SB2019061825 - Red Hat Enterprise Linux 8 update for kernel-rt

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019061825

SB2019061825 - Red Hat Enterprise Linux 8 update for kernel-rt

Published: June 18, 2019

Security Bulletin ID SB2019061825
Severity
Medium
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 75% Low 25%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Integer overflow (CVE-ID: CVE-2019-11477)

The vulnerability allows a remote attacker to perform denial of service (DoS) attack.

The vulnerability exists due to integer overflow when handling TCP Selective Acknowledgments (SACKs) due to incorrect processing of TCP_SKB_CB(skb)->tcp_gso_segs value in Linux kernel. A remote non-authenticated attacker can send specially crafted network traffic to the affected system, trigger integer overflow and render the system unavailable.

Successful exploitation of the vulnerability allows a remote attacker to perform denial of service (DoS) attack.


2) Resource exhaustion (CVE-ID: CVE-2019-11478)

The vulnerability allows a remote attacker to perform denial of service (DoS) attack.

The vulnerability exists due to an error when processing TCP Selective Acknowledgment (SACK) sequences within the Linux kernel TCP retransmission queue implementation in tcp_fragment. A remote non-authenticated attacker can send specially crafted network traffic to the affected system and perform a denial of service (DoS) attack.



3) Resource exhaustion (CVE-ID: CVE-2019-11479)

The vulnerability allows a remote attacker to perform denial of service (DoS) attack.

The vulnerability exists due to presence of hard-coded MSS value (48 bytes) in the Linux kernel source code. A remote attacker can fragment TCP resend queues significantly more than if a larger MSS were enforced and perform denial of service (DoS) attack.


4) NULL pointer dereference (CVE-ID: CVE-2019-9213)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dreference error in expand_downwards() in mm/mmap.c that does not check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task. A local user can perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References