Cloud Foundry Logo
blog single gear
Security Advisory

USN-3169-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3169-2: Linux kernel (Xenial HWE) vulnerabilities

Severity

Medium

Vendor

Ubuntu

Versions Affected

  • Ubuntu 14.04 LTS

Description


Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment (CS) in certain error cases. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2016-9756)

Andrey Konovalov discovered that signed integer overflows existed in the setsockopt() system call when handling the SO_SNDBUFFORCE andSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service (system crash or memory corruption). (CVE-2016-9793)

Baozeng Ding discovered a race condition that could lead to a use-after-free in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to cause a denial of service(system crash). (CVE-2016-9794)

 

Affected Products and Versions

Severity is medium unless otherwise noted.

Cloud Foundry BOSH stemcells are vulnerable, including:

    • 3151.x versions prior to 3151.7
    • 3233.x versions prior to 3233.10
    • 3263.x versions prior to 3263.15
    • 3312.x versions prior to 3312.17

Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

  • The Cloud Foundry team recommends upgrading to the following BOSH stemcells:
    • Upgrade all lower versions of 3151.x to version 3151.7
    • Upgrade all lower versions of 3233.x to version 3233.10
    • Upgrade all lower versions of 3263.x to version 3263.15
    • Upgrade all lower versions of 3312.x to version 3312.17

Credit

Dmitry Vyukov, Andrey Konovalov, Baozeng Ding

References

History

2017-01-11: Initial vulnerability report published

 

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES