Twenty Year Anniversary

Kernel Live Patch Security Notice LSN-0041-1

Kernel Live Patch Security Notice LSN-0041-1
Posted Aug 10, 2018
Authored by Benjamin M. Romer

The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer, as demonstrated by a CDROMREADMODE2 ioctl call. Wen Xu discovered that the ext4 file system implementation in the Linux kernel did not properly initialize the crc32c checksum driver. A local attacker could use this to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux
advisories | CVE-2018-1094, CVE-2018-11506, CVE-2018-13094, CVE-2018-13405, CVE-2018-5390
MD5 | fc944208680854f3168be2702b530c3b

Kernel Live Patch Security Notice LSN-0041-1

Change Mirror Download
==========================================================================
Kernel Live Patch Security Notice 0041-1
August 06, 2018

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu:

| Series | Base kernel | Arch | flavors |
|------------------+--------------+----------+------------------|
| Ubuntu 14.04 LTS | 4.4.0 | amd64 | generic |
| Ubuntu 14.04 LTS | 4.4.0 | amd64 | lowlatency |
| Ubuntu 16.04 LTS | 4.4.0 | amd64 | generic |
| Ubuntu 16.04 LTS | 4.4.0 | amd64 | lowlatency |
| Ubuntu 18.04 LTS | 4.15.0 | amd64 | generic |
| Ubuntu 18.04 LTS | 4.15.0 | amd64 | lowlatency |

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux: Linux kernel

Details:

The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel
through 4.16.12 allows local users to cause a denial of service
(stack-based buffer overflow) or possibly have unspecified other impact
because sense buffers have different sizes at the CDROM layer and the SCSI
layer, as demonstrated by a CDROMREADMODE2 ioctl call. (CVE-2018-11506)

Wen Xu discovered that the ext4 file system implementation in the Linux
kernel did not properly initialize the crc32c checksum driver. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2018-1094)

The inode_init_owner function in fs/inode.c in the Linux kernel through
4.17.4 allows local users to create files with an unintended group ownership,
in a scenario where a directory is SGID to a certain group and is writable
by a user who is not a member of that group. Here, the non-member can trigger
creation of a plain file whose group ownership is that group. The intended
behavior was that the non-member can trigger creation of a directory
(but not a plain file) whose group ownership is that group. The non-member
can escalate privileges by making the plain file executable and SGID.
(CVE-2018-13405)

An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel
through 4.17.3. An OOPS may occur for a corrupted xfs image after
xfs_da_shrink_inode() is called with a NULL bp. (CVE-2018-13094)

Juha-Matti Tilli discovered that the TCP implementation in the Linux kernel
performed algorithmically expensive operations in some situations when
handling incoming packets. A remote attacker could use this to cause a
denial of service. (CVE-2018-5390)

Update instructions:

The problem can be corrected by updating your livepatches to the following
versions:

| Kernel | Version | flavors |
|--------------------------+----------+--------------------------|
| 4.4.0-124.148 | 41.2 | lowlatency, generic |
| 4.4.0-124.148~14.04.1 | 41.2 | generic, lowlatency |
| 4.4.0-127.153 | 41.2 | lowlatency, generic |
| 4.4.0-127.153~14.04.1 | 41.2 | lowlatency, generic |
| 4.4.0-128.154 | 41.2 | generic, lowlatency |
| 4.4.0-128.154~14.04.1 | 41.2 | generic, lowlatency |
| 4.4.0-130.156 | 41.2 | generic, lowlatency |
| 4.4.0-130.156~14.04.1 | 41.2 | lowlatency, generic |
| 4.4.0-131.157 | 41.2 | lowlatency, generic |
| 4.4.0-131.157~14.04.1 | 41.2 | lowlatency, generic |
| 4.15.0-20.21 | 41.2 | generic, lowlatency |
| 4.15.0-22.24 | 41.2 | lowlatency, generic |
| 4.15.0-23.25 | 41.2 | lowlatency, generic |
| 4.15.0-24.26 | 41.2 | lowlatency, generic |
| 4.15.0-29.31 | 41.2 | generic, lowlatency |

References:
CVE-2018-11506, CVE-2018-1094, CVE-2018-13405, CVE-2018-13094,
CVE-2018-5390

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

November 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    10 Files
  • 2
    Nov 2nd
    15 Files
  • 3
    Nov 3rd
    2 Files
  • 4
    Nov 4th
    2 Files
  • 5
    Nov 5th
    32 Files
  • 6
    Nov 6th
    27 Files
  • 7
    Nov 7th
    8 Files
  • 8
    Nov 8th
    9 Files
  • 9
    Nov 9th
    17 Files
  • 10
    Nov 10th
    2 Files
  • 11
    Nov 11th
    2 Files
  • 12
    Nov 12th
    33 Files
  • 13
    Nov 13th
    29 Files
  • 14
    Nov 14th
    23 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close