ALAS-2017-814

Metadata

high
7.1
kernel
CVE-2017-6353, CVE-2017-5986, CVE-2017-5669
2017-04-07
2017-06-16 19:22
ALAS-2017-805
CVE-2017-6353 linux
CVE-2017-5986 linux
CVE-2017-5669 linux
CVE-2017-5986
CVE-2017-5669
CVE-2017-6353
2017-04-17 18:03

Description

Possible double free in stcp_sendmsg() (incorrect fix for CVE-2017-5986 ):It was found that the code in net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. This vulnerability was introduced by CVE-2017-5986 fix (commit 2dcab5984841).Reachable BUG_ON from userspace in sctp_wait_for_sndbuf:It was reported that with Linux kernel, earlier than version v4.10-rc8, an application may trigger a BUG_ON in sctp_wait_for_sndbuf if the socket tx buffer is full, a thread is waiting on it to queue more data, and meanwhile another thread peels off the association being used by the first thread. (CVE-2017-5986 ) Shmat allows mmap null page protection bypass:The do_shmat function in ipc/shm.c in the Linux kernel, through 4.9.12, does not restrict the address calculated by a certain rounding operation. This allows privileged local users to map page zero and, consequently, bypass a protection mechanism that exists for the mmap system call. This is possible by making crafted shmget and shmat system calls in a privileged context. (CVE-2017-5669 )

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Package Patched in
kernel kernel-4.9.20-10.30.amzn1.src
kernel kernel-4.9.20-10.30.amzn1.i686
kernel kernel-4.9.20-10.30.amzn1.x86_64
kernel-debuginfo kernel-debuginfo-4.9.20-10.30.amzn1.i686
kernel-debuginfo kernel-debuginfo-4.9.20-10.30.amzn1.x86_64
kernel-debuginfo-common-i686 kernel-debuginfo-common-i686-4.9.20-10.30.amzn1.i686
kernel-debuginfo-common-x86_64 kernel-debuginfo-common-x86_64-4.9.20-10.30.amzn1.x86_64
kernel-devel kernel-devel-4.9.20-10.30.amzn1.i686
kernel-devel kernel-devel-4.9.20-10.30.amzn1.x86_64
kernel-doc kernel-doc-4.9.20-10.30.amzn1.noarch
kernel-headers kernel-headers-4.9.20-10.30.amzn1.x86_64
kernel-headers kernel-headers-4.9.20-10.30.amzn1.i686
kernel-tools kernel-tools-4.9.20-10.30.amzn1.x86_64
kernel-tools kernel-tools-4.9.20-10.30.amzn1.i686
kernel-tools-debuginfo kernel-tools-debuginfo-4.9.20-10.30.amzn1.x86_64
kernel-tools-debuginfo kernel-tools-debuginfo-4.9.20-10.30.amzn1.i686
kernel-tools-devel kernel-tools-devel-4.9.20-10.30.amzn1.x86_64
kernel-tools-devel kernel-tools-devel-4.9.20-10.30.amzn1.i686
perf perf-4.9.20-10.30.amzn1.x86_64
perf perf-4.9.20-10.30.amzn1.i686
perf-debuginfo perf-debuginfo-4.9.20-10.30.amzn1.x86_64
perf-debuginfo perf-debuginfo-4.9.20-10.30.amzn1.i686