Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM

Summary

PowerKVM is affected by numerous vulnerabilities in the linux kernel. These vulnerabilities are now fixed.

Vulnerability Details

CVEID: CVE-2013-7421**
DESCRIPTION:** Linux Kernel could allow a local attacker to bypass security restrictions, caused by an error in the in the Crypto API. An attacker could exploit this vulnerability to load any installed kernel module on systems.
CVSS Base Score: 2.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/100591 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2014-7842**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error related to the reporting of an emulation failure to user space. An attacker with access to MMIO area could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/98658 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:H/Au:N/C:N/I:N/A:C)

CVEID: CVE-2014-8171**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the improper handling of OOM (out of memory) conditions by the memory resource controller’s (memcg). By continuously spawning new processes within a single memory-constrained cgroup during an OOM event, an attacker could exploit this vulnerability to cause the system to deadlock.
CVSS Base Score: 7.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115949 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVEID: CVE-2014-8559**
DESCRIPTION:** Linux Kernel, built with Virtual File System(VFS) support, is vulnerable to a denial of service caused by incorrect usage of file system locks. A local attacker could exploit this vulnerability to cause a deadlock.
CVSS Base Score: 2.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/98424 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2014-9644**
DESCRIPTION:** Linux Kernel could allow a local attacker to bypass security restrictions, caused by an error in the in the Crypto API. An attacker could exploit this vulnerability to load any installed kernel module on systems.
CVSS Base Score: 2.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/100592 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2015-2925**
DESCRIPTION:** Linux Kernel could allow a local attacker to gain unauthorized access to the system. By creating another user and mounting namespace within a container, an attacker could exploit this vulnerability to gain access to the filesystem.
CVSS Base Score: 4.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102130 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVEID: CVE-2015-3339**
DESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a race condition between the chown() and execve() system calls. When changing the owner of a setuid-user binary to root, an attacker could exploit this vulnerability to gain root privileges on the system.
CVSS Base Score: 7.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102618 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2015-5156**
DESCRIPTION:** Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking by virtio-net. By sending specially crafted packets, a remote attacker on the local network could overflow a buffer and execute arbitrary code on the system or cause the system to crash.
CVSS Base Score: 6.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105348 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2015-5283**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error in the SCTP module. By creating multiple SCTP sockets when SCTP module isn’t loaded, an attacker could exploit this vulnerability to cause the kernel to panic.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107227 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2015-6526**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error in the perf_callchain_user_64 unction. A local attacker could exploit this vulnerability to cause the system to enter into an infinite loop and kill the process.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105798 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2015-7613**
DESCRIPTION:** Linux Kernel could allow a local attacker to gain unauthorized access to the system, caused by the installation of a not-completely initialized object into the shared object table by the ipc_addid() function. An attacker could exploit this vulnerability to using initialized memory to gain access to arbitrary SysV shared memory.
CVSS Base Score: 8.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106887 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

CVEID: CVE-2015-7837**
DESCRIPTION:** Linux Kernel could allow a local attacker to bypass security restrictions, caused by an error when kexec is used to load the same kernel after reboot. An attacker could exploit this vulnerability to bypass the securelevel/secureboot combination and gain access to the system.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107230 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2015-7872**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error in keyrings garbage collector. A remote authenticated attacker could exploit this vulnerability using request_key() or keyctl request2 to cause a kernel OOPs.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107408 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2015-8660**
DESCRIPTION:** Linux Kernel could allow a local attacker to bypass security restrictions, caused by an error in the ovl_setattr function in fs/overlayfs/inode.c when attempting to merge distinct setattr operations. An attacker could exploit this vulnerability using a specially crafted application to bypass security restrictions and modify the attributes of arbitrary overlay files.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109385 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2015-8767**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the failure to properly manage the relationship between a lock and a socket by sm_sideeffect.c. A local attacker could exploit this vulnerability using a specially crafted sctp_accept call to cause a deadlock.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110582 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-0728**
DESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free in the join_session_keyring() function in security/keys/process_keys.c. By overflowing the usage field, an attacker could exploit this vulnerability to execute arbitrary code on the system with kernel-level privileges.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109695 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-0758**
DESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by the improper processing of certificate files with tags with indefinite length by the ASN.1 DER decoder. An attacker could exploit this vulnerability using a specially crafted X.509 certificate DER file to gain elevated privileges on the system or cause the system to crash.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113189 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-4470**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the improper handling of key lookups in the keychain subsystem by the key_reject_and_link() function. An attacker could exploit this vulnerability to cause the system to crash and trigger a use-after-free by another kernel mechanism.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/114238 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-4565**
DESCRIPTION:** Linux Kernel could allow a local attacker to bypass security restrictions, caused by the failure to restrict use of the write() interface by the drivers/infiniband stack. A local attacker could exploit this vulnerability to trigger write calls and launch further attacks on the system.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113181 for the current score
CVSS Environmental Score*: Undefined

Affected Products and Versions

PowerKVM 2.1 and PowerKVM 3.1

Remediation/Fixes

Customers can update PowerKVM systems by using “yum update”.

Fix images are made available via Fix Central. For version 3.1, see https://ibm.biz/BdHggw_ _for 3.1.0.2 update 2 or later.

For version 2.1, see PowerKVM 2.1.1.3-65. Update 12 at https://ibm.biz/BdEnT8_ _ or later. Customers running v2.1 are, in any case, encouraged to upgrade to v3.1.

For v2.1 systems currently running fix levels of PowerKVM prior to 2.1.1, please see <http://download4.boulder.ibm.com/sar/CMA/OSA/05e4c/0/README&gt; for prerequisite fixes and instructions.

Workarounds and Mitigations

None