SB2020052212 - Red Hat Enterprise Linux 7 update for kernel

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Double Free (CVE-ID: CVE-2017-18595)

The vulnerability allows a local user to escalate privileges in the system.

The vulnerability exists due to a boundary error within the allocate_trace_buffer() function in the kernel/trace/trace.c. A local user can run a specially crafted application to trigger a double free error and execute arbitrary code on the target system with elevated privileges.

2) Use-after-free (CVE-ID: CVE-2019-19768)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the __blk_add_trace() function in kernel/trace/blktrace.c. A local user can run a specially crafted program, trigger a use-after-free error and execute arbitrary code on the system with elevated privileges.

3) NULL pointer dereference (CVE-ID: CVE-2020-10711)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Linux kernel's SELinux subsystem when importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated.

A remote attacker can send specially crafted packets the affected system, trigger a NULL pointer dereference error and crash the Linux kernel.

Remediation

Install update from vendor's website.

References

• https://access.redhat.com/errata/RHSA-2020:2214