SB2020070746 - Red Hat Enterprise Linux 7.6 Extended Update Support update for kernel 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020070746

SB2020070746 - Red Hat Enterprise Linux 7.6 Extended Update Support update for kernel

Published: July 7, 2020

Security Bulletin ID SB2020070746
Severity
Low
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.


1) Memory corruption (CVE-ID: CVE-2018-20169)

The vulnerability allows a local attacker to cause DoS condition or execute arbitrary code on the target system.

The vulnerability exists in the USB subsystem due to improper checks on the minimum and maximum size of data allowed when reading an extra descriptor by the USB subsystem of the affected software, related to the __usb_get_extra_descriptor in the drivers/usb/core/usb.c source code file. A local attacker can insert a USB device designed to submit malicious input, trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.


2) NULL pointer dereference (CVE-ID: CVE-2018-7191)

The vulnerability allows local users to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error when processing requests to ioctl(TUNSETIFF). A local user can cause a denial of service  via a malicious ioctl(TUNSETIFF) call with a dev name containing a / character.


3) Resource management error (CVE-ID: CVE-2019-11487)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a reference count overflow in page->_refcount that leads to a use-after-free error on systems with more than 140 GiB of RAM. A local user can send specially crafted FUSE requests that may lead to denial of service conditions.

The vulnerability is related to code in fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c files.


4) Use-after-free (CVE-ID: CVE-2019-13233)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the arch/x86/lib/insn-eval.c file due to a race condition between modify_ldt() and a #BR exception for an MPX bounds violation when accessing LDT entry. A local user can create a specially crafted application and escalate privileges on the system.


5) Out-of-bounds write (CVE-ID: CVE-2019-14821)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the KVM coalesced MMIO support functionality due to incorrect processing of shared indexes. A local user can run a specially crafted application to trigger an out-of-bounds write error and write data to arbitrary address in the kernel memory.

Successful vulnerability exploitation may allow an attacker to execute arbitrary code on the system with root privileges.


6) Memory leak (CVE-ID: CVE-2019-15916)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within register_queue_kobjects() function in net/core/net-sysfs.c, which will cause denial of service. A local user can perform a denial of service attack.


7) Information disclosure (CVE-ID: CVE-2019-18660)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to absent protection in Linux kernel on powerpc against the Spectre-RSB, related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c. A local user can gain unauthorized access to sensitive information on the system.


8) Race condition (CVE-ID: CVE-2019-3901)

The vulnerability allows a local authenticated user to gain access to sensitive information.

A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8.


9) Information disclosure (CVE-ID: CVE-2020-0543)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to incomplete cleanup from specific special register read operations in some Intel(R) Processors. A local user can gain unauthorized access to sensitive information on the system.


10) Improper Handling of Exceptional Conditions (CVE-ID: CVE-2020-12888)

The vulnerability allows a local user to perform a deinal of service (DoS) attack.

The vulnerability exists due to the VFIO PCI driver mishandles attempts to access disabled memory space. A local user can cause a denial of service condition on the target system.


Remediation

Install update from vendor's website.

References