SB2018121907 - Multiple vulnerabilities in Linux Kernel
Published: December 19, 2018 Updated: December 20, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Use-after-free error (CVE-ID: CVE-2018-16884)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to bc_svc_process() use wrong back-channel id when NFS41+ shares mounted in different network namespaces at the same time. A remote attacker can use a malicious container to trigger use-after-free error and cause a system panic.
2) Use-after-free error (CVE-ID: CVE-2018-16882)
The vulnerability allows an adjacent attacker to cause DoS condition or gain elevated privileges on the target system.
The vulnerability exists due to in nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the 'pi_desc_page' without resetting 'pi_desc' descriptor address which is latter used in pi_test_and_clear_on(). An adjacent attacker can use a malicious container to trigger use-after-free error and crash the host kernel resulting in DoS OR potentially gain privileged access to a system.
3) Memory corruption (CVE-ID: CVE-2018-20169)
The vulnerability allows a local attacker to cause DoS condition or execute arbitrary code on the target system.
The vulnerability exists in the USB subsystem due to improper checks on the minimum and maximum size of data allowed when reading an extra descriptor by the USB subsystem of the affected software, related to the __usb_get_extra_descriptor in the drivers/usb/core/usb.c source code file. A local attacker can insert a USB device designed to submit malicious input, trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Install update from vendor's website.