Debian 10225 Published by

An updated Linux Kernel with Meltdown fix is now available for Debian GNU/Linux 8



- -------------------------------------------------------------------------
Debian Security Advisory DSA-4082-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
January 09, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2017-5754 CVE-2017-8824 CVE-2017-15868 CVE-2017-16538
CVE-2017-16939 CVE-2017-17448 CVE-2017-17449 CVE-2017-17450
CVE-2017-17558 CVE-2017-17741 CVE-2017-17805 CVE-2017-17806
CVE-2017-17807 CVE-2017-1000407 CVE-2017-1000410

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2017-5754

Multiple researchers have discovered a vulnerability in Intel
processors, enabling an attacker controlling an unprivileged
process to read memory from arbitrary addresses, including from
the kernel and all other processes running on the system.

This specific attack has been named Meltdown and is addressed in
the Linux kernel for the Intel x86-64 architecture by a patch set
named Kernel Page Table Isolation, enforcing a near complete
separation of the kernel and userspace address maps and preventing
the attack. This solution might have a performance impact, and can
be disabled at boot time by passing `pti=off' to the kernel
command line.

CVE-2017-8824

Mohamed Ghannam discovered that the DCCP implementation did not
correctly manage resources when a socket is disconnected and
reconnected, potentially leading to a use-after-free. A local
user could use this for denial of service (crash or data
corruption) or possibly for privilege escalation. On systems that
do not already have the dccp module loaded, this can be mitigated
by disabling it:
echo >> /etc/modprobe.d/disable-dccp.conf install dccp false

CVE-2017-15868

Al Viro found that the Bluebooth Network Encapsulation Protocol
(BNEP) implementation did not validate the type of the second
socket passed to the BNEPCONNADD ioctl(), which could lead to
memory corruption. A local user with the CAP_NET_ADMIN capability
can use this for denial of service (crash or data corruption) or
possibly for privilege escalation.

CVE-2017-16538

Andrey Konovalov reported that the dvb-usb-lmedm04 media driver
did not correctly handle some error conditions during
initialisation. A physically present user with a specially
designed USB device can use this to cause a denial of service
(crash).

CVE-2017-16939

Mohamed Ghannam reported (through Beyond Security's SecuriTeam
Secure Disclosure program) that the IPsec (xfrm) implementation
did not correctly handle some failure cases when dumping policy
information through netlink. A local user with the CAP_NET_ADMIN
capability can use this for denial of service (crash or data
corruption) or possibly for privilege escalation.

CVE-2017-17448

Kevin Cernekee discovered that the netfilter subsystem allowed
users with the CAP_NET_ADMIN capability in any user namespace, not
just the root namespace, to enable and disable connection tracking
helpers. This could lead to denial of service, violation of
network security policy, or have other impact.

CVE-2017-17449

Kevin Cernekee discovered that the netlink subsystem allowed
users with the CAP_NET_ADMIN capability in any user namespace
to monitor netlink traffic in all net namespaces, not just
those owned by that user namespace. This could lead to
exposure of sensitive information.

CVE-2017-17450

Kevin Cernekee discovered that the xt_osf module allowed users
with the CAP_NET_ADMIN capability in any user namespace to modify
the global OS fingerprint list.

CVE-2017-17558

Andrey Konovalov reported that that USB core did not correctly
handle some error conditions during initialisation. A physically
present user with a specially designed USB device can use this to
cause a denial of service (crash or memory corruption), or
possibly for privilege escalation.

CVE-2017-17741

Dmitry Vyukov reported that the KVM implementation for x86 would
over-read data from memory when emulating an MMIO write if the
kvm_mmio tracepoint was enabled. A guest virtual machine might be
able to use this to cause a denial of service (crash).

CVE-2017-17805

Dmitry Vyukov reported that the KVM implementation for x86 would
over-read data from memory when emulating an MMIO write if the
kvm_mmio tracepoint was enabled. A guest virtual machine might be
able to use this to cause a denial of service (crash).

CVE-2017-17806

It was discovered that the HMAC implementation could be used with
an underlying hash algorithm that requires a key, which was not
intended. A local user could use this to cause a denial of
service (crash or memory corruption), or possibly for privilege
escalation.

CVE-2017-17807

Eric Biggers discovered that the KEYS subsystem lacked a check for
write permission when adding keys to a process's default keyring.
A local user could use this to cause a denial of service or to
obtain sensitive information.

CVE-2017-1000407

Andrew Honig reported that the KVM implementation for Intel
processors allowed direct access to host I/O port 0x80, which
is not generally safe. On some systems this allows a guest
VM to cause a denial of service (crash) of the host.

CVE-2017-1000410

Ben Seri reported that the Bluetooth subsystem did not correctly
handle short EFS information elements in L2CAP messages. An
attacker able to communicate over Bluetooth could use this to
obtain sensitive information from the kernel.

For the oldstable distribution (jessie), these problems have been fixed
in version 3.16.51-3+deb8u1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

  Linux Kernel Update for Debian 8