IBM Support

Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM

Security Bulletin


Summary

PowerKVM is affected by numerous vulnerabilities in the linux kernel. These vulnerabilities are now fixed.

Vulnerability Details

CVEID: CVE-2013-7421
DESCRIPTION:
Linux Kernel could allow a local attacker to bypass security restrictions, caused by an error in the in the Crypto API. An attacker could exploit this vulnerability to load any installed kernel module on systems.
CVSS Base Score: 2.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/100591 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2014-7842
DESCRIPTION:
Linux Kernel is vulnerable to a denial of service, caused by an error related to the reporting of an emulation failure to user space. An attacker with access to MMIO area could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/98658 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:H/Au:N/C:N/I:N/A:C)

CVEID: CVE-2014-8171
DESCRIPTION:
Linux Kernel is vulnerable to a denial of service, caused by the improper handling of OOM (out of memory) conditions by the memory resource controller's (memcg). By continuously spawning new processes within a single memory-constrained cgroup during an OOM event, an attacker could exploit this vulnerability to cause the system to deadlock.
CVSS Base Score: 7.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115949 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVEID: CVE-2014-8559
DESCRIPTION:
Linux Kernel, built with Virtual File System(VFS) support, is vulnerable to a denial of service caused by incorrect usage of file system locks. A local attacker could exploit this vulnerability to cause a deadlock.
CVSS Base Score: 2.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/98424 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2014-9644
DESCRIPTION:
Linux Kernel could allow a local attacker to bypass security restrictions, caused by an error in the in the Crypto API. An attacker could exploit this vulnerability to load any installed kernel module on systems.
CVSS Base Score: 2.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/100592 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2015-2925
DESCRIPTION:
Linux Kernel could allow a local attacker to gain unauthorized access to the system. By creating another user and mounting namespace within a container, an attacker could exploit this vulnerability to gain access to the filesystem.
CVSS Base Score: 4.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102130 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVEID: CVE-2015-3339
DESCRIPTION:
Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a race condition between the chown() and execve() system calls. When changing the owner of a setuid-user binary to root, an attacker could exploit this vulnerability to gain root privileges on the system.
CVSS Base Score: 7.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102618 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2015-5156
DESCRIPTION:
Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking by virtio-net. By sending specially crafted packets, a remote attacker on the local network could overflow a buffer and execute arbitrary code on the system or cause the system to crash.
CVSS Base Score: 6.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105348 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2015-5283
DESCRIPTION:
Linux Kernel is vulnerable to a denial of service, caused by an error in the SCTP module. By creating multiple SCTP sockets when SCTP module isn't loaded, an attacker could exploit this vulnerability to cause the kernel to panic.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107227 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2015-6526
DESCRIPTION:
Linux Kernel is vulnerable to a denial of service, caused by an error in the perf_callchain_user_64 unction. A local attacker could exploit this vulnerability to cause the system to enter into an infinite loop and kill the process.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105798 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2015-7613
DESCRIPTION:
Linux Kernel could allow a local attacker to gain unauthorized access to the system, caused by the installation of a not-completely initialized object into the shared object table by the ipc_addid() function. An attacker could exploit this vulnerability to using initialized memory to gain access to arbitrary SysV shared memory.
CVSS Base Score: 8.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106887 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

CVEID: CVE-2015-7837
DESCRIPTION:
Linux Kernel could allow a local attacker to bypass security restrictions, caused by an error when kexec is used to load the same kernel after reboot. An attacker could exploit this vulnerability to bypass the securelevel/secureboot combination and gain access to the system.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107230 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2015-7872
DESCRIPTION:
Linux Kernel is vulnerable to a denial of service, caused by an error in keyrings garbage collector. A remote authenticated attacker could exploit this vulnerability using request_key() or keyctl request2 to cause a kernel OOPs.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107408 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2015-8660
DESCRIPTION:
Linux Kernel could allow a local attacker to bypass security restrictions, caused by an error in the ovl_setattr function in fs/overlayfs/inode.c when attempting to merge distinct setattr operations. An attacker could exploit this vulnerability using a specially crafted application to bypass security restrictions and modify the attributes of arbitrary overlay files.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109385 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2015-8767
DESCRIPTION:
Linux Kernel is vulnerable to a denial of service, caused by the failure to properly manage the relationship between a lock and a socket by sm_sideeffect.c. A local attacker could exploit this vulnerability using a specially crafted sctp_accept call to cause a deadlock.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110582 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-0728
DESCRIPTION:
Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free in the join_session_keyring() function in security/keys/process_keys.c. By overflowing the usage field, an attacker could exploit this vulnerability to execute arbitrary code on the system with kernel-level privileges.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109695 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-0758
DESCRIPTION:
Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by the improper processing of certificate files with tags with indefinite length by the ASN.1 DER decoder. An attacker could exploit this vulnerability using a specially crafted X.509 certificate DER file to gain elevated privileges on the system or cause the system to crash.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113189 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-4470
DESCRIPTION:
Linux Kernel is vulnerable to a denial of service, caused by the improper handling of key lookups in the keychain subsystem by the key_reject_and_link() function. An attacker could exploit this vulnerability to cause the system to crash and trigger a use-after-free by another kernel mechanism.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/114238 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-4565
DESCRIPTION:
Linux Kernel could allow a local attacker to bypass security restrictions, caused by the failure to restrict use of the write() interface by the drivers/infiniband stack. A local attacker could exploit this vulnerability to trigger write calls and launch further attacks on the system.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113181 for the current score
CVSS Environmental Score*: Undefined

Affected Products and Versions

PowerKVM 2.1 and PowerKVM 3.1

Remediation/Fixes

Customers can update PowerKVM systems by using "yum update".

Fix images are made available via Fix Central. For version 3.1, see https://ibm.biz/BdHggw for 3.1.0.2 update 2 or later.

For version 2.1, see PowerKVM 2.1.1.3-65. Update 12 at https://ibm.biz/BdEnT8 or later. Customers running v2.1 are, in any case, encouraged to upgrade to v3.1.

For v2.1 systems currently running fix levels of PowerKVM prior to 2.1.1, please see http://download4.boulder.ibm.com/sar/CMA/OSA/05e4c/0/README for prerequisite fixes and instructions.

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

Off

Change History

9 September 2016 - Initial Version

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

[{"Product":{"code":"SSZJY4","label":"PowerKVM"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":"Not Applicable","Platform":[{"code":"PF016","label":"Linux"}],"Version":"2.1;3.1","Edition":"KVM","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]

Document Information

Modified date:
17 June 2018

UID

isg3T1024270