Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 13 |
CVE-ID | CVE-2017-11473 CVE-2017-12190 CVE-2017-15129 CVE-2017-15299 CVE-2017-17448 CVE-2017-17449 CVE-2017-1000255 CVE-2017-1000410 CVE-2018-6927 CVE-2018-1000004 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 |
CWE-ID | CWE-120 CWE-401 CWE-119 CWE-476 CWE-264 CWE-200 CWE-190 CWE-362 |
Exploitation vector | Network |
Public exploit |
Public exploit code for vulnerability #11 is available. Vulnerability #12 is being exploited in the wild. Public exploit code for vulnerability #13 is available. |
Vulnerable software |
Red Hat Enterprise Linux for IBM System z (Structure A) Operating systems & Components / Operating system Red Hat Enterprise Linux for Power 9 Operating systems & Components / Operating system Red Hat Enterprise Linux for ARM 64 Operating systems & Components / Operating system kernel-alt (Red Hat package) Operating systems & Components / Operating system package or component Other |
Vendor |
Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 13 vulnerabilities.
EUVDB-ID: #VU12137
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-11473
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c due to buffer overflow. A local attacker can submit a specially crafted ACPI table, trigger memory corruption and gain root privileges.
Install updates from vendor's website.
Red Hat Enterprise Linux for IBM System z (Structure A): 7.0
Red Hat Enterprise Linux for Power 9: 7.0
Red Hat Enterprise Linux for ARM 64: 7.0
kernel-alt (Red Hat package): 4.14.0-49.2.2.el7a - 4.14.0-49.13.1.el7a
:
CPE2.3https://access.redhat.com/errata/RHSA-2018:0654
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU10709
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-12190
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to an out-of-memory condition. A local attacker can cause a memory leak and possible system lock up.
Install updates from vendor's website.
Red Hat Enterprise Linux for IBM System z (Structure A): 7.0
Red Hat Enterprise Linux for Power 9: 7.0
Red Hat Enterprise Linux for ARM 64: 7.0
kernel-alt (Red Hat package): 4.14.0-49.2.2.el7a - 4.14.0-49.13.1.el7a
:
CPE2.3https://access.redhat.com/errata/RHSA-2018:0654
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU10680
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-15129
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local unprivileged attacker to cause DoS condition no the target system.
The weakness exists due to the function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr. A local attacker can induce kernel memory corruption, trigger use-after-free and double free error in network namespaces code to cause the system to crash.
Install updates from vendor's website.
Red Hat Enterprise Linux for IBM System z (Structure A): 7.0
Red Hat Enterprise Linux for Power 9: 7.0
Red Hat Enterprise Linux for ARM 64: 7.0
kernel-alt (Red Hat package): 4.14.0-49.2.2.el7a - 4.14.0-49.13.1.el7a
:
CPE2.3https://access.redhat.com/errata/RHSA-2018:0654
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU9602
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-15299
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to the KEYS subsystem mishandles use of add_key for a key that already exists but is uninstantiated. A local attacker can supply specially crafted keys, trigger null pointer dereference and cause the service to crash.
Successful exploitation of the vulnerability results in denial of service.
Install updates from vendor's website.
Red Hat Enterprise Linux for IBM System z (Structure A): 7.0
Red Hat Enterprise Linux for Power 9: 7.0
Red Hat Enterprise Linux for ARM 64: 7.0
kernel-alt (Red Hat package): 4.14.0-49.2.2.el7a - 4.14.0-49.13.1.el7a
:
CPE2.3https://access.redhat.com/errata/RHSA-2018:0654
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU9768
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-17448
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass security restrictions on the target system.
The weakness exists due to net/netfilter/nfnetlink_cthelper.c in the Linux kernel does not require the CAP_NET_ADMIN capability for new, get, and del operations. A local attacker can bypass intended access
restrictions because the nfnl_cthelper_list data structure is shared
across all net namespaces.
Install updates from vendor's website.
Red Hat Enterprise Linux for IBM System z (Structure A): 7.0
Red Hat Enterprise Linux for Power 9: 7.0
Red Hat Enterprise Linux for ARM 64: 7.0
kernel-alt (Red Hat package): 4.14.0-49.2.2.el7a - 4.14.0-49.13.1.el7a
:
CPE2.3https://access.redhat.com/errata/RHSA-2018:0654
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU9769
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-17449
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to the __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace. A local attacker can leverage the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink
activity on the system and read arbitrary files.
Install updates from vendor's website.
Red Hat Enterprise Linux for IBM System z (Structure A): 7.0
Red Hat Enterprise Linux for Power 9: 7.0
Red Hat Enterprise Linux for ARM 64: 7.0
kernel-alt (Red Hat package): 4.14.0-49.2.2.el7a - 4.14.0-49.13.1.el7a
:
CPE2.3https://access.redhat.com/errata/RHSA-2018:0654
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU8812
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-1000255
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code with escalated privileges.
The vulnerability exists due to a boundary error in the Linux kernel's when handling signal frame on PowerPC systems. A malicious local user process could craft a signal frame allowing an attacker to corrupt memory and execute arbitrary code on the target system with escalated privileges.
Install updates from vendor's website.
Red Hat Enterprise Linux for IBM System z (Structure A): 7.0
Red Hat Enterprise Linux for Power 9: 7.0
Red Hat Enterprise Linux for ARM 64: 7.0
kernel-alt (Red Hat package): 4.14.0-49.2.2.el7a - 4.14.0-49.13.1.el7a
:
CPE2.3https://access.redhat.com/errata/RHSA-2018:0654
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU9774
Risk: Low
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-1000410
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to a flaw when processing the incoming of L2CAP commands, ConfigRequest and ConfigResponse messages. A remote attacker can manipulate the code flows that precede the handling of the configuration messages and read important data.
Install updates from vendor's website.
Red Hat Enterprise Linux for IBM System z (Structure A): 7.0
Red Hat Enterprise Linux for Power 9: 7.0
Red Hat Enterprise Linux for ARM 64: 7.0
kernel-alt (Red Hat package): 4.14.0-49.2.2.el7a - 4.14.0-49.13.1.el7a
:
CPE2.3https://access.redhat.com/errata/RHSA-2018:0654
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU11182
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6927
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists in the futex_requeue function due to integer overflow. A local attacker can trigger a negative wake or requeue value and cause the service to crash.
Install updates from vendor's website.
Red Hat Enterprise Linux for IBM System z (Structure A): 7.0
Red Hat Enterprise Linux for Power 9: 7.0
Red Hat Enterprise Linux for ARM 64: 7.0
kernel-alt (Red Hat package): 4.14.0-49.2.2.el7a - 4.14.0-49.13.1.el7a
:
CPE2.3https://access.redhat.com/errata/RHSA-2018:0654
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU10679
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-1000004
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to race condition in the sound system. A remote attacker can trigger deadlock and cause the system to crash.
Install updates from vendor's website.
Red Hat Enterprise Linux for IBM System z (Structure A): 7.0
Red Hat Enterprise Linux for Power 9: 7.0
Red Hat Enterprise Linux for ARM 64: 7.0
kernel-alt (Red Hat package): 4.14.0-49.2.2.el7a - 4.14.0-49.13.1.el7a
:
CPE2.3https://access.redhat.com/errata/RHSA-2018:0654
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU9883
Risk: Low
CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2017-5715
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can utilize branch target injection, execute arbitrary code, perform a side-channel attack and read sensitive memory information.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for IBM System z (Structure A): 7.0
Red Hat Enterprise Linux for Power 9: 7.0
Red Hat Enterprise Linux for ARM 64: 7.0
kernel-alt (Red Hat package): 4.14.0-49.2.2.el7a - 4.14.0-49.13.1.el7a
:
CPE2.3https://access.redhat.com/errata/RHSA-2018:0654
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU9884
Risk: Low
CVSSv4.0: 6.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2017-5753
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can perform a bounds check bypass, execute arbitrary code, conduct a side-channel attack and read sensitive memory information.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for IBM System z (Structure A): 7.0
Red Hat Enterprise Linux for Power 9: 7.0
Red Hat Enterprise Linux for ARM 64: 7.0
kernel-alt (Red Hat package): 4.14.0-49.2.2.el7a - 4.14.0-49.13.1.el7a
:
CPE2.3https://access.redhat.com/errata/RHSA-2018:0654
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU9882
Risk: Low
CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2017-5754
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in Intel CPU hardware due to side-channel attacks, which are also referred to as Meltdown attacks. A local attacker can execute arbitrary code, perform a side-channel analysis of the data cache and gain access to sensitive information including memory from the CPU cache.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for IBM System z (Structure A): 7.0
Red Hat Enterprise Linux for Power 9: 7.0
Red Hat Enterprise Linux for ARM 64: 7.0
kernel-alt (Red Hat package): 4.14.0-49.2.2.el7a - 4.14.0-49.13.1.el7a
:
CPE2.3https://access.redhat.com/errata/RHSA-2018:0654
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.