Lucene search

K
cloudfoundry
Cloud FoundryCFOUNDRY:10916BBD941416F67134F1200DE97709
HistoryJan 31, 2017 - 12:00 a.m.

USN-3169-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry

2017-01-3100:00:00
Cloud Foundry
www.cloudfoundry.org
29

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

12.4%

Severity

Medium

Vendor

Ubuntu

Versions Affected

  • Ubuntu 14.04 LTS

Description

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment (CS) in certain error cases. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2016-9756)

Andrey Konovalov discovered that signed integer overflows existed in the setsockopt() system call when handling the SO_SNDBUFFORCE andSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service (system crash or memory corruption). (CVE-2016-9793)

Baozeng Ding discovered a race condition that could lead to a use-after-free in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to cause a denial of service(system crash). (CVE-2016-9794)

Affected Products and Versions

Severity is medium unless otherwise noted.

Cloud Foundry BOSH stemcells are vulnerable, including:

  • * 3151.x versions prior to 3151.7
    
    • 3233.x versions prior to 3233.10
    • 3263.x versions prior to 3263.15
    • 3312.x versions prior to 3312.17

Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

  • The Cloud Foundry team recommends upgrading to the following BOSH stemcells:
    • Upgrade all lower versions of 3151.x to version 3151.7
    • Upgrade all lower versions of 3233.x to version 3233.10
    • Upgrade all lower versions of 3263.x to version 3263.15
    • Upgrade all lower versions of 3312.x to version 3312.17

Credit

Dmitry Vyukov, Andrey Konovalov, Baozeng Ding

References

History

2017-01-11: Initial vulnerability report published

How to protect your server from attacks?

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

12.4%

Related for CFOUNDRY:10916BBD941416F67134F1200DE97709