Red Hat Enterprise Linux 7 update for kernel-alt



Published: 2020-01-21
Risk High
Patch available YES
Number of vulnerabilities 11
CVE-ID CVE-2018-18559
CVE-2018-3693
CVE-2019-10126
CVE-2019-11487
CVE-2019-14814
CVE-2019-14815
CVE-2019-14816
CVE-2019-17133
CVE-2019-18660
CVE-2019-3846
CVE-2019-8912
CWE-ID CWE-362
CWE-416
CWE-119
CWE-122
CWE-399
CWE-200
Exploitation vector Local network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #2 is available.
Public exploit code for vulnerability #11 is available.
Vulnerable software
Subscribe 		Red Hat Enterprise Linux for IBM System z (Structure A)
Operating systems & Components / Operating system

Red Hat Enterprise Linux for Power 9
Operating systems & Components / Operating system

Red Hat Enterprise Linux for ARM 64
Operating systems & Components / Operating system

kernel-alt (Red Hat package)
Operating systems & Components / Operating system package or component

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 11 vulnerabilities.

1) Privilege escalation

EUVDB-ID: #VU15526

Risk: Low

CVSSv3.1: 7.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-18559

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to improper handling of a certain multithreaded case involving packet_do_bind unregister and packet_notifier register actions after a race condition between fanout_add, from setsockopt, and a bind on an AF_PACKET socket. A local attacker can execute a program or file that submits malicious input, trigger a use-after-free condition and execute arbitrary code with kernel privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM System z (Structure A): 7.0

Red Hat Enterprise Linux for Power 9: 7.0

Red Hat Enterprise Linux for ARM 64: 7.0

kernel-alt (Red Hat package): before 4.14.0-115.17.1.el7a

External links

http://access.redhat.com/errata/RHSA-2020:0174


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Information disclosure

EUVDB-ID: #VU13850

Risk: Low

CVSSv3.1: 3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-3693

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in the design of most modern CPUs using speculative execution and branch prediction due to improper speculative execution of instructions. A local attacker can bypass bounds checks, trigger buffer overflow, perform arbitrary speculative execution and a side-channel attack to access sensitive memory information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM System z (Structure A): 7.0

Red Hat Enterprise Linux for Power 9: 7.0

Red Hat Enterprise Linux for ARM 64: 7.0

kernel-alt (Red Hat package): before 4.14.0-115.17.1.el7a

External links

http://access.redhat.com/errata/RHSA-2020:0174


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Heap-based buffer overflow

EUVDB-ID: #VU20810

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-10126

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) condition or execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the Marvell Wireless LAN device driver in "mwifiex_uap_parse_tail_ies" function in "drivers/net/wireless/marvell/mwifiex/ie.c". A local authenticated user can trigger heap-based buffer overflow and cause a denial of service (system crash) or possibly execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM System z (Structure A): 7.0

Red Hat Enterprise Linux for Power 9: 7.0

Red Hat Enterprise Linux for ARM 64: 7.0

kernel-alt (Red Hat package): before 4.14.0-115.17.1.el7a

External links

http://access.redhat.com/errata/RHSA-2020:0174


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Resource management error

EUVDB-ID: #VU21057

Risk: Low

CVSSv3.1: 2.2 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-11487

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a reference count overflow in page->_refcount that leads to a use-after-free error on systems with more than 140 GiB of RAM. A local user can send specially crafted FUSE requests that may lead to denial of service conditions.

The vulnerability is related to code in fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c files.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM System z (Structure A): 7.0

Red Hat Enterprise Linux for Power 9: 7.0

Red Hat Enterprise Linux for ARM 64: 7.0

kernel-alt (Red Hat package): before 4.14.0-115.17.1.el7a

External links

http://access.redhat.com/errata/RHSA-2020:0174


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Heap-based buffer overflow

EUVDB-ID: #VU21446

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-14814

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the mwifiex_update_vs_ie() function in the Marvell Wi-Fi chip driver in Linux kernel. A local user can run a specially crafted application to trigger a heap-based buffer overflow and execute arbitrary code on the system with elevated privileges.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM System z (Structure A): 7.0

Red Hat Enterprise Linux for Power 9: 7.0

Red Hat Enterprise Linux for ARM 64: 7.0

kernel-alt (Red Hat package): before 4.14.0-115.17.1.el7a

External links

http://access.redhat.com/errata/RHSA-2020:0174


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Heap-based buffer overflow

EUVDB-ID: #VU21445

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-14815

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the mwifiex_set_uap_rates() function in the Marvell Wi-Fi chip driver in Linux kernel. A local user can run a specially crafted application to trigger a heap-based buffer overflow and execute arbitrary code on the system with elevated privileges.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM System z (Structure A): 7.0

Red Hat Enterprise Linux for Power 9: 7.0

Red Hat Enterprise Linux for ARM 64: 7.0

kernel-alt (Red Hat package): before 4.14.0-115.17.1.el7a

External links

http://access.redhat.com/errata/RHSA-2020:0174


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Heap-based buffer overflow

EUVDB-ID: #VU21444

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-14816

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the mwifiex_set_wmm_params() function in the Marvell Wi-Fi chip driver in Linux kernel. A local user can run a specially crafted application to trigger a heap-based buffer overflow and execute arbitrary code on the system with elevated privileges.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM System z (Structure A): 7.0

Red Hat Enterprise Linux for Power 9: 7.0

Red Hat Enterprise Linux for ARM 64: 7.0

kernel-alt (Red Hat package): before 4.14.0-115.17.1.el7a

External links

http://access.redhat.com/errata/RHSA-2020:0174


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Buffer overflow

EUVDB-ID: #VU22312

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-17133

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the cfg80211_mgd_wext_giwessid function in net/wireless/wext-sme.c in Linux kernel, because the affected component does not reject a long SSID IE. A remote attacker on the local wireless network can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM System z (Structure A): 7.0

Red Hat Enterprise Linux for Power 9: 7.0

Red Hat Enterprise Linux for ARM 64: 7.0

kernel-alt (Red Hat package): before 4.14.0-115.17.1.el7a

External links

http://access.redhat.com/errata/RHSA-2020:0174


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Information disclosure

EUVDB-ID: #VU23082

Risk: Low

CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-18660

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to absent protection in Linux kernel on powerpc against the Spectre-RSB, related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM System z (Structure A): 7.0

Red Hat Enterprise Linux for Power 9: 7.0

Red Hat Enterprise Linux for ARM 64: 7.0

kernel-alt (Red Hat package): before 4.14.0-115.17.1.el7a

External links

http://access.redhat.com/errata/RHSA-2020:0174


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Buffer overflow

EUVDB-ID: #VU28399

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-3846

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM System z (Structure A): 7.0

Red Hat Enterprise Linux for Power 9: 7.0

Red Hat Enterprise Linux for ARM 64: 7.0

kernel-alt (Red Hat package): before 4.14.0-115.17.1.el7a

External links

http://access.redhat.com/errata/RHSA-2020:0174


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use-after-free

EUVDB-ID: #VU17804

Risk: Low

CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-8912

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the af_alg_release() function, as defined in the crypto/af_alg.c source code file of the affected software, fails to set a NULL value for a certain structure member. A local attacker can access the system and execute an application that submits malicious input to the affected software and trigger a use-after-free condition in the sockfs_setattr function, resulting in a DoS condition

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM System z (Structure A): 7.0

Red Hat Enterprise Linux for Power 9: 7.0

Red Hat Enterprise Linux for ARM 64: 7.0

kernel-alt (Red Hat package): before 4.14.0-115.17.1.el7a

External links

http://access.redhat.com/errata/RHSA-2020:0174


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###