Ubuntu 16.04 LTS : linux-raspi2 vulnerabilities (USN-3007-1)

Ubuntu Security Notice (C) 2016 Canonical, Inc. / NASL script (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the
Linux kernel incorrectly enables scatter/gather I/O. A remote attacker
could use this to obtain potentially sensitive information from kernel
memory. (CVE-2016-2117)

Jann Horn discovered that eCryptfs improperly attempted to use the
mmap() handler of a lower filesystem that did not implement one,
causing a recursive page fault to occur. A local unprivileged attacker
could use to cause a denial of service (system crash) or possibly
execute arbitrary code with administrative privileges. (CVE-2016-1583)

Multiple race conditions where discovered in the Linux kernel's ext4
file system. A local user could exploit this flaw to cause a denial of
service (disk corruption) by writing to a page that is associated with
a different users file after unsynchronized hole punching and
page-fault handling. (CVE-2015-8839)

Ralf Spenneberg discovered that the Linux kernel's GTCO digitizer USB
device driver did not properly validate endpoint descriptors. An
attacker with physical access could use this to cause a denial of
service (system crash). (CVE-2016-2187)

Vitaly Kuznetsov discovered that the Linux kernel did not properly
suppress hugetlbfs support in X86 paravirtualized guests. An attacker
in the guest OS could cause a denial of service (guest system crash).
(CVE-2016-3961)

Kangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC
type 2 Support implementations in the Linux kernel. A local attacker
could use this to obtain potentially sensitive information from kernel
memory. (CVE-2016-4485)

Kangjie Lu discovered an information leak in the routing netlink
socket interface (rtnetlink) implementation in the Linux kernel. A
local attacker could use this to obtain potentially sensitive
information from kernel memory. (CVE-2016-4486)

Jann Horn discovered that the extended Berkeley Packet Filter (eBPF)
implementation in the Linux kernel could overflow reference counters
on systems with more than 32GB of physical ram and with RLIMIT_MEMLOCK
set to infinite. A local unprivileged attacker could use to create a
use-after- free situation, causing a denial of service (system crash)
or possibly gain administrative privileges. (CVE-2016-4558)

Jann Horn discovered that the InfiniBand interfaces within the Linux
kernel could be coerced into overwriting kernel memory. A local
unprivileged attacker could use this to possibly gain administrative
privileges on systems where InifiniBand related kernel modules are
loaded. (CVE-2016-4565)

It was discovered that in some situations the Linux kernel did not
handle propagated mounts correctly. A local unprivileged attacker
could use this to cause a denial of service (system crash).
(CVE-2016-4581).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected linux-image-4.4-raspi2 package.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now