CVE-2017-1000363 Ubuntu Security Notification for Linux-aws, Linux-meta-aws Vulnerabilities (USN-3331-1)

It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap.

It was discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments.

A reference count bug was discovered in the Linux kernel ipx protocol stack.

A double free bug was discovered in the IPv4 stack of the Linux kernel.

An IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack.

A flaw in the handling of inheritance in the Linux kernel's IPv6 stack.

It was discovered that dccp v6 in the Linux kernel mishandled inheritance.

It was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance.

It was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten.

An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)

A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)

A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. (CVE-2017-7487)

An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)

A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)

A local user could exploit this issue to cause a denial of service or possibly other unspecified problems. (CVE-2017-9075)

A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9076)

A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)

A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2017-9242)

Refer to Ubuntu advisory USN-3331-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3331-1: 16.04 (Xenial) on src (linux-image-4.4.0-1020-aws)