Amazon Linux AMI update for kernel

Published: 2018-12-21

Risk	Low
Patch available	YES
Number of vulnerabilities	3
CVE-ID	CVE-2018-19407 CVE-2018-18710 CVE-2018-16862
CWE-ID	CWE-476 CWE-200 CWE-20
Exploitation vector	Local
Public exploit	Public exploit code for vulnerability #1 is available.
Vulnerable software	Amazon Linux AMI Operating systems & Components / Operating system
Vendor	Amazon Web Services

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Null pointer dereference

EUVDB-ID: #VU16022

Risk: Low

CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2018-19407

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the vcpu_scan_ioapic function, as defined in the arch/x86/kvm/x86.c source code file due to the failure of the I/O Advanced Programmable Interrupt Controller (I/O APIC) to initialize. A local attacker can access the system and execute an application that submits malicious system calls, trigger a NULL pointer dereference, which could result in a DoS condition.

Mitigation

Update the affected packages.

i686:
    perf-debuginfo-4.14.88-72.73.amzn1.i686
    kernel-devel-4.14.88-72.73.amzn1.i686
    kernel-tools-debuginfo-4.14.88-72.73.amzn1.i686
    kernel-4.14.88-72.73.amzn1.i686
    kernel-tools-4.14.88-72.73.amzn1.i686
    perf-4.14.88-72.73.amzn1.i686
    kernel-tools-devel-4.14.88-72.73.amzn1.i686
    kernel-debuginfo-4.14.88-72.73.amzn1.i686
    kernel-headers-4.14.88-72.73.amzn1.i686
    kernel-debuginfo-common-i686-4.14.88-72.73.amzn1.i686

src:
    kernel-4.14.88-72.73.amzn1.src

x86_64:
    kernel-tools-debuginfo-4.14.88-72.73.amzn1.x86_64
    kernel-devel-4.14.88-72.73.amzn1.x86_64
    kernel-tools-devel-4.14.88-72.73.amzn1.x86_64
    perf-debuginfo-4.14.88-72.73.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.14.88-72.73.amzn1.x86_64
    kernel-headers-4.14.88-72.73.amzn1.x86_64
    kernel-4.14.88-72.73.amzn1.x86_64
    perf-4.14.88-72.73.amzn1.x86_64
    kernel-debuginfo-4.14.88-72.73.amzn1.x86_64
    kernel-tools-4.14.88-72.73.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2018-1133.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Information disclosure

EUVDB-ID: #VU15670

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-18710

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists in the cdrom_ioctl_select_disc function, as defined in the drivers/cdrom/cdrom.c source code file due to boundary error when processing of user-supplied input. A local attacker can access the system, execute an application that submits malicious input to read arbitrary kernel memory on the system, which could be used to conduct additional attacks.

Mitigation

Update the affected packages.

i686:
    perf-debuginfo-4.14.88-72.73.amzn1.i686
    kernel-devel-4.14.88-72.73.amzn1.i686
    kernel-tools-debuginfo-4.14.88-72.73.amzn1.i686
    kernel-4.14.88-72.73.amzn1.i686
    kernel-tools-4.14.88-72.73.amzn1.i686
    perf-4.14.88-72.73.amzn1.i686
    kernel-tools-devel-4.14.88-72.73.amzn1.i686
    kernel-debuginfo-4.14.88-72.73.amzn1.i686
    kernel-headers-4.14.88-72.73.amzn1.i686
    kernel-debuginfo-common-i686-4.14.88-72.73.amzn1.i686

src:
    kernel-4.14.88-72.73.amzn1.src

x86_64:
    kernel-tools-debuginfo-4.14.88-72.73.amzn1.x86_64
    kernel-devel-4.14.88-72.73.amzn1.x86_64
    kernel-tools-devel-4.14.88-72.73.amzn1.x86_64
    perf-debuginfo-4.14.88-72.73.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.14.88-72.73.amzn1.x86_64
    kernel-headers-4.14.88-72.73.amzn1.x86_64
    kernel-4.14.88-72.73.amzn1.x86_64
    perf-4.14.88-72.73.amzn1.x86_64
    kernel-debuginfo-4.14.88-72.73.amzn1.x86_64
    kernel-tools-4.14.88-72.73.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2018-1133.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Security restrictions bypass

EUVDB-ID: #VU16060

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-16862

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local attacker to bypass security restrictions on the target system.

The vulnerability exists due to an error when the cleancache subsystem clears an inode after the final file truncation (removal). A local attacker can supply new file created with the same inode that may contain leftover pages from cleancache and bypass security restrictions to conduct further attacks.

Mitigation

Update the affected packages.

i686:
    perf-debuginfo-4.14.88-72.73.amzn1.i686
    kernel-devel-4.14.88-72.73.amzn1.i686
    kernel-tools-debuginfo-4.14.88-72.73.amzn1.i686
    kernel-4.14.88-72.73.amzn1.i686
    kernel-tools-4.14.88-72.73.amzn1.i686
    perf-4.14.88-72.73.amzn1.i686
    kernel-tools-devel-4.14.88-72.73.amzn1.i686
    kernel-debuginfo-4.14.88-72.73.amzn1.i686
    kernel-headers-4.14.88-72.73.amzn1.i686
    kernel-debuginfo-common-i686-4.14.88-72.73.amzn1.i686

src:
    kernel-4.14.88-72.73.amzn1.src

x86_64:
    kernel-tools-debuginfo-4.14.88-72.73.amzn1.x86_64
    kernel-devel-4.14.88-72.73.amzn1.x86_64
    kernel-tools-devel-4.14.88-72.73.amzn1.x86_64
    perf-debuginfo-4.14.88-72.73.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.14.88-72.73.amzn1.x86_64
    kernel-headers-4.14.88-72.73.amzn1.x86_64
    kernel-4.14.88-72.73.amzn1.x86_64
    perf-4.14.88-72.73.amzn1.x86_64
    kernel-debuginfo-4.14.88-72.73.amzn1.x86_64
    kernel-tools-4.14.88-72.73.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2018-1133.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.