Red Hat Enterprise Linux 5 Extended Lifecycle Support update for kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-5715 |
| CWE-ID | CWE-200 |
| Exploitation vector | Local |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
Red Hat Enterprise Linux for IBM z Systems Operating systems & Components / Operating system Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) Operating systems & Components / Operating system Red Hat Enterprise Linux Server - Extended Life Cycle Support Operating systems & Components / Operating system Red Hat Enterprise Linux Server Operating systems & Components / Operating system kernel (Red Hat package) Operating systems & Components / Operating system package or component |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Information disclosure
EUVDB-ID: #VU9883
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-5715
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can utilize branch target injection, execute arbitrary code, perform a side-channel attack and read sensitive memory information.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for IBM z Systems: 5.0
Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems): 5.0
Red Hat Enterprise Linux Server - Extended Life Cycle Support: 5.0
kernel (Red Hat package): 2.6.18-8.1.1.el5 - 2.6.18-426.el5
Red Hat Enterprise Linux Server: v.5
CPE2.3 External links
http://access.redhat.com/errata/RHSA-2018:1196
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
