Red Hat Enterprise Linux 7 update for kernel-rt

1) Improper access control

EUVDB-ID: #VU15174

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-17972

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists within the proc_pid_stack() function in fs/proc/base.c due to the Linux kernel does not ensure that only root may inspect the kernel stack of an arbitrary task. A local user can exploit racy stack unwinding and leak kernel task stack contents.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Real Time: 7

Red Hat Enterprise Linux for Real Time for NFV: 7

kernel-rt (Red Hat package): before 3.10.0-957.10.1.rt56.921.el7

External links

http://access.redhat.com/errata/RHSA-2019:0514

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Memory corruption

EUVDB-ID: #VU15433

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-18445

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists in the adjust_scalar_min_max_vals function, as defined in the kernel/bpf/verifier.c source code file due to boundary error in the BPF verifier. A local attacker can trigger the BPF verifier to mishandle 32-bit right shifts and cause an out-of-bounds memory access condition to access sensitive information, escalate privileges, or cause a DoS condition on the targeted system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Real Time: 7

Red Hat Enterprise Linux for Real Time for NFV: 7

kernel-rt (Red Hat package): before 3.10.0-957.10.1.rt56.921.el7

External links

http://access.redhat.com/errata/RHSA-2019:0514

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Type Confusion

EUVDB-ID: #VU21092

Risk: High

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-9568

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a type confusion error in the sk_clone_lock() function in sock.c. A local user can run a specially crafted application to trigger memory corruption and execute arbitrary code on the target system with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Real Time: 7

Red Hat Enterprise Linux for Real Time for NFV: 7

kernel-rt (Red Hat package): before 3.10.0-957.10.1.rt56.921.el7

External links

http://access.redhat.com/errata/RHSA-2019:0514

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.