Multiple vulnerabilities in Linux Kernel

Published: 2017-12-27 10:29:15 | Updated: 2018-08-03 10:47:10
Severity Low
Patch available YES
Number of vulnerabilities 4
CVE ID CVE-2017-17862
CVE-2017-17863
CVE-2017-17864
CVE-2017-18344
CVSSv3 5.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
7.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
4.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
2.9 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CWE ID CWE-20
CWE-190
CWE-401
CWE-125
Exploitation vector Local
Public exploit Not available
Vulnerable software Linux kernel
Vulnerable software versions Linux kernel 4.13.10
Linux kernel 4.13.9
Linux kernel 4.13.8
Show more
Vendor URL Linux Foundation

Security Advisory

1) Denial of service

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to kernel/bpf/verifier.c in the Linux kernel improperly explores unreachable code paths, even though it would still be processed by JIT compilers. A local attacker can run a specially crafted application, trigger an improper branch-pruning logic issue and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Update to version 4.14.8.

External links

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c131187db2d3fa2f8bf32fdf4e...

2) Privilege escalation

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to kernel/bpf/verifier.c in the Linux kernel does not check the relationship between pointer values and the BPF stack. A local attacker can run a specially crafted application to trigger integer overflow or invalid memory access and execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

External links

https://anonscm.debian.org/cgit/kernel/linux.git/tree/debian/patches/bugfix/all/bpf-reject-out-of-bo...

3) Memory leak

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to kernel/bpf/verifier.c in the Linux kernel mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type. A local attacker can trigger a memory leak and obtain potentially sensitive address information.

Remediation

Update to version 4.14.8.

External links

https://github.com/torvalds/linux/commit/179d1c5602997fef5a940c6ddcf31212cbfebd14#diff-3f169a344ebaf...

4) Out-of-bounds read

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists due to out-of-bounds memory read error in the 'sigevent->sigev_notify' field of show_timer() function in the timer subsystem. A local attacker can obtain potentially sensitive information from system memory.

Remediation

Update to version 4.14.8.

External links

https://github.com/torvalds/linux/commit/cef31d9af908243421258f1df35a4a644604efbe

Back to List