SB2020052733 - Red Hat Enterprise Linux 7 update for kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020052733

SB2020052733 - Red Hat Enterprise Linux 7 update for kernel

Published: May 27, 2020 Updated: April 24, 2025

Security Bulletin ID SB2020052733
Severity
High
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 20% Medium 20% Low 60%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Double Free (CVE-ID: CVE-2017-18595)

The vulnerability allows a local user to escalate privileges in the system.

The vulnerability exists due to a boundary error within the allocate_trace_buffer() function in the kernel/trace/trace.c. A local user can run a specially crafted application to trigger a double free error and execute arbitrary code on the target system with elevated privileges.


2) Buffer overflow (CVE-ID: CVE-2019-3846)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.


3) Heap-based buffer overflow (CVE-ID: CVE-2019-10126)

The vulnerability allows a local user to perform a denial of service (DoS) condition or execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the Marvell Wireless LAN device driver in "mwifiex_uap_parse_tail_ies" function in "drivers/net/wireless/marvell/mwifiex/ie.c". A local authenticated user can trigger heap-based buffer overflow and cause a denial of service (system crash) or possibly execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


4) Use-after-free (CVE-ID: CVE-2019-19768)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the __blk_add_trace() function in kernel/trace/blktrace.c. A local user can run a specially crafted program, trigger a use-after-free error and execute arbitrary code on the system with elevated privileges.


5) NULL pointer dereference (CVE-ID: CVE-2020-10711)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Linux kernel's SELinux subsystem when importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated.

A remote attacker can send specially crafted packets the affected system, trigger a NULL pointer dereference error and crash the Linux kernel.


Remediation

Install update from vendor's website.

References