Andrey Konovalov discovered a use-after-free vulnerability in the DCCP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges. Various other vulnerabilities were addressed.
91cb2bc988d62a783323447ecb77bf0d50a13e5d484b3ad48a99a46f99980cdf
==========================================================================
Kernel Live Patch Security Notice LSN-0025-1
July 06, 2017
linux vulnerability
==========================================================================
A security issue affects these releases of Ubuntu:
| Series | Base kernel | Arch | flavors |
|------------------+--------------+----------+------------------|
| Ubuntu 16.04 LTS | 4.4.0 | amd64 | generic |
| Ubuntu 16.04 LTS | 4.4.0 | amd64 | lowlatency |
| Ubuntu 14.04 LTS | 4.4.0 | amd64 | generic |
| Ubuntu 14.04 LTS | 4.4.0 | amd64 | lowlatency |
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux: Linux kernel
Details:
Andrey Konovalov discovered a use-after-free vulnerability in the DCCP
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash) or possibly gain administrative
privileges. (CVE-2017-6074)
It was discovered that the stack guard page for processes in the Linux
kernel was not sufficiently large enough to prevent overlapping with the
heap. An attacker could leverage this with another vulnerability to execute
arbitrary code and gain administrative privileges (CVE-2017-1000364)
Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build()
function in the Linux kernel. A local attacker could use to cause a denial
of service (system crash) or possibly execute arbitrary code with
administrative privileges. (CVE-2016-8632)
It was discovered that the keyring implementation in the Linux kernel in
some situations did not prevent special internal keyrings from being joined
by userspace keyrings. A privileged local attacker could use this to bypass
module verification. (CVE-2016-9604)
Dmitry Vyukov discovered that the KVM implementation in the Linux kernel
improperly emulated certain instructions. A local attacker could use this
to obtain sensitive information (kernel memory). (CVE-2017-2584)
Li Qiang discovered that the DRM driver for VMware Virtual GPUs in the
Linux kernel did not properly validate some ioctl arguments. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2017-7346)
Eric Biggers discovered a memory leak in the keyring implementation in the
Linux kernel. A local attacker could use this to cause a denial of service
(memory consumption). (CVE-2017-7472)
It was discovered that a double-free vulnerability existed in the IPv4
stack of the Linux kernel. An attacker could use this to cause a denial of
service (system crash). (CVE-2017-8890)
Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux
kernel's IPv6 stack. A local attacker could cause a denial of service or
potentially other unspecified problems. (CVE-2017-9074)
Andrey Konovalov discovered a flaw in the handling of inheritance in the
Linux kernel's IPv6 stack. A local user could exploit this issue to cause a
denial of service or possibly other unspecified problems. (CVE-2017-9075)
It was discovered that the IPv6 stack in the Linux kernel was performing
its over write consistency check after the data was actually overwritten. A
local attacker could exploit this flaw to cause a denial of service (system
crash). (CVE-2017-9242)
Update instructions:
The problem can be corrected by updating your livepatches to the following
versions:
| Kernel | Version | flavors |
|-----------------+----------+--------------------------|
| 4.4.0-21.37 | 25.1 | generic, lowlatency |
| 4.4.0-22.39 | 25.1 | generic, lowlatency |
| 4.4.0-22.40 | 25.1 | generic, lowlatency |
| 4.4.0-24.43 | 25.1 | generic, lowlatency |
| 4.4.0-28.47 | 25.1 | generic, lowlatency |
| 4.4.0-31.50 | 25.1 | generic, lowlatency |
| 4.4.0-34.53 | 25.1 | generic, lowlatency |
| 4.4.0-36.55 | 25.1 | generic, lowlatency |
| 4.4.0-38.57 | 25.1 | generic, lowlatency |
| 4.4.0-42.62 | 25.1 | generic, lowlatency |
| 4.4.0-43.63 | 25.1 | generic, lowlatency |
| 4.4.0-45.66 | 25.1 | generic, lowlatency |
| 4.4.0-47.68 | 25.1 | generic, lowlatency |
| 4.4.0-51.72 | 25.1 | generic, lowlatency |
| 4.4.0-53.74 | 25.1 | generic, lowlatency |
| 4.4.0-57.78 | 25.1 | generic, lowlatency |
| 4.4.0-59.80 | 25.1 | generic, lowlatency |
| 4.4.0-62.83 | 25.1 | generic, lowlatency |
| 4.4.0-63.84 | 25.1 | generic, lowlatency |
| 4.4.0-64.85 | 25.1 | generic, lowlatency |
| 4.4.0-66.87 | 25.1 | generic, lowlatency |
| 4.4.0-67.88 | 25.1 | generic, lowlatency |
| 4.4.0-70.91 | 25.1 | generic, lowlatency |
| 4.4.0-71.92 | 25.1 | generic, lowlatency |
| 4.4.0-72.93 | 25.1 | generic, lowlatency |
| 4.4.0-75.96 | 25.1 | generic, lowlatency |
| 4.4.0-77.98 | 25.1 | generic, lowlatency |
| 4.4.0-78.99 | 25.1 | generic, lowlatency |
| 4.4.0-79.100 | 25.1 | generic, lowlatency |
| 4.4.0-81.104 | 25.1 | generic, lowlatency |
| 4.4.0-83.106 | 25.1 | generic, lowlatency |
| lts-4.4.0-21.37_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-22.39_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-22.40_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-24.43_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-28.47_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-31.50_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-34.53_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-36.55_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-38.57_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-42.62_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-45.66_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-47.68_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-51.72_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-53.74_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-57.78_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-59.80_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-62.83_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-63.84_14.04.2-lts-xenial | 14.04.2 | generic, lowlatency |
| lts-4.4.0-64.85_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-66.87_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-70.91_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-71.92_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-72.93_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-75.96_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-78.99_14.04.2-lts-xenial | 14.04.2 | generic, lowlatency |
| lts-4.4.0-79.100_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
| lts-4.4.0-81.104_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency |
Additionally, you should install an updated kernel with these fixes and
reboot at your convienience.
References:
CVE-2016-8632, CVE-2016-9604, CVE-2017-1000364, CVE-2017-2584,
CVE-2017-6074, CVE-2017-7346, CVE-2017-7472, CVE-2017-8890,
CVE-2017-9074, CVE-2017-9075, CVE-2017-9242
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce