[LSN-0021-1] Linux kernel vulnerability
Benjamin M. Romer
benjamin.romer at canonical.com
Thu Apr 13 18:36:25 UTC 2017
==========================================================================
Kernel Live Patch Security Notice LSN-0021-1
April 10, 2017
linux vulnerability
==========================================================================
A security issue affects these releases of Ubuntu:
| Series | Base kernel | Arch | flavors |
|------------------+--------------+----------+------------------|
| Ubuntu 16.04 LTS | 4.4.0 | amd64 | generic |
| Ubuntu 16.04 LTS | 4.4.0 | amd64 | lowlatency |
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux: Linux kernel
Details:
Andrey Konovalov discovered that the AF_PACKET implementation in the Linux
kernel did not properly validate certain block-size data. A local attacker
could use this to cause a denial of service (system crash). (CVE-2017-7308)
Andrey Konovalov discovered a use-after-free vulnerability in the DCCP
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash) or possibly gain administrative
privileges. (CVE-2017-6074)
It was discovered that a race condition existed in the memory manager of
the Linux kernel when handling copy-on-write breakage of private read-only
memory mappings. A local attacker could use this to gain administrative
privileges. (CVE-2016-5195)
It was discovered that a use-after-free vulnerability existed in the block
device layer of the Linux kernel. A local attacker could use this to cause
a denial of service (system crash) or possibly gain administrative
privileges. (CVE-2016-7910)
Dmitry Vyukov discovered a use-after-free vulnerability in the
sys_ioprio_get() function in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash) or possibly gain
administrative privileges. (CVE-2016-7911)
XXX-FIXME-XXX [Use-after-free vulnerability in the ffs_user_copy_worker
function in drivers/usb/gadget/function/f_fs.c in the Linux kernel before
4.5.3 allows local users to gain privileges by accessing an I/O data
structure after a certain callback call.] (CVE-2016-7912)
It was discovered that a race condition existed in the procfs environ_read
function in the Linux kernel, leading to an integer underflow. A local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2016-7916)
Qidan He discovered that the ICMP implementation in the Linux kernel did
not properly check the size of an ICMP header. A local attacker with
CAP_NET_ADMIN could use this to expose sensitive information.
(CVE-2016-8399)
It was discovered that the KVM implementation for x86/x86_64 in the Linux
kernel could dereference a null pointer. An attacker in a guest virtual
machine could use this to cause a denial of service (system crash) in the
KVM host. (CVE-2016-8630)
Eyal Itkin discovered that the IP over IEEE 1394 (FireWire) implementation
in the Linux kernel contained a buffer overflow when handling fragmented
packets. A remote attacker could use this to possibly execute arbitrary
code with administrative privileges. (CVE-2016-8633)
CAI Qian discovered that the sysctl implementation in the Linux kernel did
not properly perform reference counting in some situations. An unprivileged
attacker could use this to cause a denial of service (system hang).
(CVE-2016-9191)
Andrey Konovalov discovered that the SCTP implementation in the Linux
kernel improperly handled validation of incoming data. A remote attacker
could use this to cause a denial of service (system crash). (CVE-2016-9555)
Dmitry Vyukov discovered that the KVM implementation in the Linux kernel
did not properly initialize the Code Segment (CS) in certain error cases. A
local attacker could use this to expose sensitive information (kernel
memory). (CVE-2016-9756)
Andy Lutomirski and Willy Tarreau discovered that the KVM implementation in
the Linux kernel did not properly emulate instructions on the SS segment
register. A local attacker in a guest virtual machine could use this to
cause a denial of service (guest OS crash) or possibly gain administrative
privileges in the guest OS. (CVE-2017-2583)
Update instructions:
The problem can be corrected by updating your livepatches to the following
versions:
| Kernel | Version | flavors |
|-----------------+----------+--------------------------|
| 4.4.0-21.37 | 16.1 | generic, lowlatency |
| 4.4.0-21.37 | 17.1 | generic, lowlatency |
| 4.4.0-21.37 | 18.1 | generic, lowlatency |
| 4.4.0-21.37 | 21.1 | generic, lowlatency |
| 4.4.0-22.39 | 13.2 | generic, lowlatency |
| 4.4.0-22.39 | 16.1 | generic, lowlatency |
| 4.4.0-22.39 | 17.1 | generic, lowlatency |
| 4.4.0-22.39 | 18.1 | generic, lowlatency |
| 4.4.0-22.39 | 21.1 | generic, lowlatency |
| 4.4.0-22.40 | 16.1 | generic, lowlatency |
| 4.4.0-22.40 | 17.1 | generic, lowlatency |
| 4.4.0-22.40 | 18.1 | generic, lowlatency |
| 4.4.0-22.40 | 21.1 | generic, lowlatency |
| 4.4.0-24.43 | 16.1 | generic, lowlatency |
| 4.4.0-24.43 | 17.1 | generic, lowlatency |
| 4.4.0-24.43 | 18.1 | generic, lowlatency |
| 4.4.0-24.43 | 21.1 | generic, lowlatency |
| 4.4.0-28.47 | 16.1 | generic, lowlatency |
| 4.4.0-28.47 | 17.1 | generic, lowlatency |
| 4.4.0-28.47 | 18.1 | generic, lowlatency |
| 4.4.0-28.47 | 21.1 | generic, lowlatency |
| 4.4.0-31.50 | 16.1 | generic, lowlatency |
| 4.4.0-31.50 | 17.1 | generic, lowlatency |
| 4.4.0-31.50 | 18.1 | generic, lowlatency |
| 4.4.0-31.50 | 21.1 | generic, lowlatency |
| 4.4.0-34.53 | 16.1 | generic, lowlatency |
| 4.4.0-34.53 | 17.1 | generic, lowlatency |
| 4.4.0-34.53 | 18.1 | generic, lowlatency |
| 4.4.0-34.53 | 21.1 | generic, lowlatency |
| 4.4.0-36.55 | 16.1 | generic, lowlatency |
| 4.4.0-36.55 | 17.1 | generic, lowlatency |
| 4.4.0-36.55 | 18.1 | generic, lowlatency |
| 4.4.0-36.55 | 21.1 | generic, lowlatency |
| 4.4.0-38.57 | 16.1 | generic, lowlatency |
| 4.4.0-38.57 | 17.1 | generic, lowlatency |
| 4.4.0-38.57 | 18.1 | generic, lowlatency |
| 4.4.0-38.57 | 21.1 | generic, lowlatency |
| 4.4.0-42.62 | 16.1 | generic, lowlatency |
| 4.4.0-42.62 | 17.1 | generic, lowlatency |
| 4.4.0-42.62 | 18.1 | generic, lowlatency |
| 4.4.0-42.62 | 21.1 | generic, lowlatency |
| 4.4.0-43.63 | 16.1 | generic, lowlatency |
| 4.4.0-43.63 | 17.1 | generic, lowlatency |
| 4.4.0-43.63 | 18.1 | generic, lowlatency |
| 4.4.0-43.63 | 21.1 | generic, lowlatency |
| 4.4.0-45.66 | 16.1 | generic, lowlatency |
| 4.4.0-45.66 | 17.1 | generic, lowlatency |
| 4.4.0-45.66 | 18.1 | generic, lowlatency |
| 4.4.0-45.66 | 21.1 | generic, lowlatency |
| 4.4.0-47.68 | 16.1 | generic, lowlatency |
| 4.4.0-47.68 | 17.1 | generic, lowlatency |
| 4.4.0-47.68 | 18.1 | generic, lowlatency |
| 4.4.0-47.68 | 21.1 | generic, lowlatency |
| 4.4.0-51.72 | 16.1 | generic, lowlatency |
| 4.4.0-51.72 | 17.1 | generic, lowlatency |
| 4.4.0-51.72 | 18.1 | generic, lowlatency |
| 4.4.0-51.72 | 21.1 | generic, lowlatency |
| 4.4.0-53.74 | 16.1 | generic, lowlatency |
| 4.4.0-53.74 | 17.1 | generic, lowlatency |
| 4.4.0-53.74 | 18.1 | generic, lowlatency |
| 4.4.0-53.74 | 21.1 | generic, lowlatency |
| 4.4.0-57.78 | 17.1 | generic, lowlatency |
| 4.4.0-57.78 | 18.1 | generic, lowlatency |
| 4.4.0-57.78 | 21.1 | generic, lowlatency |
| 4.4.0-59.80 | 17.1 | generic, lowlatency |
| 4.4.0-59.80 | 18.1 | generic, lowlatency |
| 4.4.0-59.80 | 21.1 | generic, lowlatency |
| 4.4.0-62.83 | 17.1 | generic, lowlatency |
| 4.4.0-62.83 | 18.1 | generic, lowlatency |
| 4.4.0-62.83 | 21.1 | generic, lowlatency |
| 4.4.0-63.84 | 18.1 | generic, lowlatency |
| 4.4.0-63.84 | 21.1 | generic, lowlatency |
| 4.4.0-64.85 | 21.1 | generic, lowlatency |
| 4.4.0-66.87 | 21.1 | generic, lowlatency |
| 4.4.0-67.88 | 21.1 | generic, lowlatency |
| 4.4.0-70.91 | 21.1 | generic, lowlatency |
| 4.4.0-71.92 | 21.1 | generic, lowlatency |
Additionally, you should install an updated kernel with these fixes and
reboot at your convienience.
References:
CVE-2016-5195, CVE-2016-7910, CVE-2016-7911, CVE-2016-7912,
CVE-2016-7916, CVE-2016-8399, CVE-2016-8630, CVE-2016-8633,
CVE-2016-9191, CVE-2016-9555, CVE-2016-9756, CVE-2017-2583,
CVE-2017-6074, CVE-2017-7308
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20170413/d2bd6b30/attachment.sig>
More information about the ubuntu-security-announce
mailing list