logo
DATABASE RESOURCES PRICING ABOUT US

USN-3161-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry

Description

# # **Severity** Medium # **Vendor** Ubuntu # **Versions Affected** * Ubuntu 14.04 LTS # **Description** Tilman Schmidt and Sasha Levin discovered a use-after-free condition in the TTY implementation in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). ([CVE-2015-8964](<https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8964.html>)) It was discovered that the Video For Linux Two (v4l2) implementation in the Linux kernel did not properly handle multiple planes when processing aVIDIOC_DQBUF ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. ([CVE-2016-4568](<https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4568.html>)) CAI Qian discovered that shared bind mounts in a mount name space exponentially added entries without restriction to the Linux kernel’s mount table. A local attacker could use this to cause a denial of service (system crash). ([CVE-2016-6213](<https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6213.html>)) It was discovered that the KVM implementation for x86/x86_64 in the Linux kernel could dereference a null pointer. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the KVM host. ([CVE-2016-8630](<https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8630.html>)) Eyal Itkin discovered that the IP over IEEE 1394 (FireWire) implementation in the Linux kernel contained a buffer overflow when handling fragmented packets. A remote attacker could use this to possibly execute arbitrary code with administrative privileges. ([CVE-2016-8633](<https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8633.html>)) Marco Grassi discovered that the TCP implementation in the Linux kernel mishandles socket buffer (skb) truncation. A local attacker could use this to cause a denial of service (system crash). ([CVE-2016-8645](<https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8645.html>)) Andrey Konovalov discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data. A remote attacker could use this to cause a denial of service (system crash). ([CVE-2016-9555](<https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9555.html>)) # **Affected Products and Versions** Severity is medium unless otherwise noted. * Cloud Foundry BOSH stemcells are vulnerable, including: * 3151.x versions prior to 3151.7 * 3233.x versions prior to 3233.10 * 3263.x versions prior to 3263.15 * 3312.x versions prior to 3312.17 # **Mitigation** OSS users are strongly encouraged to follow one of the mitigations below: * The Cloud Foundry team recommends upgrading to the following BOSH stemcells: * Upgrade all lower versions of 3151.x to version 3151.7 * Upgrade all lower versions of 3233.x to version 3233.10 * Upgrade all lower versions of 3263.x to version 3263.15 * Upgrade all lower versions of 3312.x to 3312.17 # **Credit** Tilman Schmidt, Sasha Levin, CAI Qian, Eyal Itkin, Marco Grassi, Andrey Konovalov # **References** * [https://www.ubuntu.com/usn/usn-3161-2/](<https://www.ubuntu.com/usn/usn-3161-2/>) * [https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8964.html](<https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8964.html>) * [https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4568.html](<https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4568.html>) * [https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6213.html](<https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6213.html>) * [https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8630.html](<https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8630.html>) * [https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8633.html](<https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8633.html>) * [https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8645.html](<https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8645.html>) * [https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9555.html](<https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9555.html>) # **History** 2016-12-20: Initial vulnerability report published


Related