Ubuntu 3619-1: Linux kernel vulnerabilities

    Date 04 Apr 2018
    5440
    Posted By Anthony Pell
    Several security issues were fixed in the Linux kernel.
    ==========================================================================
    Ubuntu Security Notice USN-3619-1
    April 04, 2018
    
    linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
    ==========================================================================
    
    A security issue affects these releases of Ubuntu and its derivatives:
    
    - Ubuntu 16.04 LTS
    
    Summary:
    
    Several security issues were fixed in the Linux kernel.
    
    Software Description:
    - linux: Linux kernel
    - linux-aws: Linux kernel for Amazon Web Services (AWS) systems
    - linux-kvm: Linux kernel for cloud environments
    - linux-raspi2: Linux kernel for Raspberry Pi 2
    - linux-snapdragon: Linux kernel for Snapdragon processors
    
    Details:
    
    Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation
    in the Linux kernel improperly performed sign extension in some situations.
    A local attacker could use this to cause a denial of service (system crash)
    or possibly execute arbitrary code. (CVE-2017-16995)
    
    It was discovered that a race condition leading to a use-after-free
    vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A
    local attacker could use this to cause a denial of service (system crash)
    or possibly execute arbitrary code. (CVE-2017-0861)
    
    It was discovered that the KVM implementation in the Linux kernel allowed
    passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM
    could use this to cause a denial of service (system crash) in the host OS.
    (CVE-2017-1000407)
    
    It was discovered that an information disclosure vulnerability existed in
    the ACPI implementation of the Linux kernel. A local attacker could use
    this to expose sensitive information (kernel memory addresses).
    (CVE-2017-11472)
    
    It was discovered that a use-after-free vulnerability existed in the
    network namespaces implementation in the Linux kernel. A local attacker
    could use this to cause a denial of service (system crash) or possibly
    execute arbitrary code. (CVE-2017-15129)
    
    It was discovered that the Advanced Linux Sound Architecture (ALSA)
    subsystem in the Linux kernel contained a use-after-free when handling
    device removal. A physically proximate attacker could use this to cause a
    denial of service (system crash) or possibly execute arbitrary code.
    (CVE-2017-16528)
    
    Andrey Konovalov discovered that the usbtest device driver in the Linux
    kernel did not properly validate endpoint metadata. A physically proximate
    attacker could use this to cause a denial of service (system crash).
    (CVE-2017-16532)
    
    Andrey Konovalov discovered that the Conexant cx231xx USB video capture
    driver in the Linux kernel did not properly validate interface descriptors.
    A physically proximate attacker could use this to cause a denial of service
    (system crash). (CVE-2017-16536)
    
    Andrey Konovalov discovered that the SoundGraph iMON USB driver in the
    Linux kernel did not properly validate device metadata. A physically
    proximate attacker could use this to cause a denial of service (system
    crash). (CVE-2017-16537)
    
    Andrey Konovalov discovered that the IMS Passenger Control Unit USB driver
    in the Linux kernel did not properly validate device descriptors. A
    physically proximate attacker could use this to cause a denial of service
    (system crash). (CVE-2017-16645)
    
    Andrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the
    Linux kernel did not properly handle detach events. A physically proximate
    attacker could use this to cause a denial of service (system crash).
    (CVE-2017-16646)
    
    Andrey Konovalov discovered that the CDC USB Ethernet driver did not
    properly validate device descriptors. A physically proximate attacker could
    use this to cause a denial of service (system crash). (CVE-2017-16649)
    
    Andrey Konovalov discovered that the QMI WWAN USB driver did not properly
    validate device descriptors. A physically proximate attacker could use this
    to cause a denial of service (system crash). (CVE-2017-16650)
    
    It was discovered that the USB Virtual Host Controller Interface (VHCI)
    driver in the Linux kernel contained an information disclosure vulnerability.
    A physically proximate attacker could use this to expose sensitive
    information (kernel memory). (CVE-2017-16911)
    
    It was discovered that the USB over IP implementation in the Linux kernel
    did not validate endpoint numbers. A remote attacker could use this to
    cause a denial of service (system crash). (CVE-2017-16912)
    
    It was discovered that the USB over IP implementation in the Linux kernel
    did not properly validate CMD_SUBMIT packets. A remote attacker could use
    this to cause a denial of service (excessive memory consumption).
    (CVE-2017-16913)
    
    It was discovered that the USB over IP implementation in the Linux kernel
    contained a NULL pointer dereference error. A remote attacker could use
    this to cause a denial of service (system crash). (CVE-2017-16914)
    
    It was discovered that the HugeTLB component of the Linux kernel did not
    properly handle holes in hugetlb ranges. A local attacker could use this to
    expose sensitive information (kernel memory). (CVE-2017-16994)
    
    It was discovered that the netfilter component of the Linux did not
    properly restrict access to the connection tracking helpers list. A local
    attacker could use this to bypass intended access restrictions.
    (CVE-2017-17448)
    
    It was discovered that the netlink subsystem in the Linux kernel did not
    properly restrict observations of netlink messages to the appropriate net
    namespace. A local attacker could use this to expose sensitive information
    (kernel netlink traffic). (CVE-2017-17449)
    
    It was discovered that the netfilter passive OS fingerprinting (xt_osf)
    module did not properly perform access control checks. A local attacker
    could improperly modify the system-wide OS fingerprint list.
    (CVE-2017-17450)
    
    It was discovered that the core USB subsystem in the Linux kernel did not
    validate the number of configurations and interfaces in a device. A
    physically proximate attacker could use this to cause a denial of service
    (system crash). (CVE-2017-17558)
    
    Dmitry Vyukov discovered that the KVM implementation in the Linux kernel
    contained an out-of-bounds read when handling memory-mapped I/O. A local
    attacker could use this to expose sensitive information. (CVE-2017-17741)
    
    It was discovered that the Salsa20 encryption algorithm implementations in
    the Linux kernel did not properly handle zero-length inputs. A local
    attacker could use this to cause a denial of service (system crash).
    (CVE-2017-17805)
    
    It was discovered that the HMAC implementation did not validate the state
    of the underlying cryptographic hash algorithm. A local attacker could use
    this to cause a denial of service (system crash) or possibly execute
    arbitrary code. (CVE-2017-17806)
    
    It was discovered that the keyring implementation in the Linux kernel did
    not properly check permissions when a key request was performed on a
    task's' default keyring. A local attacker could use this to add keys to
    unauthorized keyrings. (CVE-2017-17807)
    
    Alexei Starovoitov discovered that the Berkeley Packet Filter (BPF)
    implementation in the Linux kernel contained a branch-pruning logic issue
    around unreachable code. A local attacker could use this to cause a denial
    of service. (CVE-2017-17862)
    
    It was discovered that the parallel cryptography component of the Linux
    kernel incorrectly freed kernel memory. A local attacker could use this to
    cause a denial of service (system crash) or possibly execute arbitrary
    code. (CVE-2017-18075)
    
    It was discovered that a race condition existed in the Device Mapper
    component of the Linux kernel. A local attacker could use this to cause a
    denial of service (system crash). (CVE-2017-18203)
    
    It was discovered that a race condition existed in the OCFS2 file system
    implementation in the Linux kernel. A local attacker could use this to
    cause a denial of service (kernel deadlock). (CVE-2017-18204)
    
    It was discovered that an infinite loop could occur in the the madvise(2)
    implementation in the Linux kernel in certain circumstances. A local
    attacker could use this to cause a denial of service (system hang).
    (CVE-2017-18208)
    
    Andy Lutomirski discovered that the KVM implementation in the Linux kernel
    was vulnerable to a debug exception error when single-stepping through a
    syscall. A local attacker in a non-Linux guest vm could possibly use this
    to gain administrative privileges in the guest vm. (CVE-2017-7518)
    
    It was discovered that the Broadcom NetXtremeII ethernet driver in the
    Linux kernel did not properly validate Generic Segment Offload (GSO) packet
    sizes. An attacker could use this to cause a denial of service (interface
    unavailability). (CVE-2018-1000026)
    
    It was discovered that the Reliable Datagram Socket (RDS)
    implementation in the Linux kernel contained an out-of-bounds write
    during RDMA page allocation. An attacker could use this to cause a
    denial of service (system crash) or possibly execute arbitrary code.
    (CVE-2018-5332)
    
    Mohamed Ghannam discovered a null pointer dereference in the RDS (Reliable
    Datagram Sockets) protocol implementation of the Linux kernel. A local
    attacker could use this to cause a denial of service (system crash).
    (CVE-2018-5333)
    
    ??? discovered that a race condition existed in loop block device
    implementation in the Linux kernel. A local attacker could use this to
    cause a denial of service (system crash) or possibly execute arbitrary
    code. (CVE-2018-5344)
    
    It was discovered that an integer overflow error existed in the futex
    implementation in the Linux kernel. A local attacker could use this to
    cause a denial of service (system crash). (CVE-2018-6927)
    
    It was discovered that a NULL pointer dereference existed in the RDS
    (Reliable Datagram Sockets) protocol implementation in the Linux kernel. A
    local attacker could use this to cause a denial of service (system crash).
    (CVE-2018-7492)
    
    It was discovered that the Broadcom UniMAC MDIO bus controller driver in
    the Linux kernel did not properly validate device resources. A local
    attacker could use this to cause a denial of service (system crash).
    (CVE-2018-8043)
    
    Update instructions:
    
    The problem can be corrected by updating your system to the following
    package versions:
    
    Ubuntu 16.04 LTS:
      linux-image-4.4.0-1020-kvm      4.4.0-1020.25
      linux-image-4.4.0-1054-aws      4.4.0-1054.63
      linux-image-4.4.0-1086-raspi2   4.4.0-1086.94
      linux-image-4.4.0-1088-snapdragon  4.4.0-1088.93
      linux-image-4.4.0-119-generic   4.4.0-119.143
      linux-image-4.4.0-119-generic-lpae  4.4.0-119.143
      linux-image-4.4.0-119-lowlatency  4.4.0-119.143
      linux-image-4.4.0-119-powerpc-e500mc  4.4.0-119.143
      linux-image-4.4.0-119-powerpc-smp  4.4.0-119.143
      linux-image-4.4.0-119-powerpc64-emb  4.4.0-119.143
      linux-image-4.4.0-119-powerpc64-smp  4.4.0-119.143
      linux-image-aws                 4.4.0.1054.56
      linux-image-generic             4.4.0.119.125
      linux-image-generic-lpae        4.4.0.119.125
      linux-image-kvm                 4.4.0.1020.19
      linux-image-lowlatency          4.4.0.119.125
      linux-image-powerpc-e500mc      4.4.0.119.125
      linux-image-powerpc-smp         4.4.0.119.125
      linux-image-powerpc64-emb       4.4.0.119.125
      linux-image-powerpc64-smp       4.4.0.119.125
      linux-image-raspi2              4.4.0.1086.86
      linux-image-snapdragon          4.4.0.1088.80
    
    After a standard system update you need to reboot your computer to make
    all the necessary changes.
    
    ATTENTION: Due to an unavoidable ABI change the kernel updates have
    been given a new version number, which requires you to recompile and
    reinstall all third party kernel modules you might have installed.
    Unless you manually uninstalled the standard kernel metapackages
    (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
    linux-powerpc), a standard system upgrade will automatically perform
    this as well.
    
    References:
      https://usn.ubuntu.com/usn/usn-3619-1
      CVE-2017-0861, CVE-2017-1000407, CVE-2017-11472, CVE-2017-15129,
      CVE-2017-16528, CVE-2017-16532, CVE-2017-16536, CVE-2017-16537,
      CVE-2017-16645, CVE-2017-16646, CVE-2017-16649, CVE-2017-16650,
      CVE-2017-16911, CVE-2017-16912, CVE-2017-16913, CVE-2017-16914,
      CVE-2017-16994, CVE-2017-16995, CVE-2017-17448, CVE-2017-17449,
      CVE-2017-17450, CVE-2017-17558, CVE-2017-17741, CVE-2017-17805,
      CVE-2017-17806, CVE-2017-17807, CVE-2017-17862, CVE-2017-18075,
      CVE-2017-18203, CVE-2017-18204, CVE-2017-18208, CVE-2017-7518,
      CVE-2018-1000026, CVE-2018-5332, CVE-2018-5333, CVE-2018-5344,
      CVE-2018-6927, CVE-2018-7492, CVE-2018-8043
    
    Package Information:
      https://launchpad.net/ubuntu/+source/linux/4.4.0-119.143
      https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1054.63
      https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1020.25
      https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1086.94
      https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1088.93
    
    

    LinuxSecurity Poll

    Do you feel that the Lawful Access to Encrypted Data Act, which aims to force encryption backdoors, is a threat to US citizens' privacy?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/30-do-you-feel-that-the-lawful-access-to-encrypted-data-act-which-aims-to-force-encryption-backdoors-is-a-threat-to-privacy?task=poll.vote&format=json
    30
    radio
    [{"id":"106","title":"Yes - I am a privacy advocate and I am strongly opposed to this bill.","votes":"19","type":"x","order":"1","pct":95,"resources":[]},{"id":"107","title":"I'm undecided - it has its pros and cons.","votes":"1","type":"x","order":"2","pct":5,"resources":[]},{"id":"108","title":"No - I support this bill and feel that it will help protect against crime and threats to our national security. ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.