Amazon Linux AMI update for kernel
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2018-5750 CVE-2017-17741 CVE-2017-5753 CVE-2018-5344 CVE-2018-1000028 CVE-2017-1000405 CVE-2016-5195 |
| CWE-ID | CWE-264 CWE-125 CWE-200 CWE-416 CWE-284 CWE-362 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #3 is being exploited in the wild. Public exploit code for vulnerability #6 is available. Vulnerability #7 is being exploited in the wild. |
| Vulnerable software |
Amazon Linux AMI Operating systems & Components / Operating system |
| Vendor | Amazon Web Services |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Privilege escalation
EUVDB-ID: #VU10362
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-5750
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to a flaw in the acpi_smbus_hc_add() function in 'drivers/acpi/sbshc.c'. A local attacker can submit a specially crafted SBS HC printk system call to obtain potentially sensitive address information and potentially bypass kernel address space layout randomization (KASLR) security protection.
MitigationUpdate the affected packages.
i686:Vulnerable software versions
kernel-tools-debuginfo-4.9.81-35.56.amzn1.i686
kernel-devel-4.9.81-35.56.amzn1.i686
kernel-headers-4.9.81-35.56.amzn1.i686
kernel-debuginfo-4.9.81-35.56.amzn1.i686
kernel-4.9.81-35.56.amzn1.i686
kernel-tools-4.9.81-35.56.amzn1.i686
kernel-debuginfo-common-i686-4.9.81-35.56.amzn1.i686
kernel-tools-devel-4.9.81-35.56.amzn1.i686
perf-4.9.81-35.56.amzn1.i686
perf-debuginfo-4.9.81-35.56.amzn1.i686
noarch:
kernel-doc-4.9.81-35.56.amzn1.noarch
src:
kernel-4.9.81-35.56.amzn1.src
x86_64:
kernel-4.9.81-35.56.amzn1.x86_64
kernel-tools-debuginfo-4.9.81-35.56.amzn1.x86_64
kernel-devel-4.9.81-35.56.amzn1.x86_64
kernel-tools-devel-4.9.81-35.56.amzn1.x86_64
kernel-debuginfo-common-x86_64-4.9.81-35.56.amzn1.x86_64
perf-4.9.81-35.56.amzn1.x86_64
kernel-headers-4.9.81-35.56.amzn1.x86_64
kernel-debuginfo-4.9.81-35.56.amzn1.x86_64
kernel-tools-4.9.81-35.56.amzn1.x86_64
perf-debuginfo-4.9.81-35.56.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2018-956.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU9773
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-17741
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to an error in the KVM implementation in the Linux kernel. A local attacker can trigger write_mmio stack-based out-of-bounds read or possibly have unspecified other impact, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
Update the affected packages.
i686:Vulnerable software versions
kernel-tools-debuginfo-4.9.81-35.56.amzn1.i686
kernel-devel-4.9.81-35.56.amzn1.i686
kernel-headers-4.9.81-35.56.amzn1.i686
kernel-debuginfo-4.9.81-35.56.amzn1.i686
kernel-4.9.81-35.56.amzn1.i686
kernel-tools-4.9.81-35.56.amzn1.i686
kernel-debuginfo-common-i686-4.9.81-35.56.amzn1.i686
kernel-tools-devel-4.9.81-35.56.amzn1.i686
perf-4.9.81-35.56.amzn1.i686
perf-debuginfo-4.9.81-35.56.amzn1.i686
noarch:
kernel-doc-4.9.81-35.56.amzn1.noarch
src:
kernel-4.9.81-35.56.amzn1.src
x86_64:
kernel-4.9.81-35.56.amzn1.x86_64
kernel-tools-debuginfo-4.9.81-35.56.amzn1.x86_64
kernel-devel-4.9.81-35.56.amzn1.x86_64
kernel-tools-devel-4.9.81-35.56.amzn1.x86_64
kernel-debuginfo-common-x86_64-4.9.81-35.56.amzn1.x86_64
perf-4.9.81-35.56.amzn1.x86_64
kernel-headers-4.9.81-35.56.amzn1.x86_64
kernel-debuginfo-4.9.81-35.56.amzn1.x86_64
kernel-tools-4.9.81-35.56.amzn1.x86_64
perf-debuginfo-4.9.81-35.56.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2018-956.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Information disclosure
EUVDB-ID: #VU9884
Risk: Low
CVSSv4.0: 6.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2017-5753
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can perform a bounds check bypass, execute arbitrary code, conduct a side-channel attack and read sensitive memory information.
MitigationUpdate the affected packages.
i686:Vulnerable software versions
kernel-tools-debuginfo-4.9.81-35.56.amzn1.i686
kernel-devel-4.9.81-35.56.amzn1.i686
kernel-headers-4.9.81-35.56.amzn1.i686
kernel-debuginfo-4.9.81-35.56.amzn1.i686
kernel-4.9.81-35.56.amzn1.i686
kernel-tools-4.9.81-35.56.amzn1.i686
kernel-debuginfo-common-i686-4.9.81-35.56.amzn1.i686
kernel-tools-devel-4.9.81-35.56.amzn1.i686
perf-4.9.81-35.56.amzn1.i686
perf-debuginfo-4.9.81-35.56.amzn1.i686
noarch:
kernel-doc-4.9.81-35.56.amzn1.noarch
src:
kernel-4.9.81-35.56.amzn1.src
x86_64:
kernel-4.9.81-35.56.amzn1.x86_64
kernel-tools-debuginfo-4.9.81-35.56.amzn1.x86_64
kernel-devel-4.9.81-35.56.amzn1.x86_64
kernel-tools-devel-4.9.81-35.56.amzn1.x86_64
kernel-debuginfo-common-x86_64-4.9.81-35.56.amzn1.x86_64
perf-4.9.81-35.56.amzn1.x86_64
kernel-headers-4.9.81-35.56.amzn1.x86_64
kernel-debuginfo-4.9.81-35.56.amzn1.x86_64
kernel-tools-4.9.81-35.56.amzn1.x86_64
perf-debuginfo-4.9.81-35.56.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2018-956.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
4) Use-after-free error
EUVDB-ID: #VU10725
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-5344
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause a DoS condition on the target system.
The weakness exists in the drivers/block/loop.c mishandles lo_release serialization due to use-after-free error. A local attacker can trigger memory corruption and cause the service to crash or execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Update the affected packages.
i686:Vulnerable software versions
kernel-tools-debuginfo-4.9.81-35.56.amzn1.i686
kernel-devel-4.9.81-35.56.amzn1.i686
kernel-headers-4.9.81-35.56.amzn1.i686
kernel-debuginfo-4.9.81-35.56.amzn1.i686
kernel-4.9.81-35.56.amzn1.i686
kernel-tools-4.9.81-35.56.amzn1.i686
kernel-debuginfo-common-i686-4.9.81-35.56.amzn1.i686
kernel-tools-devel-4.9.81-35.56.amzn1.i686
perf-4.9.81-35.56.amzn1.i686
perf-debuginfo-4.9.81-35.56.amzn1.i686
noarch:
kernel-doc-4.9.81-35.56.amzn1.noarch
src:
kernel-4.9.81-35.56.amzn1.src
x86_64:
kernel-4.9.81-35.56.amzn1.x86_64
kernel-tools-debuginfo-4.9.81-35.56.amzn1.x86_64
kernel-devel-4.9.81-35.56.amzn1.x86_64
kernel-tools-devel-4.9.81-35.56.amzn1.x86_64
kernel-debuginfo-common-x86_64-4.9.81-35.56.amzn1.x86_64
perf-4.9.81-35.56.amzn1.x86_64
kernel-headers-4.9.81-35.56.amzn1.x86_64
kernel-debuginfo-4.9.81-35.56.amzn1.x86_64
kernel-tools-4.9.81-35.56.amzn1.x86_64
perf-debuginfo-4.9.81-35.56.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2018-956.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Information disclosure
EUVDB-ID: #VU10917
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-1000028
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists in the Network File System (NFS) server used by the Linux Kernel due to improper access control protections for the NFS server. A remote attacker can view or modify sensitive information from a targeted system via the NFS service and conduct further attacks.
Update the affected packages.
i686:Vulnerable software versions
kernel-tools-debuginfo-4.9.81-35.56.amzn1.i686
kernel-devel-4.9.81-35.56.amzn1.i686
kernel-headers-4.9.81-35.56.amzn1.i686
kernel-debuginfo-4.9.81-35.56.amzn1.i686
kernel-4.9.81-35.56.amzn1.i686
kernel-tools-4.9.81-35.56.amzn1.i686
kernel-debuginfo-common-i686-4.9.81-35.56.amzn1.i686
kernel-tools-devel-4.9.81-35.56.amzn1.i686
perf-4.9.81-35.56.amzn1.i686
perf-debuginfo-4.9.81-35.56.amzn1.i686
noarch:
kernel-doc-4.9.81-35.56.amzn1.noarch
src:
kernel-4.9.81-35.56.amzn1.src
x86_64:
kernel-4.9.81-35.56.amzn1.x86_64
kernel-tools-debuginfo-4.9.81-35.56.amzn1.x86_64
kernel-devel-4.9.81-35.56.amzn1.x86_64
kernel-tools-devel-4.9.81-35.56.amzn1.x86_64
kernel-debuginfo-common-x86_64-4.9.81-35.56.amzn1.x86_64
perf-4.9.81-35.56.amzn1.x86_64
kernel-headers-4.9.81-35.56.amzn1.x86_64
kernel-debuginfo-4.9.81-35.56.amzn1.x86_64
kernel-tools-4.9.81-35.56.amzn1.x86_64
perf-debuginfo-4.9.81-35.56.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2018-956.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Race condition
EUVDB-ID: #VU9520
Risk: Low
CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2017-1000405
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within touch_pmd() function in mmhugemem.c file when handling THPs. A local user can read read-only huge pages using the get_user_pages() function and overwrite arbitrary huge pages and files mapped via THP.
Successful exploitation of the vulnerability may allow an attacker to perform a denial of service (DoS) attack.
This vulnerability is a result of patch against a another privilege escalation vulnerability in Linux kernel known as Dirty Cow (CVE-2016-5195).
Update the affected packages.
i686:Vulnerable software versions
kernel-tools-debuginfo-4.9.81-35.56.amzn1.i686
kernel-devel-4.9.81-35.56.amzn1.i686
kernel-headers-4.9.81-35.56.amzn1.i686
kernel-debuginfo-4.9.81-35.56.amzn1.i686
kernel-4.9.81-35.56.amzn1.i686
kernel-tools-4.9.81-35.56.amzn1.i686
kernel-debuginfo-common-i686-4.9.81-35.56.amzn1.i686
kernel-tools-devel-4.9.81-35.56.amzn1.i686
perf-4.9.81-35.56.amzn1.i686
perf-debuginfo-4.9.81-35.56.amzn1.i686
noarch:
kernel-doc-4.9.81-35.56.amzn1.noarch
src:
kernel-4.9.81-35.56.amzn1.src
x86_64:
kernel-4.9.81-35.56.amzn1.x86_64
kernel-tools-debuginfo-4.9.81-35.56.amzn1.x86_64
kernel-devel-4.9.81-35.56.amzn1.x86_64
kernel-tools-devel-4.9.81-35.56.amzn1.x86_64
kernel-debuginfo-common-x86_64-4.9.81-35.56.amzn1.x86_64
perf-4.9.81-35.56.amzn1.x86_64
kernel-headers-4.9.81-35.56.amzn1.x86_64
kernel-debuginfo-4.9.81-35.56.amzn1.x86_64
kernel-tools-4.9.81-35.56.amzn1.x86_64
perf-debuginfo-4.9.81-35.56.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2018-956.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
7) Privilege escalation
EUVDB-ID: #VU1039
Risk: Medium
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Green]
CVE-ID: CVE-2016-5195
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to obtain elevated privileges on the target system.
The weakness is due to race condition in the kernel memory subsystem in the management of copy-on-write operations on read-only memory mappings that lets attackers to overwrite kernel memory and gain kernel-level privileges.
Successful exploitation of the vulnerability results in gaining of root privileges on the vulnerable system.
Note: the vulnerability was being actively exploited.
Update the affected packages.
i686:Vulnerable software versions
kernel-tools-debuginfo-4.9.81-35.56.amzn1.i686
kernel-devel-4.9.81-35.56.amzn1.i686
kernel-headers-4.9.81-35.56.amzn1.i686
kernel-debuginfo-4.9.81-35.56.amzn1.i686
kernel-4.9.81-35.56.amzn1.i686
kernel-tools-4.9.81-35.56.amzn1.i686
kernel-debuginfo-common-i686-4.9.81-35.56.amzn1.i686
kernel-tools-devel-4.9.81-35.56.amzn1.i686
perf-4.9.81-35.56.amzn1.i686
perf-debuginfo-4.9.81-35.56.amzn1.i686
noarch:
kernel-doc-4.9.81-35.56.amzn1.noarch
src:
kernel-4.9.81-35.56.amzn1.src
x86_64:
kernel-4.9.81-35.56.amzn1.x86_64
kernel-tools-debuginfo-4.9.81-35.56.amzn1.x86_64
kernel-devel-4.9.81-35.56.amzn1.x86_64
kernel-tools-devel-4.9.81-35.56.amzn1.x86_64
kernel-debuginfo-common-x86_64-4.9.81-35.56.amzn1.x86_64
perf-4.9.81-35.56.amzn1.x86_64
kernel-headers-4.9.81-35.56.amzn1.x86_64
kernel-debuginfo-4.9.81-35.56.amzn1.x86_64
kernel-tools-4.9.81-35.56.amzn1.x86_64
perf-debuginfo-4.9.81-35.56.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2018-956.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
