Alerts This Week
Warning Icon 1 664
Alerts This Week
Warning Icon 1 664

Ubuntu 16.04 LTS: LSN-0021-1 High: Kernel Denial of Service Threats

Calendar Apr 13, 2017 User Avatar LinuxSecurity Advisories
4 - 8 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service Ubuntu kernel system crash security issues administrative access
Several security issues were fixed in the kernel. 
=========================================================================Kernel Live Patch Security Notice LSN-0021-1
April 10, 2017

linux vulnerability
=========================================================================
A security issue affects these releases of Ubuntu:

| Series           | Base kernel  | Arch     | flavors          |
|------------------+--------------+----------+------------------|
| Ubuntu 16.04 LTS | 4.4.0        | amd64    | generic          |
| Ubuntu 16.04 LTS | 4.4.0        | amd64    | lowlatency       |

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux: Linux kernel

Details:

Andrey Konovalov discovered that the AF_PACKET implementation in the Linux
kernel did not properly validate certain block-size data. A local attacker
could use this to cause a denial of service (system crash). (CVE-2017-7308)

Andrey Konovalov discovered a use-after-free vulnerability in the DCCP
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash) or possibly gain administrative
privileges. (CVE-2017-6074)

It was discovered that a race condition existed in the memory manager of
the Linux kernel when handling copy-on-write breakage of private read-only
memory mappings. A local attacker could use this to gain administrative
privileges. (CVE-2016-5195)

It was discovered that a use-after-free vulnerability existed in the block
device layer of the Linux kernel. A local attacker could use this to cause
a denial of service (system crash) or possibly gain administrative
privileges. (CVE-2016-7910)

Dmitry Vyukov discovered a use-after-free vulnerability in the
sys_ioprio_get() function in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash) or possibly gain
administrative privileges. (CVE-2016-7911)

XXX-FIXME-XXX [Use-after-free vulnerability in the ffs_user_copy_worker
function in drivers/usb/gadget/function/f_fs.c in the Linux kernel before
4.5.3 allows local users to gain privileges by accessing an I/O data
structure after a certain callback call.] (CVE-2016-7912)

It was discovered that a race condition existed in the procfs environ_read
function in the Linux kernel, leading to an integer underflow. A local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2016-7916)

Qidan He discovered that the ICMP implementation in the Linux kernel did
not properly check the size of an ICMP header. A local attacker with
CAP_NET_ADMIN could use this to expose sensitive information.
(CVE-2016-8399)

It was discovered that the KVM implementation for x86/x86_64 in the Linux
kernel could dereference a null pointer. An attacker in a guest virtual
machine could use this to cause a denial of service (system crash) in the
KVM host. (CVE-2016-8630)

Eyal Itkin discovered that the IP over IEEE 1394 (FireWire) implementation
in the Linux kernel contained a buffer overflow when handling fragmented
packets. A remote attacker could use this to possibly execute arbitrary
code with administrative privileges. (CVE-2016-8633)

CAI Qian discovered that the sysctl implementation in the Linux kernel did
not properly perform reference counting in some situations. An unprivileged
attacker could use this to cause a denial of service (system hang).
(CVE-2016-9191)

Andrey Konovalov discovered that the SCTP implementation in the Linux
kernel improperly handled validation of incoming data. A remote attacker
could use this to cause a denial of service (system crash). (CVE-2016-9555)

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel
did not properly initialize the Code Segment (CS) in certain error cases. A
local attacker could use this to expose sensitive information (kernel
memory). (CVE-2016-9756)

Andy Lutomirski and Willy Tarreau discovered that the KVM implementation in
the Linux kernel did not properly emulate instructions on the SS segment
register. A local attacker in a guest virtual machine could use this to
cause a denial of service (guest OS crash) or possibly gain administrative
privileges in the guest OS. (CVE-2017-2583)

Update instructions:

The problem can be corrected by updating your livepatches to the following
versions:

| Kernel          | Version  | flavors                  |
|-----------------+----------+--------------------------|
| 4.4.0-21.37     | 16.1     | generic, lowlatency      |
| 4.4.0-21.37     | 17.1     | generic, lowlatency      |
| 4.4.0-21.37     | 18.1     | generic, lowlatency      |
| 4.4.0-21.37     | 21.1     | generic, lowlatency      |
| 4.4.0-22.39     | 13.2     | generic, lowlatency      |
| 4.4.0-22.39     | 16.1     | generic, lowlatency      |
| 4.4.0-22.39     | 17.1     | generic, lowlatency      |
| 4.4.0-22.39     | 18.1     | generic, lowlatency      |
| 4.4.0-22.39     | 21.1     | generic, lowlatency      |
| 4.4.0-22.40     | 16.1     | generic, lowlatency      |
| 4.4.0-22.40     | 17.1     | generic, lowlatency      |
| 4.4.0-22.40     | 18.1     | generic, lowlatency      |
| 4.4.0-22.40     | 21.1     | generic, lowlatency      |
| 4.4.0-24.43     | 16.1     | generic, lowlatency      |
| 4.4.0-24.43     | 17.1     | generic, lowlatency      |
| 4.4.0-24.43     | 18.1     | generic, lowlatency      |
| 4.4.0-24.43     | 21.1     | generic, lowlatency      |
| 4.4.0-28.47     | 16.1     | generic, lowlatency      |
| 4.4.0-28.47     | 17.1     | generic, lowlatency      |
| 4.4.0-28.47     | 18.1     | generic, lowlatency      |
| 4.4.0-28.47     | 21.1     | generic, lowlatency      |
| 4.4.0-31.50     | 16.1     | generic, lowlatency      |
| 4.4.0-31.50     | 17.1     | generic, lowlatency      |
| 4.4.0-31.50     | 18.1     | generic, lowlatency      |
| 4.4.0-31.50     | 21.1     | generic, lowlatency      |
| 4.4.0-34.53     | 16.1     | generic, lowlatency      |
| 4.4.0-34.53     | 17.1     | generic, lowlatency      |
| 4.4.0-34.53     | 18.1     | generic, lowlatency      |
| 4.4.0-34.53     | 21.1     | generic, lowlatency      |
| 4.4.0-36.55     | 16.1     | generic, lowlatency      |
| 4.4.0-36.55     | 17.1     | generic, lowlatency      |
| 4.4.0-36.55     | 18.1     | generic, lowlatency      |
| 4.4.0-36.55     | 21.1     | generic, lowlatency      |
| 4.4.0-38.57     | 16.1     | generic, lowlatency      |
| 4.4.0-38.57     | 17.1     | generic, lowlatency      |
| 4.4.0-38.57     | 18.1     | generic, lowlatency      |
| 4.4.0-38.57     | 21.1     | generic, lowlatency      |
| 4.4.0-42.62     | 16.1     | generic, lowlatency      |
| 4.4.0-42.62     | 17.1     | generic, lowlatency      |
| 4.4.0-42.62     | 18.1     | generic, lowlatency      |
| 4.4.0-42.62     | 21.1     | generic, lowlatency      |
| 4.4.0-43.63     | 16.1     | generic, lowlatency      |
| 4.4.0-43.63     | 17.1     | generic, lowlatency      |
| 4.4.0-43.63     | 18.1     | generic, lowlatency      |
| 4.4.0-43.63     | 21.1     | generic, lowlatency      |
| 4.4.0-45.66     | 16.1     | generic, lowlatency      |
| 4.4.0-45.66     | 17.1     | generic, lowlatency      |
| 4.4.0-45.66     | 18.1     | generic, lowlatency      |
| 4.4.0-45.66     | 21.1     | generic, lowlatency      |
| 4.4.0-47.68     | 16.1     | generic, lowlatency      |
| 4.4.0-47.68     | 17.1     | generic, lowlatency      |
| 4.4.0-47.68     | 18.1     | generic, lowlatency      |
| 4.4.0-47.68     | 21.1     | generic, lowlatency      |
| 4.4.0-51.72     | 16.1     | generic, lowlatency      |
| 4.4.0-51.72     | 17.1     | generic, lowlatency      |
| 4.4.0-51.72     | 18.1     | generic, lowlatency      |
| 4.4.0-51.72     | 21.1     | generic, lowlatency      |
| 4.4.0-53.74     | 16.1     | generic, lowlatency      |
| 4.4.0-53.74     | 17.1     | generic, lowlatency      |
| 4.4.0-53.74     | 18.1     | generic, lowlatency      |
| 4.4.0-53.74     | 21.1     | generic, lowlatency      |
| 4.4.0-57.78     | 17.1     | generic, lowlatency      |
| 4.4.0-57.78     | 18.1     | generic, lowlatency      |
| 4.4.0-57.78     | 21.1     | generic, lowlatency      |
| 4.4.0-59.80     | 17.1     | generic, lowlatency      |
| 4.4.0-59.80     | 18.1     | generic, lowlatency      |
| 4.4.0-59.80     | 21.1     | generic, lowlatency      |
| 4.4.0-62.83     | 17.1     | generic, lowlatency      |
| 4.4.0-62.83     | 18.1     | generic, lowlatency      |
| 4.4.0-62.83     | 21.1     | generic, lowlatency      |
| 4.4.0-63.84     | 18.1     | generic, lowlatency      |
| 4.4.0-63.84     | 21.1     | generic, lowlatency      |
| 4.4.0-64.85     | 21.1     | generic, lowlatency      |
| 4.4.0-66.87     | 21.1     | generic, lowlatency      |
| 4.4.0-67.88     | 21.1     | generic, lowlatency      |
| 4.4.0-70.91     | 21.1     | generic, lowlatency      |
| 4.4.0-71.92     | 21.1     | generic, lowlatency      |

Additionally, you should install an updated kernel with these fixes and
reboot at your convienience.

References:
  CVE-2016-5195, CVE-2016-7910, CVE-2016-7911, CVE-2016-7912,
  CVE-2016-7916, CVE-2016-8399, CVE-2016-8630, CVE-2016-8633,
  CVE-2016-9191, CVE-2016-9555, CVE-2016-9756, CVE-2017-2583,
  CVE-2017-6074, CVE-2017-7308

Ubuntu 16.04 LTS: LSN-0021-1 High: Kernel Denial of Service Threats

ubuntu
Calendar Grey April 13, 2017
Dist Ubuntu Esm H88
Several security flaws in the Ubuntu kernel could lead to service interruptions or unauthorized entry. Discover additional details here.
Several security issues were fixed in the kernel.

Summary

Topics%20covered

Topics Covered

security advisory denial of service Ubuntu kernel system crash security issues administrative access

Update Instructions

The problem can be corrected by updating your livepatches to the following versions: | Kernel | Version | flavors | |-----------------+----------+--------------------------| | 4.4.0-21.37 | 16.1 | generic, lowlatency | | 4.4.0-21.37 | 17.1 | generic, lowlatency | | 4.4.0-21.37 | 18.1 | generic, lowlatency | | 4.4.0-21.37 | 21.1 | generic, lowlatency | | 4.4.0-22.39 | 13.2 | generic, lowlatency | | 4.4.0-22.39 | 16.1 | generic, lowlatency | | 4.4.0-22.39 | 17.1 | generic, lowlatency | | 4.4.0-22.39 | 18.1 | generic, lowlatency | | 4.4.0-22.39 | 21.1 | generic, lowlatency | | 4.4.0-22.40 | 16.1 | generic, lowlatency | | 4.4.0-22.40 | 17.1 | generic, lowlatency | | 4.4.0-22.40 | 18.1 | generic, lowlatency | | 4.4.0-22.40 | 21.1 | generic, lowlatency | | 4.4.0-24.43 | 16.1 | generic, lowlatency | | 4.4.0-24.43 | 17.1 | generic, lowlatency | | 4.4.0-24.43 | 18.1 | generic, lowlatency | | 4.4.0-24.43 | 21.1 | generic, lowlatency | | 4.4.0-28.47 | 16.1 | generic, lowlatency | | 4.4.0-28.47 | 17.1 | generic, lowlatency | | 4.4.0-28.47 | 18.1 | generic, lowlatency | | 4.4.0-28.47 | 21.1 | generic, lowlatency | | 4.4.0-31.50 | 16.1 | generic, lowlatency | | 4.4.0-31.50 | 17.1 | generic, lowlatency | | 4.4.0-31.50 | 18.1 | generic, lowlatency | | 4.4.0-31.50 | 21.1 | generic, lowlatency | | 4.4.0-34.53 | 16.1 | generic, lowlatency | | 4.4.0-34.53 | 17.1 | generic, lowlatency | | 4.4.0-34.53 | 18.1 | generic, lowlatency | | 4.4.0-34.53 | 21.1 | generic, lowlatency | | 4.4.0-36.55 | 16.1 | generic, lowlatency | | 4.4.0-36.55 | 17.1 | generic, lowlatency | | 4.4.0-36.55 | 18.1 | generic, lowlatency | | 4.4.0-36.55 | 21.1 | generic, lowlatency | | 4.4.0-38.57 | 16.1 | generic, lowlatency | | 4.4.0-38.57 | 17.1 | generic, lowlatency | | 4.4.0-38.57 | 18.1 | generic, lowlatency | | 4.4.0-38.57 | 21.1 | generic, lowlatency | | 4.4.0-42.62 | 16.1 | generic, lowlatency | | 4.4.0-42.62 | 17.1 | generic, lowlatency | | 4.4.0-42.62 | 18.1 | generic, lowlatency | | 4.4.0-42.62 | 21.1 | generic, lowlatency | | 4.4.0-43.63 | 16.1 | generic, lowlatency | | 4.4.0-43.63 | 17.1 | generic, lowlatency | | 4.4.0-43.63 | 18.1 | generic, lowlatency | | 4.4.0-43.63 | 21.1 | generic, lowlatency | | 4.4.0-45.66 | 16.1 | generic, lowlatency | | 4.4.0-45.66 | 17.1 | generic, lowlatency | | 4.4.0-45.66 | 18.1 | generic, lowlatency | | 4.4.0-45.66 | 21.1 | generic, lowlatency | | 4.4.0-47.68 | 16.1 | generic, lowlatency | | 4.4.0-47.68 | 17.1 | generic, lowlatency | | 4.4.0-47.68 | 18.1 | generic, lowlatency | | 4.4.0-47.68 | 21.1 | generic, lowlatency | | 4.4.0-51.72 | 16.1 | generic, lowlatency | | 4.4.0-51.72 | 17.1 | generic, lowlatency | | 4.4.0-51.72 | 18.1 | generic, lowlatency | | 4.4.0-51.72 | 21.1 | generic, lowlatency | | 4.4.0-53.74 | 16.1 | generic, lowlatency | | 4.4.0-53.74 | 17.1 | generic, lowlatency | | 4.4.0-53.74 | 18.1 | generic, lowlatency | | 4.4.0-53.74 | 21.1 | generic, lowlatency | | 4.4.0-57.78 | 17.1 | generic, lowlatency | | 4.4.0-57.78 | 18.1 | generic, lowlatency | | 4.4.0-57.78 | 21.1 | generic, lowlatency | | 4.4.0-59.80 | 17.1 | generic, lowlatency | | 4.4.0-59.80 | 18.1 | generic, lowlatency | | 4.4.0-59.80 | 21.1 | generic, lowlatency | | 4.4.0-62.83 | 17.1 | generic, lowlatency | | 4.4.0-62.83 | 18.1 | generic, lowlatency | | 4.4.0-62.83 | 21.1 | generic, lowlatency | | 4.4.0-63.84 | 18.1 | generic, lowlatency | | 4.4.0-63.84 | 21.1 | generic, lowlatency | | 4.4.0-64.85 | 21.1 | generic, lowlatency | | 4.4.0-66.87 | 21.1 | generic, lowlatency | | 4.4.0-67.88 | 21.1 | generic, lowlatency | | 4.4.0-70.91 | 21.1 | generic, lowlatency | | 4.4.0-71.92 | 21.1 | generic, lowlatency | Additionally, you should install an updated kernel with these fixes and reboot at your convienience.

References

CVE-2016-5195, CVE-2016-7910, CVE-2016-7911, CVE-2016-7912,

CVE-2016-7916, CVE-2016-8399, CVE-2016-8630, CVE-2016-8633,

CVE-2016-9191, CVE-2016-9555, CVE-2016-9756, CVE-2017-2583,

CVE-2017-6074, CVE-2017-7308

April 10, 2017

Topics%20covered

Topics Covered

security advisory denial of service Ubuntu kernel system crash security issues administrative access

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here