USN-2765-1 Linux Kernel (Vivid HWE) Vulnerability


Severity

High

Vendor

Canonical Ubuntu

Versions Affected
  • Canonical Ubuntu 14.04 LTS
Description

It was discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information or cause a denial of service.

Affected Pivotal Products and Versions

Severity is high unless otherwise noted.

  • BOSH: All versions of Cloud Foundry BOSH stemcells prior to v3094 are vulnerable to the aforementioned CVE.
  • Products in the PCF Suite which reference BOSH stemcell v3093 or earlier are vulnerable to the aforementioned CVE:
    • Ops Manager v1.5.6 or earlier
    • Elastic Runtime v1.5.5 or earlier
    • MySQL for Pivotal Cloud Foundry v1.6.2 or earlier
    • Session State Caching Powered by Pivotal Gemfire v1.0.2 or earlier
    • RabbitMQ for Pivotal Cloud Foundry v1.4.4 or earlier
    • Redis for Pivotal Cloud Foundry v1.4.8 or earlier
Mitigation

Users of affected versions should apply the following mitigation:

Credit

Dmitry Vyukov

References