SB2020030923 - Red Hat Enterprise Linux 7 update for kernel-alt

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) NULL pointer dereference (CVE-ID: CVE-2018-16871)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Network File System (NFS) implementation. A remote authenticated attacker can mount an exported NFS filesystem, cause a NULL pointer dereference condition due to an invalid NFS sequence and perform a denial of service (DoS) attack.

2) Information disclosure (CVE-ID: CVE-2019-11884)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability in the "do_hidp_sock_ioctl" function in "net/bluetooth/hidp/sock.c" exists due to the Bluetooth Human Interface Device Protocol (HIDP) implementation did not properly verify strings were NULL terminated in certain situations. A local authenticated user can gain unauthorized access to sensitive information from kernel stack memory via a "HIDPCONNADD" command, because a name field may not end with a '' character. 

3) Input validation error (CVE-ID: CVE-2019-15030)

The vulnerability allows a local authenticated user to #BASIC_IMPACT#.

In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check.

4) Memory leak (CVE-ID: CVE-2019-15916)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within register_queue_kobjects() function in net/core/net-sysfs.c, which will cause denial of service. A local user can perform a denial of service attack.

5) Buffer overflow (CVE-ID: CVE-2019-17666)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the P2P (Wifi-Direct) functionality in rtl_p2p_noa_ie() function in drivers/net/wireless/realtek/rtlwifi/ps.c in Linux kernel when processing Notice and Absence frames. A remote attacker can send specially crafted data via the wireless network, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

6) Integer overflow (CVE-ID: CVE-2019-18805)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.

7) Memory leak (CVE-ID: CVE-2019-3459)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due heap address infoleak in use of l2cap_get_conf_opt. A local attacker can trigger memory leak and access important data.

8) Memory leak (CVE-ID: CVE-2019-3460)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due heap address infoleak in multiple locations including function l2cap_parse_conf_rsp. A local attacker can trigger memory leak and access important data.

Remediation

Install update from vendor's website.

References

• https://access.redhat.com/errata/RHSA-2020:0740