SB2020012128 - Red Hat Enterprise Linux 7 update for kernel-alt
Published: January 21, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 11 secuirty vulnerabilities.
1) Privilege escalation (CVE-ID: CVE-2018-18559)
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to improper handling of a certain multithreaded case involving packet_do_bind unregister and packet_notifier register actions after a race condition between fanout_add, from setsockopt, and a bind on an AF_PACKET socket. A local attacker can execute a program or file that submits malicious input, trigger a use-after-free condition and execute arbitrary code with kernel privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Information disclosure (CVE-ID: CVE-2018-3693)
The vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in the design of most modern CPUs using speculative execution and branch prediction due to improper speculative execution of instructions. A local attacker can bypass bounds checks, trigger buffer overflow, perform arbitrary speculative execution and a side-channel attack to access sensitive memory information.
3) Heap-based buffer overflow (CVE-ID: CVE-2019-10126)
The vulnerability allows a local user to perform a denial of service (DoS) condition or execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the Marvell Wireless LAN device driver in "mwifiex_uap_parse_tail_ies" function in "drivers/net/wireless/marvell/mwifiex/ie.c". A local authenticated user can trigger heap-based buffer overflow and cause a denial of service (system crash) or possibly execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Resource management error (CVE-ID: CVE-2019-11487)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a reference count overflow in page->_refcount that leads to a use-after-free error on systems with more than 140 GiB of RAM. A local user can send specially crafted FUSE requests that may lead to denial of service conditions.
The vulnerability is related to code in fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c files.
5) Heap-based buffer overflow (CVE-ID: CVE-2019-14814)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the mwifiex_update_vs_ie() function in the Marvell Wi-Fi chip driver in Linux kernel. A local user can run a specially crafted application to trigger a heap-based buffer overflow and execute arbitrary code on the system with elevated privileges.
6) Heap-based buffer overflow (CVE-ID: CVE-2019-14815)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the mwifiex_set_uap_rates() function in the Marvell Wi-Fi chip driver in Linux kernel. A local user can run a specially crafted application to trigger a heap-based buffer overflow and execute arbitrary code on the system with elevated privileges.
7) Heap-based buffer overflow (CVE-ID: CVE-2019-14816)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the mwifiex_set_wmm_params() function in the Marvell Wi-Fi chip driver in Linux kernel. A local user can run a specially crafted application to trigger a heap-based buffer overflow and execute arbitrary code on the system with elevated privileges.
8) Buffer overflow (CVE-ID: CVE-2019-17133)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the cfg80211_mgd_wext_giwessid function in net/wireless/wext-sme.c in Linux kernel, because the affected component does not reject a long SSID IE. A remote attacker on the local wireless network can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) Information disclosure (CVE-ID: CVE-2019-18660)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to absent protection in Linux kernel on powerpc against the Spectre-RSB, related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c. A local user can gain unauthorized access to sensitive information on the system.
10) Buffer overflow (CVE-ID: CVE-2019-3846)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.
11) Use-after-free (CVE-ID: CVE-2019-8912)
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the af_alg_release() function, as defined in the crypto/af_alg.c source code file of the affected software, fails to set a NULL value for a certain structure member. A local attacker can access the system and execute an application that submits malicious input to the affected software and trigger a use-after-free condition in the sockfs_setattr function, resulting in a DoS condition
Remediation
Install update from vendor's website.