ALAS-2018-1050

Amazon Linux 2 Security Advisory: ALAS-2018-1050
Advisory Release Date: 2018-08-04 23:49 Pacific
Advisory Updated Date: 2024-07-24 20:06 Pacific
Severity: Critical
Issue Overview:

2024-07-24: CVE-2018-13094 was added to this advisory.

2024-07-24: CVE-2018-13405 was added to this advisory.

2024-07-24: CVE-2018-13093 was added to this advisory.

An issue was discovered in the XFS filesystem in fs/xfs/xfs_icache.c in the Linux kernel. There is a NULL pointer dereference leading to a system panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during an allocation. (CVE-2018-13093)

An issue was discovered in the XFS filesystem in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel. A NULL pointer dereference may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp. This can lead to a system crash and a denial of service. (CVE-2018-13094)

A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. (CVE-2018-13405)

A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390)


Affected Packages:

kernel


Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.


Issue Correction:
Run yum update kernel and reboot your instance to update your system.

New Packages:
src:
    kernel-4.14.59-68.43.amzn2.src

x86_64:
    kernel-4.14.59-68.43.amzn2.x86_64
    kernel-headers-4.14.59-68.43.amzn2.x86_64
    kernel-debuginfo-common-x86_64-4.14.59-68.43.amzn2.x86_64
    perf-4.14.59-68.43.amzn2.x86_64
    perf-debuginfo-4.14.59-68.43.amzn2.x86_64
    python-perf-4.14.59-68.43.amzn2.x86_64
    python-perf-debuginfo-4.14.59-68.43.amzn2.x86_64
    kernel-tools-4.14.59-68.43.amzn2.x86_64
    kernel-tools-devel-4.14.59-68.43.amzn2.x86_64
    kernel-tools-debuginfo-4.14.59-68.43.amzn2.x86_64
    kernel-devel-4.14.59-68.43.amzn2.x86_64
    kernel-debuginfo-4.14.59-68.43.amzn2.x86_64

Additional References

Red Hat: CVE-2018-13093, CVE-2018-13094, CVE-2018-13405, CVE-2018-5390

Mitre: CVE-2018-13093, CVE-2018-13094, CVE-2018-13405, CVE-2018-5390