Red Hat Enterprise Linux 7 update for kernel-alt

1) Use-after-free error

EUVDB-ID: #VU16616

Risk: Low

CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2018-16884

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to bc_svc_process() use wrong back-channel id when NFS41+ shares mounted in different network namespaces at the same time. A remote attacker can use a malicious container to trigger use-after-free error and cause a system panic.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM System z (Structure A): 7.0

Red Hat Enterprise Linux for Power 9: 7.0

Red Hat Enterprise Linux for ARM 64: 7.0

kernel-alt (Red Hat package): before 4.14.0-115.26.1.el7a

CPE2.3

• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_system_z_structure_a:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_9:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:kernel-alt_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*

External links

https://access.redhat.com/errata/RHSA-2020:2854

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Race condition

EUVDB-ID: #VU35562

Risk: Low

CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-9458

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local authenticated user to execute arbitrary code.

In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM System z (Structure A): 7.0

Red Hat Enterprise Linux for Power 9: 7.0

Red Hat Enterprise Linux for ARM 64: 7.0

kernel-alt (Red Hat package): before 4.14.0-115.26.1.el7a

CPE2.3

• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_system_z_structure_a:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_9:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:kernel-alt_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*

External links

https://access.redhat.com/errata/RHSA-2020:2854

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU19138

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-11811

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local usre to elevate privileges on the system.

The vulnerability exists due to a use-after-free error when trying to read data from /proc/ioports after the ipmi_si module is removed (related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c). A local user can exploit this issue to elevate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM System z (Structure A): 7.0

Red Hat Enterprise Linux for Power 9: 7.0

Red Hat Enterprise Linux for ARM 64: 7.0

kernel-alt (Red Hat package): before 4.14.0-115.26.1.el7a

CPE2.3

• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_system_z_structure_a:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_9:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:kernel-alt_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*

External links

https://access.redhat.com/errata/RHSA-2020:2854

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free

EUVDB-ID: #VU24172

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-15917

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c. A remote attacker with physical proximity to the system can send specially crafted Bluetoth data and execute arbitrary code.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM System z (Structure A): 7.0

Red Hat Enterprise Linux for Power 9: 7.0

Red Hat Enterprise Linux for ARM 64: 7.0

kernel-alt (Red Hat package): before 4.14.0-115.26.1.el7a

CPE2.3

• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_system_z_structure_a:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_9:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:kernel-alt_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*

External links

https://access.redhat.com/errata/RHSA-2020:2854

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Memory leak

EUVDB-ID: #VU24433

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-18808

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the "ccp_run_sha_cmd()" function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows a local user to cause a denial of service (memory consumption).

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM System z (Structure A): 7.0

Red Hat Enterprise Linux for Power 9: 7.0

Red Hat Enterprise Linux for ARM 64: 7.0

kernel-alt (Red Hat package): before 4.14.0-115.26.1.el7a

CPE2.3

• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_system_z_structure_a:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_9:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:kernel-alt_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*

External links

https://access.redhat.com/errata/RHSA-2020:2854

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Memory leak

EUVDB-ID: #VU23019

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-19062

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the "crypto_report()" function in "crypto/crypto_user_base.c" file. A local attacker can cause a denial of service condition (memory consumption) by triggering "crypto_report_alg()" failures.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM System z (Structure A): 7.0

Red Hat Enterprise Linux for Power 9: 7.0

Red Hat Enterprise Linux for ARM 64: 7.0

kernel-alt (Red Hat package): before 4.14.0-115.26.1.el7a

CPE2.3

• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_system_z_structure_a:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_9:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:kernel-alt_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*

External links

https://access.redhat.com/errata/RHSA-2020:2854

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free

EUVDB-ID: #VU30553

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-19767

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM System z (Structure A): 7.0

Red Hat Enterprise Linux for Power 9: 7.0

Red Hat Enterprise Linux for ARM 64: 7.0

kernel-alt (Red Hat package): before 4.14.0-115.26.1.el7a

CPE2.3

• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_system_z_structure_a:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_9:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:kernel-alt_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*

External links

https://access.redhat.com/errata/RHSA-2020:2854

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Out-of-bounds write

EUVDB-ID: #VU30312

Risk: Low

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-20636

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local privileged user to execute arbitrary code.

In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM System z (Structure A): 7.0

Red Hat Enterprise Linux for Power 9: 7.0

Red Hat Enterprise Linux for ARM 64: 7.0

kernel-alt (Red Hat package): before 4.14.0-115.26.1.el7a

CPE2.3

• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_system_z_structure_a:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_9:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:kernel-alt_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*

External links

https://access.redhat.com/errata/RHSA-2020:2854

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Race condition

EUVDB-ID: #VU92770

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-8834

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to a crash the entire system.

KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel space of a guest VM can cause the host kernel to panic. There were 2 commits that, according to the reporter, introduced the vulnerability: f024ee098476 ('KVM: PPC: Book3S HV: Pull out TM state save/restore into separate procedures') 87a11bb6a7f7 ('KVM: PPC: Book3S HV: Work around XER[SO] bug in fake suspend mode') The former landed in 4.8, the latter in 4.17. This was fixed without realizing the impact in 4.18 with the following 3 commits, though it is believed the first is the only strictly necessary commit: 6f597c6b63b6 ('KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm()') 7b0e827c6970 ('KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm') 009c872a8bc4 ('KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file')

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM System z (Structure A): 7.0

Red Hat Enterprise Linux for Power 9: 7.0

Red Hat Enterprise Linux for ARM 64: 7.0

kernel-alt (Red Hat package): before 4.14.0-115.26.1.el7a

CPE2.3

• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_system_z_structure_a:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_9:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:kernel-alt_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*

External links

https://access.redhat.com/errata/RHSA-2020:2854

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use-after-free

EUVDB-ID: #VU46586

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-10720

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.

A flaw was found in the Linux kernel's implementation of GRO in versions before 5.2. This flaw allows an attacker with local access to crash the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM System z (Structure A): 7.0

Red Hat Enterprise Linux for Power 9: 7.0

Red Hat Enterprise Linux for ARM 64: 7.0

kernel-alt (Red Hat package): before 4.14.0-115.26.1.el7a

CPE2.3

• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_system_z_structure_a:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_9:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:kernel-alt_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*

External links

https://access.redhat.com/errata/RHSA-2020:2854

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper Handling of Exceptional Conditions

EUVDB-ID: #VU28159

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-12888

CWE-ID: N/A

Exploit availability: No

Description

The vulnerability allows a local user to perform a deinal of service (DoS) attack.

The vulnerability exists due to the VFIO PCI driver mishandles attempts to access disabled memory space. A local user can cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM System z (Structure A): 7.0

Red Hat Enterprise Linux for Power 9: 7.0

Red Hat Enterprise Linux for ARM 64: 7.0

kernel-alt (Red Hat package): before 4.14.0-115.26.1.el7a

CPE2.3

• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_system_z_structure_a:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_9:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:7.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:kernel-alt_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*

External links

https://access.redhat.com/errata/RHSA-2020:2854

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.