SB2020092915 - Red Hat Enterprise Linux 7 update for kernel
Published: September 29, 2020 Updated: April 24, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 43 secuirty vulnerabilities.
1) Out-of-bounds write (CVE-ID: CVE-2017-18551)
The vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a boundary error in the "drivers/i2c/i2c-core-smbus.c" file when processing untrusted input. A local authenticated user access the system and execute an application that submits malicious input to the affected software, trigger an out-of-bounds write condition in the "i2c_smbus_xfer_emulated" function and execute arbitrary code or cause a DoS condition on the target system.
2) Race condition (CVE-ID: CVE-2018-20836)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.
3) Out-of-bounds write (CVE-ID: CVE-2019-9454)
The vulnerability allows a local privileged user to execute arbitrary code.
In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
4) Race condition (CVE-ID: CVE-2019-9458)
The vulnerability allows a local authenticated user to execute arbitrary code.
In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
5) NULL pointer dereference (CVE-ID: CVE-2019-12614)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dreference error in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c due to kstrdup of prop->name. A local user can perform a denial of service (DoS) attack.
6) NULL pointer dereference (CVE-ID: CVE-2019-15217)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dreference error in drivers/media/usb/zr364xx/zr364xx.c driver. A remote attacker can perform a denial of service (DoS) attack.
7) Memory leak (CVE-ID: CVE-2019-15807)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service. A remote attacker can perform a denial of service attack.
8) Use-after-free (CVE-ID: CVE-2019-15917)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c. A remote attacker with physical proximity to the system can send specially crafted Bluetoth data and execute arbitrary code.
9) Null pointer dereference (CVE-ID: CVE-2019-16231)
The vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
10) Null pointer dereference (CVE-ID: CVE-2019-16233)
The vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
11) Memory leak (CVE-ID: CVE-2019-16994)
The vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak within the sit_init_net() function in net/ipv6/sit.c. A local user can perform denial of service attack.
12) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-17053)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the ieee802154_create() function in net/ieee802154/socket.c in the AF_IEEE802154 network module for the Linux kernel does not enforce CAP_NET_RAW when creating raw sockets. A local unprivileged user can create raw sockets on the system.
13) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-17055)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module for the Linux kernel does not enforce CAP_NET_RAW. A local unprivileged user can create a raw socket.
14) Memory leak (CVE-ID: CVE-2019-18808)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "ccp_run_sha_cmd()" function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows a local user to cause a denial of service (memory consumption).
15) Memory leak (CVE-ID: CVE-2019-19058)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "alloc_sgtable()" function in "drivers/net/wireless/intel/iwlwifi/fw/dbg.c" file. A remote attacker on the local network can cause a denial of service (memory consumption) by triggering "alloc_page()" failures.
16) Memory leak (CVE-ID: CVE-2019-19059)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "iwl_pcie_ctxt_info_gen3_init()" function in "drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c" file. A remote attacker on the local network can cause a denial of service condition (memory consumption) by triggering "iwl_pcie_init_fw_sec() or dma_alloc_coherent()" failures.
17) Memory leak (CVE-ID: CVE-2019-19062)
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "crypto_report()" function in "crypto/crypto_user_base.c" file. A local attacker can cause a denial of service condition (memory consumption) by triggering "crypto_report_alg()" failures.
18) Memory leak (CVE-ID: CVE-2019-19063)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "rtl_usb_probe()" function in "drivers/net/wireless/realtek/rtlwifi/usb.c" file. A remote attacker on the local network can cause a denial of service condition (memory consumption).19) Out-of-bounds write (CVE-ID: CVE-2019-19332)
The vulnerability allows a local authenticated user to damange or delete data.
An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service.
20) Use-after-free (CVE-ID: CVE-2019-19447)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.
21) Use-after-free (CVE-ID: CVE-2019-19523)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to use-after-free error in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. A local user can use a malicious USB device to trigger use-after-free error and execute arbitrary code on the system with elevated privileges.
22) Use-after-free (CVE-ID: CVE-2019-19524)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to use-after-free error in the drivers/input/ff-memless.c driver. A local user can use a malicious USB device to trigger use-after-free error and execute arbitrary code on the system with elevated privileges.
23) Use-after-free (CVE-ID: CVE-2019-19530)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to use-after-free error in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef. A local user can use a malicious USB device to trigger use-after-free error and execute arbitrary code on the system with elevated privileges.
24) Information disclosure (CVE-ID: CVE-2019-19534)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output within the USB driver in drivers/net/can/usb/peak_usb/pcan_usb_core.c driver. A local use can use a specially crafted USB devices to gain unauthorized access to sensitive information on the system.
25) Race condition (CVE-ID: CVE-2019-19537)
The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.
In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c.
26) Use-after-free (CVE-ID: CVE-2019-19767)
The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.
The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163.
27) Use-after-free (CVE-ID: CVE-2019-19807)
The vulnerability allows a local authenticated user to execute arbitrary code.
In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring.
28) NULL pointer dereference (CVE-ID: CVE-2019-20054)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel before 5.0.6 in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e. A local user can perform a denial of service (DoS) attack.
29) Input validation error (CVE-ID: CVE-2019-20095)
The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.
mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service.
30) Out-of-bounds write (CVE-ID: CVE-2019-20636)
The vulnerability allows a local privileged user to execute arbitrary code.
In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.
31) Cleartext transmission of sensitive information (CVE-ID: CVE-2020-1749)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted.
32) Information disclosure (CVE-ID: CVE-2020-2732)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to incomplete implementation of vmx_check_intercept on Intel processors in KVM in Linux kernel, which leads to I/O or MSR interception bitmaps are not checked. A remote attacker with access to guest operating system (e.g. L2 guest) can trick the L0 hypervisor into accessing sensitive information on the L1 hypervisor.
33) Use-after-free (CVE-ID: CVE-2020-8647)
The vulnerability allows a local authenticated user to #BASIC_IMPACT#.
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.
34) Use-after-free (CVE-ID: CVE-2020-8649)
The vulnerability allows a local authenticated user to #BASIC_IMPACT#.
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.
35) Out-of-bounds read (CVE-ID: CVE-2020-9383)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the set_fdc() function in drivers/block/floppy.c file in Linux kernel due to the FDC index is not checked for errors before assigning it. A local user can use a specially crafted application to trigger out-of-bounds read error and read contents of memory on the system.
36) Use-after-free (CVE-ID: CVE-2020-10690)
The vulnerability allows a local privileged user to execute arbitrary code.
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.
37) Use of uninitialized resource (CVE-ID: CVE-2020-10732)
The vulnerability allows a local user to read memory contents or crash the application.
The vulnerability exists due to use of uninitialized resource error within the fill_thread_core_info() function in fs/binfmt_elf.c. A local user can read memory contents or crash the application.
38) Buffer overflow (CVE-ID: CVE-2020-10742)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an index buffer overflow during Direct IO write in NFS client. A local user can force the client to reach out of the index after one memory allocation by kmalloc and cause a kernel panic.
39) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-10751)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due in the Linux kernels SELinux LSM hook implementation where the kernel incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.
40) Stack-based buffer overflow (CVE-ID: CVE-2020-10942)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the get_raw_socket() function in drivers/vhost/net.c due to lack of validation of the sk_family field. A local user can perform a specially crafted system call, trigger stack overflow and crash the kernel.
41) Input validation error (CVE-ID: CVE-2020-12770)
The vulnerability allows a local user to execute arbitrary code on the system.
The vulnerability exists due to the "sg_write" lacks an "sg_remove_request" call in a certain failure case. A local user can pass specially crafted input to the application and execute arbitrary code on the target system.
42) Integer overflow (CVE-ID: CVE-2020-12826)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in "exec_id" in "include/linux/sched.h". A local user can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
43) Out-of-bounds write (CVE-ID: CVE-2020-14305)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
An out-of-bounds memory write flaw was found in how the Linux kernel's Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Remediation
Install update from vendor's website.