Red Hat Enterprise Linux 6.7 update for kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 |
| CWE-ID | CWE-200 |
| Exploitation vector | Local |
| Public exploit |
Vulnerability #1 is being exploited in the wild. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. |
| Vulnerable software Subscribe |
kernel (Red Hat package) Operating systems & Components / Operating system package or component Red Hat Enterprise Linux for Power, big endian - Extended Update Support Operating systems & Components / Operating system Red Hat Enterprise Linux for IBM z Systems - Extended Update Support Operating systems & Components / Operating system Red Hat Enterprise Linux EUS Compute Node Operating systems & Components / Operating system |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU9884
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-5753
CWE-ID:
CWE-200 - Information Exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can perform a bounds check bypass, execute arbitrary code, conduct a side-channel attack and read sensitive memory information.
MitigationInstall updates from vendor's website.
kernel (Red Hat package): 2.6.32-71.7.1.el6 - 2.6.32-573.48.1.el6
Red Hat Enterprise Linux for Power, big endian - Extended Update Support: 6.7
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 6.7
Red Hat Enterprise Linux EUS Compute Node: 6.7
CPE2.3 External links
http://access.redhat.com/errata/RHSA-2018:0496
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
2) Information disclosure
EUVDB-ID: #VU9883
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-5715
CWE-ID:
CWE-200 - Information Exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can utilize branch target injection, execute arbitrary code, perform a side-channel attack and read sensitive memory information.
MitigationInstall updates from vendor's website.
kernel (Red Hat package): 2.6.32-71.7.1.el6 - 2.6.32-573.48.1.el6
Red Hat Enterprise Linux for Power, big endian - Extended Update Support: 6.7
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 6.7
Red Hat Enterprise Linux EUS Compute Node: 6.7
CPE2.3 External links
http://access.redhat.com/errata/RHSA-2018:0496
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
3) Information disclosure
EUVDB-ID: #VU9882
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-5754
CWE-ID:
CWE-200 - Information Exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in Intel CPU hardware due to side-channel attacks, which are also referred to as Meltdown attacks. A local attacker can execute arbitrary code, perform a side-channel analysis of the data cache and gain access to sensitive information including memory from the CPU cache.
MitigationInstall updates from vendor's website.
kernel (Red Hat package): 2.6.32-71.7.1.el6 - 2.6.32-573.48.1.el6
Red Hat Enterprise Linux for Power, big endian - Extended Update Support: 6.7
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 6.7
Red Hat Enterprise Linux EUS Compute Node: 6.7
CPE2.3 External links
http://access.redhat.com/errata/RHSA-2018:0496
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
