SB2017122701 - Multiple vulnerabilities in Linux Kernel
Published: December 27, 2017 Updated: August 3, 2018
Security Bulletin ID
SB2017122701
Severity
Low
Patch available
YES
Number of vulnerabilities
4
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Denial of service (CVE-ID: CVE-2017-17862)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to kernel/bpf/verifier.c in the Linux kernel improperly explores unreachable code paths, even though it would still be processed by JIT compilers. A local attacker can run a specially crafted application, trigger an improper branch-pruning logic issue and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
2) Privilege escalation (CVE-ID: CVE-2017-17863)
The vulnerability allows a local attacker to gain elevated privileges on the target system.The weakness exists due to kernel/bpf/verifier.c in the Linux kernel does not check the relationship between pointer values and the BPF stack. A local attacker can run a specially crafted application to trigger integer overflow or invalid memory access and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
3) Memory leak (CVE-ID: CVE-2017-17864)
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.The weakness exists due to kernel/bpf/verifier.c in the Linux kernel mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type. A local attacker can trigger a memory leak and obtain potentially sensitive address information.
4) Out-of-bounds read (CVE-ID: CVE-2017-18344)
The vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists due to out-of-bounds memory read error in the 'sigevent->sigev_notify' field of show_timer() function in the timer subsystem. A local attacker can obtain potentially sensitive information from system memory.
Remediation
Install update from vendor's website.
References
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c131187db2d3fa2f8bf32fdf4e...
- https://anonscm.debian.org/cgit/kernel/linux.git/tree/debian/patches/bugfix/all/bpf-reject-out-of-bo...
- https://github.com/torvalds/linux/commit/179d1c5602997fef5a940c6ddcf31212cbfebd14#diff-3f169a344ebaf...
- https://github.com/torvalds/linux/commit/cef31d9af908243421258f1df35a4a644604efbe