RHEL 7 : kernel-alt (RHSA-2018:2948)

high Nessus Plugin ID 118513

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2948 advisory.

- kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation (CVE-2017-13166)

- kernel: Use-after-free in drivers/media/dvb-core/dvb_frontend.c (CVE-2017-16648)

- kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial-of-service (CVE-2017-17805)

- kernel: HMAC implementation does not validate that the underlying cryptographic hash algorithm is unkeyed allowing local attackers to cause denial-of-service (CVE-2017-17806)

- kernel: Mishandled freeing of instances in pcrypt.c can allow a local user to cause a denial of service (CVE-2017-18075)

- kernel: Inifinite loop vulnerability in mm/madvise.c:madvise_willneed() function allows local denial of service (CVE-2017-18208)

- kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c (CVE-2017-18344)

- kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet (CVE-2018-1000026)

- kernel: NULL pointer dereference on OOM kill of large mlocked process (CVE-2018-1000200)

- kernel: Infoleak caused by incorrect handling of the SG_IO ioctl (CVE-2018-1000204)

- kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service (CVE-2018-10322)

- kernel: netfilter: xtables NULL pointer dereference in ip6_tables.c:ip6t_do_table() leading to a crash (CVE-2018-1065)

- kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c (CVE-2018-1068)

- kernel: out-of-bound access in ext4_ext_drop_refs function with a crafted ext4 image (CVE-2018-10877)

- kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image (CVE-2018-10878)

- kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file (CVE-2018-10879)

- kernel: stack-out-of-bounds write in ext4_update_inline_data function (CVE-2018-10880)

- kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image (CVE-2018-10881)

- kernel: stack-out-of-bounds write infs/jbd2/transaction.c (CVE-2018-10882)

- kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function (CVE-2018-10883)

- kernel: NULL pointer dereference in ext4/mballoc.c:ext4_process_freed_data() when mounting crafted ext4 image (CVE-2018-1092)

- 0 kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c (CVE-2018-1094)

- kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c (CVE-2018-10940)

- kernel: out-of-bound access in fs/posix_acl.c:get_acl() causes crash with crafted ext4 image (CVE-2018-1095)

- kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2018-1118)

- kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service (CVE-2018-1120)

- kernel: Stack-based buffer overflow in drivers/scsi/sr_ioctl.c allows denial of service or other unspecified impact (CVE-2018-11506)

- kernel: NULL pointer dereference if close and fchownat system calls share a socket file descriptor (CVE-2018-12232)

- kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non- members (CVE-2018-13405)

- kernel: crash (possible privesc) in kernel crypto api. (CVE-2018-14619)

- kernel: a bug in ip_frag_reasm() can cause a crash in ip_do_fragment() (CVE-2018-14641)

- hw: cpu: speculative store bypass (CVE-2018-3639)

- kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial-of-service (CVE-2018-5344)

- kernel: TCP segments with random offsets allow a remote denial of service (SegmentSmack) (CVE-2018-5390)

- kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack) (CVE-2018-5391)

- kernel: Kernel address information leak in drivers/acpi/sbshc.c:acpi_smbus_hc_add() function potentially allowing KASLR bypass (CVE-2018-5750)

- kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service (CVE-2018-5803)

- kernel: buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848)

- kernel: race condition in snd_seq_write() may lead to UAF or OOB-access (CVE-2018-7566)

- kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c (CVE-2018-7757)

- kernel: Integer overflow in drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() can allow attackers to execute code in kernel space (CVE-2018-8781)

- kernel: Buffer overflow in hidp_process_report (CVE-2018-9363)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.redhat.com/1516257

https://bugzilla.redhat.com/1528312

https://bugzilla.redhat.com/1528323

https://bugzilla.redhat.com/1533909

https://bugzilla.redhat.com/1539508

https://bugzilla.redhat.com/1539706

https://bugzilla.redhat.com/1541846

https://bugzilla.redhat.com/1547824

https://bugzilla.redhat.com/1548412

https://bugzilla.redhat.com/1550142

https://bugzilla.redhat.com/1551051

https://bugzilla.redhat.com/1551565

https://bugzilla.redhat.com/1552048

https://bugzilla.redhat.com/1553361

https://bugzilla.redhat.com/1560777

https://bugzilla.redhat.com/1560788

https://bugzilla.redhat.com/1560793

https://bugzilla.redhat.com/1566890

https://bugzilla.redhat.com/1568744

https://bugzilla.redhat.com/1571062

https://bugzilla.redhat.com/1571623

https://bugzilla.redhat.com/1573699

https://bugzilla.redhat.com/1575472

https://bugzilla.redhat.com/1577408

https://bugzilla.redhat.com/1583210

https://bugzilla.redhat.com/1589324

https://bugzilla.redhat.com/1590215

https://bugzilla.redhat.com/1590799

https://bugzilla.redhat.com/1596795

https://bugzilla.redhat.com/1596802

https://bugzilla.redhat.com/1596806

https://access.redhat.com/security/cve/CVE-2018-5848

https://access.redhat.com/security/cve/CVE-2018-7566

https://access.redhat.com/security/cve/CVE-2018-7757

https://access.redhat.com/security/cve/CVE-2018-8781

https://access.redhat.com/security/cve/CVE-2018-9363

https://bugzilla.redhat.com/1596812

https://bugzilla.redhat.com/1596828

https://bugzilla.redhat.com/1596842

https://bugzilla.redhat.com/1596846

https://bugzilla.redhat.com/1599161

https://bugzilla.redhat.com/1601704

https://bugzilla.redhat.com/1609664

https://bugzilla.redhat.com/1610958

https://bugzilla.redhat.com/1622004

https://bugzilla.redhat.com/1623067

https://bugzilla.redhat.com/1629636

https://access.redhat.com/errata/RHSA-2018:2948

https://access.redhat.com/security/cve/CVE-2017-13166

https://access.redhat.com/security/cve/CVE-2017-16648

https://access.redhat.com/security/cve/CVE-2017-17805

https://access.redhat.com/security/cve/CVE-2017-17806

https://access.redhat.com/security/cve/CVE-2017-18075

https://access.redhat.com/security/cve/CVE-2017-18208

https://access.redhat.com/security/cve/CVE-2017-18344

https://access.redhat.com/security/cve/CVE-2018-1000026

https://access.redhat.com/security/cve/CVE-2018-1000200

https://access.redhat.com/security/cve/CVE-2018-1000204

https://access.redhat.com/security/cve/CVE-2018-10322

https://access.redhat.com/security/cve/CVE-2018-1065

https://access.redhat.com/security/cve/CVE-2018-1068

https://access.redhat.com/security/cve/CVE-2018-10877

https://access.redhat.com/security/cve/CVE-2018-10878

https://access.redhat.com/security/cve/CVE-2018-10879

https://access.redhat.com/security/cve/CVE-2018-10880

https://access.redhat.com/security/cve/CVE-2018-10881

https://access.redhat.com/security/cve/CVE-2018-10882

https://access.redhat.com/security/cve/CVE-2018-10883

https://access.redhat.com/security/cve/CVE-2018-1092

https://access.redhat.com/security/cve/CVE-2018-1094

https://access.redhat.com/security/cve/CVE-2018-10940

https://access.redhat.com/security/cve/CVE-2018-1095

https://access.redhat.com/security/cve/CVE-2018-1118

https://access.redhat.com/security/cve/CVE-2018-1120

https://access.redhat.com/security/cve/CVE-2018-11506

https://access.redhat.com/security/cve/CVE-2018-12232

https://access.redhat.com/security/cve/CVE-2018-13405

https://access.redhat.com/security/cve/CVE-2018-14619

https://access.redhat.com/security/cve/CVE-2018-14641

https://access.redhat.com/security/cve/CVE-2018-3639

https://access.redhat.com/security/cve/CVE-2018-5344

https://access.redhat.com/security/cve/CVE-2018-5390

https://access.redhat.com/security/cve/CVE-2018-5391

https://access.redhat.com/security/cve/CVE-2018-5750

https://access.redhat.com/security/cve/CVE-2018-5803

Plugin Details

Severity: High

ID: 118513

File Name: redhat-RHSA-2018-2948.nasl

Version: 1.15

Type: local

Agent: unix

Published: 10/31/2018

Updated: 2/20/2024

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2018-9363

CVSS v3

Risk Factor: High

Base Score: 8.4

Temporal Score: 8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:kernel, p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper, p-cpe:/a:redhat:enterprise_linux:kernel-debug, p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-devel, p-cpe:/a:redhat:enterprise_linux:kernel-headers, p-cpe:/a:redhat:enterprise_linux:kernel-kdump, p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel, p-cpe:/a:redhat:enterprise_linux:kernel-tools, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel, p-cpe:/a:redhat:enterprise_linux:perf, p-cpe:/a:redhat:enterprise_linux:python-perf, cpe:/o:redhat:enterprise_linux:7

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/30/2018

Vulnerability Publication Date: 11/7/2017

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2017-13166, CVE-2017-16648, CVE-2017-17805, CVE-2017-17806, CVE-2017-18075, CVE-2017-18208, CVE-2017-18344, CVE-2018-1000026, CVE-2018-1000200, CVE-2018-1000204, CVE-2018-10322, CVE-2018-1065, CVE-2018-1068, CVE-2018-10877, CVE-2018-10878, CVE-2018-10879, CVE-2018-10880, CVE-2018-10881, CVE-2018-10882, CVE-2018-10883, CVE-2018-1092, CVE-2018-1094, CVE-2018-10940, CVE-2018-1095, CVE-2018-1118, CVE-2018-1120, CVE-2018-11506, CVE-2018-12232, CVE-2018-13405, CVE-2018-14619, CVE-2018-14641, CVE-2018-3639, CVE-2018-5344, CVE-2018-5390, CVE-2018-5391, CVE-2018-5750, CVE-2018-5803, CVE-2018-5848, CVE-2018-7566, CVE-2018-7757, CVE-2018-8781, CVE-2018-9363

CWE: 119, 120, 121, 122, 125, 190, 20, 200, 226, 266, 284, 362, 391, 400, 416, 456, 476, 628, 665, 787, 835

RHSA: 2018:2948