Risk | High |
Patch available | YES |
Number of vulnerabilities | 5 |
CVE-ID | CVE-2018-9568 CVE-2018-13405 CVE-2018-16871 CVE-2018-16884 CVE-2019-1125 |
CWE-ID | CWE-843 CWE-264 CWE-476 CWE-416 CWE-200 |
Exploitation vector | Network |
Public exploit |
Public exploit code for vulnerability #4 is available. Public exploit code for vulnerability #5 is available. |
Vulnerable software Subscribe |
kernel-rt (Red Hat package) Operating systems & Components / Operating system package or component MRG Realtime Server applications / Application servers |
Vendor |
Red Hat Inc. |
This security bulletin contains information about 5 vulnerabilities.
EUVDB-ID: #VU21092
Risk: High
CVSSv3.1:
CVE-ID: CVE-2018-9568
CWE-ID:
CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a type confusion error in the sk_clone_lock() function in sock.c. A local user can run a specially crafted application to trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
MitigationInstall updates from vendor's website.
kernel-rt (Red Hat package): 3.10.0-229.rt56.144.el6rt - 3.10.0-693.50.3.rt56.644.el6rt
MRG Realtime: 2
:
http://access.redhat.com/errata/RHSA-2019:2730
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU13631
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2018-13405
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to create arbitrary files on the target system.
The vulnerability exists due to the inode_init_owner function, as defined in the fs/inode.c source code file, allows the creation of arbitrary files in set-group identification (SGID) directories. A local attacker can create arbitrary files with unintended group ownership.
MitigationInstall updates from vendor's website.
kernel-rt (Red Hat package): 3.10.0-229.rt56.144.el6rt - 3.10.0-693.50.3.rt56.644.el6rt
MRG Realtime: 2
:
http://access.redhat.com/errata/RHSA-2019:2730
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU19573
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2018-16871
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Network File System (NFS) implementation. A remote authenticated attacker can mount an exported NFS filesystem, cause a NULL pointer dereference condition due to an invalid NFS sequence and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
kernel-rt (Red Hat package): 3.10.0-229.rt56.144.el6rt - 3.10.0-693.50.3.rt56.644.el6rt
MRG Realtime: 2
:
http://access.redhat.com/errata/RHSA-2019:2730
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU16616
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2018-16884
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to bc_svc_process() use wrong back-channel id when NFS41+ shares mounted in different network namespaces at the same time. A remote attacker can use a malicious container to trigger use-after-free error and cause a system panic.
MitigationInstall updates from vendor's website.
kernel-rt (Red Hat package): 3.10.0-229.rt56.144.el6rt - 3.10.0-693.50.3.rt56.644.el6rt
MRG Realtime: 2
:
http://access.redhat.com/errata/RHSA-2019:2730
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU19946
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2019-1125
CWE-ID:
CWE-200 - Information Exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information and elevate privileges on the system.
The vulnerability exists when certain central processing units (CPU) speculatively access memory. A local user can gain unauthorized access to sensitive information and elevate privileges on the system.
This issue is a variant of the Spectre Variant 1 speculative execution side channel vulnerability that leverages SWAPGS instructions to bypass KPTI/KVA mitigations.
MitigationInstall updates from vendor's website.
kernel-rt (Red Hat package): 3.10.0-229.rt56.144.el6rt - 3.10.0-693.50.3.rt56.644.el6rt
MRG Realtime: 2
:
http://access.redhat.com/errata/RHSA-2019:2730
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?