Debian DSA-3060-1 : linux - security update

High Nessus Plugin ID 78784

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service :

- CVE-2014-3610 Lars Bull of Google and Nadav Amit reported a flaw in how KVM handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of service (kernel panic) on the host.

- CVE-2014-3611 Lars Bull of Google reported a race condition in the PIT emulation code in KVM. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host.

- CVE-2014-3645/ CVE-2014-3646 The Advanced Threat Research team at Intel Security discovered that the KVM subsystem did not handle the VM exits gracefully for the invept (Invalidate Translations Derived from EPT) and invvpid (Invalidate Translations Based on VPID) instructions. On hosts with an Intel processor and invept/invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest.

- CVE-2014-3647 Nadav Amit reported that KVM mishandles noncanonical addresses when emulating instructions that change rip, potentially causing a failed VM-entry. A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest.

- CVE-2014-3673 Liu Wei of Red Hat discovered a flaw in net/core/skbuff.c leading to a kernel panic when receiving malformed ASCONF chunks. A remote attacker could use this flaw to crash the system.

- CVE-2014-3687 A flaw in the sctp stack was discovered leading to a kernel panic when receiving duplicate ASCONF chunks. A remote attacker could use this flaw to crash the system.

- CVE-2014-3688 It was found that the sctp stack is prone to a remotely triggerable memory pressure issue caused by excessive queueing. A remote attacker could use this flaw to cause denial-of-service conditions on the system.

- CVE-2014-3690 Andy Lutomirski discovered that incorrect register handling in KVM may lead to denial of service.

- CVE-2014-7207 Several Debian developers reported an issue in the IPv6 networking subsystem. A local user with access to tun or macvtap devices, or a virtual machine connected to such a device, can cause a denial of service (system crash).

This update includes a bug fix related to CVE-2014-7207 that disables UFO (UDP Fragmentation Offload) in the macvtap, tun, and virtio_net drivers. This will cause migration of a running VM from a host running an earlier kernel version to a host running this kernel version to fail, if the VM has been assigned a virtio network device. In order to migrate such a VM, it must be shut down first.

Solution

Upgrade the linux packages.

For the stable distribution (wheezy), these problems have been fixed in version 3.2.63-2+deb7u1.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766195

https://security-tracker.debian.org/tracker/CVE-2014-3610

https://security-tracker.debian.org/tracker/CVE-2014-3611

https://security-tracker.debian.org/tracker/CVE-2014-3645

https://security-tracker.debian.org/tracker/CVE-2014-3646

https://security-tracker.debian.org/tracker/CVE-2014-3647

https://security-tracker.debian.org/tracker/CVE-2014-3673

https://security-tracker.debian.org/tracker/CVE-2014-3687

https://security-tracker.debian.org/tracker/CVE-2014-3688

https://security-tracker.debian.org/tracker/CVE-2014-3690

https://security-tracker.debian.org/tracker/CVE-2014-7207

https://security-tracker.debian.org/tracker/CVE-2014-7207

https://packages.debian.org/source/wheezy/linux

https://www.debian.org/security/2014/dsa-3060

Plugin Details

Severity: High

ID: 78784

File Name: debian_DSA-3060.nasl

Version: 1.12

Type: local

Agent: unix

Published: 2014/11/03

Updated: 2018/11/10

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:linux, cpe:/o:debian:debian_linux:7.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/10/31

Reference Information

CVE: CVE-2014-3610, CVE-2014-3611, CVE-2014-3645, CVE-2014-3646, CVE-2014-3647, CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, CVE-2014-3690, CVE-2014-7207

BID: 70691, 70742, 70743, 70745, 70746, 70748, 70766, 70768, 70867

DSA: 3060