SB2017103108 - Ubuntu update for Linux kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017103108

SB2017103108 - Ubuntu update for Linux kernel

Published: October 31, 2017

Security Bulletin ID SB2017103108
Severity
Low
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Stack-based buffer overflow (CVE-ID: CVE-2016-8632)

The vulnerability allows a local user to cause kernel panic or escalate privileges.

The vulnerability exists due to a boundary error during minimum bearer MTU check within the tipc_msg_build() function. A local user can set a very short MTU, trigger stack-based buffer overflow and cause kernel panic or execute arbitrary code on the target system with elevated privileges.

Successful exploitation of the vulnerability may allow an attacker to cause kernel panic or escalate privileges on the system.


2) Race condition (CVE-ID: CVE-2017-10661)

The vulnerability allows a local attacker to gain elevated privileges or cause DoS condition on the target system.

The weakness exists due to race condition in fs/timerfd.c in the Linux kernel. A local attacker can use simultaneous file-descriptor operations, leverage improper might_cancel queueing, trigger list corruption or use-after-free and cause the service to crash or execute arbitrary code with root privileges.

Remediation

Install update from vendor's website.

References