Red Hat Enterprise Linux 7 update for kernel

1) Memory leak

EUVDB-ID: #VU55258

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-25704

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the Linux kernel performance monitoring subsystem when using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel (Red Hat package): 3.10.0-123.1.2.el7 - 3.10.0-1160.49.1.el7

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for IBM z Systems: 7

Red Hat Enterprise Linux for Scientific Computing: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7

CPE2.3

• cpe:2.3:o:red_hat:kernel_redhat_package:3.10.0-957.86.1.el7:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:kernel_redhat_package:3.10.0-327.102.1.el7:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:kernel_redhat_package:3.10.0-514.95.1.el7:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:7:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_big_endian:7:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:7:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_scientific_computing:7:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:7:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:7:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:7:*:*:*:*:red_hat_enterprise_linux:*:

External links

http://access.redhat.com/errata/RHSA-2022:0063

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Buffer overflow

EUVDB-ID: #VU59474

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-42739

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary within the firewire subsystem in the Linux kernel in drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c files. A local privileged user can run a specially crafted program tat calls avc_ca_pmt() function to trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel (Red Hat package): 3.10.0-123.1.2.el7 - 3.10.0-1160.49.1.el7

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for IBM z Systems: 7

Red Hat Enterprise Linux for Scientific Computing: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7

CPE2.3

• cpe:2.3:o:red_hat:kernel_redhat_package:3.10.0-957.86.1.el7:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:kernel_redhat_package:3.10.0-327.102.1.el7:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:kernel_redhat_package:3.10.0-514.95.1.el7:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:7:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_big_endian:7:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:7:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_scientific_computing:7:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:7:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:7:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:7:*:*:*:*:red_hat_enterprise_linux:*:

External links

http://access.redhat.com/errata/RHSA-2022:0063

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper Resource Shutdown or Release

EUVDB-ID: #VU59473

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-36322

CWE-ID: CWE-404 - Improper Resource Shutdown or Release

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists in the FUSE filesystem implementation in the Linux kernel due to fuse_do_getattr() calls make_bad_inode() in inappropriate situations. A local user can run a specially crafted program to trigger kernel crash.

Note, the vulnerability exists due to incomplete fix for #VU58207 (CVE-2021-28950).

Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel (Red Hat package): 3.10.0-123.1.2.el7 - 3.10.0-1160.49.1.el7

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for IBM z Systems: 7

Red Hat Enterprise Linux for Scientific Computing: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7

CPE2.3

• cpe:2.3:o:red_hat:kernel_redhat_package:3.10.0-957.86.1.el7:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:kernel_redhat_package:3.10.0-327.102.1.el7:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:kernel_redhat_package:3.10.0-514.95.1.el7:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:7:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_big_endian:7:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:7:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_scientific_computing:7:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:7:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:7:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:7:*:*:*:*:red_hat_enterprise_linux:*:

External links

http://access.redhat.com/errata/RHSA-2022:0063

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.