Amazon Linux AMI : kernel (ALAS-2017-814)
High Nessus Plugin ID 99418
SynopsisThe remote Amazon Linux AMI host is missing a security update.
DescriptionPossible double free in stcp_sendmsg() (incorrect fix for CVE-2017-5986) :
It was found that the code in net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. This vulnerability was introduced by CVE-2017-5986 fix (commit 2dcab5984841).
Reachable BUG_ON from userspace in sctp_wait_for_sndbuf :
It was reported that with Linux kernel, earlier than version v4.10-rc8, an application may trigger a BUG_ON in sctp_wait_for_sndbuf if the socket tx buffer is full, a thread is waiting on it to queue more data, and meanwhile another thread peels off the association being used by the first thread. (CVE-2017-5986)
Shmat allows mmap null page protection bypass :
The do_shmat function in ipc/shm.c in the Linux kernel, through 4.9.12, does not restrict the address calculated by a certain rounding operation. This allows privileged local users to map page zero and, consequently, bypass a protection mechanism that exists for the mmap system call. This is possible by making crafted shmget and shmat system calls in a privileged context. (CVE-2017-5669)
SolutionRun 'yum update kernel' to update your system.