User login
Qlustar: Install and enjoy!

[QSA-0521151] Linux kernel vulnerabilities

Qlustar Security Advisory 0521151

May 21, 2015


Summary:

The system could crash or be made to run programs as an administrator.


Package(s)       : linux-image-ql-generic,
    qlustar-module-core-trusty-amd64-9.0.1,
    qlustar-module-core-wheezy-amd64-9.0.1
Qlustar releases : 9.0
Affected versions: All versions prior to this update
Vulnerability    : privilege escalation/denial of service
Problem type     : local
Qlustar-specific : no
CVE Id(s)        : CVE-2015-3331, CVE-2015-2922, CVE-2015-2830,
    CVE-2015-2666, CVE-2015-2042, CVE-2015-2041, CVE-2015-1593,
    CVE-2015-1465, CVE-2015-1421, CVE-2014-9715, CVE-2014-9644,
    CVE-2013-7421

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problem:

CVE-2015-3331

A memory corruption issue was discovered in AES decryption when using the Intel AES-NI accelerated code path. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate privileges on Intel base machines with AEC-GCM mode IPSec security association.

CVE-2015-2922

It was discovered that the Linux kernel's IPv6 networking stack has a flaw that allows using route advertisement (RA) messages to set the 'hop_limit' to values that are too low. An unprivileged attacker on a local network could exploit this flaw to cause a denial of service (IPv6 messages dropped).

CVE-2015-2830

A privilege escalation was discovered in the fork syscal vi the int80 entry on 64 bit kernels with 32 bit emulation support. An unprivileged local attacker could exploit this flaw to increase their privileges on the system.

CVE-2015-2666

A stack overflow was discovered in the the microcode loader for the intel x86 platform. A local attacker could exploit this flaw to cause a denial of service (kernel crash) or to potentially execute code with kernel privileges.

CVE-2015-2042

An information leak was discovered in how the Linux kernel handles setting the Reliable Datagram Sockets (RDS) settings. A local user could exploit this flaw to read data from other sysctl settings.

CVE-2015-2041

An information leak was discovered in the Linux kernel's handling of userspace configuration of the link layer control (LLC). A local user could exploit this flaw to read data from other sysctl settings.

CVE-2015-1593

An integer overflow was discovered in the stack randomization feature of the Linux kernel on 64 bit platforms. A local attacker could exploit this flaw to bypass the Address Space Layout Randomization (ASLR) mitigation mechanism.

CVE-2015-1465

Marcelo Leitner discovered a flaw in the Linux kernel's routing of packets to too many different dsts/too fast. A remote attacker can exploit this flaw to cause a denial of service (system crash).

CVE-2015-1421

Sun Baoliang discovered a use after free flaw in the Linux kernel's SCTP (Stream Control Transmission Protocol) subsystem during INIT collisions. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges on the system.

CVE-2014-9715

Vincent Tondellier discovered an integer overflow in the Linux kernel's netfilter connection tracking accounting of loaded extensions. An attacker on the local area network (LAN) could potential exploit this flaw to cause a denial of service (system crash of targeted system).

CVE-2014-9644

A flaw was discovered in the crypto subsystem when screening module names for automatic module loading if the name contained a valid crypto module name, eg. vfat(aes). A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges.

CVE-2013-7421

A flaw was discovered in the automatic loading of modules in the crypto subsystem of the Linux kernel. A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges.

Important Fixes

With this kernel, we replace the previously used in-kernel infiniband kernel modules with the ones from OFED 3.18. This fixes various drivers. Most importantly, it properly supports the most recent Mellanox Connect-X/IB adapters now, that are not usable with the kernel 3.12.x in-kernel drivers. The new IB drivers are automatically pulled in and contained in the package ofed-3.18-modules-ql-generic.

Update instructions:

The problem can be corrected by updating your system to the following or more recent package versions (follow the Qlustar Update Guide):

linux-image-ql-generic                     3.12.42-ql-generic-54
qlustar-module-core-trusty-amd64-9.0.1     9.0.1.4-b448f971
qlustar-module-core-wheezy-amd64-9.0.1     9.0.1.4-b448f971
glqxz9283 sfy39587stf02 mnesdcuix8
sfy39587stf03
sfy39587p08