Red Hat update for kernel-alt

1) Integer overflow

EUVDB-ID: #VU19997

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-13053

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists in kernel/time/alarmtimer.c within the alarm_timer_nsleep function. A local user can trigger integer overflow due to ktime_add_safe is not used and escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM System z (Structure A): 7.0

Red Hat Enterprise Linux for Power 9: 7.0

Red Hat Enterprise Linux for ARM 64: 7.0

kernel-alt (Red Hat package): 4.14.0-49.el7a - 4.14.0-115.6.1.el7a

:

CPE2.3

• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_system_z_structure_a:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_9:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:kernel-alt_redhat_package:4.14.0-49.el7a:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:kernel-alt_redhat_package:4.14.0-49.2.2.el7a:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:kernel-alt_redhat_package:4.14.0-49.8.1.el7a:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:::::*:*:*:*:*:*:*

External links

https://access.redhat.com/errata/RHSA-2019:0831

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Null pointer dereference

EUVDB-ID: #VU13852

Risk: Low

CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2018-13094

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to NULL pointer dereference in the fs/xfs/libxfs/xfs_attr_leaf.c source code file in the Extended File System (XFS) component when the xfs_da_shrink_inode() function is called with a NULL byte pointer. A local attacker can mount and perform operations on a crafted XFS image, trigger a NULL pointer dereference condition in the xfs_trans_binval() function and cause the service to crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM System z (Structure A): 7.0

Red Hat Enterprise Linux for Power 9: 7.0

Red Hat Enterprise Linux for ARM 64: 7.0

kernel-alt (Red Hat package): 4.14.0-49.el7a - 4.14.0-115.6.1.el7a

:

CPE2.3

• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_system_z_structure_a:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_9:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:kernel-alt_redhat_package:4.14.0-49.el7a:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:kernel-alt_redhat_package:4.14.0-49.2.2.el7a:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:kernel-alt_redhat_package:4.14.0-49.8.1.el7a:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:::::*:*:*:*:*:*:*

External links

https://access.redhat.com/errata/RHSA-2019:0831

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Use-after-free error

EUVDB-ID: #VU14181

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-14734

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to the ucma_leave_multicast() function, as defined in the drivers/infiniband/core/ucma.c source code file of the affected software, could allow access to a certain data structure after it has been allocated and freed in the ucma_process_join() function. A local attacker can send a specially request that submits malicious input, trigger use-after-free error and cause the service to crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM System z (Structure A): 7.0

Red Hat Enterprise Linux for Power 9: 7.0

Red Hat Enterprise Linux for ARM 64: 7.0

kernel-alt (Red Hat package): 4.14.0-49.el7a - 4.14.0-115.6.1.el7a

:

CPE2.3

• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_system_z_structure_a:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_9:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:kernel-alt_redhat_package:4.14.0-49.el7a:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:kernel-alt_redhat_package:4.14.0-49.2.2.el7a:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:kernel-alt_redhat_package:4.14.0-49.8.1.el7a:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:::::*:*:*:*:*:*:*

External links

https://access.redhat.com/errata/RHSA-2019:0831

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper access control

EUVDB-ID: #VU15174

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-17972

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists within the proc_pid_stack() function in fs/proc/base.c due to the Linux kernel does not ensure that only root may inspect the kernel stack of an arbitrary task. A local user can exploit racy stack unwinding and leak kernel task stack contents.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM System z (Structure A): 7.0

Red Hat Enterprise Linux for Power 9: 7.0

Red Hat Enterprise Linux for ARM 64: 7.0

kernel-alt (Red Hat package): 4.14.0-49.el7a - 4.14.0-115.6.1.el7a

:

CPE2.3

• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_system_z_structure_a:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_9:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:kernel-alt_redhat_package:4.14.0-49.el7a:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:kernel-alt_redhat_package:4.14.0-49.2.2.el7a:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:kernel-alt_redhat_package:4.14.0-49.8.1.el7a:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:::::*:*:*:*:*:*:*

External links

https://access.redhat.com/errata/RHSA-2019:0831

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper access control

EUVDB-ID: #VU15643

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-18281

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local user to bypass certain security restrictions.

The vulnerability exists due to improper access restrictions to memory when performing TLB flushes after dropping pagetable locks with mremap() syscall, A local user can access a physical page of a stale TLB entry after ftruncate() syscall is called to remove entries from the pagetables of a task that is in the middle of mremap() syscall.

Successful exploitation of the vulnerability may allow an attacker to gain access to sensitive information, stored in process memory.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM System z (Structure A): 7.0

Red Hat Enterprise Linux for Power 9: 7.0

Red Hat Enterprise Linux for ARM 64: 7.0

kernel-alt (Red Hat package): 4.14.0-49.el7a - 4.14.0-115.6.1.el7a

:

CPE2.3

• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_system_z_structure_a:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_9:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:kernel-alt_redhat_package:4.14.0-49.el7a:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:kernel-alt_redhat_package:4.14.0-49.2.2.el7a:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:kernel-alt_redhat_package:4.14.0-49.8.1.el7a:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:::::*:*:*:*:*:*:*

External links

https://access.redhat.com/errata/RHSA-2019:0831

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Type confusion

EUVDB-ID: #VU15458

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-18386

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to a type confusion condition in the drivers/tty/n_tty.csource code file. A local attacker can deny use of any other pseudoterminal devices on a targeted system when the EXTPROC and ICANON flags become confused in the TIOCINQ command.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM System z (Structure A): 7.0

Red Hat Enterprise Linux for Power 9: 7.0

Red Hat Enterprise Linux for ARM 64: 7.0

kernel-alt (Red Hat package): 4.14.0-49.el7a - 4.14.0-115.6.1.el7a

:

CPE2.3

• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_system_z_structure_a:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_9:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:kernel-alt_redhat_package:4.14.0-49.el7a:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:kernel-alt_redhat_package:4.14.0-49.2.2.el7a:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:kernel-alt_redhat_package:4.14.0-49.8.1.el7a:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:::::*:*:*:*:*:*:*

External links

https://access.redhat.com/errata/RHSA-2019:0831

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Security restrictions bypass

EUVDB-ID: #VU16558

Risk: Low

CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2018-18397

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

Description

The vulnerability allows a local attacker to bypass security restrictions on the target system.

The vulnerability exists due to improper access control in the userfaultfd implementation. A local attacker can access a system that is mounted with shmem or hugetlbs virtual memory areas, maliciously modify mapping to targeted files and write arbitrary memory on the system, which could be used to conduct additional attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM System z (Structure A): 7.0

Red Hat Enterprise Linux for Power 9: 7.0

Red Hat Enterprise Linux for ARM 64: 7.0

kernel-alt (Red Hat package): 4.14.0-49.el7a - 4.14.0-115.6.1.el7a

:

CPE2.3

• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_system_z_structure_a:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_9:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:kernel-alt_redhat_package:4.14.0-49.el7a:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:kernel-alt_redhat_package:4.14.0-49.2.2.el7a:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:kernel-alt_redhat_package:4.14.0-49.8.1.el7a:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:::::*:*:*:*:*:*:*

External links

https://access.redhat.com/errata/RHSA-2019:0831

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

8) NULL pointer dereference

EUVDB-ID: #VU17910

Risk: Low

CVSSv4.0: 6.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]

CVE-ID: CVE-2019-9213

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: Yes

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dreference error in expand_downwards() in mm/mmap.c that does not check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM System z (Structure A): 7.0

Red Hat Enterprise Linux for Power 9: 7.0

Red Hat Enterprise Linux for ARM 64: 7.0

kernel-alt (Red Hat package): 4.14.0-49.el7a - 4.14.0-115.6.1.el7a

:

CPE2.3

• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_system_z_structure_a:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_9:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:kernel-alt_redhat_package:4.14.0-49.el7a:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:kernel-alt_redhat_package:4.14.0-49.2.2.el7a:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:kernel-alt_redhat_package:4.14.0-49.8.1.el7a:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:::::*:*:*:*:*:*:*

External links

https://access.redhat.com/errata/RHSA-2019:0831

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.