Exploit the possiblities

Kernel Live Patch Security Notice LSN-0021-1

Kernel Live Patch Security Notice LSN-0021-1
Posted Apr 15, 2017
Authored by Benjamin M. Romer

Several security issues were fixed in the kernel. Andrey Konovalov discovered that the AF_PACKET implementation in the Linux kernel did not properly validate certain block-size data. A local attacker could use this to cause a denial of service (system crash). Andrey Konovalov discovered a use-after-free vulnerability in the DCCP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux
advisories | CVE-2016-5195, CVE-2016-7910, CVE-2016-7911, CVE-2016-7912, CVE-2016-7916, CVE-2016-8399, CVE-2016-8630, CVE-2016-8633, CVE-2016-9191, CVE-2016-9555, CVE-2016-9756, CVE-2017-2583, CVE-2017-6074, CVE-2017-7308
MD5 | 878ad898ccfcd692664025f15c5ea754

Kernel Live Patch Security Notice LSN-0021-1

Change Mirror Download
==========================================================================
Kernel Live Patch Security Notice LSN-0021-1
April 10, 2017

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu:

| Series | Base kernel | Arch | flavors |
|------------------+--------------+----------+------------------|
| Ubuntu 16.04 LTS | 4.4.0 | amd64 | generic |
| Ubuntu 16.04 LTS | 4.4.0 | amd64 | lowlatency |

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux: Linux kernel

Details:

Andrey Konovalov discovered that the AF_PACKET implementation in the Linux
kernel did not properly validate certain block-size data. A local attacker
could use this to cause a denial of service (system crash). (CVE-2017-7308)

Andrey Konovalov discovered a use-after-free vulnerability in the DCCP
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash) or possibly gain administrative
privileges. (CVE-2017-6074)

It was discovered that a race condition existed in the memory manager of
the Linux kernel when handling copy-on-write breakage of private read-only
memory mappings. A local attacker could use this to gain administrative
privileges. (CVE-2016-5195)

It was discovered that a use-after-free vulnerability existed in the block
device layer of the Linux kernel. A local attacker could use this to cause
a denial of service (system crash) or possibly gain administrative
privileges. (CVE-2016-7910)

Dmitry Vyukov discovered a use-after-free vulnerability in the
sys_ioprio_get() function in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash) or possibly gain
administrative privileges. (CVE-2016-7911)

XXX-FIXME-XXX [Use-after-free vulnerability in the ffs_user_copy_worker
function in drivers/usb/gadget/function/f_fs.c in the Linux kernel before
4.5.3 allows local users to gain privileges by accessing an I/O data
structure after a certain callback call.] (CVE-2016-7912)

It was discovered that a race condition existed in the procfs environ_read
function in the Linux kernel, leading to an integer underflow. A local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2016-7916)

Qidan He discovered that the ICMP implementation in the Linux kernel did
not properly check the size of an ICMP header. A local attacker with
CAP_NET_ADMIN could use this to expose sensitive information.
(CVE-2016-8399)

It was discovered that the KVM implementation for x86/x86_64 in the Linux
kernel could dereference a null pointer. An attacker in a guest virtual
machine could use this to cause a denial of service (system crash) in the
KVM host. (CVE-2016-8630)

Eyal Itkin discovered that the IP over IEEE 1394 (FireWire) implementation
in the Linux kernel contained a buffer overflow when handling fragmented
packets. A remote attacker could use this to possibly execute arbitrary
code with administrative privileges. (CVE-2016-8633)

CAI Qian discovered that the sysctl implementation in the Linux kernel did
not properly perform reference counting in some situations. An unprivileged
attacker could use this to cause a denial of service (system hang).
(CVE-2016-9191)

Andrey Konovalov discovered that the SCTP implementation in the Linux
kernel improperly handled validation of incoming data. A remote attacker
could use this to cause a denial of service (system crash). (CVE-2016-9555)

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel
did not properly initialize the Code Segment (CS) in certain error cases. A
local attacker could use this to expose sensitive information (kernel
memory). (CVE-2016-9756)

Andy Lutomirski and Willy Tarreau discovered that the KVM implementation in
the Linux kernel did not properly emulate instructions on the SS segment
register. A local attacker in a guest virtual machine could use this to
cause a denial of service (guest OS crash) or possibly gain administrative
privileges in the guest OS. (CVE-2017-2583)

Update instructions:

The problem can be corrected by updating your livepatches to the following
versions:

| Kernel | Version | flavors |
|-----------------+----------+--------------------------|
| 4.4.0-21.37 | 16.1 | generic, lowlatency |
| 4.4.0-21.37 | 17.1 | generic, lowlatency |
| 4.4.0-21.37 | 18.1 | generic, lowlatency |
| 4.4.0-21.37 | 21.1 | generic, lowlatency |
| 4.4.0-22.39 | 13.2 | generic, lowlatency |
| 4.4.0-22.39 | 16.1 | generic, lowlatency |
| 4.4.0-22.39 | 17.1 | generic, lowlatency |
| 4.4.0-22.39 | 18.1 | generic, lowlatency |
| 4.4.0-22.39 | 21.1 | generic, lowlatency |
| 4.4.0-22.40 | 16.1 | generic, lowlatency |
| 4.4.0-22.40 | 17.1 | generic, lowlatency |
| 4.4.0-22.40 | 18.1 | generic, lowlatency |
| 4.4.0-22.40 | 21.1 | generic, lowlatency |
| 4.4.0-24.43 | 16.1 | generic, lowlatency |
| 4.4.0-24.43 | 17.1 | generic, lowlatency |
| 4.4.0-24.43 | 18.1 | generic, lowlatency |
| 4.4.0-24.43 | 21.1 | generic, lowlatency |
| 4.4.0-28.47 | 16.1 | generic, lowlatency |
| 4.4.0-28.47 | 17.1 | generic, lowlatency |
| 4.4.0-28.47 | 18.1 | generic, lowlatency |
| 4.4.0-28.47 | 21.1 | generic, lowlatency |
| 4.4.0-31.50 | 16.1 | generic, lowlatency |
| 4.4.0-31.50 | 17.1 | generic, lowlatency |
| 4.4.0-31.50 | 18.1 | generic, lowlatency |
| 4.4.0-31.50 | 21.1 | generic, lowlatency |
| 4.4.0-34.53 | 16.1 | generic, lowlatency |
| 4.4.0-34.53 | 17.1 | generic, lowlatency |
| 4.4.0-34.53 | 18.1 | generic, lowlatency |
| 4.4.0-34.53 | 21.1 | generic, lowlatency |
| 4.4.0-36.55 | 16.1 | generic, lowlatency |
| 4.4.0-36.55 | 17.1 | generic, lowlatency |
| 4.4.0-36.55 | 18.1 | generic, lowlatency |
| 4.4.0-36.55 | 21.1 | generic, lowlatency |
| 4.4.0-38.57 | 16.1 | generic, lowlatency |
| 4.4.0-38.57 | 17.1 | generic, lowlatency |
| 4.4.0-38.57 | 18.1 | generic, lowlatency |
| 4.4.0-38.57 | 21.1 | generic, lowlatency |
| 4.4.0-42.62 | 16.1 | generic, lowlatency |
| 4.4.0-42.62 | 17.1 | generic, lowlatency |
| 4.4.0-42.62 | 18.1 | generic, lowlatency |
| 4.4.0-42.62 | 21.1 | generic, lowlatency |
| 4.4.0-43.63 | 16.1 | generic, lowlatency |
| 4.4.0-43.63 | 17.1 | generic, lowlatency |
| 4.4.0-43.63 | 18.1 | generic, lowlatency |
| 4.4.0-43.63 | 21.1 | generic, lowlatency |
| 4.4.0-45.66 | 16.1 | generic, lowlatency |
| 4.4.0-45.66 | 17.1 | generic, lowlatency |
| 4.4.0-45.66 | 18.1 | generic, lowlatency |
| 4.4.0-45.66 | 21.1 | generic, lowlatency |
| 4.4.0-47.68 | 16.1 | generic, lowlatency |
| 4.4.0-47.68 | 17.1 | generic, lowlatency |
| 4.4.0-47.68 | 18.1 | generic, lowlatency |
| 4.4.0-47.68 | 21.1 | generic, lowlatency |
| 4.4.0-51.72 | 16.1 | generic, lowlatency |
| 4.4.0-51.72 | 17.1 | generic, lowlatency |
| 4.4.0-51.72 | 18.1 | generic, lowlatency |
| 4.4.0-51.72 | 21.1 | generic, lowlatency |
| 4.4.0-53.74 | 16.1 | generic, lowlatency |
| 4.4.0-53.74 | 17.1 | generic, lowlatency |
| 4.4.0-53.74 | 18.1 | generic, lowlatency |
| 4.4.0-53.74 | 21.1 | generic, lowlatency |
| 4.4.0-57.78 | 17.1 | generic, lowlatency |
| 4.4.0-57.78 | 18.1 | generic, lowlatency |
| 4.4.0-57.78 | 21.1 | generic, lowlatency |
| 4.4.0-59.80 | 17.1 | generic, lowlatency |
| 4.4.0-59.80 | 18.1 | generic, lowlatency |
| 4.4.0-59.80 | 21.1 | generic, lowlatency |
| 4.4.0-62.83 | 17.1 | generic, lowlatency |
| 4.4.0-62.83 | 18.1 | generic, lowlatency |
| 4.4.0-62.83 | 21.1 | generic, lowlatency |
| 4.4.0-63.84 | 18.1 | generic, lowlatency |
| 4.4.0-63.84 | 21.1 | generic, lowlatency |
| 4.4.0-64.85 | 21.1 | generic, lowlatency |
| 4.4.0-66.87 | 21.1 | generic, lowlatency |
| 4.4.0-67.88 | 21.1 | generic, lowlatency |
| 4.4.0-70.91 | 21.1 | generic, lowlatency |
| 4.4.0-71.92 | 21.1 | generic, lowlatency |

Additionally, you should install an updated kernel with these fixes and
reboot at your convienience.

References:
CVE-2016-5195, CVE-2016-7910, CVE-2016-7911, CVE-2016-7912,
CVE-2016-7916, CVE-2016-8399, CVE-2016-8630, CVE-2016-8633,
CVE-2016-9191, CVE-2016-9555, CVE-2016-9756, CVE-2017-2583,
CVE-2017-6074, CVE-2017-7308

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    33 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close