SB2017091523 - Multiple vulnerabilities in Linux Kernel
Published: September 15, 2017 Updated: May 23, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 vulnerabilities.
1) Improper input validation (CVE-ID: CVE-2018-11232)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the etm_setup_aux function due to improper validation of parameters. A local attacker can send specially crafted requests and cause the service to crash.
2) Denial of service (CVE-ID: CVE-2017-18270)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to improper security restrictions during the creation of user keyrings. A local attacker can submit keyctl commands, create keyrings of other users on the system and cause the service to crash.
3) Resource exhaustion (CVE-ID: CVE-2017-7472)
CWE-ID: CWE-400 - Resource exhaustion
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows a local attacker to cause DoD condition on the target system.
The weakness exists in the KEYS subsystem due to memory consumption. A local attacker can cause the service to crash via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.
4) Heap-based buffer overflow (CVE-ID: CVE-2017-0786)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows an adjacent attacker to gain elevated privileges on the target system.
The weakness exists due to corrupting heap memory because of buffer overruns. An adjacent attacker can gain root privileges.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f09444639099584bc4784d...
- https://github.com/torvalds/linux/commit/237bbd29f7a049d310d907f4b2716a7feef9abf3
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c9f838d104fed6f2f61d681647...
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17df6453d4be17910456e9...