SB2018012553 - Red Hat Enterprise MRG 2 update for kernel-rt

Description

This security bulletin contains information about 3 vulnerabilities.

1) Improper privilege management (CVE-ID: CVE-2015-8539)

CWE-ID: CWE-269 - Improper Privilege Management

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to improper privilege management error within the user_update() function in security/keys/user_defined.c, within the trusted_rcu_free() function in security/keys/trusted.c, within the encrypted_update() function in security/keys/encrypted-keys/encrypted.c. A local user can execute arbitrary code.

2) Resource exhaustion (CVE-ID: CVE-2017-7472)

CWE-ID: CWE-400 - Resource exhaustion

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

The vulnerability allows a local attacker to cause DoD condition on the target system.

The weakness exists in the KEYS subsystem due to memory consumption. A local attacker can cause the service to crash via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.

3) Privilege escalation (CVE-ID: CVE-2017-15649)

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists in net/packet/af_packet.c due to race condition (involving fanout_add and packet_do_bind. A local attacker can supply specially crafted system calls, trigger mishandling of packet_fanout data structures, trigger use-after-free error and gain root privileges.

Remediation

Install update from vendor's website.

References

• https://access.redhat.com/errata/RHSA-2018:0181