Amazon Linux AMI update for kernel



Published: 2017-12-21 | Updated: 2022-12-15
Risk Low
Patch available YES
Number of vulnerabilities 11
CVE-ID CVE-2017-1000407
CVE-2017-1000405
CVE-2017-16647
CVE-2017-16646
CVE-2017-16645
CVE-2017-16643
CVE-2017-16994
CVE-2017-16650
CVE-2017-16649
CVE-2017-15115
CVE-2016-5195
CWE-ID CWE-399
CWE-362
CWE-476
CWE-20
CWE-125
CWE-200
CWE-369
CWE-416
Exploitation vector Local
Public exploit Public exploit code for vulnerability #2 is available.
Vulnerability #12 is being exploited in the wild.
Vulnerable software
Subscribe 		Amazon Linux AMI
Operating systems & Components / Operating system

Vendor Amazon Web Services

Security Bulletin

This security bulletin contains information about 11 vulnerabilities.

1) Resource management error

EUVDB-ID: #VU9655

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-1000407

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to the possibility of flooding the diagnostic port 0x80. A local user can trigger an exception and cause a kernel panic.

Mitigation

Update the affected packages.

i686:
    perf-4.9.70-22.55.amzn1.i686
    kernel-4.9.70-22.55.amzn1.i686
    kernel-debuginfo-common-i686-4.9.70-22.55.amzn1.i686
    kernel-debuginfo-4.9.70-22.55.amzn1.i686
    perf-debuginfo-4.9.70-22.55.amzn1.i686
    kernel-tools-devel-4.9.70-22.55.amzn1.i686
    kernel-headers-4.9.70-22.55.amzn1.i686
    kernel-tools-4.9.70-22.55.amzn1.i686
    kernel-devel-4.9.70-22.55.amzn1.i686
    kernel-tools-debuginfo-4.9.70-22.55.amzn1.i686

noarch:
    kernel-doc-4.9.70-22.55.amzn1.noarch

src:
    kernel-4.9.70-22.55.amzn1.src

x86_64:
    kernel-tools-4.9.70-22.55.amzn1.x86_64
    kernel-devel-4.9.70-22.55.amzn1.x86_64
    kernel-headers-4.9.70-22.55.amzn1.x86_64
    kernel-4.9.70-22.55.amzn1.x86_64
    perf-4.9.70-22.55.amzn1.x86_64
    kernel-tools-devel-4.9.70-22.55.amzn1.x86_64
    kernel-tools-debuginfo-4.9.70-22.55.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.9.70-22.55.amzn1.x86_64
    perf-debuginfo-4.9.70-22.55.amzn1.x86_64
    kernel-debuginfo-4.9.70-22.55.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2017-937.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Race condition

EUVDB-ID: #VU9520

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-1000405

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: Yes

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within touch_pmd() function in mmhugemem.c file when handling THPs. A local user can read read-only huge pages using the get_user_pages() function and overwrite arbitrary huge pages and files mapped via THP.

Successful exploitation of the vulnerability may allow an attacker to perform a denial of service (DoS) attack.

This vulnerability is a result of patch against a another privilege escalation vulnerability in Linux kernel known as Dirty Cow (CVE-2016-5195).

Mitigation

Update the affected packages.

i686:
    perf-4.9.70-22.55.amzn1.i686
    kernel-4.9.70-22.55.amzn1.i686
    kernel-debuginfo-common-i686-4.9.70-22.55.amzn1.i686
    kernel-debuginfo-4.9.70-22.55.amzn1.i686
    perf-debuginfo-4.9.70-22.55.amzn1.i686
    kernel-tools-devel-4.9.70-22.55.amzn1.i686
    kernel-headers-4.9.70-22.55.amzn1.i686
    kernel-tools-4.9.70-22.55.amzn1.i686
    kernel-devel-4.9.70-22.55.amzn1.i686
    kernel-tools-debuginfo-4.9.70-22.55.amzn1.i686

noarch:
    kernel-doc-4.9.70-22.55.amzn1.noarch

src:
    kernel-4.9.70-22.55.amzn1.src

x86_64:
    kernel-tools-4.9.70-22.55.amzn1.x86_64
    kernel-devel-4.9.70-22.55.amzn1.x86_64
    kernel-headers-4.9.70-22.55.amzn1.x86_64
    kernel-4.9.70-22.55.amzn1.x86_64
    perf-4.9.70-22.55.amzn1.x86_64
    kernel-tools-devel-4.9.70-22.55.amzn1.x86_64
    kernel-tools-debuginfo-4.9.70-22.55.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.9.70-22.55.amzn1.x86_64
    perf-debuginfo-4.9.70-22.55.amzn1.x86_64
    kernel-debuginfo-4.9.70-22.55.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2017-937.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Null pointer dereference

EUVDB-ID: #VU9759

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-16647

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an error in drivers/net/usb/asix_devices.c in the Linux kernel. A local attacker can supply a specially crafted USB device, trigger null pointer dereference and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages.

i686:
    perf-4.9.70-22.55.amzn1.i686
    kernel-4.9.70-22.55.amzn1.i686
    kernel-debuginfo-common-i686-4.9.70-22.55.amzn1.i686
    kernel-debuginfo-4.9.70-22.55.amzn1.i686
    perf-debuginfo-4.9.70-22.55.amzn1.i686
    kernel-tools-devel-4.9.70-22.55.amzn1.i686
    kernel-headers-4.9.70-22.55.amzn1.i686
    kernel-tools-4.9.70-22.55.amzn1.i686
    kernel-devel-4.9.70-22.55.amzn1.i686
    kernel-tools-debuginfo-4.9.70-22.55.amzn1.i686

noarch:
    kernel-doc-4.9.70-22.55.amzn1.noarch

src:
    kernel-4.9.70-22.55.amzn1.src

x86_64:
    kernel-tools-4.9.70-22.55.amzn1.x86_64
    kernel-devel-4.9.70-22.55.amzn1.x86_64
    kernel-headers-4.9.70-22.55.amzn1.x86_64
    kernel-4.9.70-22.55.amzn1.x86_64
    perf-4.9.70-22.55.amzn1.x86_64
    kernel-tools-devel-4.9.70-22.55.amzn1.x86_64
    kernel-tools-debuginfo-4.9.70-22.55.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.9.70-22.55.amzn1.x86_64
    perf-debuginfo-4.9.70-22.55.amzn1.x86_64
    kernel-debuginfo-4.9.70-22.55.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2017-937.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Denial of service

EUVDB-ID: #VU9760

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-16646

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an error in drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel. A local attacker can supply a specially crafted USB device, trigger a BUG and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages.

i686:
    perf-4.9.70-22.55.amzn1.i686
    kernel-4.9.70-22.55.amzn1.i686
    kernel-debuginfo-common-i686-4.9.70-22.55.amzn1.i686
    kernel-debuginfo-4.9.70-22.55.amzn1.i686
    perf-debuginfo-4.9.70-22.55.amzn1.i686
    kernel-tools-devel-4.9.70-22.55.amzn1.i686
    kernel-headers-4.9.70-22.55.amzn1.i686
    kernel-tools-4.9.70-22.55.amzn1.i686
    kernel-devel-4.9.70-22.55.amzn1.i686
    kernel-tools-debuginfo-4.9.70-22.55.amzn1.i686

noarch:
    kernel-doc-4.9.70-22.55.amzn1.noarch

src:
    kernel-4.9.70-22.55.amzn1.src

x86_64:
    kernel-tools-4.9.70-22.55.amzn1.x86_64
    kernel-devel-4.9.70-22.55.amzn1.x86_64
    kernel-headers-4.9.70-22.55.amzn1.x86_64
    kernel-4.9.70-22.55.amzn1.x86_64
    perf-4.9.70-22.55.amzn1.x86_64
    kernel-tools-devel-4.9.70-22.55.amzn1.x86_64
    kernel-tools-debuginfo-4.9.70-22.55.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.9.70-22.55.amzn1.x86_64
    perf-debuginfo-4.9.70-22.55.amzn1.x86_64
    kernel-debuginfo-4.9.70-22.55.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2017-937.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Out-of-bounds read

EUVDB-ID: #VU9761

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-16645

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an error in the ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel. A local attacker can supply a specially crafted USB device, trigger ims_pcu_parse_cdc_data out-of-bounds read and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages.

i686:
    perf-4.9.70-22.55.amzn1.i686
    kernel-4.9.70-22.55.amzn1.i686
    kernel-debuginfo-common-i686-4.9.70-22.55.amzn1.i686
    kernel-debuginfo-4.9.70-22.55.amzn1.i686
    perf-debuginfo-4.9.70-22.55.amzn1.i686
    kernel-tools-devel-4.9.70-22.55.amzn1.i686
    kernel-headers-4.9.70-22.55.amzn1.i686
    kernel-tools-4.9.70-22.55.amzn1.i686
    kernel-devel-4.9.70-22.55.amzn1.i686
    kernel-tools-debuginfo-4.9.70-22.55.amzn1.i686

noarch:
    kernel-doc-4.9.70-22.55.amzn1.noarch

src:
    kernel-4.9.70-22.55.amzn1.src

x86_64:
    kernel-tools-4.9.70-22.55.amzn1.x86_64
    kernel-devel-4.9.70-22.55.amzn1.x86_64
    kernel-headers-4.9.70-22.55.amzn1.x86_64
    kernel-4.9.70-22.55.amzn1.x86_64
    perf-4.9.70-22.55.amzn1.x86_64
    kernel-tools-devel-4.9.70-22.55.amzn1.x86_64
    kernel-tools-debuginfo-4.9.70-22.55.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.9.70-22.55.amzn1.x86_64
    perf-debuginfo-4.9.70-22.55.amzn1.x86_64
    kernel-debuginfo-4.9.70-22.55.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2017-937.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds read

EUVDB-ID: #VU9605

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-16643

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read in the parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel. A local attacker can use a specially crafted USB device and cause the service to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages.

i686:
    perf-4.9.70-22.55.amzn1.i686
    kernel-4.9.70-22.55.amzn1.i686
    kernel-debuginfo-common-i686-4.9.70-22.55.amzn1.i686
    kernel-debuginfo-4.9.70-22.55.amzn1.i686
    perf-debuginfo-4.9.70-22.55.amzn1.i686
    kernel-tools-devel-4.9.70-22.55.amzn1.i686
    kernel-headers-4.9.70-22.55.amzn1.i686
    kernel-tools-4.9.70-22.55.amzn1.i686
    kernel-devel-4.9.70-22.55.amzn1.i686
    kernel-tools-debuginfo-4.9.70-22.55.amzn1.i686

noarch:
    kernel-doc-4.9.70-22.55.amzn1.noarch

src:
    kernel-4.9.70-22.55.amzn1.src

x86_64:
    kernel-tools-4.9.70-22.55.amzn1.x86_64
    kernel-devel-4.9.70-22.55.amzn1.x86_64
    kernel-headers-4.9.70-22.55.amzn1.x86_64
    kernel-4.9.70-22.55.amzn1.x86_64
    perf-4.9.70-22.55.amzn1.x86_64
    kernel-tools-devel-4.9.70-22.55.amzn1.x86_64
    kernel-tools-debuginfo-4.9.70-22.55.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.9.70-22.55.amzn1.x86_64
    perf-debuginfo-4.9.70-22.55.amzn1.x86_64
    kernel-debuginfo-4.9.70-22.55.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2017-937.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Information disclosure

EUVDB-ID: #VU9765

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-16994

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to the walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel mishandles holes in hugetlb ranges. A local attacker can make specially crafted mincore() system call and obtain sensitive information from uninitialized kernel memory.

Mitigation

Update the affected packages.

i686:
    perf-4.9.70-22.55.amzn1.i686
    kernel-4.9.70-22.55.amzn1.i686
    kernel-debuginfo-common-i686-4.9.70-22.55.amzn1.i686
    kernel-debuginfo-4.9.70-22.55.amzn1.i686
    perf-debuginfo-4.9.70-22.55.amzn1.i686
    kernel-tools-devel-4.9.70-22.55.amzn1.i686
    kernel-headers-4.9.70-22.55.amzn1.i686
    kernel-tools-4.9.70-22.55.amzn1.i686
    kernel-devel-4.9.70-22.55.amzn1.i686
    kernel-tools-debuginfo-4.9.70-22.55.amzn1.i686

noarch:
    kernel-doc-4.9.70-22.55.amzn1.noarch

src:
    kernel-4.9.70-22.55.amzn1.src

x86_64:
    kernel-tools-4.9.70-22.55.amzn1.x86_64
    kernel-devel-4.9.70-22.55.amzn1.x86_64
    kernel-headers-4.9.70-22.55.amzn1.x86_64
    kernel-4.9.70-22.55.amzn1.x86_64
    perf-4.9.70-22.55.amzn1.x86_64
    kernel-tools-devel-4.9.70-22.55.amzn1.x86_64
    kernel-tools-debuginfo-4.9.70-22.55.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.9.70-22.55.amzn1.x86_64
    perf-debuginfo-4.9.70-22.55.amzn1.x86_64
    kernel-debuginfo-4.9.70-22.55.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2017-937.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Divide by zero

EUVDB-ID: #VU9762

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-16650

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an error in the qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel. A local attacker can supply a specially crafted USB device, trigger divide-by-zero error and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages.

i686:
    perf-4.9.70-22.55.amzn1.i686
    kernel-4.9.70-22.55.amzn1.i686
    kernel-debuginfo-common-i686-4.9.70-22.55.amzn1.i686
    kernel-debuginfo-4.9.70-22.55.amzn1.i686
    perf-debuginfo-4.9.70-22.55.amzn1.i686
    kernel-tools-devel-4.9.70-22.55.amzn1.i686
    kernel-headers-4.9.70-22.55.amzn1.i686
    kernel-tools-4.9.70-22.55.amzn1.i686
    kernel-devel-4.9.70-22.55.amzn1.i686
    kernel-tools-debuginfo-4.9.70-22.55.amzn1.i686

noarch:
    kernel-doc-4.9.70-22.55.amzn1.noarch

src:
    kernel-4.9.70-22.55.amzn1.src

x86_64:
    kernel-tools-4.9.70-22.55.amzn1.x86_64
    kernel-devel-4.9.70-22.55.amzn1.x86_64
    kernel-headers-4.9.70-22.55.amzn1.x86_64
    kernel-4.9.70-22.55.amzn1.x86_64
    perf-4.9.70-22.55.amzn1.x86_64
    kernel-tools-devel-4.9.70-22.55.amzn1.x86_64
    kernel-tools-debuginfo-4.9.70-22.55.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.9.70-22.55.amzn1.x86_64
    perf-debuginfo-4.9.70-22.55.amzn1.x86_64
    kernel-debuginfo-4.9.70-22.55.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2017-937.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Divide by zero

EUVDB-ID: #VU9763

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-16649

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an error in the qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel. A local attacker can supply a specially crafted USB device, trigger divide-by-zero error and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages.

i686:
    perf-4.9.70-22.55.amzn1.i686
    kernel-4.9.70-22.55.amzn1.i686
    kernel-debuginfo-common-i686-4.9.70-22.55.amzn1.i686
    kernel-debuginfo-4.9.70-22.55.amzn1.i686
    perf-debuginfo-4.9.70-22.55.amzn1.i686
    kernel-tools-devel-4.9.70-22.55.amzn1.i686
    kernel-headers-4.9.70-22.55.amzn1.i686
    kernel-tools-4.9.70-22.55.amzn1.i686
    kernel-devel-4.9.70-22.55.amzn1.i686
    kernel-tools-debuginfo-4.9.70-22.55.amzn1.i686

noarch:
    kernel-doc-4.9.70-22.55.amzn1.noarch

src:
    kernel-4.9.70-22.55.amzn1.src

x86_64:
    kernel-tools-4.9.70-22.55.amzn1.x86_64
    kernel-devel-4.9.70-22.55.amzn1.x86_64
    kernel-headers-4.9.70-22.55.amzn1.x86_64
    kernel-4.9.70-22.55.amzn1.x86_64
    perf-4.9.70-22.55.amzn1.x86_64
    kernel-tools-devel-4.9.70-22.55.amzn1.x86_64
    kernel-tools-debuginfo-4.9.70-22.55.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.9.70-22.55.amzn1.x86_64
    perf-debuginfo-4.9.70-22.55.amzn1.x86_64
    kernel-debuginfo-4.9.70-22.55.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2017-937.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use-after-free error

EUVDB-ID: #VU9764

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-15115

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to the sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel does not check whether the intended netns is used in a peel-off action. A local attacker can make specially crafted system calls, trigger use-after-free error and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages.

i686:
    perf-4.9.70-22.55.amzn1.i686
    kernel-4.9.70-22.55.amzn1.i686
    kernel-debuginfo-common-i686-4.9.70-22.55.amzn1.i686
    kernel-debuginfo-4.9.70-22.55.amzn1.i686
    perf-debuginfo-4.9.70-22.55.amzn1.i686
    kernel-tools-devel-4.9.70-22.55.amzn1.i686
    kernel-headers-4.9.70-22.55.amzn1.i686
    kernel-tools-4.9.70-22.55.amzn1.i686
    kernel-devel-4.9.70-22.55.amzn1.i686
    kernel-tools-debuginfo-4.9.70-22.55.amzn1.i686

noarch:
    kernel-doc-4.9.70-22.55.amzn1.noarch

src:
    kernel-4.9.70-22.55.amzn1.src

x86_64:
    kernel-tools-4.9.70-22.55.amzn1.x86_64
    kernel-devel-4.9.70-22.55.amzn1.x86_64
    kernel-headers-4.9.70-22.55.amzn1.x86_64
    kernel-4.9.70-22.55.amzn1.x86_64
    perf-4.9.70-22.55.amzn1.x86_64
    kernel-tools-devel-4.9.70-22.55.amzn1.x86_64
    kernel-tools-debuginfo-4.9.70-22.55.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.9.70-22.55.amzn1.x86_64
    perf-debuginfo-4.9.70-22.55.amzn1.x86_64
    kernel-debuginfo-4.9.70-22.55.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2017-937.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Privilege escalation

EUVDB-ID: #VU1039

Risk: Medium

CVSSv3.1: 7.5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2016-5195

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: Yes

Description

The vulnerability allows a  local user to obtain elevated privileges on the target system.
The weakness is due to race condition in the kernel memory subsystem in the management of copy-on-write operations on read-only memory mappings that lets attackers to overwrite kernel memory and gain kernel-level privileges.
Successful exploitation of the vulnerability results in gaining of root privileges on the vulnerable system.

Note: the vulnerability was being actively exploited.

Mitigation

Update the affected packages.

i686:
    perf-4.9.70-22.55.amzn1.i686
    kernel-4.9.70-22.55.amzn1.i686
    kernel-debuginfo-common-i686-4.9.70-22.55.amzn1.i686
    kernel-debuginfo-4.9.70-22.55.amzn1.i686
    perf-debuginfo-4.9.70-22.55.amzn1.i686
    kernel-tools-devel-4.9.70-22.55.amzn1.i686
    kernel-headers-4.9.70-22.55.amzn1.i686
    kernel-tools-4.9.70-22.55.amzn1.i686
    kernel-devel-4.9.70-22.55.amzn1.i686
    kernel-tools-debuginfo-4.9.70-22.55.amzn1.i686

noarch:
    kernel-doc-4.9.70-22.55.amzn1.noarch

src:
    kernel-4.9.70-22.55.amzn1.src

x86_64:
    kernel-tools-4.9.70-22.55.amzn1.x86_64
    kernel-devel-4.9.70-22.55.amzn1.x86_64
    kernel-headers-4.9.70-22.55.amzn1.x86_64
    kernel-4.9.70-22.55.amzn1.x86_64
    perf-4.9.70-22.55.amzn1.x86_64
    kernel-tools-devel-4.9.70-22.55.amzn1.x86_64
    kernel-tools-debuginfo-4.9.70-22.55.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.9.70-22.55.amzn1.x86_64
    perf-debuginfo-4.9.70-22.55.amzn1.x86_64
    kernel-debuginfo-4.9.70-22.55.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2017-937.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.



###SIDEBAR###