SB2018050203 - Debian update for linux

Security Bulletin ID SB2018050203

Severity

Medium

Patch available

YES

Number of vulnerabilities 27

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 27 secuirty vulnerabilities.

1) Information disclosure (CVE-ID: CVE-2017-5715)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can utilize branch target injection, execute arbitrary code, perform a side-channel attack and read sensitive memory information.

2) Information disclosure (CVE-ID: CVE-2017-5753)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can perform a bounds check bypass, execute arbitrary code, conduct a side-channel attack and read sensitive memory information.

3) Use-after-free error (CVE-ID: CVE-2017-17975)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c due to use-after-free error. A local attacker can trigger failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure.

4) Memory corruption (CVE-ID: CVE-2017-18193)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the fs/f2fs/extent_cache.c source code due to improper handling of extent trees. A local attacker can use an application with multiple threads, trigger memory corruption and cause the service to crash.

5) NULL pointer dereference (CVE-ID: CVE-2017-18216)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to the affected software does not use the subsystem.su_mutex component while accessing an item->ci_parent. A local attacker can trigger NULL pointer dereference in in the fs/ocfs2/cluster/nodemanager.c source code file cause the service to crash.

6) Use after free (CVE-ID: CVE-2017-18218)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the drivers/net/ethernet/hisilicon/hns/hns_enet.c source code due to use-after-free. A local attacker can trigger memory corruption and cause the service to crash.

7) Buffer overflow (CVE-ID: CVE-2017-18222)

The vulnerability allows a local attacker to cause DoS condition no the target system.

The weakness exists due to buffer overflow. A local attacker can trigger memory corruption and cause the system to crash.

8) Race condition (CVE-ID: CVE-2017-18224)

The vulnerability allow a local attacker to cause DoS condition on the target system.

The weakness exists in the fs/ocfs2/aops.c source code due to race condition. A local attacker can trigger memory corruption and cause the service to crash.

9) NULL pointer dereference (CVE-ID: CVE-2017-18241)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the fs/f2fs/segment.c source code file due to the use of the noflush_merge option, which could trigger a NULL value for a flush_cmd_control data structure. A local attacker can trigger NULL pointer dereference and kernel panic and cause the service to crash.

10) Improper input validation (CVE-ID: CVE-2017-18257)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in get_data_block function of the fs/f2fs/data.c library due to improper validation of user-supplied input. A local attacker can run a specially crafted program, designed to send malicious requests to the Linux Kernel and cause the system to stop responding.

11) Null pointer dereference (CVE-ID: CVE-2018-1065)

The vulnerability allows a local attacker to cause DoS condition no the target system.

The weakness exists due to NULL pointer dereference. A local attacker with the capability to insert iptables/netfilter rules can leverage the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in net/ipv6/netfilter/ip6_tables.c, trigger a jump to an invalid chain and cause the system to crash.

12) NULL pointer dereference (CVE-ID: CVE-2018-1066)

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() function due to NULL pointer dereference. A remote attacker can cause the service to crash.

13) Privilege escalation (CVE-ID: CVE-2018-1068)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to an error in the implementation of 32 bit syscall interface. A local attacker can gain root privileges.

14) NULL pointer dereference (CVE-ID: CVE-2018-1092)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to improper processing of a customized ext4 image when using the ext4_iget function, as defined in the fs/ext4/inode.c source code file. A local attacker can mount a customized ext4 image, trigger NULL pointer dereference and an Out-of-Process Space (OOPS) kernel memory error and cause the service to crash.

15) Out-of-bounds read (CVE-ID: CVE-2018-1093)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to improper validation of bitmap block numbers by the balloc.c and ialloc.c source codes. A local attacker can mount a customized ext4 image, trigger out-of-bounds read in the ext4/balloc.c:ext4_valid_block_bitmap() function ans cause the service to crash.

16) Improper initialization (CVE-ID: CVE-2018-1108)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the crng_ready() function due to improper initialization. A remote attacker can cause the service to crash.

17) Memory corruption (CVE-ID: CVE-2018-5803)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the _sctp_make_chunk() function due to boundary error. A local attacker can submit a crafted SCTP packet, trigger memory corruption and cause the service to crash.

18) Double-free error (CVE-ID: CVE-2018-7480)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the block/blk-cgroup.c source code in the blkcg_init_queue function due to double free. A remote attacker can trigger memory corruption and cause the service to crash.

19) Memory corruption (CVE-ID: CVE-2018-7566)

The vulnerability allows a local attacker to write arbitrary files on the target system.

The weakness exists due to out-of-bounds write while ALSA sequencer core initializes the event pool on demand by invoking snd_seq_pool_init() when the first write happens and the pool is empty. A local attacker can trigger buffer overflow and use after free and reset the pool size manually via ioctl concurrently and write arbitrary files.

20) Memory corruption (CVE-ID: CVE-2018-7740)

The vulnerability allows a local attacker to cause DoS condition no the target system.

The weakness exists in the resv_map_release function due to boundary error when handling user-supplied input. A local attacker can execute an application that submits malicious input, trigger memory corruption and cause the system to crash.

21) Memory leak (CVE-ID: CVE-2018-7757)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the drivers/scsi/libsas/sas_expander.c source code in the sas_smp_get_phy_events function due to memory leak. A local attacker can trigger memory corruption and cause the system to crash.

22) Race condition (CVE-ID: CVE-2018-7995)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the arch/x86/kernel/cpu/mcheck/mce.c source code due to race condition. A local attacker can trigger memory corruption and cause the service to crash.

23) Memory corruption (CVE-ID: CVE-2018-8087)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the hwsim_new_radio_nl function due to memory leak. A local attacker can trigger memory corruption and cause the service the crash.

24) Integer overflow (CVE-ID: CVE-2018-8781)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists in the udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c due to integer overflow. A local attacker can gain full read and write permissions on kernel physical pages and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

25) Privilege escalation (CVE-ID: CVE-2018-8822)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists in the ncp_read_kernel function due to incorrect buffer length handling. A local attacker can submit specially crafted data from a malicious NCPFS server, trigger memory corruption and execute arbitrary code with root privileges.

26) NULL pointer dereference (CVE-ID: CVE-2018-10323)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the xfs_bmap_extents_to_btree function in the fs/xfs/libxfs/xfs_bmap.c source code file due to NULL pointer dereference when handling Extended File System (XFS) images. A local attacker can mount a specially crafted XFS filesystem image when filesystem operations are executed on the mounted image and cause the service to crash.

27) Error handling (CVE-ID: CVE-2018-1000199)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the modify_user_hw_breakpoint() function due to error handling flaw. A local attacker can cause the service to crash.

Remediation

Install update from vendor's website.

SB2018050203 - Debian update for linux

Breakdown by Severity

Description

Remediation

References