SB2018041049 - Red Hat update for kernel-alt

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018041049

SB2018041049 - Red Hat update for kernel-alt

Published: April 10, 2018

Security Bulletin ID SB2018041049
Severity
Medium
Patch available
YES
Number of vulnerabilities 13
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 8% Low 92%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 13 secuirty vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2017-11473)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c due to buffer overflow. A local attacker can submit a specially crafted ACPI table, trigger memory corruption and gain root privileges.

2) Memory leak (CVE-ID: CVE-2017-12190)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an out-of-memory condition. A local attacker can cause a memory leak and possible system lock up.

3) Memory corruption (CVE-ID: CVE-2017-15129)

The vulnerability allows a local unprivileged attacker to cause DoS condition no the target system.

The weakness exists due to the function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr. A local attacker can induce kernel memory corruption, trigger use-after-free and double free error in network namespaces code to cause the system to crash.

4) Null pointer dereference (CVE-ID: CVE-2017-15299)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to the KEYS subsystem mishandles use of add_key for a key that already exists but is uninstantiated. A local attacker can supply specially crafted keys, trigger null pointer dereference and cause the service to crash.

Successful exploitation of the vulnerability results in denial of service.

5) Security restrictions bypass (CVE-ID: CVE-2017-17448)

The vulnerability allows a local attacker to bypass security restrictions on the target system.

The weakness exists due to net/netfilter/nfnetlink_cthelper.c in the Linux kernel does not require the CAP_NET_ADMIN capability for new, get, and del operations. A local attacker can bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces.

6) Information disclosure (CVE-ID: CVE-2017-17449)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to the __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace. A local attacker can leverage the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system and read arbitrary files.

7) Memory corruption (CVE-ID: CVE-2017-1000255)

The vulnerability allows a local user to execute arbitrary code with escalated privileges.

The vulnerability exists due to a boundary error in the Linux kernel's when handling signal frame on PowerPC systems. A malicious local user process could craft a signal frame allowing an attacker to corrupt memory and execute arbitrary code on the target system with escalated privileges.

8) Information disclosure (CVE-ID: CVE-2017-1000410)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to a flaw when processing the incoming of L2CAP commands, ConfigRequest and ConfigResponse messages. A remote attacker can manipulate the code flows that precede the handling of the configuration messages and read important data.

9) Integer overflow (CVE-ID: CVE-2018-6927)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the futex_requeue function due to integer overflow. A local attacker can trigger a negative wake or requeue value and cause the service to crash.

10) Race condition (CVE-ID: CVE-2018-1000004)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to race condition in the sound system. A remote attacker can trigger deadlock and cause the system to crash.

11) Information disclosure (CVE-ID: CVE-2017-5715)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can utilize branch target injection, execute arbitrary code, perform a side-channel attack and read sensitive memory information.


12) Information disclosure (CVE-ID: CVE-2017-5753)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can perform a bounds check bypass, execute arbitrary code, conduct a side-channel attack and read sensitive memory information.


13) Information disclosure (CVE-ID: CVE-2017-5754)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in Intel CPU hardware due to side-channel attacks, which are also referred to as Meltdown attacks. A local attacker can execute arbitrary code, perform a side-channel analysis of the data cache and gain access to sensitive information including memory from the CPU cache.


Remediation

Install update from vendor's website.

References