SB2018012554 - Red Hat Enterprise Linux 7 update for kernel-rt
Published: January 25, 2018 Updated: April 24, 2025
Security Bulletin ID
SB2018012554
Severity
Low
Patch available
YES
Number of vulnerabilities
3
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Improper privilege management (CVE-ID: CVE-2015-8539)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper privilege management error within the user_update() function in security/keys/user_defined.c, within the trusted_rcu_free() function in security/keys/trusted.c, within the encrypted_update() function in security/keys/encrypted-keys/encrypted.c. A local user can execute arbitrary code.
2) Resource exhaustion (CVE-ID: CVE-2017-7472)
The vulnerability allows a local attacker to cause DoD condition on the target system.The weakness exists in the KEYS subsystem due to memory consumption. A local attacker can cause the service to crash via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.
3) Privilege escalation (CVE-ID: CVE-2017-15649)
The vulnerability allows a local attacker to gain elevated privileges on the target system.The weakness exists in net/packet/af_packet.c due to race condition (involving fanout_add and packet_do_bind. A local attacker can supply specially crafted system calls, trigger mishandling of packet_fanout data structures, trigger use-after-free error and gain root privileges.
Remediation
Install update from vendor's website.