SB2017061923 - Ubuntu update for Linux kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017061923

SB2017061923 - Ubuntu update for Linux kernel

Published: June 19, 2017

Security Bulletin ID SB2017061923
Severity
Medium
Patch available
YES
Number of vulnerabilities 11
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 18% Low 82%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 11 secuirty vulnerabilities.


1) Memory corruption (CVE-ID: CVE-2017-1000364)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to memory management errors in implementation of various functions under multiple operating systems. A local or remote attacker can trigger the affected application to process specially crafted data, trigger memory corruption and execute arbitrary code on the target system. The vulnerability is dubbed by Qualys researchers as “Stack Clash”.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


2) Use-after-free error (CVE-ID: CVE-2014-9940)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to use-after-free error in the regulator_ena_gpio_free function in drivers/regulator/core.c. A local attacker can run a specially crafted application, trigger memory corruption, gain kernel privileges and cause the system to crash.

Successful exploitation of the vulnerability results may result in denial of service.


3) Privilege escalation (CVE-ID: CVE-2017-0605)

The vulnerability allows a local attacker to gain elevated privileges.

The weakness exists due to a flaw in the kernel trace subsystem. A local attacker can run a specially crafted application and execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

4) Privilege escalation (CVE-ID: CVE-2017-1000363)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to an integer overflow in the lp_setup() function. a local attacker can append lp=none arguments to the kernel command line and gain root privileges on the target system.

Successful exploitation results in privilege escalation.

5) Memory corruption (CVE-ID: CVE-2017-7294)

The vulnerability allows a local attacker to cause DoS condition or gain elevated privileges on the target system.

The weakness exists in the vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c due to missing validation of addition of certain levels data. A local attacker can trigger integer overflow and out-of-bounds write, cause the service to crash or possibly gain root privileges via a crafted ioctl call for a /dev/dri/renderD* device.

6) Double free error (CVE-ID: CVE-2017-8890)

The vulnerability allows a remote attacker to perform a denial of service attack.

The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.

7) Out-of-bounds read (CVE-ID: CVE-2017-9074)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to the the failure to consider that the nexthdr field may be associated with an invalid option by the IPv6 fragmentation implementation. A local attacker can use a specially-crafted socket or system call to trigger out-of-bounds read and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

8) Denial of service (CVE-ID: CVE-2017-9075)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an error in sctp_v6_create_accept_sk function in net/sctp/ipv6.c.A local attacker can use specially crafted system calls and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

9) Denial of service (CVE-ID: CVE-2017-9076)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an error in the dccp_v6_request_recv_sock function in net/dccp/ipv6.c.A local attacker can use specially crafted system calls and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

10) Denial of service (CVE-ID: CVE-2017-9077)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an error in the tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c. A local attacker can use specially crafted system calls to cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.


11) Denial of service (CVE-ID: CVE-2017-9242)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an error in the __ip6_append_data function when checking whether an overwrite of an skb data structure may occur. A local attacker can use specially crafted system calls and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Install update from vendor's website.

References