SB2015092403 - Multiple vulnerabilities in Linux Kernel
Published: September 24, 2015 Updated: May 23, 2018
Security Bulletin ID
SB2015092403
Severity
Low
Patch available
YES
Number of vulnerabilities
5
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Race condition (CVE-ID: CVE-2015-8767)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists in net/sctp/sm_sideeffect.c due to improper management of the relationship between a lock and a socket. A local attacker can submit a specially crafted sctp_accept call, trigger race condition and cause the service to crash.
2) NULL pointer dereference (CVE-ID: CVE-2015-8324)
The vulnerability allows a physical attacker to cause DoS condition on the target system.The weakness exists in the ext4 implementation due to improper track of the initialization of certain data structures. A physical attacker can submit a specially crafted USB device, related to the ext4_fill_super function, trigger NULL pointer dereference and cause the service to crash.
3) Path traversal (CVE-ID: CVE-2015-2925)
The vulnerability allows a local attacker to gain elevated privileges on the target system.The weakness exists in the prepend_path function in fs/dcache.c due to improper handling of rename actions inside a bind mount. A local attacker can bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack" and gain root privileges.
4) Privilege escalation (CVE-ID: CVE-2015-5157)
The vulnerability allows a local attacker to gain elevated privileges on the target system.The weakness exists in arch/x86/entry/entry_64.S on the x86_64 platform due to mishandling of IRET faults in processing NMIs that occurred during userspace execution. A local attacker can trigger NMI and bypass security restrictions.
5) Denial of service (CVE-ID: CVE-2015-8953)
The vulnerability allows a local user to perform DoS attack on the target system.The weakness is due to using of an incorrect cleanup code path by fs/overlayfs/copy_up.c.
Performing filesystem operations on a large file in a lower overlayfs layer, attackers can trigger DoS conditions.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=635682a14427d241bab7bbdeebb48a7d7b91638e
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=744692dc059845b2a30221...
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cde93be45a8a90d8c264c776fab63487b5038a65
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6
- https://bugzilla.redhat.com/show_bug.cgi?id=1367814