Cloud Foundry Logo
blog single gear
Security Advisory

USN-3146-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3146-2: Linux kernel (Xenial HWE) vulnerabilities<br />

Severity

Medium

Vendor

Canonical Ubuntu

Versions Affected

  • Canonical Ubuntu 14.04 LTS

Description

It was discovered that the __get_user_asm_ex implementation in the Linux kernel for x86/x86_64 contained extended asm statements that were incompatible with the exception table. A local attacker could use this to gain administrative privileges. (CVE-2016-9644)

Andreas Gruenbacher and Jan Kara discovered that the filesystem implementation in the Linux kernel did not clear the setgid bit during a setxattr call. A local attacker could use this to possibly elevate group privileges. (CVE-2016-7097)

Marco Grassi discovered that the driver for Areca RAID Controllers in the Linux kernel did not properly validate control messages. A local attacker could use this to cause a denial of service (system crash) or possibly gain privileges. (CVE-2016-7425)

Daxing Guo discovered a stack-based buffer overflow in the Broadcom IEEE802.11n FullMAC driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain privileges. (CVE-2016-8658)

Affected Cloud Foundry Products and Versions

Severity is medium unless otherwise noted.

Cloud Foundry BOSH stemcells are vulnerable, including:

  • All versions prior to 3151.5
  • 3233.x versions prior to 3233.6
  • 3263.x versions prior to 3263.12
  • 3312.x versions prior to 3312.6
  • All other unmaintained versions are potentially vulnerable.

Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:
The Cloud Foundry project recommends upgrading to the following BOSH stemcells:

  • Upgrade all older versions to 3151.5 or later
  • Upgrade 3233.x versions to 3233.6 or later
  • Upgrade 3263.x versions to 3263.12 or later
  • Upgrade 3312.x versions to 3312.6 or later
  • Upgrade all other unmaintained versions to the most recent version of a maintained version line.

Credit

Marco Grassi, Andreas Gruenbacher, Daxing Guo, and Jan Kara

References

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES