Amazon Linux AMI update for kernel



Published: 2019-11-23
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2018-12207
CWE-ID CWE-119
Exploitation vector Local network
Public exploit N/A
Vulnerable software
Subscribe
Amazon Linux AMI
Operating systems & Components / Operating system

Vendor Amazon Web Services

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Buffer overflow

EUVDB-ID: #VU22712

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-12207

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a local user to perform denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the mechanism responsible for error handling on some Intel platforms. A local user of a guest operating system can use a specially crafted application to trigger memory corruption and cause the host system to stop responding.

Successful exploitation of this vulnerability may result in a denial of service (DoS) attack.

Below is the list of processor families that are affected by this vulnerability:

Client:

  • Intel Core i3 Processors
  • Intel Core i5 Processors
  • Intel Core i7 Processors
  • Intel Core m Processor Family
  • 2nd generation Intel Core Processors
  • 3rd generation Intel Core Processors
  • 4th generation Intel Core Processors
  • 5th generation Intel Core Processors
  • 6th generation Intel Core Processors
  • 7th generation Intel Core Processors
  • 8th generation Intel Core Processors
  • Intel Core X-series Processor Family
  • Intel Pentium Gold Processor Series
  • Intel Celeron Processor G Series

Server:

  • 2nd Generation Intel Xeon Scalable Processors
  • Intel Xeon Scalable Processors
  • Intel Xeon Processor E7 v4 Family
  • Intel Xeon Processor E7 v3 Family
  • Intel Xeon Processor E7 v2 Family
  • Intel Xeon Processor E7 Family
  • Intel Xeon Processor E5 v4 Family
  • Intel Xeon Processor E5 v3 Family
  • Intel Xeon Processor E5 v2 Family
  • Intel Xeon Processor E5 Family
  • Intel Xeon Processor E3 v6 Family
  • Intel Xeon Processor E3 v5 Family
  • Intel Xeon Processor E3 v4 Family
  • Intel Xeon Processor E3 v3 Family
  • Intel Xeon Processor E3 v2 Family
  • Intel Xeon Processor E3 Family
  • Intel Xeon E Processor
  • Intel Xeon D Processor
  • Intel Xeon W Processor
  • Legacy Intel Xeon Processor

Mitigation

Update the affected packages:

i686:
    kernel-tools-debuginfo-4.14.154-99.181.amzn1.i686
    kernel-tools-devel-4.14.154-99.181.amzn1.i686
    perf-debuginfo-4.14.154-99.181.amzn1.i686
    kernel-tools-4.14.154-99.181.amzn1.i686
    perf-4.14.154-99.181.amzn1.i686
    kernel-devel-4.14.154-99.181.amzn1.i686
    kernel-debuginfo-common-i686-4.14.154-99.181.amzn1.i686
    kernel-debuginfo-4.14.154-99.181.amzn1.i686
    kernel-4.14.154-99.181.amzn1.i686
    kernel-headers-4.14.154-99.181.amzn1.i686

src:
    kernel-4.14.154-99.181.amzn1.src

x86_64:
    kernel-4.14.154-99.181.amzn1.x86_64
    kernel-tools-debuginfo-4.14.154-99.181.amzn1.x86_64
    kernel-debuginfo-4.14.154-99.181.amzn1.x86_64
    kernel-tools-4.14.154-99.181.amzn1.x86_64
    kernel-tools-devel-4.14.154-99.181.amzn1.x86_64
    perf-4.14.154-99.181.amzn1.x86_64
    kernel-devel-4.14.154-99.181.amzn1.x86_64
    kernel-headers-4.14.154-99.181.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.14.154-99.181.amzn1.x86_64
    perf-debuginfo-4.14.154-99.181.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions


CPE2.3 External links

http://alas.aws.amazon.com/ALAS-2019-1322.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###