SB2020073050 - Red Hat Enterprise Linux 8.1 Extended Update Support update for kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020073050

SB2020073050 - Red Hat Enterprise Linux 8.1 Extended Update Support update for kernel

Published: July 30, 2020 Updated: December 28, 2023

Security Bulletin ID SB2020073050
Severity
High
Patch available
YES
Number of vulnerabilities 11
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 9% Low 91%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 11 secuirty vulnerabilities.


1) Use-after-free (CVE-ID: CVE-2019-19807)

The vulnerability allows a local authenticated user to execute arbitrary code.

In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring.


2) Incorrect default permissions (CVE-ID: CVE-2019-20908)

The vulnerability allows a local privileged user to execute arbitrary code.

An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032.


3) Out-of-bounds Write (CVE-ID: CVE-2020-10713)

The vulnerability allows a local attacker to compromise vulnerable system.

The vulnerability exists due to a "BootHole" issue. An attacker with physical access can install persistent and stealthy bootkits or malicious bootloaders, trigger out-of-bounds write and execute arbitrary code on the target system.


4) Improper Privilege Management (CVE-ID: CVE-2020-10757)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.


5) Race condition (CVE-ID: CVE-2020-10766)

The vulnerability allows a local user to gain access to sensitive information.

A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per task/process conditional STIPB switching was added on top of the existing SSBD switching.


6) Resource management error (CVE-ID: CVE-2020-10767)

The vulnerability allows a local user to gain access to sensitive information.

A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local user to perform a Spectre V2 style attack when this configuration is active.


7) Input validation error (CVE-ID: CVE-2020-10768)

The vulnerability allows a local authenticated user to gain access to sensitive information.

A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality.


8) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-12653)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in the "mwifiex_cmd_append_vsie_tlv()" function in "drivers/net/wireless/marvell/mwifiex/scan.c" file. A local user can gain elevated privileges on the target system.


9) Out-of-bounds write (CVE-ID: CVE-2020-12654)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in the "mwifiex_ret_wmm_get_status()" function in "drivers/net/wireless/marvell/mwifiex/wmm.c" file. A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system.


10) Improper Handling of Exceptional Conditions (CVE-ID: CVE-2020-12888)

The vulnerability allows a local user to perform a deinal of service (DoS) attack.

The vulnerability exists due to the VFIO PCI driver mishandles attempts to access disabled memory space. A local user can cause a denial of service condition on the target system.


11) Improper Authorization (CVE-ID: CVE-2020-15780)

The vulnerability allows a local user to bypass authorization checks.

The vulnerability exists due to improper authorization in "in drivers/acpi/acpi_configfs.c". A local administrator can inject malicious ACPI tables via configfs to bypass lockdown and secure boot restrictions.


Remediation

Install update from vendor's website.

References