CVE 2017-7979
The cookie feature in the packet action API implementation in net/sched/act_api.c in the Linux kernel 4.11.x through 4.11-rc7 mishandles the tb nlattr array, which allows local users to cause a denial of service (uninitialized memory access and refcount underflow, and system hang or crash) or possibly have unspecified other impact via "tc filter add" commands in certain contexts. NOTE: this does not affect stable kernels, such as 4.10.x, from kernel.org.
Related bugs and status
CVE-2017-7979 (Candidate) is related to these bugs:
Bug #1664312: Update ENA driver to 1.1.2 from net-next
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1664312 | Update ENA driver to 1.1.2 from net-next | linux-aws (Ubuntu) | Undecided | Fix Released | ||
| 1664312 | Update ENA driver to 1.1.2 from net-next | linux-aws (Ubuntu Xenial) | Undecided | Fix Released | ||
| 1664312 | Update ENA driver to 1.1.2 from net-next | linux (Ubuntu) | Undecided | Fix Released | ||
| 1664312 | Update ENA driver to 1.1.2 from net-next | linux (Ubuntu Xenial) | Undecided | Fix Released | ||
| 1664312 | Update ENA driver to 1.1.2 from net-next | linux (Ubuntu Trusty) | Undecided | Fix Released | ||
| 1664312 | Update ENA driver to 1.1.2 from net-next | linux (Ubuntu Yakkety) | Undecided | Fix Released | ||
| 1664312 | Update ENA driver to 1.1.2 from net-next | linux (Ubuntu Zesty) | Undecided | Fix Released | ||
Bug #1674838: kernel BUG at /build/linux-7LGLH_/linux-4.10.0/include/linux/swapops.h:129
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1674838 | kernel BUG at /build/linux-7LGLH_/linux-4.10.0/include/linux/swapops.h:129 | linux (Ubuntu) | High | Fix Released | ||
| 1674838 | kernel BUG at /build/linux-7LGLH_/linux-4.10.0/include/linux/swapops.h:129 | linux (Ubuntu Zesty) | High | Fix Released | ||
| 1674838 | kernel BUG at /build/linux-7LGLH_/linux-4.10.0/include/linux/swapops.h:129 | linux-hwe-edge (Ubuntu) | Undecided | Fix Released | ||
| 1674838 | kernel BUG at /build/linux-7LGLH_/linux-4.10.0/include/linux/swapops.h:129 | linux-hwe-edge (Ubuntu Zesty) | Undecided | Fix Released | ||
| 1674838 | kernel BUG at /build/linux-7LGLH_/linux-4.10.0/include/linux/swapops.h:129 | The Ubuntu-power-systems project | Undecided | Fix Released | ||
Bug #1677297: [Zesty] d-i: replace msm_emac with qcom_emac
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1677297 | [Zesty] d-i: replace msm_emac with qcom_emac | linux (Ubuntu) | Critical | Fix Released | ||
| 1677297 | [Zesty] d-i: replace msm_emac with qcom_emac | linux (Ubuntu Zesty) | Critical | Fix Released | ||
| 1677297 | [Zesty] d-i: replace msm_emac with qcom_emac | debian-installer (Ubuntu) | Undecided | New | ||
| 1677297 | [Zesty] d-i: replace msm_emac with qcom_emac | debian-installer (Ubuntu Zesty) | Undecided | New | ||
Bug #1677319: Support low-pin-count devices on Hisilicon SoCs
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1677319 | Support low-pin-count devices on Hisilicon SoCs | linux (Ubuntu) | High | Fix Released | ||
| 1677319 | Support low-pin-count devices on Hisilicon SoCs | linux (Ubuntu Zesty) | High | Fix Released | ||
| 1677319 | Support low-pin-count devices on Hisilicon SoCs | linux (Ubuntu Bionic) | High | Fix Released | ||
| 1677319 | Support low-pin-count devices on Hisilicon SoCs | linux (Ubuntu Artful) | Undecided | Fix Released | ||
Bug #1678184: APST quirk needed for Samsung 512GB NVMe drive
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1678184 | APST quirk needed for Samsung 512GB NVMe drive | linux (Ubuntu) | Medium | Fix Released | ||
| 1678184 | APST quirk needed for Samsung 512GB NVMe drive | linux (Ubuntu Zesty) | Medium | Fix Released | ||
| 1678184 | APST quirk needed for Samsung 512GB NVMe drive | linux (Ubuntu Yakkety) | Medium | Fix Released | ||
Bug #1682368: refcount underflow / kernel NULL dereference after attempting to add basic tc filter
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1682368 | refcount underflow / kernel NULL dereference after attempting to add basic tc filter | linux (Ubuntu) | Medium | Fix Released | ||
| 1682368 | refcount underflow / kernel NULL dereference after attempting to add basic tc filter | linux (Ubuntu Zesty) | Medium | Fix Released | ||
Bug #1686519: POWER9: CAPI2 enablement
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1686519 | POWER9: CAPI2 enablement | linux (Ubuntu) | Undecided | Fix Released | ||
| 1686519 | POWER9: CAPI2 enablement | The Ubuntu-power-systems project | Undecided | Fix Released | ||
| 1686519 | POWER9: CAPI2 enablement | linux (Ubuntu Zesty) | Undecided | Fix Released | ||
Bug #1687045: Zesty update to 4.10.12 stable release
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1687045 | Zesty update to 4.10.12 stable release | linux (Ubuntu) | Undecided | Fix Released | ||
| 1687045 | Zesty update to 4.10.12 stable release | linux (Ubuntu Zesty) | Undecided | Fix Released | ||
Bug #1688114: arm64/ACPI support for SBSA watchdog
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1688114 | arm64/ACPI support for SBSA watchdog | linux (Ubuntu) | High | Fix Released | ||
| 1688114 | arm64/ACPI support for SBSA watchdog | linux (Ubuntu Zesty) | High | Fix Released | ||
Bug #1688132: Support IPMI system interface on Cavium ThunderX
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1688132 | Support IPMI system interface on Cavium ThunderX | linux (Ubuntu) | High | Fix Released | ||
| 1688132 | Support IPMI system interface on Cavium ThunderX | linux (Ubuntu Zesty) | High | Fix Released | ||
| 1688132 | Support IPMI system interface on Cavium ThunderX | linux (Ubuntu Yakkety) | High | Fix Released | ||
| 1688132 | Support IPMI system interface on Cavium ThunderX | linux (Ubuntu Xenial) | High | Fix Released | ||
Bug #1688164: arm64: Add CNTFRQ_EL0 handler
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1688164 | arm64: Add CNTFRQ_EL0 handler | linux (Ubuntu) | High | Fix Released | ||
| 1688164 | arm64: Add CNTFRQ_EL0 handler | linux (Ubuntu Zesty) | High | Fix Released | ||
Bug #1688259: kernel-wedge fails in artful due to leftover squashfs-modules d-i files
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1688259 | kernel-wedge fails in artful due to leftover squashfs-modules d-i files | linux (Ubuntu) | High | Fix Released | ||
| 1688259 | kernel-wedge fails in artful due to leftover squashfs-modules d-i files | linux (Ubuntu Artful) | High | Fix Released | ||
| 1688259 | kernel-wedge fails in artful due to leftover squashfs-modules d-i files | linux (Ubuntu Zesty) | High | Fix Released | ||
Bug #1688485: Zesty update to 4.10.13 stable release
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1688485 | Zesty update to 4.10.13 stable release | linux (Ubuntu) | Undecided | Fix Released | ||
| 1688485 | Zesty update to 4.10.13 stable release | linux (Ubuntu Zesty) | Medium | Fix Released | ||
Bug #1688499: Zesty update to 4.10.14 stable release
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1688499 | Zesty update to 4.10.14 stable release | linux (Ubuntu) | Undecided | Fix Released | ||
| 1688499 | Zesty update to 4.10.14 stable release | linux (Ubuntu Zesty) | Medium | Fix Released | ||
Bug #1689258: Zesty update to 4.10.15 stable release
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1689258 | Zesty update to 4.10.15 stable release | linux (Ubuntu) | Undecided | Fix Released | ||
| 1689258 | Zesty update to 4.10.15 stable release | linux (Ubuntu Zesty) | Undecided | Fix Released | ||
Bug #1689661: No PMU support for ACPI-based arm64 systems
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1689661 | No PMU support for ACPI-based arm64 systems | linux (Ubuntu) | High | Fix Released | ||
| 1689661 | No PMU support for ACPI-based arm64 systems | linux (Ubuntu Zesty) | High | Fix Released | ||
Bug #1689818: tty: pl011: fix earlycon work-around for QDF2400 erratum 44
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1689818 | tty: pl011: fix earlycon work-around for QDF2400 erratum 44 | linux (Ubuntu) | High | Fix Released | ||
Bug #1689856: perf: qcom: Add L3 cache PMU driver
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1689856 | perf: qcom: Add L3 cache PMU driver | linux (Ubuntu) | High | Fix Released | ||
| 1689856 | perf: qcom: Add L3 cache PMU driver | linux (Ubuntu Zesty) | High | Fix Released | ||
Bug #1689886: [SRU][Zesty]QDF2400 kernel oops on ipmitool fru write 0 fru.bin
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1689886 | [SRU][Zesty]QDF2400 kernel oops on ipmitool fru write 0 fru.bin | linux (Ubuntu) | High | Fix Released | ||
Bug #1690155: Fix NVLINK2 TCE route
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1690155 | Fix NVLINK2 TCE route | linux (Ubuntu) | Medium | Fix Released | ||
| 1690155 | Fix NVLINK2 TCE route | The Ubuntu-power-systems project | Undecided | Fix Released | ||
| 1690155 | Fix NVLINK2 TCE route | linux (Ubuntu Artful) | Medium | Fix Released | ||
| 1690155 | Fix NVLINK2 TCE route | linux (Ubuntu Zesty) | Undecided | Fix Released | ||
Bug #1691146: linux: 4.10.0-22.24 -proposed tracker
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1691146 | linux: 4.10.0-22.24 -proposed tracker | linux (Ubuntu) | Undecided | Fix Released | ||
| 1691146 | linux: 4.10.0-22.24 -proposed tracker | Kernel SRU Workflow | Medium | Fix Released | ||
| 1691146 | linux: 4.10.0-22.24 -proposed tracker | Kernel SRU Workflow automated-testing | Medium | Fix Released | ||
| 1691146 | linux: 4.10.0-22.24 -proposed tracker | Kernel SRU Workflow certification-testing | Medium | Fix Released | ||
| 1691146 | linux: 4.10.0-22.24 -proposed tracker | Kernel SRU Workflow prepare-package | Medium | Fix Released | ||
| 1691146 | linux: 4.10.0-22.24 -proposed tracker | Kernel SRU Workflow prepare-package-meta | Medium | Fix Released | ||
| 1691146 | linux: 4.10.0-22.24 -proposed tracker | Kernel SRU Workflow prepare-package-signed | Medium | Fix Released | ||
| 1691146 | linux: 4.10.0-22.24 -proposed tracker | Kernel SRU Workflow promote-to-proposed | Medium | Fix Released | ||
| 1691146 | linux: 4.10.0-22.24 -proposed tracker | Kernel SRU Workflow promote-to-security | Medium | Fix Released | ||
| 1691146 | linux: 4.10.0-22.24 -proposed tracker | Kernel SRU Workflow promote-to-updates | Medium | Fix Released | ||
| 1691146 | linux: 4.10.0-22.24 -proposed tracker | Kernel SRU Workflow regression-testing | Medium | Fix Released | ||
| 1691146 | linux: 4.10.0-22.24 -proposed tracker | Kernel SRU Workflow security-signoff | Medium | Fix Released | ||
| 1691146 | linux: 4.10.0-22.24 -proposed tracker | Kernel SRU Workflow upload-to-ppa | Medium | Invalid | ||
| 1691146 | linux: 4.10.0-22.24 -proposed tracker | Kernel SRU Workflow verification-testing | Medium | Fix Released | ||
| 1691146 | linux: 4.10.0-22.24 -proposed tracker | linux (Ubuntu Zesty) | Undecided | Fix Released | ||
Bug #1691149: linux-hwe-edge: 4.10.0-22.24~16.04.1 -proposed tracker
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1691149 | linux-hwe-edge: 4.10.0-22.24~16.04.1 -proposed tracker | linux-hwe-edge (Ubuntu) | Undecided | Invalid | ||
| 1691149 | linux-hwe-edge: 4.10.0-22.24~16.04.1 -proposed tracker | Kernel SRU Workflow | Medium | Fix Released | ||
| 1691149 | linux-hwe-edge: 4.10.0-22.24~16.04.1 -proposed tracker | Kernel SRU Workflow automated-testing | Medium | Fix Released | ||
| 1691149 | linux-hwe-edge: 4.10.0-22.24~16.04.1 -proposed tracker | Kernel SRU Workflow certification-testing | Medium | Invalid | ||
| 1691149 | linux-hwe-edge: 4.10.0-22.24~16.04.1 -proposed tracker | Kernel SRU Workflow prepare-package | Medium | Fix Released | ||
| 1691149 | linux-hwe-edge: 4.10.0-22.24~16.04.1 -proposed tracker | Kernel SRU Workflow prepare-package-meta | Medium | Fix Released | ||
| 1691149 | linux-hwe-edge: 4.10.0-22.24~16.04.1 -proposed tracker | Kernel SRU Workflow prepare-package-signed | Medium | Fix Released | ||
| 1691149 | linux-hwe-edge: 4.10.0-22.24~16.04.1 -proposed tracker | Kernel SRU Workflow promote-to-proposed | Medium | Fix Released | ||
| 1691149 | linux-hwe-edge: 4.10.0-22.24~16.04.1 -proposed tracker | Kernel SRU Workflow promote-to-security | Medium | Fix Released | ||
| 1691149 | linux-hwe-edge: 4.10.0-22.24~16.04.1 -proposed tracker | Kernel SRU Workflow promote-to-updates | Medium | Fix Released | ||
| 1691149 | linux-hwe-edge: 4.10.0-22.24~16.04.1 -proposed tracker | Kernel SRU Workflow regression-testing | Medium | Fix Released | ||
| 1691149 | linux-hwe-edge: 4.10.0-22.24~16.04.1 -proposed tracker | Kernel SRU Workflow security-signoff | Medium | Fix Released | ||
| 1691149 | linux-hwe-edge: 4.10.0-22.24~16.04.1 -proposed tracker | Kernel SRU Workflow upload-to-ppa | Medium | Invalid | ||
| 1691149 | linux-hwe-edge: 4.10.0-22.24~16.04.1 -proposed tracker | Kernel SRU Workflow verification-testing | Medium | Fix Released | ||
| 1691149 | linux-hwe-edge: 4.10.0-22.24~16.04.1 -proposed tracker | linux-hwe-edge (Ubuntu Xenial) | Undecided | Fix Released | ||
Bug #1691153: linux-raspi2: 4.10.0-1006.8 -proposed tracker
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1691153 | linux-raspi2: 4.10.0-1006.8 -proposed tracker | linux-raspi2 (Ubuntu) | Undecided | Fix Released | ||
| 1691153 | linux-raspi2: 4.10.0-1006.8 -proposed tracker | Kernel SRU Workflow | Medium | Fix Released | ||
| 1691153 | linux-raspi2: 4.10.0-1006.8 -proposed tracker | Kernel SRU Workflow automated-testing | Medium | Fix Released | ||
| 1691153 | linux-raspi2: 4.10.0-1006.8 -proposed tracker | Kernel SRU Workflow certification-testing | Medium | Fix Released | ||
| 1691153 | linux-raspi2: 4.10.0-1006.8 -proposed tracker | Kernel SRU Workflow prepare-package | Medium | Fix Released | ||
| 1691153 | linux-raspi2: 4.10.0-1006.8 -proposed tracker | Kernel SRU Workflow prepare-package-meta | Medium | Fix Released | ||
| 1691153 | linux-raspi2: 4.10.0-1006.8 -proposed tracker | Kernel SRU Workflow promote-to-proposed | Medium | Fix Released | ||
| 1691153 | linux-raspi2: 4.10.0-1006.8 -proposed tracker | Kernel SRU Workflow promote-to-security | Medium | Fix Released | ||
| 1691153 | linux-raspi2: 4.10.0-1006.8 -proposed tracker | Kernel SRU Workflow promote-to-updates | Medium | Fix Released | ||
| 1691153 | linux-raspi2: 4.10.0-1006.8 -proposed tracker | Kernel SRU Workflow regression-testing | Medium | Invalid | ||
| 1691153 | linux-raspi2: 4.10.0-1006.8 -proposed tracker | Kernel SRU Workflow security-signoff | Medium | Fix Released | ||
| 1691153 | linux-raspi2: 4.10.0-1006.8 -proposed tracker | Kernel SRU Workflow upload-to-ppa | Medium | Invalid | ||
| 1691153 | linux-raspi2: 4.10.0-1006.8 -proposed tracker | Kernel SRU Workflow verification-testing | Medium | Fix Released | ||
| 1691153 | linux-raspi2: 4.10.0-1006.8 -proposed tracker | linux-raspi2 (Ubuntu Zesty) | Undecided | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
