virtualMachine

2016-01-20 Linux kernel vulnerability (CVE-2016-0728)

CVE-2016-0728 is caused by a reference leak in the keyrings facility and it affects any Linux Kernel v3.8 and higher.

The keyrings facility is primarily a way for drivers to retain or cache security data, authentication keys, encryption keys and other data in the kernel. Each process can create a keyring for the current session using keyctl(KEYCTL_JOIN_SESSION_KEYRING, name) and can choose to either assign a name to the keyring or not by passing NULL. The keyring object can be shared between processes by referencing the same keyring name.

Even though the bug itself can directly cause a memory leak, it has far more serious consequences. The outline of the steps that to be executed by the exploit code is as follows:

  • Hold a (legitimate) reference to a key object
  • Overflow the same object’s usage
  • Get the keyring object freed
  • Allocate a different kernel object from user-space, with a user-controlled content, over the same memory previously used by the freed keyring object
  • Use the reference to the old key object and trigger code execution

Find more information about the issue.

Affected platforms

Ubuntu

Run the following command:

$ uname -r

You should see output like this:

3.13.0-76-generic

This is a secure version of the library. Any version between v3.8 and this one is affected.

Debian

Run the following command:

$ uname -v

You should see output like this:

3.16.7-ckt20-1

This is a secure version of the library. Any version between v3.8 and this one is affected.

RedHat Enterprise Linux

This issue does not affect the Linux kernels shipped with Red Hat Enterprise Linux 5 and 6. The Bitnami images of RedHat are not affected as we provide images for RedHat 6.6.

Oracle Linux

Run the following command:

$ uname -r

You should see output like this:

3.8.13-118.2.5.el6uek.x86_64

This is a secure version of the library. Any version between v3.8 and this one is affected.

Amazon Linux

Run the following command:

$ uname -r

You should see output like this:

4.1.13-19.31.amzn1.x86_64

This is a secure version of the library. Any version between v3.8 and this one is affected.

How to patch it

If your system is affected, follow the steps below for your platform.

Ubuntu and Debian

Run the following command to patch the system and then reboot:

$ sudo apt-get update && sudo apt-get dist-upgrade
$ sudo reboot

Oracle Linux

Run the following command to patch the system and then reboot:

$ sudo yum update
$ sudo yum upgrade
$ sudo reboot

Amazon Linux

Run the following command to patch the system and then reboot:

$ sudo yum clean all
$ sudo yum update kernel
$ sudo reboot