SB2018030618 - Red Hat update for kernel 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018030618

SB2018030618 - Red Hat update for kernel

Published: March 6, 2018

Security Bulletin ID SB2018030618
Severity
High
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Adjecent network
Highest impact Code execution

Breakdown by Severity

High 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Privilege escalation (CVE-ID: CVE-2017-7518)

The vulnerability allows an local attacker to gain elevated privileges on the guest system.

The weakness exists due to debug exception error in syscall emulation. A attacker can gain system privileges.

Successful exploitation of the vulnerability results in privilege escalation.


2) Path traversal (CVE-ID: CVE-2017-12188)

The vulnerability allows an adjacent attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists in arch/x86/kvm/mmu.c due to improper traversal of guest pagetable entries to resolve a guest virtual address when nested virtualisation is used. An adjacent attacker can cause the service to crash or execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

References