Red Hat Enterprise Linux 8 update for kernel
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 9 |
| CVE-ID | CVE-2019-19807 CVE-2019-3016 CVE-2020-10757 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-12653 CVE-2020-12654 CVE-2020-12888 |
| CWE-ID | CWE-416 CWE-362 CWE-269 CWE-399 CWE-20 CWE-264 CWE-787 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Red Hat Enterprise Linux for x86_64 - Extended Update Support Operating systems & Components / Operating system Red Hat Enterprise Linux Server - AUS Operating systems & Components / Operating system Red Hat Enterprise Linux for IBM z Systems - Extended Update Support Operating systems & Components / Operating system Red Hat Enterprise Linux for Power, little endian - Extended Update Support Operating systems & Components / Operating system Red Hat Enterprise Linux for ARM 64 - Extended Update Support Operating systems & Components / Operating system Red Hat Enterprise Linux Server - TUS Operating systems & Components / Operating system Red Hat CodeReady Linux Builder for ARM 64 Operating systems & Components / Operating system Red Hat CodeReady Linux Builder for Power, little endian Operating systems & Components / Operating system Red Hat CodeReady Linux Builder for x86_64 Operating systems & Components / Operating system Red Hat Enterprise Linux for ARM 64 Operating systems & Components / Operating system Red Hat Enterprise Linux for Power, little endian Operating systems & Components / Operating system Red Hat Enterprise Linux for IBM z Systems Operating systems & Components / Operating system Red Hat Enterprise Linux for x86_64 Operating systems & Components / Operating system kernel (Red Hat package) Operating systems & Components / Operating system package or component |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU30551
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-19807
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to execute arbitrary code.
In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - AUS: 8.2
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 8.2
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 8.2
Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - TUS: 8.2
Red Hat CodeReady Linux Builder for ARM 64: 8.0
Red Hat CodeReady Linux Builder for Power, little endian: 8.0
Red Hat CodeReady Linux Builder for x86_64: 8.0
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
kernel (Red Hat package): before 4.18.0-193.13.2.el8_2
External linkshttp://access.redhat.com/errata/RHSA-2020:3010
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Race condition
EUVDB-ID: #VU28411
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-3016
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to gain access to sensitive information.
In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - AUS: 8.2
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 8.2
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 8.2
Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - TUS: 8.2
Red Hat CodeReady Linux Builder for ARM 64: 8.0
Red Hat CodeReady Linux Builder for Power, little endian: 8.0
Red Hat CodeReady Linux Builder for x86_64: 8.0
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
kernel (Red Hat package): before 4.18.0-193.13.2.el8_2
External linkshttp://access.redhat.com/errata/RHSA-2020:3010
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper Privilege Management
EUVDB-ID: #VU29957
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-10757
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - AUS: 8.2
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 8.2
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 8.2
Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - TUS: 8.2
Red Hat CodeReady Linux Builder for ARM 64: 8.0
Red Hat CodeReady Linux Builder for Power, little endian: 8.0
Red Hat CodeReady Linux Builder for x86_64: 8.0
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
kernel (Red Hat package): before 4.18.0-193.13.2.el8_2
External linkshttp://access.redhat.com/errata/RHSA-2020:3010
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Race condition
EUVDB-ID: #VU47074
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-10766
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
A logic bug flaw was found in Linux kernel before 5.8-rc1 in the
implementation of SSBD. A bug in the logic handling allows an attacker
with a local account to disable SSBD protection during a context switch
when additional speculative execution mitigations are in place. This
issue was introduced when the per task/process conditional STIPB
switching was added on top of the existing SSBD switching.
Install updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - AUS: 8.2
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 8.2
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 8.2
Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - TUS: 8.2
Red Hat CodeReady Linux Builder for ARM 64: 8.0
Red Hat CodeReady Linux Builder for Power, little endian: 8.0
Red Hat CodeReady Linux Builder for x86_64: 8.0
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
kernel (Red Hat package): before 4.18.0-193.13.2.el8_2
External linkshttp://access.redhat.com/errata/RHSA-2020:3010
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Resource management error
EUVDB-ID: #VU47075
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-10767
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
A flaw was found in the Linux kernel before 5.8-rc1 in the
implementation of the Enhanced IBPB (Indirect Branch Prediction
Barrier). The IBPB mitigation will be disabled when STIBP is not
available or when the Enhanced Indirect Branch Restricted Speculation
(IBRS) is available. This flaw allows a local user to perform a Spectre
V2 style attack when this configuration is active.
Install updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - AUS: 8.2
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 8.2
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 8.2
Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - TUS: 8.2
Red Hat CodeReady Linux Builder for ARM 64: 8.0
Red Hat CodeReady Linux Builder for Power, little endian: 8.0
Red Hat CodeReady Linux Builder for x86_64: 8.0
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
kernel (Red Hat package): before 4.18.0-193.13.2.el8_2
External linkshttp://access.redhat.com/errata/RHSA-2020:3010
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU47076
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-10768
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to gain access to sensitive information.
A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - AUS: 8.2
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 8.2
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 8.2
Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - TUS: 8.2
Red Hat CodeReady Linux Builder for ARM 64: 8.0
Red Hat CodeReady Linux Builder for Power, little endian: 8.0
Red Hat CodeReady Linux Builder for x86_64: 8.0
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
kernel (Red Hat package): before 4.18.0-193.13.2.el8_2
External linkshttp://access.redhat.com/errata/RHSA-2020:3010
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU28164
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-12653
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the "mwifiex_cmd_append_vsie_tlv()" function in "drivers/net/wireless/marvell/mwifiex/scan.c" file. A local user can gain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - AUS: 8.2
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 8.2
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 8.2
Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - TUS: 8.2
Red Hat CodeReady Linux Builder for ARM 64: 8.0
Red Hat CodeReady Linux Builder for Power, little endian: 8.0
Red Hat CodeReady Linux Builder for x86_64: 8.0
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
kernel (Red Hat package): before 4.18.0-193.13.2.el8_2
External linkshttp://access.redhat.com/errata/RHSA-2020:3010
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Out-of-bounds write
EUVDB-ID: #VU28162
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-12654
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the "mwifiex_ret_wmm_get_status()" function in "drivers/net/wireless/marvell/mwifiex/wmm.c" file. A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - AUS: 8.2
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 8.2
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 8.2
Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - TUS: 8.2
Red Hat CodeReady Linux Builder for ARM 64: 8.0
Red Hat CodeReady Linux Builder for Power, little endian: 8.0
Red Hat CodeReady Linux Builder for x86_64: 8.0
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
kernel (Red Hat package): before 4.18.0-193.13.2.el8_2
External linkshttp://access.redhat.com/errata/RHSA-2020:3010
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper Handling of Exceptional Conditions
EUVDB-ID: #VU28159
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-12888
CWE-ID: N/A
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a deinal of service (DoS) attack.
The vulnerability exists due to the VFIO PCI driver mishandles attempts to access disabled memory space. A local user can cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - AUS: 8.2
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 8.2
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 8.2
Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - TUS: 8.2
Red Hat CodeReady Linux Builder for ARM 64: 8.0
Red Hat CodeReady Linux Builder for Power, little endian: 8.0
Red Hat CodeReady Linux Builder for x86_64: 8.0
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
kernel (Red Hat package): before 4.18.0-193.13.2.el8_2
External linkshttp://access.redhat.com/errata/RHSA-2020:3010
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
