SB2019051534 - Red Hat Enterprise MRG 2 update for kernel-rt

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019051534

SB2019051534 - Red Hat Enterprise MRG 2 update for kernel-rt

Published: May 15, 2019

Security Bulletin ID SB2019051534
Severity
High
Patch available
YES
Number of vulnerabilities 14
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 14% Low 86%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 14 secuirty vulnerabilities.


1) Use-after-free error (CVE-ID: CVE-2016-7913)

The vulnerability allows a local attacker to cause DoS condition or gain elevated privileges on the target system.

The weakness exists in the xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c due to use-after-free error. A local attacker can trigger memory corruption via vectors involving omission of the firmware name from a certain data structure, cause the service to crash or gain root privileges.

2) Configuration error (CVE-ID: CVE-2016-8633)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in drivers/firewire/net.c due to using certain unusual hardware configurations. A remote attacker can execute arbitrary code via specially crafted fragmented packets.

Successful exploitation of the vulnerability may result in system compromise.

3) Out-of-bounds read (CVE-ID: CVE-2017-11600)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in net/xfrm/xfrm_policy.c due to it does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less when CONFIG_XFRM_MIGRATE is enabled. A local attacker can submit a specially crafted XFRM_MSG_MIGRATE xfrm Netlink message and cause the service to crash.

4) Memory leak (CVE-ID: CVE-2017-12190)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an out-of-memory condition. A local attacker can cause a memory leak and possible system lock up.

5) Privilege escalation (CVE-ID: CVE-2017-13215)

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The weakness exists due to a flaw in the Upstream kernel skcipher. A remote attacker can trick the victim into opening a specially crafted application and execute arbitrary code with elevated privileges.

6) Use-after-free error (CVE-ID: CVE-2017-16939)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel due to use-after-free error. A local attacker can make a specially crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages, trigger memory corruption and cause the service to crash.

Successful exploitation of the vulnerability results in denial of service.

7) Out-of-bounds write (CVE-ID: CVE-2017-17558)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to the usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel does not consider the maximum number of configurations and interfaces before attempting to release resources. A local attacker can supply specially crafted USB device, trigger out-of-bounds write access and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

8) Privilege escalation (CVE-ID: CVE-2018-1068)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to an error in the implementation of 32 bit syscall interface. A local attacker can gain root privileges.

9) Information disclosure (CVE-ID: CVE-2018-12126)

The vulnerability allows a local authenticated user to gain access to sensitive information.

Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf


10) Information disclosure (CVE-ID: CVE-2018-12127)

The vulnerability allows a local authenticated user to gain access to sensitive information.

Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf


11) Information disclosure (CVE-ID: CVE-2018-12130)

The vulnerability allows a local authenticated user to gain access to sensitive information.

Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf


12) Privilege escalation (CVE-ID: CVE-2018-18559)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to improper handling of a certain multithreaded case involving packet_do_bind unregister and packet_notifier register actions after a race condition between fanout_add, from setsockopt, and a bind on an AF_PACKET socket. A local attacker can execute a program or file that submits malicious input, trigger a use-after-free condition and execute arbitrary code with kernel privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


13) Side-channel attack (CVE-ID: CVE-2018-3665)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists due to utilizing the Lazy FP state restore technique for floating point state when context switching between application processes. A local attacker can conduct cache side-channel attacks and determine register values of other processes.

Note: This vulnerability is known as LazyFP.


14) Information disclosure (CVE-ID: CVE-2019-11091)

The vulnerability allows a local authenticated user to gain access to sensitive information.

Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf


Remediation

Install update from vendor's website.

References