AmazonALAS-2014-455Medium: kernel
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.733 High
EPSS
Percentile
98.1%
Issue Overview:
The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk. (CVE-2014-7841)
The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call. (CVE-2014-7970)
The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite. (CVE-2014-9090)
A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-9322)
Affected Packages:
kernel
Issue Correction:
Run yum clean all followed by yum update kernel to update your system. You will need to reboot your system in order for the new kernel to be running.
New Packages:
i686:
kernel-3.14.26-24.46.amzn1.i686
kernel-debuginfo-3.14.26-24.46.amzn1.i686
perf-debuginfo-3.14.26-24.46.amzn1.i686
kernel-devel-3.14.26-24.46.amzn1.i686
kernel-tools-devel-3.14.26-24.46.amzn1.i686
kernel-debuginfo-common-i686-3.14.26-24.46.amzn1.i686
kernel-tools-3.14.26-24.46.amzn1.i686
perf-3.14.26-24.46.amzn1.i686
kernel-headers-3.14.26-24.46.amzn1.i686
kernel-tools-debuginfo-3.14.26-24.46.amzn1.i686
noarch:
kernel-doc-3.14.26-24.46.amzn1.noarch
src:
kernel-3.14.26-24.46.amzn1.src
x86_64:
kernel-headers-3.14.26-24.46.amzn1.x86_64
kernel-devel-3.14.26-24.46.amzn1.x86_64
kernel-tools-debuginfo-3.14.26-24.46.amzn1.x86_64
kernel-tools-devel-3.14.26-24.46.amzn1.x86_64
kernel-debuginfo-common-x86_64-3.14.26-24.46.amzn1.x86_64
kernel-tools-3.14.26-24.46.amzn1.x86_64
perf-3.14.26-24.46.amzn1.x86_64
kernel-debuginfo-3.14.26-24.46.amzn1.x86_64
kernel-3.14.26-24.46.amzn1.x86_64
perf-debuginfo-3.14.26-24.46.amzn1.x86_64
Additional References
Red Hat: CVE-2014-7841, CVE-2014-7970, CVE-2014-9090, CVE-2014-9322
Mitre: CVE-2014-7841, CVE-2014-7970, CVE-2014-9090, CVE-2014-9322
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.733 High
EPSS
Percentile
98.1%