470-2 REPORThttps://www.cve.org/CVERecord?id=CVE-2017-10663

UBUNTU-CVE-2017-10663

Details

Affected Packages(144 packages)

References

CVSS Analysis

Related

Ecosystems(28)

Timeline