SB2020112443 - Red Hat Enterprise Linux 7 update for kernel

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Out-of-bounds write (CVE-ID: CVE-2017-18551)

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a boundary error in the "drivers/i2c/i2c-core-smbus.c" file when processing untrusted input. A local authenticated user access the system and execute an application that submits malicious input to the affected software, trigger an out-of-bounds write condition in the "i2c_smbus_xfer_emulated" function and execute arbitrary code or cause a DoS condition on the target system.

2) Out-of-bounds write (CVE-ID: CVE-2019-9454)

The vulnerability allows a local privileged user to execute arbitrary code.

In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

3) Use-after-free (CVE-ID: CVE-2019-19447)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.

4) Input validation error (CVE-ID: CVE-2020-12770)

The vulnerability allows a local user to execute arbitrary code on the system.

The vulnerability exists due to the "sg_write" lacks an "sg_remove_request" call in a certain failure case. A local user can pass specially crafted input to the application and execute arbitrary code on the target system.

Remediation

Install update from vendor's website.

References

• https://access.redhat.com/errata/RHSA-2020:5206