Lucene search

K
amazonAmazonALAS-2016-703
HistoryMay 18, 2016 - 2:00 p.m.

Medium: kernel

2016-05-1814:00:00
alas.aws.amazon.com
67
linux kernel
denial of service
privilege escalation
security flaws
hugetlbfs
asn.1 der
ext4 filesystem

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.005

Percentile

76.7%

Issue Overview:

The Linux kernel did not properly suppress hugetlbfs support in x86 PV guests, which could allow local PV guest users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area. (CVE-2016-3961 / XSA-174)

A flaw was found in the way the Linux kernel’s ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 certificate DER file to crash the system or, potentially, escalate their privileges on the system. (CVE-2016-0758)

Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user’s file after unsynchronized hole punching and page-fault handling. (CVE-2015-8839)

The following flaws were also fixed in this version:

CVE-2016-4557: Use after free vulnerability via double fdput
CVE-2016-4581: Slave being first propagated copy causes oops in propagate_mnt
CVE-2016-4486: Information leak in rtnetlink
CVE-2016-4485: Information leak in llc module
CVE-2016-4558: bpf: refcnt overflow
CVE-2016-4565: infiniband: Unprivileged process can overwrite kernel memory using rdma_ucm.ko
CVE-2016-0758: tags with indefinite length can corrupt pointers in asn1_find_indefinite_length()
CVE-2015-8839: ext4 filesystem page fault race condition with fallocate call.

Affected Packages:

kernel

Issue Correction:
Run yum update kernel to update your system.

New Packages:

i686:  
    perf-debuginfo-4.4.10-22.54.amzn1.i686  
    kernel-headers-4.4.10-22.54.amzn1.i686  
    kernel-tools-debuginfo-4.4.10-22.54.amzn1.i686  
    perf-4.4.10-22.54.amzn1.i686  
    kernel-4.4.10-22.54.amzn1.i686  
    kernel-debuginfo-common-i686-4.4.10-22.54.amzn1.i686  
    kernel-devel-4.4.10-22.54.amzn1.i686  
    kernel-tools-4.4.10-22.54.amzn1.i686  
    kernel-tools-devel-4.4.10-22.54.amzn1.i686  
    kernel-debuginfo-4.4.10-22.54.amzn1.i686  
  
noarch:  
    kernel-doc-4.4.10-22.54.amzn1.noarch  
  
src:  
    kernel-4.4.10-22.54.amzn1.src  
  
x86_64:  
    kernel-tools-4.4.10-22.54.amzn1.x86_64  
    perf-4.4.10-22.54.amzn1.x86_64  
    kernel-tools-debuginfo-4.4.10-22.54.amzn1.x86_64  
    perf-debuginfo-4.4.10-22.54.amzn1.x86_64  
    kernel-devel-4.4.10-22.54.amzn1.x86_64  
    kernel-4.4.10-22.54.amzn1.x86_64  
    kernel-headers-4.4.10-22.54.amzn1.x86_64  
    kernel-debuginfo-common-x86_64-4.4.10-22.54.amzn1.x86_64  
    kernel-debuginfo-4.4.10-22.54.amzn1.x86_64  
    kernel-tools-devel-4.4.10-22.54.amzn1.x86_64  

Additional References

Red Hat: CVE-2015-8839, CVE-2016-0758, CVE-2016-3961, CVE-2016-4485, CVE-2016-4486, CVE-2016-4557, CVE-2016-4558, CVE-2016-4565, CVE-2016-4581

Mitre: CVE-2015-8839, CVE-2016-0758, CVE-2016-3961, CVE-2016-4485, CVE-2016-4486, CVE-2016-4557, CVE-2016-4558, CVE-2016-4565, CVE-2016-4581

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.005

Percentile

76.7%