SB2017122104 - Amazon Linux AMI update for kernel 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017122104

SB2017122104 - Amazon Linux AMI update for kernel

Published: December 21, 2017 Updated: December 15, 2022

Security Bulletin ID SB2017122104
Severity
Low
Patch available
YES
Number of vulnerabilities 11
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Medium 9% Low 91%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 11 secuirty vulnerabilities.


1) Resource management error (CVE-ID: CVE-2017-1000407)

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to the possibility of flooding the diagnostic port 0x80. A local user can trigger an exception and cause a kernel panic.

2) Race condition (CVE-ID: CVE-2017-1000405)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within touch_pmd() function in mmhugemem.c file when handling THPs. A local user can read read-only huge pages using the get_user_pages() function and overwrite arbitrary huge pages and files mapped via THP.

Successful exploitation of the vulnerability may allow an attacker to perform a denial of service (DoS) attack.

This vulnerability is a result of patch against a another privilege escalation vulnerability in Linux kernel known as Dirty Cow (CVE-2016-5195).


3) Null pointer dereference (CVE-ID: CVE-2017-16647)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an error in drivers/net/usb/asix_devices.c in the Linux kernel. A local attacker can supply a specially crafted USB device, trigger null pointer dereference and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

4) Denial of service (CVE-ID: CVE-2017-16646)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an error in drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel. A local attacker can supply a specially crafted USB device, trigger a BUG and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

5) Out-of-bounds read (CVE-ID: CVE-2017-16645)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an error in the ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel. A local attacker can supply a specially crafted USB device, trigger ims_pcu_parse_cdc_data out-of-bounds read and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

6) Out-of-bounds read (CVE-ID: CVE-2017-16643)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read in the parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel. A local attacker can use a specially crafted USB device and cause the service to crash.

Successful exploitation of the vulnerability results in denial of service.

7) Information disclosure (CVE-ID: CVE-2017-16994)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to the walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel mishandles holes in hugetlb ranges. A local attacker can make specially crafted mincore() system call and obtain sensitive information from uninitialized kernel memory.

8) Divide by zero (CVE-ID: CVE-2017-16650)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an error in the qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel. A local attacker can supply a specially crafted USB device, trigger divide-by-zero error and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

9) Divide by zero (CVE-ID: CVE-2017-16649)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an error in the qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel. A local attacker can supply a specially crafted USB device, trigger divide-by-zero error and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

10) Use-after-free error (CVE-ID: CVE-2017-15115)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to the sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel does not check whether the intended netns is used in a peel-off action. A local attacker can make specially crafted system calls, trigger use-after-free error and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

11) Privilege escalation (CVE-ID: CVE-2016-5195)

The vulnerability allows a  local user to obtain elevated privileges on the target system.
The weakness is due to race condition in the kernel memory subsystem in the management of copy-on-write operations on read-only memory mappings that lets attackers to overwrite kernel memory and gain kernel-level privileges.
Successful exploitation of the vulnerability results in gaining of root privileges on the vulnerable system.

Note: the vulnerability was being actively exploited.

Remediation

Install update from vendor's website.

References