Red Hat update for kernel

1) Improper input validation

EUVDB-ID: #VU9775

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-17805

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to the Salsa20 encryption algorithm in the Linux kernel does not correctly handle zero-length inputs. A local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) can trigger uninitialized-memory free and cause the kernel to crash or execute a specially crafted sequence of system calls that use the blkcipher_walk API.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel (Red Hat package): 2.6.32-71.7.1.el6 - 2.6.32-754.15.3.el6

Red Hat Enterprise Linux for Power, big endian: 6

Red Hat Enterprise Linux for Scientific Computing: 6

Red Hat Enterprise Linux for IBM z Systems: 6

Red Hat Enterprise Linux Desktop: 6

Red Hat Enterprise Linux Workstation: 6

Red Hat Enterprise Linux Server: 6.0

:

CPE2.3

• cpe:2.3:o:red_hat:kernel_redhat_package:2.6.32-504.80.2.el6:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:kernel_redhat_package:2.6.32-754.15.3.el6:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:kernel_redhat_package:2.6.32-504.79.3.el6:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_big_endian:6:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_scientific_computing:6:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:6:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:6:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:6:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:6.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:::::*:*:*:*:*:*:

External links

http://access.redhat.com/errata/RHSA-2019:2473

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper access control

EUVDB-ID: #VU15174

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-17972

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists within the proc_pid_stack() function in fs/proc/base.c due to the Linux kernel does not ensure that only root may inspect the kernel stack of an arbitrary task. A local user can exploit racy stack unwinding and leak kernel task stack contents.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel (Red Hat package): 2.6.32-71.7.1.el6 - 2.6.32-754.15.3.el6

Red Hat Enterprise Linux for Power, big endian: 6

Red Hat Enterprise Linux for Scientific Computing: 6

Red Hat Enterprise Linux for IBM z Systems: 6

Red Hat Enterprise Linux Desktop: 6

Red Hat Enterprise Linux Workstation: 6

Red Hat Enterprise Linux Server: 6.0

:

CPE2.3

• cpe:2.3:o:red_hat:kernel_redhat_package:2.6.32-504.80.2.el6:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:kernel_redhat_package:2.6.32-754.15.3.el6:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:kernel_redhat_package:2.6.32-504.79.3.el6:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_big_endian:6:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_scientific_computing:6:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:6:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:6:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:6:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:6.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:::::*:*:*:*:*:*:

External links

http://access.redhat.com/errata/RHSA-2019:2473

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Information disclosure

EUVDB-ID: #VU19946

Risk: Low

CVSSv3.1: 8.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]

CVE-ID: CVE-2019-1125

CWE-ID: CWE-200 - Information exposure

Exploit availability: Yes

Description

The vulnerability allows a local user to gain access to potentially sensitive information and elevate privileges on the system.

The vulnerability exists when certain central processing units (CPU) speculatively access memory. A local user can gain unauthorized access to sensitive information and elevate privileges on the system.

This issue is a variant of the Spectre Variant 1 speculative execution side channel vulnerability that leverages SWAPGS instructions to bypass KPTI/KVA mitigations.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel (Red Hat package): 2.6.32-71.7.1.el6 - 2.6.32-754.15.3.el6

Red Hat Enterprise Linux for Power, big endian: 6

Red Hat Enterprise Linux for Scientific Computing: 6

Red Hat Enterprise Linux for IBM z Systems: 6

Red Hat Enterprise Linux Desktop: 6

Red Hat Enterprise Linux Workstation: 6

Red Hat Enterprise Linux Server: 6.0

:

CPE2.3

• cpe:2.3:o:red_hat:kernel_redhat_package:2.6.32-504.80.2.el6:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:kernel_redhat_package:2.6.32-754.15.3.el6:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:kernel_redhat_package:2.6.32-504.79.3.el6:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_big_endian:6:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_scientific_computing:6:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:6:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:6:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:6:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:6.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:::::*:*:*:*:*:*:

External links

http://access.redhat.com/errata/RHSA-2019:2473

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

4) Information disclosure

EUVDB-ID: #VU16896

Risk: Low

CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C]

CVE-ID: CVE-2019-5489

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to a flaw in the mincore() implementation in mm/mincore.c. A local attacker can observe page cache access patterns of other processes on the same system and sniff secret information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel (Red Hat package): 2.6.32-71.7.1.el6 - 2.6.32-754.15.3.el6

Red Hat Enterprise Linux for Power, big endian: 6

Red Hat Enterprise Linux for Scientific Computing: 6

Red Hat Enterprise Linux for IBM z Systems: 6

Red Hat Enterprise Linux Desktop: 6

Red Hat Enterprise Linux Workstation: 6

Red Hat Enterprise Linux Server: 6.0

:

CPE2.3

• cpe:2.3:o:red_hat:kernel_redhat_package:2.6.32-504.80.2.el6:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:kernel_redhat_package:2.6.32-754.15.3.el6:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:kernel_redhat_package:2.6.32-504.79.3.el6:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_big_endian:6:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_scientific_computing:6:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:6:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:6:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:6:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:6.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:::::*:*:*:*:*:*:

External links

http://access.redhat.com/errata/RHSA-2019:2473

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.