Red Hat update for kernel-rt



Published: 2019-09-12
Risk High
Patch available YES
Number of vulnerabilities 5
CVE-ID CVE-2018-9568
CVE-2018-13405
CVE-2018-16871
CVE-2018-16884
CVE-2019-1125
CWE-ID CWE-843
CWE-264
CWE-476
CWE-416
CWE-200
Exploitation vector Network
Public exploit Public exploit code for vulnerability #4 is available.
Public exploit code for vulnerability #5 is available.
Vulnerable software
Subscribe
kernel-rt (Red Hat package)
Operating systems & Components / Operating system package or component

MRG Realtime
Server applications / Application servers

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 5 vulnerabilities.

1) Type Confusion

EUVDB-ID: #VU21092

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-9568

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a type confusion error in the sk_clone_lock() function in sock.c. A local user can run a specially crafted application to trigger memory corruption and execute arbitrary code on the target system with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel-rt (Red Hat package): 3.10.0-229.rt56.144.el6rt - 3.10.0-693.50.3.rt56.644.el6rt

MRG Realtime: 2

:


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2019:2730

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Security restrictions bypass

EUVDB-ID: #VU13631

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-13405

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local attacker to create arbitrary files on the target system.

The vulnerability exists due to the inode_init_owner function, as defined in the fs/inode.c source code file, allows the creation of arbitrary files in set-group identification (SGID) directories. A local attacker can create arbitrary files with unintended group ownership.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel-rt (Red Hat package): 3.10.0-229.rt56.144.el6rt - 3.10.0-693.50.3.rt56.644.el6rt

MRG Realtime: 2

:


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2019:2730

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) NULL pointer dereference

EUVDB-ID: #VU19573

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2018-16871

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Network File System (NFS) implementation. A remote authenticated attacker can mount an exported NFS filesystem, cause a NULL pointer dereference condition due to an invalid NFS sequence and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel-rt (Red Hat package): 3.10.0-229.rt56.144.el6rt - 3.10.0-693.50.3.rt56.644.el6rt

MRG Realtime: 2

:


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2019:2730

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Use-after-free error

EUVDB-ID: #VU16616

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-16884

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to bc_svc_process() use wrong back-channel id when NFS41+ shares mounted in different network namespaces at the same time. A remote attacker can use a malicious container to trigger use-after-free error and cause a system panic.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel-rt (Red Hat package): 3.10.0-229.rt56.144.el6rt - 3.10.0-693.50.3.rt56.644.el6rt

MRG Realtime: 2

:


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2019:2730

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Information disclosure

EUVDB-ID: #VU19946

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-1125

CWE-ID: CWE-200 - Information Exposure

Exploit availability: Yes

Description

The vulnerability allows a local user to gain access to potentially sensitive information and elevate privileges on the system.

The vulnerability exists when certain central processing units (CPU) speculatively access memory. A local user can gain unauthorized access to sensitive information and elevate privileges on the system.

This issue is a variant of the Spectre Variant 1 speculative execution side channel vulnerability that leverages SWAPGS instructions to bypass KPTI/KVA mitigations.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel-rt (Red Hat package): 3.10.0-229.rt56.144.el6rt - 3.10.0-693.50.3.rt56.644.el6rt

MRG Realtime: 2

:


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2019:2730

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###