SB2020121830 - Red Hat Enterprise Linux 7 update for kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020121830

SB2020121830 - Red Hat Enterprise Linux 7 update for kernel

Published: December 18, 2020

Security Bulletin ID SB2020121830
Severity
Medium
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 29% Low 71%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2019-18282)

The vulnerability allows a remote attacker to track devices via UDP packets.

The vulnerability exists due to excessive data output in the flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 and affects net/core/flow_dissector.c and related code. The auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. A remote attacker can use the hashrnd value and track reliably track activity of devices using UDP packets.


2) Out-of-bounds read (CVE-ID: CVE-2020-10769)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the crypto_authenc_extractkeys() function in crypto/authenc.c in the IPsec Cryptographic algorithm's module "authenc". A local low-privileged user can run a specially crafted program to trigger an out-of-bounds read error and crash the system.


3) Out-of-bounds read (CVE-ID: CVE-2020-14314)

The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.

A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists.


4) Buffer overflow (CVE-ID: CVE-2020-14385)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the file system metadata validator in XFS. A local user can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt and shutdown the the filesystem.


5) Incorrect permission assignment for critical resource (CVE-ID: CVE-2020-24394)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to incorrect assignment of permissions on new filesystem objects when the filesystem lacks ACL support in fs/nfsd/vfs.c (in the NFS server). A local user can read and write arbitrary files on the system.


6) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2020-25212)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a TOCTOU mismatch in the NFS client code in the Linux kernel. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code on the system with elevated privileges.

7) Out-of-bounds read (CVE-ID: CVE-2020-25643)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the HDLC_PPP module of the Linux kernel in the ppp_cp_parse_cr() function. A remote authenticated user can trigger out-of-bounds read error and read contents of memory on the system.


Remediation

Install update from vendor's website.

References