SB2018081520 - Red Hat Enterprise Linux 7 update for kernel-rt 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018081520

SB2018081520 - Red Hat Enterprise Linux 7 update for kernel-rt

Published: August 15, 2018

Security Bulletin ID SB2018081520
Severity
High
Patch available
YES
Number of vulnerabilities 8
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 13% Medium 13% Low 75%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 8 secuirty vulnerabilities.


1) Privilege escalation (CVE-ID: CVE-2017-13215)

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The weakness exists due to a flaw in the Upstream kernel skcipher. A remote attacker can trick the victim into opening a specially crafted application and execute arbitrary code with elevated privileges.

2) Use-after-free error (CVE-ID: CVE-2018-10675)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the do_get_mempolicy function in mm/mempolicy.c due to use-after-free error. A local attacker can use specially crafted system calls, trigger memory corruption and cause the service to crash.


3) Side-channel attack (CVE-ID: CVE-2018-3620)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists due to an error in systems with microprocessors utilizing speculative execution and address translations . A local attacker can trigger terminal page fault, conduct side-channel attack and gain access to potentially sensitive information residing in the L1 data cache.


4) Information disclosure (CVE-ID: CVE-2018-3646)

The vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.

The weakness exists on the systems with microprocessors utilizing speculative execution and address translations due to an error in Hypervisor. An adjacent attacker can access information residing in the L1 data cache via a terminal page fault and a side-channel analysis.


5) Side-channel attack (CVE-ID: CVE-2018-3646)

The vulnerability allows an adjacent attacker to obtain potentially sensitive information.

The vulnerability exists due to an error in systems with microprocessors utilizing speculative execution and address translations. An adjacent attacker with guest OS privilege can trigger terminal page fault, conduct side-channel attack and gain access to potentially sensitive information residing in the L1 data cache.


6) Information disclosure (CVE-ID: CVE-2018-3693)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in the design of most modern CPUs using speculative execution and branch prediction due to improper speculative execution of instructions. A local attacker can bypass bounds checks, trigger buffer overflow, perform arbitrary speculative execution and a side-channel attack to access sensitive memory information.


7) Resource exhaustion (CVE-ID: CVE-2018-5390)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to the system uses an inefficient TCP reassembly algorithm. A remote attacker can send specially crafted packets within ongoing TCP sessions to consume excessive CPU resources and cause the service to crash.

Note: The issue has been called "SegmentSmack".


8) Memory corruption (CVE-ID: CVE-2018-7566)

The vulnerability allows a local attacker to write arbitrary files on the target system.

The weakness exists due to out-of-bounds write while ALSA sequencer core initializes the event pool on demand by invoking snd_seq_pool_init() when the first write happens and the pool is empty. A local attacker can trigger buffer overflow and use after free and reset the pool size manually via ioctl concurrently and write arbitrary files.

Remediation

Install update from vendor's website.

References