Red Hat update for kernel

1) Out-of-bounds read

EUVDB-ID: #VU14184

Risk: Low

CVSSv3.1: 3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-18344

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: Yes

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists due to out-of-bounds memory read error in the 'sigevent->sigev_notify' field of show_timer() function in the timer subsystem. A local attacker can obtain potentially sensitive information from system memory.

Install update from vendor's website.

kernel-rt (Red Hat package): 3.10.0-229.rt56.144.el6rt - 3.10.0-693.39.1.rt56.629.el6rt

MRG Realtime: 2

:

• cpe:2.3:o:red_hat:kernel-rt_redhat_package:3.10.0-693.37.4.rt56.629.el6rt:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:kernel-rt_redhat_package:3.10.0-693.21.1.rt56.607.el6rt:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:kernel-rt_redhat_package:3.10.0-693.17.1.rt56.604.el6rt:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:a:red_hat:mrg_realtime:2:*:*:*:*:*:*:
• cpe:2.3:::::*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2018:3586

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Improper input validation

EUVDB-ID: #VU14437

Risk: Medium

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-5391

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to an error when handling reassembly of fragmented IPv4 and IPv6 packets. A remote attacker can send specially crafted packets, trigger time and calculation expensive fragment reassembly algorithms and cause the service to crash.

Install update from vendor's website.

kernel-rt (Red Hat package): 3.10.0-229.rt56.144.el6rt - 3.10.0-693.39.1.rt56.629.el6rt

MRG Realtime: 2

:

• cpe:2.3:o:red_hat:kernel-rt_redhat_package:3.10.0-693.37.4.rt56.629.el6rt:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:kernel-rt_redhat_package:3.10.0-693.21.1.rt56.607.el6rt:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:kernel-rt_redhat_package:3.10.0-693.17.1.rt56.604.el6rt:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:a:red_hat:mrg_realtime:2:*:*:*:*:*:*:
• cpe:2.3:::::*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2018:3586

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free error

EUVDB-ID: #VU13023

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-10675

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Install update from vendor's website.

kernel-rt (Red Hat package): 3.10.0-229.rt56.144.el6rt - 3.10.0-693.39.1.rt56.629.el6rt

MRG Realtime: 2

:

• cpe:2.3:o:red_hat:kernel-rt_redhat_package:3.10.0-693.37.4.rt56.629.el6rt:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:kernel-rt_redhat_package:3.10.0-693.21.1.rt56.607.el6rt:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:kernel-rt_redhat_package:3.10.0-693.17.1.rt56.604.el6rt:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:a:red_hat:mrg_realtime:2:*:*:*:*:*:*:
• cpe:2.3:::::*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2018:3586

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Integer overflow

EUVDB-ID: #VU15168

Risk: Low

CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-14634

CWE-ID: CWE-190 - Integer overflow

Exploit availability: Yes

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow in create_elf_tables() function when processing SUID binaries. A local unprivileged user can use this vulnerability to execute execute arbitrary code on the system with elevated privileges.

Install update from vendor's website.

kernel-rt (Red Hat package): 3.10.0-229.rt56.144.el6rt - 3.10.0-693.39.1.rt56.629.el6rt

MRG Realtime: 2

:

• cpe:2.3:o:red_hat:kernel-rt_redhat_package:3.10.0-693.37.4.rt56.629.el6rt:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:kernel-rt_redhat_package:3.10.0-693.21.1.rt56.607.el6rt:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:kernel-rt_redhat_package:3.10.0-693.17.1.rt56.604.el6rt:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:a:red_hat:mrg_realtime:2:*:*:*:*:*:*:
• cpe:2.3:::::*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2018:3586

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.