Important kernel security update: CVE-2017-7542 and other; new kernel 2.6.32-042stab124.2, Virtuozzo 6.0 Update 12 Hotfix 14 (6.0.12-3683)

2017-09-04T00:00:00
ID VZA-2017-076
Type virtuozzo
Reporter Virtuozzo
Modified 2017-09-04T00:00:00

Description

This update provides a new kernel 2.6.32-042stab124.2 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0 and is a rebase to the Red Hat Enterprise Linux 6.9 kernel 2.6.32-696.10.1.el6. It inherits fixes from the original RHEL kernel and provides internal security and stability fixes. Vulnerability id: CVE-2017-7542 An integer overflow vulnerability in ip6_find_1stfragopt() function was found. A local attacker that has privileges (of CAP_NET_RAW) to open raw socket can cause an infinite loop inside the ip6_find_1stfragopt() function.

Vulnerability id: CVE-2017-10661 Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.

Vulnerability id: CVE-2017-1000111 A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system.

Vulnerability id: CVE-2017-1000112 Andrey Konovalov discovered a race condition in the UDP Fragmentation Offload (UFO) code in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code.

Vulnerability id: CVE-2017-7541 Kernel memory corruption due to a buffer overflow was found in brcmf_cfg80211_mgmt_tx() function in Linux kernels from v3.9-rc1 to v4.13-rc1. The vulnerability can be triggered by sending a crafted NL80211_CMD_FRAME packet via netlink. This flaw is unlikely to be triggered remotely as certain userspace code is needed for this. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.

Vulnerability id: CVE-2017-11176 The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to possibly cause a situation where a value may be used after being freed (use after free) which may lead to memory corruption or other unspecified other impact.

Vulnerability id: CVE-2017-14106 The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path.