SB2018012555 - Red Hat Enterprise Linux 7 update for kernel

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Improper privilege management (CVE-ID: CVE-2015-8539)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to improper privilege management error within the user_update() function in security/keys/user_defined.c, within the trusted_rcu_free() function in security/keys/trusted.c, within the encrypted_update() function in security/keys/encrypted-keys/encrypted.c. A local user can execute arbitrary code.

2) Resource exhaustion (CVE-ID: CVE-2017-7472)

The vulnerability allows a local attacker to cause DoD condition on the target system.

The weakness exists in the KEYS subsystem due to memory consumption. A local attacker can cause the service to crash via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.

3) NULL pointer dereference (CVE-ID: CVE-2017-12192)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the Key Management sub component of the Linux kernel when trying to issue a KEYTCL_READ on a negative key due to a NULL pointer dereference. A local attacker can cause the kernel and service to crash.

4) NULL pointer derefenrece (CVE-ID: CVE-2017-12193)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists in the assoc_array implementation in which a new leaf is added that needs to go into a node that happens to be full. A local user can trigger NULL pointer dereference error and crash the kernel.

5) Privilege escalation (CVE-ID: CVE-2017-15649)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists in net/packet/af_packet.c due to race condition (involving fanout_add and packet_do_bind. A local attacker can supply specially crafted system calls, trigger mishandling of packet_fanout data structures, trigger use-after-free error and gain root privileges.

6) Information disclosure (CVE-ID: CVE-2017-5715)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can utilize branch target injection, execute arbitrary code, perform a side-channel attack and read sensitive memory information.

7) Information disclosure (CVE-ID: CVE-2017-5753)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can perform a bounds check bypass, execute arbitrary code, conduct a side-channel attack and read sensitive memory information.

8) Information disclosure (CVE-ID: CVE-2017-5754)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in Intel CPU hardware due to side-channel attacks, which are also referred to as Meltdown attacks. A local attacker can execute arbitrary code, perform a side-channel analysis of the data cache and gain access to sensitive information including memory from the CPU cache.

Remediation

Install update from vendor's website.

References

• https://access.redhat.com/errata/RHSA-2018:0151