Red Hat Enterprise Linux for Real Time update for kernel-rt
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2019-5108 |
| CWE-ID | CWE-20 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
kernel-rt (Red Hat package) Operating systems & Components / Operating system package or component Red Hat Enterprise Linux for Real Time Operating systems & Components / Operating system Red Hat Enterprise Linux for Real Time for NFV Operating systems & Components / Operating system |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Input validation error
EUVDB-ID: #VU30501
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-5108
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.
MitigationInstall updates from vendor's website.
kernel-rt (Red Hat package): 3.10.0-229.1.2.rt56.141.2.el7_1 - 3.10.0-1127.18.2.rt56.1116.el7
Red Hat Enterprise Linux for Real Time: 7
Red Hat Enterprise Linux for Real Time for NFV: 7
CPE2.3- cpe:2.3:o:red_hat:kernel-rt_redhat_package:3.10.0-1127.18.2.rt56.1116.el7:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:kernel-rt_redhat_package:3.10.0-1062.18.1.rt56.1044.el7:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:kernel-rt_redhat_package:3.10.0-1062.12.1.rt56.1042.el7:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_real_time:7:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_real_time_for_nfv:7:*:*:*:*:red_hat_enterprise_linux:*:
http://access.redhat.com/errata/RHBA-2020:3527
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
