SB2017111440 - Red Hat update for kernel
Published: November 14, 2017
Security Bulletin ID
SB2017111440
Severity
Low
Patch available
YES
Number of vulnerabilities
3
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Divide by zero (CVE-ID: CVE-2017-14106)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to divide-by-zero error in the tcp_disconnect() function in net/ipv4/tcp.c. A local attacker can trigger a disconnect within a certain tcp_recvmsg code path and cause kernel panic.
Successful exploitation of the vulnerability results in denial of service.
2) Privilege escalation (CVE-ID: CVE-2017-1000111)
The vulnerability allows a local attacker to gain elevated privileges on the target system.The weakness exists in the packet_set_ring function due to improper implementation of raw packet sockets in the networking subsystem of the affected software that handles synchronization. A local attacker with CAP_NET_RAW permissions can open a raw packet socket, trigger a race condition, eventually cause use-after-free error and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
3) Privilege escalation (CVE-ID: CVE-2017-1000112)
The vulnerability allows a local attacker to gain elevated privileges on the target system.The weakness exists due to race condition in the UDP Fragmentation Offload (UFO) code. A local attacker can send specially crafted UFO packets, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Install update from vendor's website.