SB2018012521 - Red Hat update for kernel
Published: January 25, 2018
Security Bulletin ID
SB2018012521
Severity
Low
Patch available
YES
Number of vulnerabilities
3
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Denial of service (CVE-ID: CVE-2017-7542)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists in the ip6_find_1stfragopt function in net/ipv6/output_core.c due to leveraging the ability to open a raw socket. A local attacker can trigger integer overflow and infinite loop and cause a denial of service.
2) Out-of-bounds read (CVE-ID: CVE-2017-9074)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to the the failure to consider that the nexthdr field may be associated with an invalid option by the IPv6 fragmentation implementation. A local attacker can use a specially-crafted socket or system call to trigger out-of-bounds read and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
3) NULL pointer dereference (CVE-ID: CVE-2017-11176)
The vulnerability allows a remote attacker to cause DoS condition.
The vulnerability exists due to the mq_notify function does not set the sock pointer to NULL upon entry into the retry logic. A remote attacker can trigger use-after-free error during a user-space close of a Netlink socket and cause the service to crash.
Remediation
Install update from vendor's website.