Severity

Medium

Vendor

Ubuntu

Versions Affected

• Ubuntu 14.04 LTS

Description

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment (CS) in certain error cases. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2016-9756)

Andrey Konovalov discovered that signed integer overflows existed in the setsockopt() system call when handling the SO_SNDBUFFORCE andSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service (system crash or memory corruption). (CVE-2016-9793)

Baozeng Ding discovered a race condition that could lead to a use-after-free in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to cause a denial of service(system crash). (CVE-2016-9794)

Affected Products and Versions

Severity is medium unless otherwise noted.

Cloud Foundry BOSH stemcells are vulnerable, including:

• * 3151.x versions prior to 3151.7
  

  • 3233.x versions prior to 3233.10
  • 3263.x versions prior to 3263.15
  • 3312.x versions prior to 3312.17

Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

• The Cloud Foundry team recommends upgrading to the following BOSH stemcells:
  • Upgrade all lower versions of 3151.x to version 3151.7
  • Upgrade all lower versions of 3233.x to version 3233.10
  • Upgrade all lower versions of 3263.x to version 3263.15
  • Upgrade all lower versions of 3312.x to version 3312.17

Credit

Dmitry Vyukov, Andrey Konovalov, Baozeng Ding

References

• https://www.ubuntu.com/usn/usn-3169-2/
• http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9756.html
• http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9793.html
• http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9794.html

History

2017-01-11: Initial vulnerability report published