Corrections and additions to descriptions for 3.16.43-2+deb8u5/4.9.30-2+deb9u5

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5584 e094ebfe-e918-0410-adfb-c712417f3574
author: Ben Hutchings <benh@debian.org> 2017-09-20 20:18:40 +0000
committer: Ben Hutchings <benh@debian.org> 2017-09-20 20:18:40 +0000
commit: ffca6bf385ee9e89d823ef3e397aefe5f78dd180 (patch)
tree: 354b0a3d5713f658de9cd77af592999b158cf700 /dsa-texts/4.9.30-2+deb9u5
parent: f9358797f36bafac2b58a98c7edfc41d6ac12b3d (diff)
1 files changed, 34 insertions, 29 deletions
diff --git a/dsa-texts/4.9.30-2+deb9u5 b/dsa-texts/4.9.30-2+deb9u5
index 8e93b2a86..2bbd69200 100644
--- a/dsa-texts/4.9.30-2+deb9u5
+++ b/dsa-texts/4.9.30-2+deb9u5
@@ -35,9 +35,8 @@ CVE-2017-11600
 
     Bo Zhang reported that the xfrm subsystem does not properly
     validate one of the parameters to a netlink message. Local users
-    with the CAP_NET_ADMIN capability (in any user namespace) can use
-    this to cause a denial of service or potentially to execute
-    arbitrary code.
+    with the CAP_NET_ADMIN capability can use this to cause a denial
+    of service or potentially to execute arbitrary code.
 
 CVE-2017-12134 / #866511 / XSA-229
 
@@ -53,9 +52,10 @@ CVE-2017-12134 / #866511 / XSA-229
 
 CVE-2017-12146 (stretch only)
 
-    A race condition flaw was found in the driver_override
-    implementation within the platform 'pseudo' bus for legacy devices,
-    allowing a local user to gain privileges.
+    Adrian Salido of Google reported a race condition in access to the
+    "driver_override" attribute for platform devices in sysfs. If
+    unprivileged users are permitted to access this attribute, this
+    might allow them to gain privileges.
 
 CVE-2017-12153
 
@@ -79,9 +79,11 @@ CVE-2017-14106
 
 CVE-2017-14140
 
-    Otto Ebeling discovered that the move_pages() syscall performed
-    insufficient validation of the effective UID of the target process
-    which result in a partial ASLR bypass.
+    Otto Ebeling reported that the move_pages() system call performed
+    insufficient validation of the UIDs of the calling and target
+    processes, resulting in a partial ASLR bypass. This made it easier
+    for local users to exploit vulnerabilities in programs installed
+    with the set-UID permission bit set.
 
 CVE-2017-14156
 
@@ -107,28 +109,26 @@ CVE-2017-14489
 
 CVE-2017-14497 (stretch only)
 
-    Benjamin Poirier reported that vnet headers are not properly handled
-    within the tpacket_rcv() function in the raw packet (af_packet)
-    feature. A local user can take advantage of this flaw to cause a
-    denial of service (buffer overflow, and disk and memory corruption)
-    or have other impact.
+    Benjamin Poirier of SUSE reported that vnet headers are not
+    properly handled within the tpacket_rcv() function in the raw
+    packet (af_packet) feature. A local user with the CAP_NET_RAW
+    capability can take advantage of this flaw to cause a denial of
+    service (buffer overflow, and disk and memory corruption) or have
+    other impact.
 
 CVE-2017-1000111
 
-    Andrey Konovalov of Google reported that a race condition in the
-    raw packet (af_packet) feature. Local users with the CAP_NET_RAW
-    capability (in any user namespace) can use this for denial of
-    service or possibly to execute arbitrary code.
+    Andrey Konovalov of Google reported a race condition in the raw
+    packet (af_packet) feature. Local users with the CAP_NET_RAW
+    capability can use this for denial of service or possibly to
+    execute arbitrary code.
 
 CVE-2017-1000112
 
-    Andrey Konovalov of Google reported a race condition flaw in the UDP
-    Fragmentation Offload (UFO) code. A local user with the
-    CAP_NET_ADMIN capability can use this flaw for denial of service or
-    possibly to execute arbitrary code. Debian disables unprivileged
-    user namespaces by default, if locally enabled with the
-    kernel.unprivileged_userns_clone sysctl, this allows privilege
-    escalation.
+    Andrey Konovalov of Google reported a race condition flaw in the
+    UDP Fragmentation Offload (UFO) code. A local user with the
+    CAP_NET_ADMIN capability can use this flaw for denial of service
+    or possibly to execute arbitrary code.
 
 CVE-2017-1000251 / #875881
 
@@ -141,10 +141,10 @@ CVE-2017-1000251 / #875881
 
 CVE-2017-1000252 (stretch only)
 
-    Jan H. Schoenherr of Amazon reported that there exists a reachable
-    assertion failure in the KVM implementation with enabled Virtual
-    Function I/O feature (ONFIG_VFIO), allowing a malicious guest
-    process to crash the KVM hypervisor and causing a denial of service.
+    Jan H. Schönherr of Amazon reported that the KVM implementation
+    for Intel x86 processors did not correctly validate interrupt
+    injection requests. A local user with permission to use KVM
+    could use this for denial of service.
 
 CVE-2017-1000370
 
@@ -164,6 +164,11 @@ CVE-2017-1000380
     with permission to access sound devices could use this to obtain
     sensitive information.
 
+Debian disables unprivileged user namespaces by default, but if they
+are enabled (via the kernel.unprivileged_userns_clone sysctl) then
+CVE-2017-11600, CVE-2017-14497, CVE-2017-1000111, and CVE-2017-1000112
+can be exploited by any local user.
+    
 jessie: 3.16.43-2+deb8u5
 stretch: 4.9.30-2+deb9u5
author	Ben Hutchings <benh@debian.org>	2017-09-20 20:18:40 +0000
committer	Ben Hutchings <benh@debian.org>	2017-09-20 20:18:40 +0000
commit	ffca6bf385ee9e89d823ef3e397aefe5f78dd180 (patch)
tree	354b0a3d5713f658de9cd77af592999b158cf700 /dsa-texts/4.9.30-2+deb9u5
parent	f9358797f36bafac2b58a98c7edfc41d6ac12b3d (diff)