Ubuntu update for Linux kernel (HWE)



Published: 2018-02-22
Risk Low
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2017-17712
CVE-2017-15115
CVE-2017-8824
CVE-2017-5715
CWE-ID CWE-362
CWE-416
CWE-200
Exploitation vector Local
Public exploit Public exploit code for vulnerability #3 is available.
Public exploit code for vulnerability #4 is available.
Vulnerable software
Subscribe 		Ubuntu
Operating systems & Components / Operating system

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Race condition

EUVDB-ID: #VU9772

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-17712

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to a race condition in inet->hdrincl in the raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel. A local attacker can trigger uninitialized stack pointer usage and execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update the affected packages

Ubuntu 16.04 LTS:
linux-image-gke 4.13.0.1011.13
linux-image-4.13.0-36-generic 4.13.0-36.40~16.04.1
linux-image-4.13.0-1011-gcp 4.13.0-1011.15
linux-image-gcp 4.13.0.1011.13
linux-image-generic-hwe-16.04 4.13.0.36.55
linux-image-oem 4.13.0.1021.25
linux-image-lowlatency-hwe-16.04 4.13.0.36.55
linux-image-4.13.0-36-lowlatency 4.13.0-36.40~16.04.1
linux-image-4.13.0-1011-azure 4.13.0-1011.14
linux-image-4.13.0-36-generic-lpae 4.13.0-36.40~16.04.1
linux-image-azure 4.13.0.1011.12
linux-image-generic-lpae-hwe-16.04 4.13.0.36.55
linux-image-4.13.0-1021-oem 4.13.0-1021.23

Vulnerable software versions

Ubuntu: 16.04

External links

http://www.ubuntu.com/usn/usn-3581-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free error

EUVDB-ID: #VU9764

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-15115

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to the sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel does not check whether the intended netns is used in a peel-off action. A local attacker can make specially crafted system calls, trigger use-after-free error and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages

Ubuntu 16.04 LTS:
linux-image-gke 4.13.0.1011.13
linux-image-4.13.0-36-generic 4.13.0-36.40~16.04.1
linux-image-4.13.0-1011-gcp 4.13.0-1011.15
linux-image-gcp 4.13.0.1011.13
linux-image-generic-hwe-16.04 4.13.0.36.55
linux-image-oem 4.13.0.1021.25
linux-image-lowlatency-hwe-16.04 4.13.0.36.55
linux-image-4.13.0-36-lowlatency 4.13.0-36.40~16.04.1
linux-image-4.13.0-1011-azure 4.13.0-1011.14
linux-image-4.13.0-36-generic-lpae 4.13.0-36.40~16.04.1
linux-image-azure 4.13.0.1011.12
linux-image-generic-lpae-hwe-16.04 4.13.0.36.55
linux-image-4.13.0-1021-oem 4.13.0-1021.23

Vulnerable software versions

Ubuntu: 16.04

External links

http://www.ubuntu.com/usn/usn-3581-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free error

EUVDB-ID: #VU9767

Risk: Low

CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-8824

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a local attacker to gain elevated privileges or cause DoS condition on the target system.

The weakness exists due to an error in the dccp_disconnect function in net/dccp/proto.c in the Linux kernel. A local attacker can make specially crafted AF_UNSPEC connect system call during the DCCP_LISTEN state, trigger use-after-free error and gain root privileges or cause the system to crash.

Mitigation

Update the affected packages

Ubuntu 16.04 LTS:
linux-image-gke 4.13.0.1011.13
linux-image-4.13.0-36-generic 4.13.0-36.40~16.04.1
linux-image-4.13.0-1011-gcp 4.13.0-1011.15
linux-image-gcp 4.13.0.1011.13
linux-image-generic-hwe-16.04 4.13.0.36.55
linux-image-oem 4.13.0.1021.25
linux-image-lowlatency-hwe-16.04 4.13.0.36.55
linux-image-4.13.0-36-lowlatency 4.13.0-36.40~16.04.1
linux-image-4.13.0-1011-azure 4.13.0-1011.14
linux-image-4.13.0-36-generic-lpae 4.13.0-36.40~16.04.1
linux-image-azure 4.13.0.1011.12
linux-image-generic-lpae-hwe-16.04 4.13.0.36.55
linux-image-4.13.0-1021-oem 4.13.0-1021.23

Vulnerable software versions

Ubuntu: 16.04

External links

http://www.ubuntu.com/usn/usn-3581-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

4) Information disclosure

EUVDB-ID: #VU9883

Risk: Low

CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-5715

CWE-ID: CWE-200 - Information exposure

Exploit availability: Yes

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can utilize branch target injection, execute arbitrary code, perform a side-channel attack and read sensitive memory information.

Mitigation

Update the affected packages

Ubuntu 16.04 LTS:
linux-image-gke 4.13.0.1011.13
linux-image-4.13.0-36-generic 4.13.0-36.40~16.04.1
linux-image-4.13.0-1011-gcp 4.13.0-1011.15
linux-image-gcp 4.13.0.1011.13
linux-image-generic-hwe-16.04 4.13.0.36.55
linux-image-oem 4.13.0.1021.25
linux-image-lowlatency-hwe-16.04 4.13.0.36.55
linux-image-4.13.0-36-lowlatency 4.13.0-36.40~16.04.1
linux-image-4.13.0-1011-azure 4.13.0-1011.14
linux-image-4.13.0-36-generic-lpae 4.13.0-36.40~16.04.1
linux-image-azure 4.13.0.1011.12
linux-image-generic-lpae-hwe-16.04 4.13.0.36.55
linux-image-4.13.0-1021-oem 4.13.0-1021.23

Vulnerable software versions

Ubuntu: 16.04

External links

http://www.ubuntu.com/usn/usn-3581-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###