Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM

Security Bulletin

Summary

PowerKVM is affected by vulnerabilities in the Linux Kernel. IBM has now addressed these vulnerabilities.

Vulnerability Details

CVEID: CVE-2017-11600
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by out-of-bound access in thenet/xfrm/xfrm_policy.c. By using XFRM_MSG_MIGRATE xfrm Netlink message, a local attacker could exploit this vulnerability to cause a kernel panic.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/129316 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVEID: CVE-2017-1000364
DESCRIPTION: Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a a stack memory allocation flaw that allows the stack guard page to be "jumped" or bypassed. An attacker could exploit this vulnerability to execute arbitrary code with elevated privileges.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/127503 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-7895
DESCRIPTION: Linux Kernel could allow a remote attacker to bypass security restrictions, caused by improper validation at the end of buffer in NFSv2 and NFSv3 server implementations in fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to trigger pointer-arithmetic errors or other unspecified impact on the system.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/125803 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID: CVE-2017-7645
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw in the NFSv2/NFSv3 server in the nfsd subsystem. By using a long RPC reply, a remote attacker could exploit this vulnerability to cause the system to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/125910 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-7308
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by the failure to properly validate certain block-size data by the packet_set_ring function. By using specially crafted system calls, a local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/123998 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-6214
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error in the tcp_splice_read() function. By sending a specially crafted TCP packet, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop and consume an overly large amount of CPU resources.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/122320 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-5986
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c. By using a specially-crafted multithreaded application, a local attacker could exploit this vulnerability to cause an assertion failure and kernel panic.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/122172 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-2636
DESCRIPTION: Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the n_hdlc Linux kernel driver (drivers/tty/n_hdlc.c). By using a specially-crafted application, an attacker could exploit this vulnerability to gain privileges on the system.
CVSS Base Score: 7.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/122898 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-2618
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an off-by-one in the selinux_setprocattr when clearing SELinux attributes on /proc/pid/attr files. A local attacker could exploit this vulnerability using an empty (null) write to cause the system to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/132346 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-2583
DESCRIPTION: Linux Kernel, built with the Kernel-based Virtual Machine (CONFIG_KVM) support, could allow a remote attacker from within the local network to gain elevated privileges on the system, caused by an incorrect segment selector(SS) value error when loading values into the SS register in long mode. An attacker could exploit this vulnerability to gain elevated privileges on the system or cause the guest to crash.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/121310 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-10208
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by the failure to properly validate meta block groups by the ext4_fill_super function. A local attacker could exploit this vulnerability using a specially crafted EXT4 image to corrupt memory triggering an out-of-bounds read and cause the system to crash.
CVSS Base Score: 4.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/123370 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-9793
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw in the sock_setsockopt function in net/core/sock.c. By using a specially-crafted setsockopt system call, a local attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 7.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120231 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-8650
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by the failure to ensure that memory is allocated for limb data by mpi_powm function. A local attacker could exploit this vulnerability using an add_key system call for an RSA key with a zero exponent to cause the system to panic.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/119408 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-8646
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error in the hash_accept function in crypto/algif_hash.c. By attempting to trigger use of in-kernel hash algorithms for a socket, a local attacker could exploit this vulnerability to cause a kernel OOPS.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/119509 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-7910
DESCRIPTION: Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free in the disk_seqf_stop function. By leveraging the execution of a certain stop operation, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/119531 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

PowerKVM 3.1

Remediation/Fixes

Customers can update PowerKVM systems by using "yum update".

Fix images are made available via Fix Central. For version 3.1, see https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 10.

Customers running v2.1 are encouraged to upgrade to v3.1.

Workarounds and Mitigations

none

Get Notified about Future Security Bulletins

Subscribe to My Notifications to be notified of important product support alerts like this.

References

Complete CVSS v2 Guide
On-line Calculator v2

Complete CVSS v3 Guide
On-line Calculator v3

Off

Change History

28 September 2017 - Initial Version

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

[{"Product":{"code":"SSZJY4","label":"PowerKVM"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":"Not Applicable","Platform":[{"code":"PF016","label":"Linux"}],"Version":"3.1","Edition":"KVM","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]

Tips

Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM