==========================================================================
Kernel Live Patch Security Notice LSN-0021-1
April 10, 2017

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu:

| Series | Base kernel | Arch | flavors |
|——————+————–+———-+——————|
| Ubuntu 16.04 LTS | 4.4.0 | amd64 | generic |
| Ubuntu 16.04 LTS | 4.4.0 | amd64 | lowlatency |

Summary:

Several security issues were fixed in the kernel.

Software Description:
– linux: Linux kernel

Details:

Andrey Konovalov discovered that the AF_PACKET implementation in the Linux
kernel did not properly validate certain block-size data. A local attacker
could use this to cause a denial of service (system crash). (CVE-2017-7308)

Andrey Konovalov discovered a use-after-free vulnerability in the DCCP
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash) or possibly gain administrative
privileges. (CVE-2017-6074)

It was discovered that a race condition existed in the memory manager of
the Linux kernel when handling copy-on-write breakage of private read-only
memory mappings. A local attacker could use this to gain administrative
privileges. (CVE-2016-5195)

It was discovered that a use-after-free vulnerability existed in the block
device layer of the Linux kernel. A local attacker could use this to cause
a denial of service (system crash) or possibly gain administrative
privileges. (CVE-2016-7910)

Dmitry Vyukov discovered a use-after-free vulnerability in the
sys_ioprio_get() function in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash) or possibly gain
administrative privileges. (CVE-2016-7911)

XXX-FIXME-XXX [Use-after-free vulnerability in the ffs_user_copy_worker
function in drivers/usb/gadget/function/f_fs.c in the Linux kernel before
4.5.3 allows local users to gain privileges by accessing an I/O data
structure after a certain callback call.] (CVE-2016-7912)

It was discovered that a race condition existed in the procfs environ_read
function in the Linux kernel, leading to an integer underflow. A local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2016-7916)

Qidan He discovered that the ICMP implementation in the Linux kernel did
not properly check the size of an ICMP header. A local attacker with
CAP_NET_ADMIN could use this to expose sensitive information.
(CVE-2016-8399)

It was discovered that the KVM implementation for x86/x86_64 in the Linux
kernel could dereference a null pointer. An attacker in a guest virtual
machine could use this to cause a denial of service (system crash) in the
KVM host. (CVE-2016-8630)

Eyal Itkin discovered that the IP over IEEE 1394 (FireWire) implementation
in the Linux kernel contained a buffer overflow when handling fragmented
packets. A remote attacker could use this to possibly execute arbitrary
code with administrative privileges. (CVE-2016-8633)

CAI Qian discovered that the sysctl implementation in the Linux kernel did
not properly perform reference counting in some situations. An unprivileged
attacker could use this to cause a denial of service (system hang).
(CVE-2016-9191)

Andrey Konovalov discovered that the SCTP implementation in the Linux
kernel improperly handled validation of incoming data. A remote attacker
could use this to cause a denial of service (system crash). (CVE-2016-9555)

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel
did not properly initialize the Code Segment (CS) in certain error cases. A
local attacker could use this to expose sensitive information (kernel
memory). (CVE-2016-9756)

Andy Lutomirski and Willy Tarreau discovered that the KVM implementation in
the Linux kernel did not properly emulate instructions on the SS segment
register. A local attacker in a guest virtual machine could use this to
cause a denial of service (guest OS crash) or possibly gain administrative
privileges in the guest OS. (CVE-2017-2583)

Update instructions:

The problem can be corrected by updating your livepatches to the following
versions:

| Kernel | Version | flavors |
|—————–+———-+————————–|
| 4.4.0-21.37 | 16.1 | generic, lowlatency |
| 4.4.0-21.37 | 17.1 | generic, lowlatency |
| 4.4.0-21.37 | 18.1 | generic, lowlatency |
| 4.4.0-21.37 | 21.1 | generic, lowlatency |
| 4.4.0-22.39 | 13.2 | generic, lowlatency |
| 4.4.0-22.39 | 16.1 | generic, lowlatency |
| 4.4.0-22.39 | 17.1 | generic, lowlatency |
| 4.4.0-22.39 | 18.1 | generic, lowlatency |
| 4.4.0-22.39 | 21.1 | generic, lowlatency |
| 4.4.0-22.40 | 16.1 | generic, lowlatency |
| 4.4.0-22.40 | 17.1 | generic, lowlatency |
| 4.4.0-22.40 | 18.1 | generic, lowlatency |
| 4.4.0-22.40 | 21.1 | generic, lowlatency |
| 4.4.0-24.43 | 16.1 | generic, lowlatency |
| 4.4.0-24.43 | 17.1 | generic, lowlatency |
| 4.4.0-24.43 | 18.1 | generic, lowlatency |
| 4.4.0-24.43 | 21.1 | generic, lowlatency |
| 4.4.0-28.47 | 16.1 | generic, lowlatency |
| 4.4.0-28.47 | 17.1 | generic, lowlatency |
| 4.4.0-28.47 | 18.1 | generic, lowlatency |
| 4.4.0-28.47 | 21.1 | generic, lowlatency |
| 4.4.0-31.50 | 16.1 | generic, lowlatency |
| 4.4.0-31.50 | 17.1 | generic, lowlatency |
| 4.4.0-31.50 | 18.1 | generic, lowlatency |
| 4.4.0-31.50 | 21.1 | generic, lowlatency |
| 4.4.0-34.53 | 16.1 | generic, lowlatency |
| 4.4.0-34.53 | 17.1 | generic, lowlatency |
| 4.4.0-34.53 | 18.1 | generic, lowlatency |
| 4.4.0-34.53 | 21.1 | generic, lowlatency |
| 4.4.0-36.55 | 16.1 | generic, lowlatency |
| 4.4.0-36.55 | 17.1 | generic, lowlatency |
| 4.4.0-36.55 | 18.1 | generic, lowlatency |
| 4.4.0-36.55 | 21.1 | generic, lowlatency |
| 4.4.0-38.57 | 16.1 | generic, lowlatency |
| 4.4.0-38.57 | 17.1 | generic, lowlatency |
| 4.4.0-38.57 | 18.1 | generic, lowlatency |
| 4.4.0-38.57 | 21.1 | generic, lowlatency |
| 4.4.0-42.62 | 16.1 | generic, lowlatency |
| 4.4.0-42.62 | 17.1 | generic, lowlatency |
| 4.4.0-42.62 | 18.1 | generic, lowlatency |
| 4.4.0-42.62 | 21.1 | generic, lowlatency |
| 4.4.0-43.63 | 16.1 | generic, lowlatency |
| 4.4.0-43.63 | 17.1 | generic, lowlatency |
| 4.4.0-43.63 | 18.1 | generic, lowlatency |
| 4.4.0-43.63 | 21.1 | generic, lowlatency |
| 4.4.0-45.66 | 16.1 | generic, lowlatency |
| 4.4.0-45.66 | 17.1 | generic, lowlatency |
| 4.4.0-45.66 | 18.1 | generic, lowlatency |
| 4.4.0-45.66 | 21.1 | generic, lowlatency |
| 4.4.0-47.68 | 16.1 | generic, lowlatency |
| 4.4.0-47.68 | 17.1 | generic, lowlatency |
| 4.4.0-47.68 | 18.1 | generic, lowlatency |
| 4.4.0-47.68 | 21.1 | generic, lowlatency |
| 4.4.0-51.72 | 16.1 | generic, lowlatency |
| 4.4.0-51.72 | 17.1 | generic, lowlatency |
| 4.4.0-51.72 | 18.1 | generic, lowlatency |
| 4.4.0-51.72 | 21.1 | generic, lowlatency |
| 4.4.0-53.74 | 16.1 | generic, lowlatency |
| 4.4.0-53.74 | 17.1 | generic, lowlatency |
| 4.4.0-53.74 | 18.1 | generic, lowlatency |
| 4.4.0-53.74 | 21.1 | generic, lowlatency |
| 4.4.0-57.78 | 17.1 | generic, lowlatency |
| 4.4.0-57.78 | 18.1 | generic, lowlatency |
| 4.4.0-57.78 | 21.1 | generic, lowlatency |
| 4.4.0-59.80 | 17.1 | generic, lowlatency |
| 4.4.0-59.80 | 18.1 | generic, lowlatency |
| 4.4.0-59.80 | 21.1 | generic, lowlatency |
| 4.4.0-62.83 | 17.1 | generic, lowlatency |
| 4.4.0-62.83 | 18.1 | generic, lowlatency |
| 4.4.0-62.83 | 21.1 | generic, lowlatency |
| 4.4.0-63.84 | 18.1 | generic, lowlatency |
| 4.4.0-63.84 | 21.1 | generic, lowlatency |
| 4.4.0-64.85 | 21.1 | generic, lowlatency |
| 4.4.0-66.87 | 21.1 | generic, lowlatency |
| 4.4.0-67.88 | 21.1 | generic, lowlatency |
| 4.4.0-70.91 | 21.1 | generic, lowlatency |
| 4.4.0-71.92 | 21.1 | generic, lowlatency |

Additionally, you should install an updated kernel with these fixes and
reboot at your convienience.

References:
CVE-2016-5195, CVE-2016-7910, CVE-2016-7911, CVE-2016-7912,
CVE-2016-7916, CVE-2016-8399, CVE-2016-8630, CVE-2016-8633,
CVE-2016-9191, CVE-2016-9555, CVE-2016-9756, CVE-2017-2583,
CVE-2017-6074, CVE-2017-7308—–BEGIN PGP SIGNATURE—–

iQIcBAABCAAGBQJY78UpAAoJEISdN0X7kR4eys4P/2OWpa3ERXsvQB7MaJTV68pW
z5m1MeanYjPfTP5Zc9Ip2WNRqTgUB6CHA4A0h8Nf4caeM49G0t5SFQAphUUL4biJ
jZb70SbNpQuH+Z+8fD5O5Oy+I8dyovQgc5SZBNYlmpsY3cAp6nE5wsfIXtKdA6GL
WfhjlRL3P6dgZe8bedypvuhoW+PFvgYbyXOOwRyADWz8fOZAzFhE4t+SeEtDmsbi
NG7w5ywh8hcvZ8kQ/dIezTTn6YiLTSrAEhuADU/hNRgXuLDlMXqpzA34d5bX+lyg
wq+lQQ4E7u8FQ185dAqF3g/3VeO0jGERATFYKFas03JHOwMVjErVahzL0cA4QLAi
MaxMGR2FZc3xcOhQPNtSAabpsaI8eo/NN2PktQxUMa7tgTLQTO1L6T7DGidhpT+u
qVEKlHXpPPIOjgK/nKZdgENF0Hyjqlc4vmeFRNCallielv8TguGxe2V+sSa52Py7
4hBgJCfZTGxuHBs+7zGPlDGCecJ3ucTCrgxTx03JJZ5kPLwsQg3DYxne+qHPPAUB
7V2m9oa6efPlbnQBe/zQIMkzNcbgU36qsw/YspTHhkBoG4LNp09dUkFV1HxRpuYL
ojoUJWkO072VorkojBNBOTiRa3QlS5tM6JvdVx1lW4ccTS4GxGVqA171f1yDWhAD
bu9+XuF6eN3iAhT4JMrQ
=1qk2
—–END PGP SIGNATURE—–
—