Lucene search

K
cloudfoundryCloud FoundryCFOUNDRY:ADC0B498E15923BC9D8697B0215001CD
HistoryDec 27, 2016 - 12:00 a.m.

USN-3128-2: Linux kernel (Xenial HWE) vulnerability | Cloud Foundry

2016-12-2700:00:00
Cloud Foundry
www.cloudfoundry.org
55

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

46.0%

USN-3128-2: Linux kernel (Xenial HWE) vulnerability

Medium

Vendor

Canonical Ubuntu

Versions Affected

  • Canonical Ubuntu 14.04 LTS

Description

Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service (system crash).

Affected Cloud Foundry Products and Versions

Severity is medium unless otherwise noted.

Cloud Foundry BOSH stemcells are vulnerable, including:

  • All versions prior to 3151.5
  • 3233.x versions prior to 3233.6
  • 3263.x versions prior to 3263.12
  • 3312.x versions prior to 3312.5
  • All other unmaintained versions are potentially vulnerable.

Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

The Cloud Foundry project recommends upgrading to the following BOSH stemcells:

  • Upgrade all older versions to 3151.5 or later
  • Upgrade 3233.x versions to 3233.6 or later
  • Upgrade 3263.x versions to 3263.12 or later
  • Upgrade 3312.x versions to 3312.5 or later
  • Upgrade all other unmaintained versions to the most recent version of a maintained version line.

Credit

Ondrej Kozina

References

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

46.0%