[LSN-0037-1] Linux kernel vulnerability

benjamin.romer at canonical.com benjamin.romer at canonical.com
Wed May 2 14:28:33 UTC 2018


==========================================================================
Kernel Live Patch Security Notice LSN-0037-1
May 02, 2018

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu:

| Series           | Base kernel  | Arch     | flavors          |
|------------------+--------------+----------+------------------|
| Ubuntu 16.04 LTS | 4.4.0        | amd64    | generic          |
| Ubuntu 16.04 LTS | 4.4.0        | amd64    | lowlatency       |
| Ubuntu 14.04 LTS | 4.4.0        | amd64    | generic          |
| Ubuntu 14.04 LTS | 4.4.0        | amd64    | lowlatency       |

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux: Linux kernel

Details:

Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation
in the Linux kernel improperly performed sign extension in some situations.
A local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2017-16995)

It was discovered that a race condition leading to a use-after-free
vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2017-0861)

It was discovered that a use-after-free vulnerability existed in the
network namespaces implementation in the Linux kernel. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2017-15129)

It was discovered that the netfilter component of the Linux did not
properly restrict access to the connection tracking helpers list. A local
attacker could use this to bypass intended access restrictions.
(CVE-2017-17448)

It was discovered that the netfilter passive OS fingerprinting (xt_osf)
module did not properly perform access control checks. A local attacker
could improperly modify the system-wide OS fingerprint list.
(CVE-2017-17450)

The Linux ptrace code virtualizes access to the debug registers, and the
virtualization code has incorrect error handling. This means that if you 
write an illegal value to, say, DR0, the internal state of the kernel's 
breakpoint tracking can become corrupt despite the fact that the ptrace()
call will return -EINVAL.
(CVE-2018-1000199)

Mohamed Ghannam discovered a null pointer dereference in the RDS (Reliable
Datagram Sockets) protocol implementation of the Linux kernel. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2018-5333)

范龙飞 discovered that a race condition existed in loop block device
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2018-5344)

It was discovered that the Broadcom UniMAC MDIO bus controller driver in
the Linux kernel did not properly validate device resources. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2018-8043)

Update instructions:

The problem can be corrected by updating your livepatches to the following
versions:

| Kernel          | Version  | flavors                  |
|-----------------+----------+--------------------------|
| 4.4.0-116.140	  | 37.2     | generic, lowlatency      |
| 4.4.0-119.143   | 37.2     | generic, lowlatency      |
| 4.4.0-121.145   | 37.2     | generic, lowlatency      |
| 4.4.0-122.146   | 37.2     | generic, lowlatency      |
| 4.4.0-116.140~14.04.1 | 37.2     | generic, lowlatency      |
| 4.4.0-119.143~14.04.1 | 37.2     | generic, lowlatency      |
| 4.4.0-121.145~14.04.1 | 37.2     | generic, lowlatency      |

Additionally, you should install an updated kernel with these fixes and
reboot at your convienience.

References:
  CVE-2017-0861, CVE-2017-15129, CVE-2017-16995, CVE-2017-17448,
  CVE-2017-17450, CVE-2018-1000199, CVE-2018-5333, CVE-2018-5344,
  CVE-2018-8043




More information about the ubuntu-security-announce mailing list