SB2018022015 - Amazon Linux AMI update for kernel

Description

This security bulletin contains information about 7 secuirty vulnerabilities.

1) Privilege escalation (CVE-ID: CVE-2018-5750)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to a flaw in the acpi_smbus_hc_add() function in 'drivers/acpi/sbshc.c'. A local attacker can submit a specially crafted SBS HC printk system call to obtain potentially sensitive address information and potentially bypass kernel address space layout randomization (KASLR) security protection.

2) Out-of-bounds read (CVE-ID: CVE-2017-17741)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an error in the KVM implementation in the Linux kernel. A local attacker can trigger write_mmio stack-based out-of-bounds read or possibly have unspecified other impact, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

3) Information disclosure (CVE-ID: CVE-2017-5753)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can perform a bounds check bypass, execute arbitrary code, conduct a side-channel attack and read sensitive memory information.

4) Use-after-free error (CVE-ID: CVE-2018-5344)

The vulnerability allows a local attacker to cause a DoS condition on the target system.

The weakness exists in the drivers/block/loop.c mishandles lo_release serialization due to use-after-free error. A local attacker can trigger memory corruption and cause the service to crash or execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

5) Information disclosure (CVE-ID: CVE-2018-1000028)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists in the Network File System (NFS) server used by the Linux Kernel due to improper access control protections for the NFS server. A remote attacker can view or modify sensitive information from a targeted system via the NFS service and conduct further attacks.

6) Race condition (CVE-ID: CVE-2017-1000405)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within touch_pmd() function in mmhugemem.c file when handling THPs. A local user can read read-only huge pages using the get_user_pages() function and overwrite arbitrary huge pages and files mapped via THP.

Successful exploitation of the vulnerability may allow an attacker to perform a denial of service (DoS) attack.

This vulnerability is a result of patch against a another privilege escalation vulnerability in Linux kernel known as Dirty Cow (CVE-2016-5195).

7) Privilege escalation (CVE-ID: CVE-2016-5195)

The vulnerability allows a  local user to obtain elevated privileges on the target system.
The weakness is due to race condition in the kernel memory subsystem in the management of copy-on-write operations on read-only memory mappings that lets attackers to overwrite kernel memory and gain kernel-level privileges.
Successful exploitation of the vulnerability results in gaining of root privileges on the vulnerable system.

Note: the vulnerability was being actively exploited.

Remediation

Install update from vendor's website.

References

• https://alas.aws.amazon.com/ALAS-2018-956.html