SB2019021336 - Fedora 28 update for kernel, kernel-headers, kernel-tools
Published: February 13, 2019 Updated: April 24, 2025
Security Bulletin ID
SB2019021336
Severity
Medium
Patch available
YES
Number of vulnerabilities
3
Exploitation vector
Adjecent network
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2019-7221)
The vulnerability allows an adjacent attacker to cause DoS condition or execute arbitrary code.The weakness exists due to exists due to use-after-free error when using emulated vmx preemption timer. An adjacent attacker can cause the service to crash or execute arbitrary code with elevated privileges.
2) Race condition (CVE-ID: CVE-2019-6974)
The vulnerability allows an adjacent attacker to gain elevated privileges or cause a denial of service (DoS) condition.The weakness exists due to exists due to a race condition that causes the kvm_ioctl_create_device function, as defined in the virt/kvm/kvm_main.c source code file of the affected software, to improperly handle reference counting. An adjacent attacker can access the system and execute an application that submits malicious input, trigger a use-after-free condition and cause a targeted guest virtual machine to crash, resulting in a DoS condition. In addition, a successful exploit could allow the attacker to gain elevated privileges on a targeted system.
3) Memory leak (CVE-ID: CVE-2019-7222)
The vulnerability allows an adjacent attacker to obtain potentially sensitive information.The weakness exists due to exists due to memory leak in kvm_inject_page_fault. An adjacent attacker can gain access to important data and conduct further attacks.
Remediation
Install update from vendor's website.