Red Hat update for kernel-alt
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | CVE-2018-13053 CVE-2018-13094 CVE-2018-14734 CVE-2018-17972 CVE-2018-18281 CVE-2018-18386 CVE-2018-18397 CVE-2019-9213 |
| CWE-ID | CWE-190 CWE-476 CWE-416 CWE-284 CWE-843 CWE-264 |
| Exploitation vector | Local |
| Public exploit |
Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #7 is available. Public exploit code for vulnerability #8 is available. |
| Vulnerable software Subscribe |
Red Hat Enterprise Linux for IBM System z (Structure A) Operating systems & Components / Operating system Red Hat Enterprise Linux for Power 9 Operating systems & Components / Operating system Red Hat Enterprise Linux for ARM 64 Operating systems & Components / Operating system kernel-alt (Red Hat package) Operating systems & Components / Operating system package or component |
| Vendor |
Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Integer overflow
EUVDB-ID: #VU19997
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-13053
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists in kernel/time/alarmtimer.c within the alarm_timer_nsleep function. A local user can trigger integer overflow due to ktime_add_safe is not used and escalate privileges on the system.
Install updates from vendor's website.
Red Hat Enterprise Linux for IBM System z (Structure A): 7.0
Red Hat Enterprise Linux for Power 9: 7.0
Red Hat Enterprise Linux for ARM 64: 7.0
kernel-alt (Red Hat package): 4.14.0-49.2.2.el7a - 4.14.0-115.6.1.el7a
:
External linkshttp://access.redhat.com/errata/RHSA-2019:0831
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Null pointer dereference
EUVDB-ID: #VU13852
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2018-13094
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The vulnerability exists due to NULL pointer dereference in the fs/xfs/libxfs/xfs_attr_leaf.c source code file in the Extended File System (XFS) component when the xfs_da_shrink_inode() function is called with a NULL byte pointer. A local attacker can mount and perform operations on a crafted XFS image, trigger a NULL pointer dereference condition in the xfs_trans_binval() function and cause the service to crash.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for IBM System z (Structure A): 7.0
Red Hat Enterprise Linux for Power 9: 7.0
Red Hat Enterprise Linux for ARM 64: 7.0
kernel-alt (Red Hat package): 4.14.0-49.2.2.el7a - 4.14.0-115.6.1.el7a
:
External linkshttp://access.redhat.com/errata/RHSA-2019:0831
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Use-after-free error
EUVDB-ID: #VU14181
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-14734
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The vulnerability exists due to the ucma_leave_multicast() function, as defined in the drivers/infiniband/core/ucma.c source code file of the affected software, could allow access to a certain data structure after it has been allocated and freed in the ucma_process_join() function. A local attacker can send a specially request that submits malicious input, trigger use-after-free error and cause the service to crash.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for IBM System z (Structure A): 7.0
Red Hat Enterprise Linux for Power 9: 7.0
Red Hat Enterprise Linux for ARM 64: 7.0
kernel-alt (Red Hat package): 4.14.0-49.2.2.el7a - 4.14.0-115.6.1.el7a
:
External linkshttp://access.redhat.com/errata/RHSA-2019:0831
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper access control
EUVDB-ID: #VU15174
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-17972
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists within the proc_pid_stack() function in fs/proc/base.c due to the Linux kernel does not ensure that only root may inspect the kernel stack of an arbitrary task. A local user can exploit racy stack unwinding and leak kernel task stack contents.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for IBM System z (Structure A): 7.0
Red Hat Enterprise Linux for Power 9: 7.0
Red Hat Enterprise Linux for ARM 64: 7.0
kernel-alt (Red Hat package): 4.14.0-49.2.2.el7a - 4.14.0-115.6.1.el7a
:
External linkshttp://access.redhat.com/errata/RHSA-2019:0831
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper access control
EUVDB-ID: #VU15643
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-18281
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass certain security restrictions.
The vulnerability exists due to improper access restrictions to memory when performing TLB flushes after dropping pagetable locks with mremap() syscall, A local user can access a physical page of a stale TLB entry after ftruncate() syscall is called to remove entries from the pagetables of a task that is in the middle of mremap() syscall.
Successful exploitation of the vulnerability may allow an attacker to gain access to sensitive information, stored in process memory.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for IBM System z (Structure A): 7.0
Red Hat Enterprise Linux for Power 9: 7.0
Red Hat Enterprise Linux for ARM 64: 7.0
kernel-alt (Red Hat package): 4.14.0-49.2.2.el7a - 4.14.0-115.6.1.el7a
:
External linkshttp://access.redhat.com/errata/RHSA-2019:0831
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Type confusion
EUVDB-ID: #VU15458
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-18386
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The vulnerability exists due to a type confusion condition in the drivers/tty/n_tty.csource code file. A local attacker can deny use of any other pseudoterminal devices on a targeted system when the EXTPROC and ICANON flags become confused in the TIOCINQ command.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for IBM System z (Structure A): 7.0
Red Hat Enterprise Linux for Power 9: 7.0
Red Hat Enterprise Linux for ARM 64: 7.0
kernel-alt (Red Hat package): 4.14.0-49.2.2.el7a - 4.14.0-115.6.1.el7a
:
External linkshttp://access.redhat.com/errata/RHSA-2019:0831
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Security restrictions bypass
EUVDB-ID: #VU16558
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-18397
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to bypass security restrictions on the target system.
The vulnerability exists due to improper access control in the userfaultfd implementation. A local attacker can access a system that is mounted with shmem or hugetlbs virtual memory areas, maliciously modify mapping to targeted files and write arbitrary memory on the system, which could be used to conduct additional attacks.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for IBM System z (Structure A): 7.0
Red Hat Enterprise Linux for Power 9: 7.0
Red Hat Enterprise Linux for ARM 64: 7.0
kernel-alt (Red Hat package): 4.14.0-49.2.2.el7a - 4.14.0-115.6.1.el7a
:
External linkshttp://access.redhat.com/errata/RHSA-2019:0831
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
8) NULL pointer dereference
EUVDB-ID: #VU17910
Risk: Low
CVSSv3.1: 5.1 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C]
CVE-ID: CVE-2019-9213
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dreference error in expand_downwards() in mm/mmap.c that does not check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for IBM System z (Structure A): 7.0
Red Hat Enterprise Linux for Power 9: 7.0
Red Hat Enterprise Linux for ARM 64: 7.0
kernel-alt (Red Hat package): 4.14.0-49.2.2.el7a - 4.14.0-115.6.1.el7a
:
External linkshttp://access.redhat.com/errata/RHSA-2019:0831
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
