Recently, a series of remote code execution vulnerabilities named “Phoenix Talon” are discovered in the Linux kernel. One of these vulnerabilities is rated critical, and the other three are rated high.
The four vulnerabilities affect all kernel versions from Linux kernel 2.5.69 to 4.11. These vulnerabilities can be exploited to initiate DoS attacks or run code remotely. Transport-layer protocols TCP, DCCP, and SCTP and network-layer protocols IPv4 and IPv6 are all affected by these vulnerabilities.
See the following for more information about the vulnerability.
“Phoenix Talon” Linux kernel vulnerabilities
- CVE-2017-8890: Critical
- CVE-2017-9075: High
- CVE-2017-9076: High
- CVE-2017-9077: High
In Linux kernel versions later than 4.10.15, the
inet_csk_clone_lockfunction in the
net/ipv4/inet_connection_sock.cfile enables attackers to initiate DoS (double free) attacks or call the
accept()function to bring other impacts to the system.
As the most severe one among the four vulnerabilities, this vulnerability causes double-free attacks essentially. Attackers can trigger this vulnerability by using the
MCAST_JOIN_GROUPoption in the
setsockopt()function and calling the
CVE-2017-9075, CVE-2017-9076, and CVE-2017-9077
In Linux kernel versions later than 4.11.1, inheritance of the
sctp_v6_create_accept_skfunction in the
net/sctp/ipv6.cfile is not properly processed. As a result, local users can initiate DoS attacks or bring other impacts through special system calls. This vulnerability relates to vulnerability CVE-2017-8890.
Condition and method of exploitation
|CVE||Method of exploitation|
|CVE-2017-8890||Remote exploitation. |
This vulnerability can be remotely exploited to initiate DoS attacks only when the target host can receive multicast packets. The multicast function is effective only when the multicast mode is enabled on a switch. This mode is disabled on a switch by default.
Linux kernel 2.5.69 to 4.11
How to fix or mitigate
The vendor has released patches to fix these security issues. We recommend that you use
yum update kernel or
sudo apt-get update && sudo apt-get upgrade to upgrade the kernel.
Note: Before you perform the upgrade in the service production environment, you must create snapshots and test the integrity of the upgrade process.