[LSN-0039-1] Linux kernel vulnerability

benjamin.romer at canonical.com benjamin.romer at canonical.com
Fri May 25 14:33:58 UTC 2018 

==========================================================================
Kernel Live Patch Security Notice LSN-0039-1
May 25, 2018

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu:

| Series           | Base kernel  | Arch     | flavors          |
|------------------+--------------+----------+------------------|
| Ubuntu 14.04 LTS | 4.4.0        | amd64    | generic          |
| Ubuntu 14.04 LTS | 4.4.0        | amd64    | lowlatency       |
| Ubuntu 16.04 LTS | 4.4.0        | amd64    | generic          |
| Ubuntu 16.04 LTS | 4.4.0        | amd64    | lowlatency       |
| Ubuntu 18.04 LTS | 4.15.0       | amd64    | generic          |
| Ubuntu 18.04 LTS | 4.15.0       | amd64    | lowlatency       |

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux: Linux kernel

Details:

Alexei Starovoitov discovered that the Berkeley Packet Filter (BPF)
implementation in the Linux kernel contained a branch-pruning logic issue
around unreachable code. A local attacker could use this to cause a denial
of service. (CVE-2017-17862)

The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 
4.15.15 mishandles the case of a root directory with a zero i_links_count, 
which allows attackers to cause a denial of service
(ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted
ext4 image. (CVE-2018-1092)

The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux 
kernel through 4.15.15 allows attackers to cause a denial of service
(out-of-bounds read and system crash) via a crafted ext4 image because
balloc.c and ialloc.c do not validate bitmap block numbers. (CVE-2018-1093)

A memory leak in the hwsim_new_radio_nl function in
drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9
allows local users to cause a denial of service (memory consumption) by
triggering an out-of-array error case. (CVE-2018-8087)

Luo Quan and Wei Yang discovered that a race condition existed in the
Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel when
handling ioctl()s. A local attacker could use this to cause a denial of
service (system deadlock). (CVE-2018-1000004)

Update instructions:

The problem can be corrected by updating your livepatches to the following
versions:

| Kernel                    | Version  | flavors                  |
|---------------------------+----------+--------------------------|
| 4.4.0-124.148             | 39.1     | generic, lowlatency      |
| lts-4.4.0-124.148~14.04.1 | 39.1     | generic, lowlatency      |
| 4.15.0-20.21              | 39.3     | generic, lowlatency      |

Additionally, you should install an updated kernel with these fixes and
reboot at your convienience.

References:
  CVE-2017-17862, CVE-2018-1092, CVE-2018-1093, CVE-2018-8087, CVE-2018-1000004

More information about the ubuntu-security-announce mailing list