Red Hat update for kernel

1) Buffer overflow

EUVDB-ID: #VU22712

Risk: Low

CVSSv4.0: 2.1 [CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-12207

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the mechanism responsible for error handling on some Intel platforms. A local user of a guest operating system can use a specially crafted application to trigger memory corruption and cause the host system to stop responding.

Successful exploitation of this vulnerability may result in a denial of service (DoS) attack.

Below is the list of processor families that are affected by this vulnerability:

Client:

• Intel Core i3 Processors
• Intel Core i5 Processors
• Intel Core i7 Processors
• Intel Core m Processor Family
• 2nd generation Intel Core Processors
• 3rd generation Intel Core Processors
• 4th generation Intel Core Processors
• 5th generation Intel Core Processors
• 6th generation Intel Core Processors
• 7th generation Intel Core Processors
• 8th generation Intel Core Processors
• Intel Core X-series Processor Family
• Intel Pentium Gold Processor Series
• Intel Celeron Processor G Series

Server:

• 2nd Generation Intel Xeon Scalable Processors
• Intel Xeon Scalable Processors
• Intel Xeon Processor E7 v4 Family
• Intel Xeon Processor E7 v3 Family
• Intel Xeon Processor E7 v2 Family
• Intel Xeon Processor E7 Family
• Intel Xeon Processor E5 v4 Family
• Intel Xeon Processor E5 v3 Family
• Intel Xeon Processor E5 v2 Family
• Intel Xeon Processor E5 Family
• Intel Xeon Processor E3 v6 Family
• Intel Xeon Processor E3 v5 Family
• Intel Xeon Processor E3 v4 Family
• Intel Xeon Processor E3 v3 Family
• Intel Xeon Processor E3 v2 Family
• Intel Xeon Processor E3 Family
• Intel Xeon E Processor
• Intel Xeon D Processor
• Intel Xeon W Processor
• Legacy Intel Xeon Processor

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux EUS Compute Node: 7.7

kernel (Red Hat package): 3.10.0-123.1.2.el7 - 3.10.0-1062.4.1.el7

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 7.7

Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions: 7.7

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 7.7

Red Hat Enterprise Linux Server - TUS: 7.7

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 7.7

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian - Extended Update Support: 7.7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 7.7

Red Hat Enterprise Linux Server - AUS: 7.7

Red Hat Virtualization Host: 4

Red Hat Enterprise Linux for IBM z Systems: 7

Red Hat Enterprise Linux for Scientific Computing: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7

:

CPE2.3

• cpe:2.3:o:red_hat:red_hat_enterprise_linux_eus_compute_node:7.7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:kernel_redhat_package:3.10.0-123.1.2.el7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:kernel_redhat_package:3.10.0-123.4.2.el7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:kernel_redhat_package:3.10.0-123.4.4.el7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_x86_64_-_extended_update_support:7.7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_for_ibm_power_le_-_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_tus:7.7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian_-_extended_update_support:7.7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_big_endian_-_extended_update_support:7.7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_big_endian:7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems_-_extended_update_support:7.7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_aus:7.7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:red_hat_virtualization_host:4:*:*:*:*:*:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_scientific_computing:7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:::::*:*:*:*:*:*:*

External links

https://access.redhat.com/errata/RHSA-2019:3834

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper access control

EUVDB-ID: #VU22743

Risk: Low

CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2019-0154

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A local user with the ability to issue an ioctl can trigger a hardware level crash if MMIO registers were read while the graphics card was in a low-power state and cause a denial of service (DoS) on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux EUS Compute Node: 7.7

kernel (Red Hat package): 3.10.0-123.1.2.el7 - 3.10.0-1062.4.1.el7

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 7.7

Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions: 7.7

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 7.7

Red Hat Enterprise Linux Server - TUS: 7.7

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 7.7

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian - Extended Update Support: 7.7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 7.7

Red Hat Enterprise Linux Server - AUS: 7.7

Red Hat Virtualization Host: 4

Red Hat Enterprise Linux for IBM z Systems: 7

Red Hat Enterprise Linux for Scientific Computing: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7

:

CPE2.3

• cpe:2.3:o:red_hat:red_hat_enterprise_linux_eus_compute_node:7.7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:kernel_redhat_package:3.10.0-123.1.2.el7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:kernel_redhat_package:3.10.0-123.4.2.el7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:kernel_redhat_package:3.10.0-123.4.4.el7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_x86_64_-_extended_update_support:7.7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_for_ibm_power_le_-_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_tus:7.7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian_-_extended_update_support:7.7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_big_endian_-_extended_update_support:7.7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_big_endian:7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems_-_extended_update_support:7.7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_aus:7.7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:red_hat_virtualization_host:4:*:*:*:*:*:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_scientific_computing:7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:::::*:*:*:*:*:*:*

External links

https://access.redhat.com/errata/RHSA-2019:3834

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Resource management error

EUVDB-ID: #VU22704

Risk: Low

CVSSv4.0: 4.7 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2019-11135

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the TSX Asynchronous Abort (TAA) in Intel CPUs. The TAA condition, on some microprocessors utilizing speculative execution, may allow an authenticated user to potentially enable information disclosure via a side channel.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux EUS Compute Node: 7.7

kernel (Red Hat package): 3.10.0-123.1.2.el7 - 3.10.0-1062.4.1.el7

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 7.7

Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions: 7.7

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 7.7

Red Hat Enterprise Linux Server - TUS: 7.7

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 7.7

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian - Extended Update Support: 7.7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 7.7

Red Hat Enterprise Linux Server - AUS: 7.7

Red Hat Virtualization Host: 4

Red Hat Enterprise Linux for IBM z Systems: 7

Red Hat Enterprise Linux for Scientific Computing: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7

:

CPE2.3

• cpe:2.3:o:red_hat:red_hat_enterprise_linux_eus_compute_node:7.7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:kernel_redhat_package:3.10.0-123.1.2.el7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:kernel_redhat_package:3.10.0-123.4.2.el7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:kernel_redhat_package:3.10.0-123.4.4.el7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_x86_64_-_extended_update_support:7.7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_for_ibm_power_le_-_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_tus:7.7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian_-_extended_update_support:7.7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_big_endian_-_extended_update_support:7.7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_big_endian:7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems_-_extended_update_support:7.7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_aus:7.7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:red_hat_virtualization_host:4:*:*:*:*:*:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_scientific_computing:7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:::::*:*:*:*:*:*:*

External links

https://access.redhat.com/errata/RHSA-2019:3834

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.