SB2017112131 - Ubuntu update for Linux kernel (AWS) 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017112131

SB2017112131 - Ubuntu update for Linux kernel (AWS)

Published: November 21, 2017

Security Bulletin ID SB2017112131
Severity
Low
Patch available
YES
Number of vulnerabilities 13
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 13 secuirty vulnerabilities.


1) Use-after-free (CVE-ID: CVE-2017-15265)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to use-after-free error in the ALSA sequencer interface (/dev/snd/seq). A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in system compromise.


2) Null pointer dereference (CVE-ID: CVE-2017-15299)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to the KEYS subsystem mishandles use of add_key for a key that already exists but is uninstantiated. A local attacker can supply specially crafted keys, trigger null pointer dereference and cause the service to crash.

Successful exploitation of the vulnerability results in denial of service.

3) Privilege escalation (CVE-ID: CVE-2017-15649)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists in net/packet/af_packet.c due to race condition (involving fanout_add and packet_do_bind. A local attacker can supply specially crafted system calls, trigger mishandling of packet_fanout data structures, trigger use-after-free error and gain root privileges.

4) Race condition (CVE-ID: CVE-2017-15951)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to the KEYS subsystem does not correctly synchronize the actions of updating versus finding a key in the "negative" state. A local attacker can make a specially crafted system calls, trigger race condition and cause the service to crash.

Successful exploitation of the vulnerability results in denial of service.

5) Use-after-free error (CVE-ID: CVE-2017-16525)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to use-after-free error in usb_serial_console_disconnect function in drivers/usb/serial/console.c. A local attacker can use a specially crafted USB device and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

6) Denial of service (CVE-ID: CVE-2017-16526)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to a flaw in drivers/uwb/uwbd.c. A local attacker can use a specially crafted USB device and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

7) Use-after-free error (CVE-ID: CVE-2017-16527)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to use-after-free error in sound/usb/mixer.c. A local attacker can use a specially crafted USB device and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

8) Out-of-bounds read (CVE-ID: CVE-2017-16529)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read in the snd_usb_create_streams function in sound/usb/card.c. A local attacker can use a specially crafted USB device and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

9) Out-of-bounds read (CVE-ID: CVE-2017-16530)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read in the drivers/usb/storage/uas-detect.h and drivers/usb/storage/uas.c. A local attacker can use a specially crafted USB device and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

10) Out-of-bounds read (CVE-ID: CVE-2017-16531)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read in the drivers/usb/core/config.c. A local attacker can use a specially crafted USB device and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

11) Out-of-bounds read (CVE-ID: CVE-2017-16533)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read in the usbhid_parse function in drivers/hid/usbhid/hid-core.c. A local attacker can use a specially crafted USB device and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

12) Out-of-bounds read (CVE-ID: CVE-2017-16534)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read in the cdc_parse_cdc_header function in drivers/usb/core/message.c. A local attacker can use a specially crafted USB device and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

13) Out-of-bounds read (CVE-ID: CVE-2017-16535)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read in the usb_get_bos_descriptor function in drivers/usb/core/config.c. A local attacker can use a specially crafted USB device and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Install update from vendor's website.

References