USN-3151-2: Linux kernel (Xenial HWE) vulnerability | Cloud Foundry

2016-12-07T00:00:00
ID CFOUNDRY:6281FA84A07A7B74FA891D903B863B26
Type cloudfoundry
Reporter Cloud Foundry
Modified 2016-12-07T00:00:00

Description

USN-3151-2: Linux kernel (Xenial HWE) vulnerability

High

Vendor

Canonical Ubuntu

Versions Affected

  • Ubuntu 14.04 LTS

The following Cloud Foundry BOSH stemcells are vulnerable:

  • All versions prior to 3151.5
  • 3233.x versions prior to 3233.6
  • 3263.x versions prior to 3263.12
  • 3312.x versions prior to 3312.7
  • All other versions

Description

Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges.

Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

Upgrade BOSH stemcells in all deployments to one of the following versions:

  • Upgrade all earlier versions to 3151.5
  • Upgrade 3233.x versions to 3233.6 or later
  • Upgrade 3263.x versions to 3263.12 or later
  • Upgrade 3312.x versions to to 3312.7 or later

Credit

Philip Pettersson

References

[1] <https://www.ubuntu.com/usn/usn-3151-2/>
[2] bosh.io