Severity

Medium

Vendor

Canonical Ubuntu

Versions Affected

Canonical Ubuntu 14.04 LTS

Description

A missing permission check when settings ACLs was discovered in nfsd. A local user could exploit this flaw to gain access to any file by setting an ACL. (CVE-2016-1237)

It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-4470)

Sasha Levin discovered that a use-after-free existed in the percpu allocator in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-4794)

Kangjie Lu discovered an information leak in the netlink implementation of the Linux kernel. A local attacker could use this to obtain sensitive information from kernel memory. (CVE-2016-5243)

Jan Stancek discovered that the Linux kernel’s memory manager did not properly handle moving pages mapped by the asynchronous I/O (AIO) ring buffer to the other nodes. A local attacker could use this to cause a denial of service (system crash).

Affected Products and Versions

Severity is medium unless otherwise noted.

• Cloud Foundry BOSH stemcells 3146.x versions prior to 3146.19 AND 3232.x versions prior to 3232.16 AND other versions prior to 3262.8 are vulnerable

Mitigation

Users of affected versions should apply the following mitigation:

• The Cloud Foundry team has released patched BOSH stemcells 3146.19 and 3232.16 with an upgraded Linux kernel that resolves the aforementioned issues. We recommend that Operators upgrade BOSH stemcell 3146.x versions to 3146.19 OR 3232.x versions to 3232.16

Credit

Sasha Levin, Kangjie Lu, and Jan Stancek

References

• http://www.ubuntu.com/usn/USN-3053-1/
• http://www.ubuntu.com/usn/usn-3037-1/
• http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1237.html
• http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4470.html
• http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4794.html
• http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5243.html
• http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3070.html