Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3161-2)

critical Nessus Plugin ID 95996

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3161-2 advisory.

- The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel before 4.5 allows local users to obtain sensitive information from kernel memory by reading a tty data structure. (CVE-2015-8964)

- drivers/media/v4l2-core/videobuf2-v4l2.c in the Linux kernel before 4.5.3 allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a crafted number of planes in a VIDIOC_DQBUF ioctl call. (CVE-2016-4568)

- fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service (memory consumption and deadlock) via MS_BIND mount system calls, as demonstrated by a loop that triggers exponential growth in the number of mounts. (CVE-2016-6213)

- The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction. (CVE-2016-8630)

- drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets. (CVE-2016-8633)

- The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c. (CVE-2016-8645)

- The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data. (CVE-2016-9555)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

https://ubuntu.com/security/notices/USN-3161-2

Plugin Details

Severity: Critical

ID: 95996

File Name: ubuntu_USN-3161-2.nasl

Version: 3.9

Type: local

Agent: unix

Published: 12/21/2016

Updated: 1/9/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2016-9555

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-57-generic, p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-57-generic-lpae, p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-57-lowlatency, p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-57-powerpc-e500mc, p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-57-powerpc-smp, p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-57-powerpc64-emb, p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-57-powerpc64-smp, cpe:/o:canonical:ubuntu_linux:14.04:-:lts

Required KB Items: Host/cpu, Host/Debian/dpkg-l, Host/Ubuntu, Host/Ubuntu/release

Exploit Ease: No known exploits are available

Patch Publication Date: 12/20/2016

Vulnerability Publication Date: 5/23/2016

Reference Information

CVE: CVE-2015-8964, CVE-2016-4568, CVE-2016-6213, CVE-2016-8630, CVE-2016-8633, CVE-2016-8645, CVE-2016-9555

USN: 3161-2