The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Linux kernel: code execution via trace

Synthesis of the vulnerability 

A local privileged attacker can use a vulnerability of the execution tracing function of the Linux kernel, in order to run code with kernel privileges.
Vulnerable software: Debian, Android OS, Ubuntu.
Severity of this announce: 1/4.
Creation date: 07/06/2017.
Références of this computer vulnerability: CERTFR-2017-AVI-169, CERTFR-2017-AVI-185, CERTFR-2017-AVI-196, CVE-2017-0605-REJECTERROR, DLA-993-1, DLA-993-2, DSA-3886-1, DSA-3886-2, USN-3313-1, USN-3313-2, USN-3314-1, USN-3335-1, USN-3343-1, USN-3343-2, VIGILANCE-VUL-22915.

Description of the vulnerability 

A local privileged attacker can use a vulnerability of the execution tracing function of the Linux kernel, in order to run code with kernel privileges.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer vulnerability alert impacts software or systems such as Debian, Android OS, Ubuntu.

Our Vigil@nce team determined that the severity of this computer threat alert is low.

The trust level is of type confirmed by the editor, with an origin of privileged shell.

An attacker with a expert ability can exploit this security vulnerability.

Solutions for this threat 

Android OS: patch 2017-05-01 and 2017-05-05.
A patch is indicated in information sources.

Debian 7: new linux packages.
New packages are available:
  Debian 7: linux 3.2.89-2

Debian 8/9: new linux packages.
New packages are available:
  Debian 8: linux 3.16.43-2+deb8u2
  Debian 9: linux 4.9.30-2+deb9u2

Ubuntu 14.04: new linux-image-3.13.0-121-generic packages.
New packages are available:
  Ubuntu 14.04 LTS: linux-image-3.13.0-121-generic 3.13.0-121.170

Ubuntu: new linux-image-3.13.0-123-generic packages.
New packages are available:
  Ubuntu 14.04 LTS: linux-image-3.13.0-123-generic 3.13.0-123.172
  Ubuntu 12.04 ESM: linux-image-3.13.0-123-generic 3.13.0-123.172~precise1

Ubuntu: new linux-image-4.10.0 packages.
New packages are available:
  Ubuntu 17.04: linux-image-4.10.0-22-generic 4.10.0-22.24, linux-image-generic 4.10.0.22.24

Ubuntu: new linux-image packages.
New packages are available:
  Ubuntu 16.10: linux-image-generic 4.8.0.54.66
  Ubuntu 16.04 LTS: linux-image-4.8.0-54-generic 4.8.0-54.57~16.04.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides computer vulnerability alerts. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.