SB2018010508 - Arch Linux update for linux-lts

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018010508

SB2018010508 - Arch Linux update for linux-lts

Published: January 5, 2018

Security Bulletin ID SB2018010508
Severity
Low
Patch available
YES
Number of vulnerabilities 9
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 9 secuirty vulnerabilities.


1) Memory corruption (CVE-ID: CVE-2017-16995)

The vulnerability allows a local attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists in the check_alu_op function due to boundary error. A local attacker can trigger memory corruption, cause the service to crash or execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

2) Information disclosure (CVE-ID: CVE-2017-17449)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to the __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace. A local attacker can leverage the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system and read arbitrary files.

3) Out-of-bounds write (CVE-ID: CVE-2017-17558)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to the usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel does not consider the maximum number of configurations and interfaces before attempting to release resources. A local attacker can supply specially crafted USB device, trigger out-of-bounds write access and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

4) Race condition (CVE-ID: CVE-2017-17712)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to a race condition in inet->hdrincl in the raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel. A local attacker can trigger uninitialized stack pointer usage and execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

5) Improper input validation (CVE-ID: CVE-2017-17805)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to the Salsa20 encryption algorithm in the Linux kernel does not correctly handle zero-length inputs. A local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) can trigger uninitialized-memory free and cause the kernel to crash or execute a specially crafted sequence of system calls that use the blkcipher_walk API.

Successful exploitation of the vulnerability results in denial of service.

6) Stack-based buffer overflow (CVE-ID: CVE-2017-17806)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to the HMAC implementation (crypto/hmac.c) in the Linux kernel does not validate that the underlying cryptographic hash algorithm is unkeyed. A local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) can execute a specially crafted sequence of system calls that encounter a missing SHA-3 initialization, trigger kernel stack buffer overflow and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

7) Denial of service (CVE-ID: CVE-2017-17862)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to kernel/bpf/verifier.c in the Linux kernel improperly explores unreachable code paths, even though it would still be processed by JIT compilers. A local attacker can run a specially crafted application, trigger an improper branch-pruning logic issue and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

8) Privilege escalation (CVE-ID: CVE-2017-17863)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to kernel/bpf/verifier.c in the Linux kernel does not check the relationship between pointer values and the BPF stack. A local attacker can run a specially crafted application to trigger integer overflow or invalid memory access and execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

9) Memory leak (CVE-ID: CVE-2017-17864)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to kernel/bpf/verifier.c in the Linux kernel mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type. A local attacker can trigger a memory leak and obtain potentially sensitive address information.

Remediation

Install update from vendor's website.

References