Red Hat update for kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2017-0861 CVE-2017-10661 CVE-2018-10853 CVE-2018-18281 CVE-2019-11810 CVE-2019-11811 |
| CWE-ID | CWE-416 CWE-362 CWE-264 CWE-284 CWE-476 |
| Exploitation vector | Local |
| Public exploit | Public exploit code for vulnerability #3 is available. |
| Vulnerable software Subscribe |
Red Hat Enterprise Linux for x86_64 - Extended Update Support Operating systems & Components / Operating system Red Hat Enterprise Linux for Power, little endian - Extended Update Support Operating systems & Components / Operating system Red Hat Enterprise Linux for Power, big endian - Extended Update Support Operating systems & Components / Operating system Red Hat Enterprise Linux for IBM z Systems - Extended Update Support Operating systems & Components / Operating system Red Hat Enterprise Linux EUS Compute Node Operating systems & Components / Operating system kernel (Red Hat package) Operating systems & Components / Operating system package or component |
| Vendor |
Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Use-after-free error
EUVDB-ID: #VU10885
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-0861
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to use-after-free error. A local attacker can trigger memory corruption and cause the service to crash or execute arbitrary code.
Install updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 7.5
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 7.5
Red Hat Enterprise Linux for Power, big endian - Extended Update Support: 7.5
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 7.5
kernel (Red Hat package): 3.10.0-123.1.2.el7 - 3.10.0-862.44.2.el7
Red Hat Enterprise Linux EUS Compute Node: 7.5
:
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_x86_64_-_extended_update_support:7.5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian_-_extended_update_support:7.5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_big_endian_-_extended_update_support:7.5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems_-_extended_update_support:7.5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:kernel_redhat_package:3.10.0-514.73.1.el7:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:kernel_redhat_package:3.10.0-327.85.1.el7:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:kernel_redhat_package:3.10.0-693.64.1.el7:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_eus_compute_node:7.5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:::::*:*:*:*:*:*:
http://access.redhat.com/errata/RHSA-2020:0036
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU9961
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-0861
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in snd_pcm_info() function in the ALSA subsystem. A local user can perform a denial of service attack.
Install updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 7.5
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 7.5
Red Hat Enterprise Linux for Power, big endian - Extended Update Support: 7.5
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 7.5
kernel (Red Hat package): 3.10.0-123.1.2.el7 - 3.10.0-862.44.2.el7
Red Hat Enterprise Linux EUS Compute Node: 7.5
:
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_x86_64_-_extended_update_support:7.5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian_-_extended_update_support:7.5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_big_endian_-_extended_update_support:7.5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems_-_extended_update_support:7.5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:kernel_redhat_package:3.10.0-514.73.1.el7:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:kernel_redhat_package:3.10.0-327.85.1.el7:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:kernel_redhat_package:3.10.0-693.64.1.el7:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_eus_compute_node:7.5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:::::*:*:*:*:*:*:
http://access.redhat.com/errata/RHSA-2020:0036
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Race condition
EUVDB-ID: #VU9693
Risk: Low
CVSSv3.1: 7.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-10661
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to gain elevated privileges or cause DoS condition on the target system.
The weakness exists due to race condition in fs/timerfd.c in the Linux kernel. A local attacker can use simultaneous file-descriptor operations, leverage improper might_cancel queueing, trigger list corruption or use-after-free and cause the service to crash or execute arbitrary code with root privileges.
Install updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 7.5
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 7.5
Red Hat Enterprise Linux for Power, big endian - Extended Update Support: 7.5
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 7.5
kernel (Red Hat package): 3.10.0-123.1.2.el7 - 3.10.0-862.44.2.el7
Red Hat Enterprise Linux EUS Compute Node: 7.5
:
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_x86_64_-_extended_update_support:7.5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian_-_extended_update_support:7.5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_big_endian_-_extended_update_support:7.5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems_-_extended_update_support:7.5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:kernel_redhat_package:3.10.0-514.73.1.el7:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:kernel_redhat_package:3.10.0-327.85.1.el7:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:kernel_redhat_package:3.10.0-693.64.1.el7:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_eus_compute_node:7.5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:::::*:*:*:*:*:*:
http://access.redhat.com/errata/RHSA-2020:0036
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Permissions, privileges, and access controls
EUVDB-ID: #VU13369
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-10853
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists in the way Linux kernel KVM hypervisor emulates instructions, such as sgdt/sidt/fxsave/fxrstor. A local unprivileged user on a guest system can gain write access to kernel space on the same guest system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 7.5
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 7.5
Red Hat Enterprise Linux for Power, big endian - Extended Update Support: 7.5
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 7.5
kernel (Red Hat package): 3.10.0-123.1.2.el7 - 3.10.0-862.44.2.el7
Red Hat Enterprise Linux EUS Compute Node: 7.5
:
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_x86_64_-_extended_update_support:7.5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian_-_extended_update_support:7.5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_big_endian_-_extended_update_support:7.5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems_-_extended_update_support:7.5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:kernel_redhat_package:3.10.0-514.73.1.el7:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:kernel_redhat_package:3.10.0-327.85.1.el7:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:kernel_redhat_package:3.10.0-693.64.1.el7:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_eus_compute_node:7.5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:::::*:*:*:*:*:*:
http://access.redhat.com/errata/RHSA-2020:0036
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper access control
EUVDB-ID: #VU15643
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-18281
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass certain security restrictions.
The vulnerability exists due to improper access restrictions to memory when performing TLB flushes after dropping pagetable locks with mremap() syscall, A local user can access a physical page of a stale TLB entry after ftruncate() syscall is called to remove entries from the pagetables of a task that is in the middle of mremap() syscall.
Successful exploitation of the vulnerability may allow an attacker to gain access to sensitive information, stored in process memory.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 7.5
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 7.5
Red Hat Enterprise Linux for Power, big endian - Extended Update Support: 7.5
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 7.5
kernel (Red Hat package): 3.10.0-123.1.2.el7 - 3.10.0-862.44.2.el7
Red Hat Enterprise Linux EUS Compute Node: 7.5
:
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_x86_64_-_extended_update_support:7.5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian_-_extended_update_support:7.5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_big_endian_-_extended_update_support:7.5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems_-_extended_update_support:7.5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:kernel_redhat_package:3.10.0-514.73.1.el7:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:kernel_redhat_package:3.10.0-327.85.1.el7:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:kernel_redhat_package:3.10.0-693.64.1.el7:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_eus_compute_node:7.5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:::::*:*:*:*:*:*:
http://access.redhat.com/errata/RHSA-2020:0036
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) NULL pointer dereference
EUVDB-ID: #VU19995
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-11810
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 7.5
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 7.5
Red Hat Enterprise Linux for Power, big endian - Extended Update Support: 7.5
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 7.5
kernel (Red Hat package): 3.10.0-123.1.2.el7 - 3.10.0-862.44.2.el7
Red Hat Enterprise Linux EUS Compute Node: 7.5
:
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_x86_64_-_extended_update_support:7.5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian_-_extended_update_support:7.5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_big_endian_-_extended_update_support:7.5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems_-_extended_update_support:7.5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:kernel_redhat_package:3.10.0-514.73.1.el7:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:kernel_redhat_package:3.10.0-327.85.1.el7:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:kernel_redhat_package:3.10.0-693.64.1.el7:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_eus_compute_node:7.5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:::::*:*:*:*:*:*:
http://access.redhat.com/errata/RHSA-2020:0036
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use-after-free
EUVDB-ID: #VU19138
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-11811
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local usre to elevate privileges on the system.
The vulnerability exists due to a use-after-free error when trying to read data from /proc/ioports after the ipmi_si module is removed (related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c). A local user can exploit this issue to elevate privileges on the system.
Install updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 7.5
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 7.5
Red Hat Enterprise Linux for Power, big endian - Extended Update Support: 7.5
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 7.5
kernel (Red Hat package): 3.10.0-123.1.2.el7 - 3.10.0-862.44.2.el7
Red Hat Enterprise Linux EUS Compute Node: 7.5
:
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_x86_64_-_extended_update_support:7.5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian_-_extended_update_support:7.5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_big_endian_-_extended_update_support:7.5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems_-_extended_update_support:7.5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:kernel_redhat_package:3.10.0-514.73.1.el7:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:kernel_redhat_package:3.10.0-327.85.1.el7:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:kernel_redhat_package:3.10.0-693.64.1.el7:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_eus_compute_node:7.5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:::::*:*:*:*:*:*:
http://access.redhat.com/errata/RHSA-2020:0036
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
