Discover Government News

Arch Linux Security Advisory ASA-201701-32
=========================================
Severity: Medium
Date    : 2017-01-27
CVE-ID  : CVE-2017-2583
Package : linux
Type    : privilege escalation
Remote  : No
Link    : https://security.archlinux.org/AVG-149

Summary
======
The package linux before version 4.9.5-1 is vulnerable to privilege
escalation.

Resolution
=========
Upgrade to 4.9.5-1.

# pacman -Syu "linux>=4.9.5-1"

The problem has been fixed upstream in version 4.9.5.

Workaround
=========
None.

Description
==========
The Linux kernel > 3.6-rc1, when built with Kernel-based Virtual
Machine (CONFIG_KVM) support, is vulnerable to an incorrect segment
selector (SS) value error. It could occur loading values into SS
register in long mode.
A user/process inside a guest host could use this flaw to crash the
guest, resulting in denial of service, or potentially escalate their
privileges inside the guest system on an AMD processor.

Impact
=====
A local attacker in a guest host is able to crash the system or
escalate privileges inside the guest on an AMD processor.

References
=========
https://seclists.org/oss-sec/2017/q1/137
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/
https://security.archlinux.org/CVE-2017-2583

ArchLinux: 201701-32: linux: privilege escalation

January 27, 2017

Summary

The Linux kernel > 3.6-rc1, when built with Kernel-based Virtual Machine (CONFIG_KVM) support, is vulnerable to an incorrect segment selector (SS) value error. It could occur loading values into SS register in long mode. A user/process inside a guest host could use this flaw to crash the guest, resulting in denial of service, or potentially escalate their privileges inside the guest system on an AMD processor.

Resolution

Upgrade to 4.9.5-1. # pacman -Syu "linux>=4.9.5-1"
The problem has been fixed upstream in version 4.9.5.

References

https://seclists.org/oss-sec/2017/q1/137 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/ https://security.archlinux.org/CVE-2017-2583

Severity
Package : linux
Type : privilege escalation
Remote : No
Link : https://security.archlinux.org/AVG-149

Workaround

None.

Related News