SB2020051291 - Red Hat Enterprise Linux 7 update for kernel-alt 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020051291

SB2020051291 - Red Hat Enterprise Linux 7 update for kernel-alt

Published: May 12, 2020

Security Bulletin ID SB2020051291
Severity
High
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 10% Medium 20% Low 70%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.


1) Out-of-bounds write (CVE-ID: CVE-2017-18551)

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a boundary error in the "drivers/i2c/i2c-core-smbus.c" file when processing untrusted input. A local authenticated user access the system and execute an application that submits malicious input to the affected software, trigger an out-of-bounds write condition in the "i2c_smbus_xfer_emulated" function and execute arbitrary code or cause a DoS condition on the target system.




2) Double Free (CVE-ID: CVE-2017-18595)

The vulnerability allows a local user to escalate privileges in the system.

The vulnerability exists due to a boundary error within the allocate_trace_buffer() function in the kernel/trace/trace.c. A local user can run a specially crafted application to trigger a double free error and execute arbitrary code on the target system with elevated privileges.


3) NULL pointer dereference (CVE-ID: CVE-2019-12614)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dreference error in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c due to  kstrdup of prop->name. A local user can perform a denial of service (DoS) attack.


4) Resource management error (CVE-ID: CVE-2019-15538)

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to buggy implementation of quotas in "xfs_setattr_nonsize" in the "fs/xfs/xfs_iops.c" file. A local attacker can send specially crafted requests to the affected system and perform denial of service attack.

Note: This vulnerability can be exploited remotely, if XFS filesystem is exported for instance via NFS.


5) Use-after-free (CVE-ID: CVE-2019-19447)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.


6) Use-after-free (CVE-ID: CVE-2019-19524)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to use-after-free error in the drivers/input/ff-memless.c driver. A local user can use a malicious USB device to trigger use-after-free error and execute arbitrary code on the system with elevated privileges.


7) Use-after-free (CVE-ID: CVE-2019-19768)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the __blk_add_trace() function in kernel/trace/blktrace.c. A local user can run a specially crafted program, trigger a use-after-free error and execute arbitrary code on the system with elevated privileges.


8) Out-of-bounds write (CVE-ID: CVE-2019-9454)

The vulnerability allows a local privileged user to execute arbitrary code.

In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.


9) NULL pointer dereference (CVE-ID: CVE-2020-10711)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Linux kernel's SELinux subsystem when importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated.

A remote attacker can send specially crafted packets the affected system, trigger a NULL pointer dereference error and crash the Linux kernel.


10) Out-of-bounds read (CVE-ID: CVE-2020-9383)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the set_fdc() function in drivers/block/floppy.c file in Linux kernel due to the FDC index is not checked for errors before assigning it. A local user can use a specially crafted application to trigger out-of-bounds read error and read contents of memory on the system.


Remediation

Install update from vendor's website.

References