update CVE-2017-16995

CVE-2017-16995.md

@@ -0,0 +1,15 @@
+# CVE-2017-16995
+
+- Report: Dec 4, 2017
+- Credit: Jann Horn (Google Project Zero)
+
+## PoC
+
+- [四两拨千斤 —— Ubuntu kernel eBPF 0day分析](https://security.tencent.com/index.php/blog/msg/124)
+- [iBearcat/CVE-2017-16995](https://github.com/iBearcat/CVE-2017-16995)
+- [Linux Kernel < 4.4.0-116 (Ubuntu 16.04.4) - Local Privilege Escalation](https://www.exploit-db.com/exploits/44298/)
+
+## Reference
+
+- [arbitrary read+write via incorrect range tracking in eBPF](https://bugs.chromium.org/p/project-zero/issues/detail?id=1454&desc=3)
+- [CVE-2017-16995](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16995)

README.md

@@ -2128,7 +2128,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
 
 - The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the bdat_getc function.
 
-### [CVE-2017-16995](https://github.com/iBearcat/CVE-2017-16995)
+### [CVE-2017-16995](CVE-2017-16995.md)
 
 - The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension.