Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM

Summary

PowerKVM is affected by vulnerabilities in the Linux Kernel. IBM has now addressed these vulnerabilities.

Vulnerability Details

CVEID: CVE-2016-7042**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the use of an incorrect buffer size for certain timeout data by the proc_keys_show function in security/keys/proc.c. By reading the /proc/keys file, an attacker could exploit this vulnerability to cause the kernel to panic.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118133 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-8633**
DESCRIPTION:** Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by an error in drivers/firewire/net.c. By sending specially-crafted fragmented packets. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/119632 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-9191**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the improper handling of specific drop operations by the cgroup offline implementation. A local attacker could exploit this vulnerability using a specially crafted application to cause the system to hang.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/119404 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-8399**
DESCRIPTION:** Google Android could allow a local attacker to gain elevated privileges on the system, caused by a flaw in the kernel networking subsystem. By persuading a victim to install a specially-crafted application, an attacker could exploit this vulnerability to execute arbitrary code within the context of a privileged process.
CVSS Base Score: 7.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/121227 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-8650**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the failure to ensure that memory is allocated for limb data by mpi_powm function. A local attacker could exploit this vulnerability using an add_key system call for an RSA key with a zero exponent to cause the system to panic.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/119408 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

PowerKVM 2.1 and PowerKVM 3.1. Note that PowerKVM is not affeced by CVE-2016-9191.

Remediation/Fixes

Customers can update PowerKVM systems by using “yum update”.

Fix images are made available via Fix Central. For version 3.1, see https://ibm.biz/BdHggw. This issue is addressed as of 3.1.0.2 update 5 or later.

For version 2.1, see https://ibm.biz/BdEnT8. This issue is addressed as of PowerKVM 2.1.1.3-65 update 15 or later. Customers running v2.1 are, in any case, encouraged to upgrade to v3.1.

For v2.1 systems currently running fix levels of PowerKVM prior to 2.1.1, please see <http://download4.boulder.ibm.com/sar/CMA/OSA/05e4c/0/README&gt; for prerequisite fixes and instructions.

Workarounds and Mitigations

None