Lucene search

K
cloudfoundryCloud FoundryCFOUNDRY:43A3634884E6DDA3AD9EFD6221BBEE90
HistoryJan 31, 2017 - 12:00 a.m.

USN-3161-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry

2017-01-3100:00:00
Cloud Foundry
www.cloudfoundry.org
31

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.736 High

EPSS

Percentile

98.1%

Severity

Medium

Vendor

Ubuntu

Versions Affected

  • Ubuntu 14.04 LTS

Description

Tilman Schmidt and Sasha Levin discovered a use-after-free condition in the TTY implementation in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2015-8964)

It was discovered that the Video For Linux Two (v4l2) implementation in the Linux kernel did not properly handle multiple planes when processing aVIDIOC_DQBUF ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-4568)

CAI Qian discovered that shared bind mounts in a mount name space exponentially added entries without restriction to the Linux kernel’s mount table. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6213)

It was discovered that the KVM implementation for x86/x86_64 in the Linux kernel could dereference a null pointer. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the KVM host. (CVE-2016-8630)

Eyal Itkin discovered that the IP over IEEE 1394 (FireWire) implementation in the Linux kernel contained a buffer overflow when handling fragmented packets. A remote attacker could use this to possibly execute arbitrary code with administrative privileges. (CVE-2016-8633)

Marco Grassi discovered that the TCP implementation in the Linux kernel mishandles socket buffer (skb) truncation. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-8645)

Andrey Konovalov discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data. A remote attacker could use this to cause a denial of service (system crash). (CVE-2016-9555)

Affected Products and Versions

Severity is medium unless otherwise noted.

  • Cloud Foundry BOSH stemcells are vulnerable, including:
    • 3151.x versions prior to 3151.7
    • 3233.x versions prior to 3233.10
    • 3263.x versions prior to 3263.15
    • 3312.x versions prior to 3312.17

Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

  • The Cloud Foundry team recommends upgrading to the following BOSH stemcells:
    • Upgrade all lower versions of 3151.x to version 3151.7
    • Upgrade all lower versions of 3233.x to version 3233.10
    • Upgrade all lower versions of 3263.x to version 3263.15
    • Upgrade all lower versions of 3312.x to 3312.17

Credit

Tilman Schmidt, Sasha Levin, CAI Qian, Eyal Itkin, Marco Grassi, Andrey Konovalov

References

History

2016-12-20: Initial vulnerability report published

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.736 High

EPSS

Percentile

98.1%