SB2019032614 - Red Hat update for kernel-rt

Description

This security bulletin contains information about 7 secuirty vulnerabilities.

1) Security restrictions bypass (CVE-ID: CVE-2017-7482)

The vulnerability allows a local attacker to bypass security restrictions on the target system.

The weakness exists due to the failure to take the argument and environment strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size) into account when imposing a size restriction. A local attacker can bypass security limitation and perform unauthorized actions.

Successful exploitation of the vulnerability results in access to the system.

2) Privilege escalation (CVE-ID: CVE-2017-7482)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to buffer overflow. A local attacker can load a specially crafted Kerberos 5 ticket into a RxRPC key, trigger memory corruption and execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

3) Memory corruption (CVE-ID: CVE-2018-5803)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the _sctp_make_chunk() function due to boundary error. A local attacker can submit a crafted SCTP packet, trigger memory corruption and cause the service to crash.

4) Double-free memory error (CVE-ID: CVE-2018-10902)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to double-free memory error in snd_rawmidi_input_params() and snd_rawmidi_output_status() in 'rawmidi.c'. A local attacker can gain elevated privileges and execute arbitrary code.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

5) Use-after-free error (CVE-ID: CVE-2018-12929)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists in the ntfs_read_locked_inode in the ntfs.ko filesystem driver due to use-after-free error. A local attacker can mount a specially crafted NTFS filesystem that submits malicious input, trigger memory corruption and cause the affected software to terminate abnormally or execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

6) Stack-based out-of-bounds write (CVE-ID: CVE-2018-12930)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists in the ntfs_end_buffer_async_read() function in the ntfs.kofilesystem driver due to stack-based out-of-bounds write. A local attacker can mount a specially crafted NTFS filesystem that submits malicious input, trigger memory corruption and cause the affected software to terminate abnormally or execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

7) Stack-based out-of-bounds write (CVE-ID: CVE-2018-12931)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists in the ntfs_attr_find() function in the ntfs.ko filesystem driver due to stack-based out-of-bounds write. A local attacker can mount a specially crafted NTFS filesystem that submits malicious input, trigger memory corruption and cause the affected software to terminate abnormally or execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

References

• https://access.redhat.com/errata/RHSA-2019:0641