SB2018081450 - Red Hat Enterprise Linux 6 update for kernel 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018081450

SB2018081450 - Red Hat Enterprise Linux 6 update for kernel

Published: August 14, 2018

Security Bulletin ID SB2018081450
Severity
Medium
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 10% Low 90%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.


1) Use-after-free error (CVE-ID: CVE-2017-0861)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to use-after-free error. A local attacker can trigger memory corruption and cause the service to crash or execute arbitrary code.

2) Use-after-free (CVE-ID: CVE-2017-0861)

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to a use-after-free error in snd_pcm_info() function in the ALSA subsystem.  A local user can perform a denial of service attack.

3) Use-after-free (CVE-ID: CVE-2017-15265)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to use-after-free error in the ALSA sequencer interface (/dev/snd/seq). A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in system compromise.


4) Race condition (CVE-ID: CVE-2018-1000004)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to race condition in the sound system. A remote attacker can trigger deadlock and cause the system to crash.

5) Privilege escalation (CVE-ID: CVE-2018-10901)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability existsin the Kernel-based Virtual Machine (KVM) virtualization subsystem  due to the vmx.c source code file of the affected software fails to set the GDT.LIMIT value to the previous host value and instead sets it to 64 KB. A local attacker can place malicious entries in the Global Descriptor Table (GDT), submit a specially crafted request that submits malicious input and gain elevated privileges on the system.


6) Side-channel attack (CVE-ID: CVE-2018-3620)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists due to an error in systems with microprocessors utilizing speculative execution and address translations . A local attacker can trigger terminal page fault, conduct side-channel attack and gain access to potentially sensitive information residing in the L1 data cache.


7) Information disclosure (CVE-ID: CVE-2018-3646)

The vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.

The weakness exists on the systems with microprocessors utilizing speculative execution and address translations due to an error in Hypervisor. An adjacent attacker can access information residing in the L1 data cache via a terminal page fault and a side-channel analysis.


8) Side-channel attack (CVE-ID: CVE-2018-3646)

The vulnerability allows an adjacent attacker to obtain potentially sensitive information.

The vulnerability exists due to an error in systems with microprocessors utilizing speculative execution and address translations. An adjacent attacker with guest OS privilege can trigger terminal page fault, conduct side-channel attack and gain access to potentially sensitive information residing in the L1 data cache.


9) Information disclosure (CVE-ID: CVE-2018-3693)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in the design of most modern CPUs using speculative execution and branch prediction due to improper speculative execution of instructions. A local attacker can bypass bounds checks, trigger buffer overflow, perform arbitrary speculative execution and a side-channel attack to access sensitive memory information.


10) Memory corruption (CVE-ID: CVE-2018-7566)

The vulnerability allows a local attacker to write arbitrary files on the target system.

The weakness exists due to out-of-bounds write while ALSA sequencer core initializes the event pool on demand by invoking snd_seq_pool_init() when the first write happens and the pool is empty. A local attacker can trigger buffer overflow and use after free and reset the pool size manually via ioctl concurrently and write arbitrary files.

Remediation

Install update from vendor's website.

References