SB2019092104 - Red Hat update for kernel-alt
Published: September 21, 2019 Updated: June 21, 2024
Security Bulletin ID
SB2019092104
Severity
Low
Patch available
YES
Number of vulnerabilities
3
Exploitation vector
Adjecent network
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2019-5489)
The vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to a flaw in the mincore() implementation in mm/mincore.c. A local attacker can observe page cache access patterns of other processes on the same system and sniff secret information.
2) Race condition (CVE-ID: CVE-2019-6974)
The vulnerability allows an adjacent attacker to gain elevated privileges or cause a denial of service (DoS) condition.The weakness exists due to exists due to a race condition that causes the kvm_ioctl_create_device function, as defined in the virt/kvm/kvm_main.c source code file of the affected software, to improperly handle reference counting. An adjacent attacker can access the system and execute an application that submits malicious input, trigger a use-after-free condition and cause a targeted guest virtual machine to crash, resulting in a DoS condition. In addition, a successful exploit could allow the attacker to gain elevated privileges on a targeted system.
3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-13272)
The vulnerability allows a local user to perform unauthorized actions on a targeted system.
The vulnerability exists when recording the credentials of a process that will create a ptrace relationship in the "ptrace_link" function in the "kernel/ptrace.c" file. A local authenticated user can create a specially crafted application and escalate privileges on the system.
Remediation
Install update from vendor's website.