Red Hat Enterprise Linux 7.4 update for kernel



Risk High
Patch available YES
Number of vulnerabilities 5
CVE-ID CVE-2017-18551
CVE-2019-9454
CVE-2019-19447
CVE-2019-20636
CVE-2020-12770
CWE-ID CWE-787
CWE-416
CWE-20
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
kernel (Red Hat package)
Operating systems & Components / Operating system package or component

Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions
Operating systems & Components / Operating system package or component

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions
Operating systems & Components / Operating system package or component

Red Hat Enterprise Linux Server - TUS
Operating systems & Components / Operating system

Red Hat Enterprise Linux Server - AUS
Operating systems & Components / Operating system

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 5 vulnerabilities.

1) Out-of-bounds write

EUVDB-ID: #VU20858

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-18551

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a boundary error in the "drivers/i2c/i2c-core-smbus.c" file when processing untrusted input. A local authenticated user access the system and execute an application that submits malicious input to the affected software, trigger an out-of-bounds write condition in the "i2c_smbus_xfer_emulated" function and execute arbitrary code or cause a DoS condition on the target system.



Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel (Red Hat package): 3.10.0-123.1.2.el7 - 3.10.0-693.77.1.el7

Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions: 7.4

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 7.4

Red Hat Enterprise Linux Server - TUS: 7.4

Red Hat Enterprise Linux Server - AUS: 7.4

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:5430


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds write

EUVDB-ID: #VU35559

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-9454

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local privileged user to execute arbitrary code.

In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel (Red Hat package): 3.10.0-123.1.2.el7 - 3.10.0-693.77.1.el7

Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions: 7.4

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 7.4

Red Hat Enterprise Linux Server - TUS: 7.4

Red Hat Enterprise Linux Server - AUS: 7.4

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:5430


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU34985

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-19447

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel (Red Hat package): 3.10.0-123.1.2.el7 - 3.10.0-693.77.1.el7

Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions: 7.4

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 7.4

Red Hat Enterprise Linux Server - TUS: 7.4

Red Hat Enterprise Linux Server - AUS: 7.4

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:5430


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds write

EUVDB-ID: #VU30312

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-20636

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local privileged user to execute arbitrary code.

In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel (Red Hat package): 3.10.0-123.1.2.el7 - 3.10.0-693.77.1.el7

Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions: 7.4

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 7.4

Red Hat Enterprise Linux Server - TUS: 7.4

Red Hat Enterprise Linux Server - AUS: 7.4

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:5430


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Input validation error

EUVDB-ID: #VU28170

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-12770

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code on the system.

The vulnerability exists due to the "sg_write" lacks an "sg_remove_request" call in a certain failure case. A local user can pass specially crafted input to the application and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel (Red Hat package): 3.10.0-123.1.2.el7 - 3.10.0-693.77.1.el7

Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions: 7.4

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 7.4

Red Hat Enterprise Linux Server - TUS: 7.4

Red Hat Enterprise Linux Server - AUS: 7.4

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:5430


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###