Fedora 29 update for kernel, kernel-headers, kernel-tools
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2019-7221 CVE-2019-6974 CVE-2019-7222 |
| CWE-ID | CWE-416 CWE-362 CWE-401 |
| Exploitation vector | Local network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. |
| Vulnerable software |
Fedora Operating systems & Components / Operating system kernel-tools Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU17760
Risk: Medium
CVSSv4.0: 7.4 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2019-7221
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to cause DoS condition or execute arbitrary code.
The weakness exists due to exists due to use-after-free error when using emulated vmx preemption timer. An adjacent attacker can cause the service to crash or execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 29
kernel-tools: before 4.20.8-200.fc29
kernel-headers: before 4.20.8-200.fc29
kernel: before 4.20.8-200.fc29
CPE2.3- cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:kernel-tools:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kernel-headers:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kernel:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-2019-164946aa7f
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Race condition
EUVDB-ID: #VU17555
Risk: Low
CVSSv4.0: 7.4 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2019-6974
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to gain elevated privileges or cause a denial of service (DoS) condition.
The weakness exists due to exists due to a race condition that causes the kvm_ioctl_create_device function, as defined in the virt/kvm/kvm_main.c source code file of the affected software, to improperly handle reference counting. An adjacent attacker can access the system and execute an application that submits malicious input, trigger a use-after-free condition and cause a targeted guest virtual machine to crash, resulting in a DoS condition. In addition, a successful exploit could allow the attacker to gain elevated privileges on a targeted system.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 29
kernel-tools: before 4.20.8-200.fc29
kernel-headers: before 4.20.8-200.fc29
kernel: before 4.20.8-200.fc29
CPE2.3- cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:kernel-tools:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kernel-headers:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kernel:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-2019-164946aa7f
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Memory leak
EUVDB-ID: #VU17759
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2019-7222
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to obtain potentially sensitive information.
The weakness exists due to exists due to memory leak in kvm_inject_page_fault. An adjacent attacker can gain access to important data and conduct further attacks.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 29
kernel-tools: before 4.20.8-200.fc29
kernel-headers: before 4.20.8-200.fc29
kernel: before 4.20.8-200.fc29
CPE2.3- cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:kernel-tools:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kernel-headers:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:kernel:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-2019-164946aa7f
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
