Red Hat Enterprise Linux 7.6 Extended Update Support update for kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 10 |
| CVE-ID | CVE-2018-20169 CVE-2018-7191 CVE-2019-11487 CVE-2019-13233 CVE-2019-14821 CVE-2019-15916 CVE-2019-18660 CVE-2019-3901 CVE-2020-0543 CVE-2020-12888 |
| CWE-ID | CWE-119 CWE-476 CWE-399 CWE-416 CWE-787 CWE-401 CWE-200 CWE-362 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Red Hat Enterprise Linux for x86_64 - Extended Update Support Operating systems & Components / Operating system Red Hat Virtualization Host - Extended Update Support 4.2 for RHEL Operating systems & Components / Operating system Red Hat Enterprise Linux Server - TUS Operating systems & Components / Operating system Red Hat Enterprise Linux for Power, little endian - Extended Update Support Operating systems & Components / Operating system Red Hat Enterprise Linux EUS Compute Node Operating systems & Components / Operating system Red Hat Enterprise Linux for Power, big endian - Extended Update Support Operating systems & Components / Operating system Red Hat Enterprise Linux for IBM z Systems - Extended Update Support Operating systems & Components / Operating system Red Hat Enterprise Linux Server - AUS Operating systems & Components / Operating system kernel (Red Hat package) Operating systems & Components / Operating system package or component |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
1) Memory corruption
EUVDB-ID: #VU16628
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-20169
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition or execute arbitrary code on the target system.
The vulnerability exists in the USB subsystem due to improper checks on the minimum and maximum size of data allowed when reading an extra descriptor by the USB subsystem of the affected software, related to the __usb_get_extra_descriptor in the drivers/usb/core/usb.c source code file. A local attacker can insert a USB device designed to submit malicious input, trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 7.6
Red Hat Virtualization Host - Extended Update Support 4.2 for RHEL: 7.6
Red Hat Enterprise Linux Server - TUS: 7.6
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 7.6
Red Hat Enterprise Linux EUS Compute Node: 7.6
Red Hat Enterprise Linux for Power, big endian - Extended Update Support: 7.6
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 7.6
Red Hat Enterprise Linux Server - AUS: 7.6
kernel (Red Hat package): before 3.10.0-957.56.1.el7
External linkshttp://access.redhat.com/errata/RHSA-2020:2851
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU18539
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-7191
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows local users to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when processing requests to ioctl(TUNSETIFF). A local user can cause a denial of service via a malicious ioctl(TUNSETIFF) call with a dev name containing a / character.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 7.6
Red Hat Virtualization Host - Extended Update Support 4.2 for RHEL: 7.6
Red Hat Enterprise Linux Server - TUS: 7.6
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 7.6
Red Hat Enterprise Linux EUS Compute Node: 7.6
Red Hat Enterprise Linux for Power, big endian - Extended Update Support: 7.6
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 7.6
Red Hat Enterprise Linux Server - AUS: 7.6
kernel (Red Hat package): before 3.10.0-957.56.1.el7
External linkshttp://access.redhat.com/errata/RHSA-2020:2851
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource management error
EUVDB-ID: #VU21057
Risk: Low
CVSSv3.1: 2.2 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-11487
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a reference count overflow in page->_refcount that leads to a use-after-free error on systems with more than 140 GiB of RAM. A local user can send specially crafted FUSE requests that may lead to denial of service conditions.
The vulnerability is related to code in fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c files.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 7.6
Red Hat Virtualization Host - Extended Update Support 4.2 for RHEL: 7.6
Red Hat Enterprise Linux Server - TUS: 7.6
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 7.6
Red Hat Enterprise Linux EUS Compute Node: 7.6
Red Hat Enterprise Linux for Power, big endian - Extended Update Support: 7.6
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 7.6
Red Hat Enterprise Linux Server - AUS: 7.6
kernel (Red Hat package): before 3.10.0-957.56.1.el7
External linkshttp://access.redhat.com/errata/RHSA-2020:2851
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free
EUVDB-ID: #VU19110
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13233
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the arch/x86/lib/insn-eval.c file due to a race condition between modify_ldt() and a #BR exception for an MPX bounds violation when accessing LDT entry. A local user can create a specially crafted application and escalate privileges on the system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 7.6
Red Hat Virtualization Host - Extended Update Support 4.2 for RHEL: 7.6
Red Hat Enterprise Linux Server - TUS: 7.6
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 7.6
Red Hat Enterprise Linux EUS Compute Node: 7.6
Red Hat Enterprise Linux for Power, big endian - Extended Update Support: 7.6
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 7.6
Red Hat Enterprise Linux Server - AUS: 7.6
kernel (Red Hat package): before 3.10.0-957.56.1.el7
External linkshttp://access.redhat.com/errata/RHSA-2020:2851
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds write
EUVDB-ID: #VU21255
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-14821
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the KVM coalesced MMIO support functionality due to incorrect processing of shared indexes. A local user can run a specially crafted application to trigger an out-of-bounds write error and write data to arbitrary address in the kernel memory.
Successful vulnerability exploitation may allow an attacker to execute arbitrary code on the system with root privileges.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 7.6
Red Hat Virtualization Host - Extended Update Support 4.2 for RHEL: 7.6
Red Hat Enterprise Linux Server - TUS: 7.6
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 7.6
Red Hat Enterprise Linux EUS Compute Node: 7.6
Red Hat Enterprise Linux for Power, big endian - Extended Update Support: 7.6
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 7.6
Red Hat Enterprise Linux Server - AUS: 7.6
kernel (Red Hat package): before 3.10.0-957.56.1.el7
External linkshttp://access.redhat.com/errata/RHSA-2020:2851
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Memory leak
EUVDB-ID: #VU22569
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-15916
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within register_queue_kobjects() function in net/core/net-sysfs.c, which will cause denial of service. A local user can perform a denial of service attack.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 7.6
Red Hat Virtualization Host - Extended Update Support 4.2 for RHEL: 7.6
Red Hat Enterprise Linux Server - TUS: 7.6
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 7.6
Red Hat Enterprise Linux EUS Compute Node: 7.6
Red Hat Enterprise Linux for Power, big endian - Extended Update Support: 7.6
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 7.6
Red Hat Enterprise Linux Server - AUS: 7.6
kernel (Red Hat package): before 3.10.0-957.56.1.el7
External linkshttp://access.redhat.com/errata/RHSA-2020:2851
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Information disclosure
EUVDB-ID: #VU23082
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-18660
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to absent protection in Linux kernel on powerpc against the Spectre-RSB, related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 7.6
Red Hat Virtualization Host - Extended Update Support 4.2 for RHEL: 7.6
Red Hat Enterprise Linux Server - TUS: 7.6
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 7.6
Red Hat Enterprise Linux EUS Compute Node: 7.6
Red Hat Enterprise Linux for Power, big endian - Extended Update Support: 7.6
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 7.6
Red Hat Enterprise Linux Server - AUS: 7.6
kernel (Red Hat package): before 3.10.0-957.56.1.el7
External linkshttp://access.redhat.com/errata/RHSA-2020:2851
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Race condition
EUVDB-ID: #VU31093
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-3901
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to gain access to sensitive information.
A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 7.6
Red Hat Virtualization Host - Extended Update Support 4.2 for RHEL: 7.6
Red Hat Enterprise Linux Server - TUS: 7.6
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 7.6
Red Hat Enterprise Linux EUS Compute Node: 7.6
Red Hat Enterprise Linux for Power, big endian - Extended Update Support: 7.6
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 7.6
Red Hat Enterprise Linux Server - AUS: 7.6
kernel (Red Hat package): before 3.10.0-957.56.1.el7
External linkshttp://access.redhat.com/errata/RHSA-2020:2851
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Information disclosure
EUVDB-ID: #VU28928
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-0543
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to incomplete cleanup from specific special register read operations in some Intel(R) Processors. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 7.6
Red Hat Virtualization Host - Extended Update Support 4.2 for RHEL: 7.6
Red Hat Enterprise Linux Server - TUS: 7.6
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 7.6
Red Hat Enterprise Linux EUS Compute Node: 7.6
Red Hat Enterprise Linux for Power, big endian - Extended Update Support: 7.6
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 7.6
Red Hat Enterprise Linux Server - AUS: 7.6
kernel (Red Hat package): before 3.10.0-957.56.1.el7
External linkshttp://access.redhat.com/errata/RHSA-2020:2851
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper Handling of Exceptional Conditions
EUVDB-ID: #VU28159
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-12888
CWE-ID: N/A
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a deinal of service (DoS) attack.
The vulnerability exists due to the VFIO PCI driver mishandles attempts to access disabled memory space. A local user can cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 7.6
Red Hat Virtualization Host - Extended Update Support 4.2 for RHEL: 7.6
Red Hat Enterprise Linux Server - TUS: 7.6
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 7.6
Red Hat Enterprise Linux EUS Compute Node: 7.6
Red Hat Enterprise Linux for Power, big endian - Extended Update Support: 7.6
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 7.6
Red Hat Enterprise Linux Server - AUS: 7.6
kernel (Red Hat package): before 3.10.0-957.56.1.el7
External linkshttp://access.redhat.com/errata/RHSA-2020:2851
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
