Red Hat update for rhvm-setup-plugins

Published: 2019-05-08 | Updated: 2019-05-08

Risk	Low
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2017-5754 CVE-2018-3639
CWE-ID	CWE-200 CWE-362
Exploitation vector	Local
Public exploit	Public exploit code for vulnerability #1 is available.
Vulnerable software	Red Hat Virtualization Manager Client/Desktop applications / Virtualization software
Vendor	Red Hat Inc.

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Information disclosure

EUVDB-ID: #VU9882

Risk: Low

CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2017-5754

CWE-ID: CWE-200 - Information exposure

Exploit availability: Yes

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in Intel CPU hardware due to side-channel attacks, which are also referred to as Meltdown attacks. A local attacker can execute arbitrary code, perform a side-channel analysis of the data cache and gain access to sensitive information including memory from the CPU cache.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Virtualization Manager: 4.3

CPE2.3

cpe:2.3:a:red_hat:red_hat_virtualization_manager:4.3:*:*:*:*:*:*:*

External links

https://access.redhat.com/errata/RHSA-2019:1046

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to open a a specially crafted file.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Speculative Store Bypass

EUVDB-ID: #VU12911

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-3639

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to race conditions in CPU cache processing. A local attacker can conduct a side-channel attack to exploit a flaw in the speculative execution of Load and Store instructions to read privileged memory.

Note: the vulnerability is referred to as "Spectre variant 4".

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Virtualization Manager: 4.3

CPE2.3

cpe:2.3:a:red_hat:red_hat_virtualization_manager:4.3:*:*:*:*:*:*:*

External links

https://access.redhat.com/errata/RHSA-2019:1046

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to open a a specially crafted file.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.