Red Hat update for kernel-rt
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2017-1000365 CVE-2017-7482 CVE-2018-5803 CVE-2018-10902 CVE-2018-12929 CVE-2018-12930 CVE-2018-12931 |
| CWE-ID | CWE-264 CWE-120 CWE-119 CWE-415 CWE-416 CWE-787 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
kernel-rt (Red Hat package) Operating systems & Components / Operating system package or component MRG Realtime Server applications / Application servers |
| Vendor |
Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Security restrictions bypass
EUVDB-ID: #VU7237
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-1000365,CVE-2017-7482
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass security restrictions on the target system.
The weakness exists due to the failure to take the argument and environment strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size) into account when imposing a size restriction. A local attacker can bypass security limitation and perform unauthorized actions.
Successful exploitation of the vulnerability results in access to the system.
Install updates from vendor's website.
kernel-rt (Red Hat package): 3.10.0-229.rt56.144.el6rt - 3.10.0-693.43.1.rt56.630.el6rt
MRG Realtime: 2
:
CPE2.3- cpe:2.3:o:red_hat:kernel-rt_redhat_package:3.10.0-693.37.4.rt56.629.el6rt:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:kernel-rt_redhat_package:3.10.0-693.21.1.rt56.607.el6rt:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:kernel-rt_redhat_package:3.10.0-693.17.1.rt56.604.el6rt:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:a:red_hat:mrg_realtime:2:*:*:*:*:*:*:
- cpe:2.3:::::*:*:*:*:*:*:
http://access.redhat.com/errata/RHSA-2019:0641
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Privilege escalation
EUVDB-ID: #VU7208
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-7482
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to buffer overflow. A local attacker can load a specially crafted Kerberos 5 ticket into a RxRPC key, trigger memory corruption and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
Install updates from vendor's website.
kernel-rt (Red Hat package): 3.10.0-229.rt56.144.el6rt - 3.10.0-693.43.1.rt56.630.el6rt
MRG Realtime: 2
:
CPE2.3- cpe:2.3:o:red_hat:kernel-rt_redhat_package:3.10.0-693.37.4.rt56.629.el6rt:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:kernel-rt_redhat_package:3.10.0-693.21.1.rt56.607.el6rt:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:kernel-rt_redhat_package:3.10.0-693.17.1.rt56.604.el6rt:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:a:red_hat:mrg_realtime:2:*:*:*:*:*:*:
- cpe:2.3:::::*:*:*:*:*:*:
http://access.redhat.com/errata/RHSA-2019:0641
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory corruption
EUVDB-ID: #VU10812
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5803
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
Description
The vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists in the _sctp_make_chunk() function due to boundary error. A local attacker can submit a crafted SCTP packet, trigger memory corruption and cause the service to crash.
MitigationInstall updates from vendor's website.
kernel-rt (Red Hat package): 3.10.0-229.rt56.144.el6rt - 3.10.0-693.43.1.rt56.630.el6rt
MRG Realtime: 2
:
CPE2.3- cpe:2.3:o:red_hat:kernel-rt_redhat_package:3.10.0-693.37.4.rt56.629.el6rt:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:kernel-rt_redhat_package:3.10.0-693.21.1.rt56.607.el6rt:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:kernel-rt_redhat_package:3.10.0-693.17.1.rt56.604.el6rt:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:a:red_hat:mrg_realtime:2:*:*:*:*:*:*:
- cpe:2.3:::::*:*:*:*:*:*:
http://access.redhat.com/errata/RHSA-2019:0641
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Double-free memory error
EUVDB-ID: #VU14490
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-10902
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to double-free memory error in snd_rawmidi_input_params() and snd_rawmidi_output_status() in 'rawmidi.c'. A local attacker can gain elevated privileges and execute arbitrary code.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
kernel-rt (Red Hat package): 3.10.0-229.rt56.144.el6rt - 3.10.0-693.43.1.rt56.630.el6rt
MRG Realtime: 2
:
CPE2.3- cpe:2.3:o:red_hat:kernel-rt_redhat_package:3.10.0-693.37.4.rt56.629.el6rt:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:kernel-rt_redhat_package:3.10.0-693.21.1.rt56.607.el6rt:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:kernel-rt_redhat_package:3.10.0-693.17.1.rt56.604.el6rt:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:a:red_hat:mrg_realtime:2:*:*:*:*:*:*:
- cpe:2.3:::::*:*:*:*:*:*:
http://access.redhat.com/errata/RHSA-2019:0641
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free error
EUVDB-ID: #VU14508
Risk: Low
CVSSv3.1: 8.1 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2018-12929
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists in the ntfs_read_locked_inode in the ntfs.ko filesystem driver due to use-after-free error. A local attacker can mount a specially crafted NTFS filesystem that submits malicious input, trigger memory corruption and cause the affected software to terminate abnormally or execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
kernel-rt (Red Hat package): 3.10.0-229.rt56.144.el6rt - 3.10.0-693.43.1.rt56.630.el6rt
MRG Realtime: 2
:
CPE2.3- cpe:2.3:o:red_hat:kernel-rt_redhat_package:3.10.0-693.37.4.rt56.629.el6rt:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:kernel-rt_redhat_package:3.10.0-693.21.1.rt56.607.el6rt:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:kernel-rt_redhat_package:3.10.0-693.17.1.rt56.604.el6rt:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:a:red_hat:mrg_realtime:2:*:*:*:*:*:*:
- cpe:2.3:::::*:*:*:*:*:*:
http://access.redhat.com/errata/RHSA-2019:0641
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Stack-based out-of-bounds write
EUVDB-ID: #VU14506
Risk: Low
CVSSv3.1: 8.1 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2018-12930
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists in the ntfs_end_buffer_async_read() function in the ntfs.kofilesystem driver due to stack-based out-of-bounds write. A local attacker can mount a specially crafted NTFS filesystem that submits malicious input, trigger memory corruption and cause the affected software to terminate abnormally or execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
kernel-rt (Red Hat package): 3.10.0-229.rt56.144.el6rt - 3.10.0-693.43.1.rt56.630.el6rt
MRG Realtime: 2
:
CPE2.3- cpe:2.3:o:red_hat:kernel-rt_redhat_package:3.10.0-693.37.4.rt56.629.el6rt:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:kernel-rt_redhat_package:3.10.0-693.21.1.rt56.607.el6rt:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:kernel-rt_redhat_package:3.10.0-693.17.1.rt56.604.el6rt:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:a:red_hat:mrg_realtime:2:*:*:*:*:*:*:
- cpe:2.3:::::*:*:*:*:*:*:
http://access.redhat.com/errata/RHSA-2019:0641
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Stack-based out-of-bounds write
EUVDB-ID: #VU14507
Risk: Low
CVSSv3.1: 8.1 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2018-12931
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists in the ntfs_attr_find() function in the ntfs.ko filesystem driver due to stack-based out-of-bounds write. A local attacker can mount a specially crafted NTFS filesystem that submits malicious input, trigger memory corruption and cause the affected software to terminate abnormally or execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
kernel-rt (Red Hat package): 3.10.0-229.rt56.144.el6rt - 3.10.0-693.43.1.rt56.630.el6rt
MRG Realtime: 2
:
CPE2.3- cpe:2.3:o:red_hat:kernel-rt_redhat_package:3.10.0-693.37.4.rt56.629.el6rt:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:kernel-rt_redhat_package:3.10.0-693.21.1.rt56.607.el6rt:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:kernel-rt_redhat_package:3.10.0-693.17.1.rt56.604.el6rt:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:a:red_hat:mrg_realtime:2:*:*:*:*:*:*:
- cpe:2.3:::::*:*:*:*:*:*:
http://access.redhat.com/errata/RHSA-2019:0641
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
