RHEL 7 : kernel-rt (RHSA-2018:3096)

High Nessus Plugin ID 118528

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

An update for kernel-rt is now available for Red Hat Enterprise Linux
7.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

The kernel-rt packages provide the Real Time Linux Kernel, which
enables fine-tuning for systems with extremely high determinism
requirements.

Security Fix(es) :

* A flaw named FragmentSmack was found in the way the Linux kernel
handled reassembly of fragmented IPv4 and IPv6 packets. A remote
attacker could use this flaw to trigger time and calculation expensive
fragment reassembly algorithm by sending specially crafted packets
which could lead to a CPU saturation and hence a denial of service on
the system. (CVE-2018-5391)

* kernel: out-of-bounds access in the show_timer function in
kernel/time/ posix-timers.c (CVE-2017-18344)

* kernel: Integer overflow in udl_fb_mmap() can allow attackers to
execute code in kernel space (CVE-2018-8781)

* kernel: MIDI driver race condition leads to a double-free
(CVE-2018-10902)

* kernel: Missing check in inode_init_owner() does not clear SGID bit
on non-directories for non-members (CVE-2018-13405)

* kernel: AIO write triggers integer overflow in some protocols
(CVE-2015-8830)

* kernel: Use-after-free in snd_pcm_info function in ALSA subsystem
potentially leads to privilege escalation (CVE-2017-0861)

* kernel: Handling of might_cancel queueing is not properly pretected
against race (CVE-2017-10661)

* kernel: Salsa20 encryption algorithm does not correctly handle
zero-length inputs allowing local attackers to cause denial of service
(CVE-2017-17805)

* kernel: Inifinite loop vulnerability in madvise_willneed() function
allows local denial of service (CVE-2017-18208)

* kernel: fuse-backed file mmap-ed onto process cmdline arguments
causes denial of service (CVE-2018-1120)

* kernel: a NULL pointer dereference in dccp_write_xmit() leads to a
system crash (CVE-2018-1130)

* kernel: drivers/block/loop.c mishandles lo_release serialization
allowing denial of service (CVE-2018-5344)

* kernel: Missing length check of payload in _sctp_make_chunk()
function allows denial of service (CVE-2018-5803)

* kernel: buffer overflow in drivers/net/wireless/ath/wil6210/
wmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848)

* kernel: out-of-bound write in ext4_init_block_bitmap function with a
crafted ext4 image (CVE-2018-10878)

* kernel: Improper validation in bnx2x network card driver can allow
for denial of service attacks via crafted packet (CVE-2018-1000026)

* kernel: Information leak when handling NM entries containing NUL
(CVE-2016-4913)

* kernel: Mishandling mutex within libsas allowing local Denial of
Service (CVE-2017-18232)

* kernel: NULL pointer dereference in ext4_process_freed_data() when
mounting crafted ext4 image (CVE-2018-1092)

* kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes
crash with crafted ext4 image (CVE-2018-1094)

* kernel: vhost: Information disclosure in vhost.c:vhost_new_msg()
(CVE-2018-1118)

* kernel: Denial of service in resv_map_release function in
mm/hugetlb.c (CVE-2018-7740)

* kernel: Memory leak in the sas_smp_get_phy_events function in
drivers/scsi/ libsas/sas_expander.c (CVE-2018-7757)

* kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared()
when mounting crafted xfs image allowing denial of service
(CVE-2018-10322)

* kernel: use-after-free detected in ext4_xattr_set_entry with a
crafted file (CVE-2018-10879)

* kernel: out-of-bound access in ext4_get_group_info() when mounting
and operating a crafted ext4 image (CVE-2018-10881)

* kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata
function (CVE-2018-10883)

* kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c
(CVE-2018-10940)

Red Hat would like to thank Juha-Matti Tilli (Aalto University -
Department of Communications and Networking and Nokia Bell Labs) for
reporting CVE-2018-5391; Trend Micro Zero Day Initiative for reporting
CVE-2018-10902; Qualys Research Labs for reporting CVE-2018-1120;
Evgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130; and
Wen Xu for reporting CVE-2018-1092 and CVE-2018-1094.

Solution

Update the affected packages.

See Also

https://access.redhat.com/articles/3553061

http://www.nessus.org/u?3395ff0b

https://access.redhat.com/errata/RHSA-2018:3096

https://access.redhat.com/security/cve/cve-2015-8830

https://access.redhat.com/security/cve/cve-2016-4913

https://access.redhat.com/security/cve/cve-2017-0861

https://access.redhat.com/security/cve/cve-2017-10661

https://access.redhat.com/security/cve/cve-2017-17805

https://access.redhat.com/security/cve/cve-2017-18208

https://access.redhat.com/security/cve/cve-2017-18232

https://access.redhat.com/security/cve/cve-2017-18344

https://access.redhat.com/security/cve/cve-2017-18360

https://access.redhat.com/security/cve/cve-2018-1092

https://access.redhat.com/security/cve/cve-2018-1094

https://access.redhat.com/security/cve/cve-2018-1118

https://access.redhat.com/security/cve/cve-2018-1120

https://access.redhat.com/security/cve/cve-2018-1130

https://access.redhat.com/security/cve/cve-2018-5344

https://access.redhat.com/security/cve/cve-2018-5391

https://access.redhat.com/security/cve/cve-2018-5803

https://access.redhat.com/security/cve/cve-2018-5848

https://access.redhat.com/security/cve/cve-2018-7740

https://access.redhat.com/security/cve/cve-2018-7757

https://access.redhat.com/security/cve/cve-2018-8781

https://access.redhat.com/security/cve/cve-2018-10322

https://access.redhat.com/security/cve/cve-2018-10878

https://access.redhat.com/security/cve/cve-2018-10879

https://access.redhat.com/security/cve/cve-2018-10881

https://access.redhat.com/security/cve/cve-2018-10883

https://access.redhat.com/security/cve/cve-2018-10902

https://access.redhat.com/security/cve/cve-2018-10940

https://access.redhat.com/security/cve/cve-2018-13405

https://access.redhat.com/security/cve/cve-2018-18690

https://access.redhat.com/security/cve/cve-2018-1000026

Plugin Details

Severity: High

ID: 118528

File Name: redhat-RHSA-2018-3096.nasl

Version: 1.5

Type: local

Agent: unix

Published: 2018/10/31

Modified: 2019/02/06

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS v3.0

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:kernel-rt, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64, p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc, p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo, p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace, p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo, p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo, cpe:/o:redhat:enterprise_linux:7

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2018/10/30

Vulnerability Publication Date: 2016/05/02

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2015-8830, CVE-2016-4913, CVE-2017-0861, CVE-2017-10661, CVE-2017-17805, CVE-2017-18208, CVE-2017-18232, CVE-2017-18344, CVE-2017-18360, CVE-2018-1000026, CVE-2018-10322, CVE-2018-10878, CVE-2018-10879, CVE-2018-10881, CVE-2018-10883, CVE-2018-10902, CVE-2018-1092, CVE-2018-1094, CVE-2018-10940, CVE-2018-1118, CVE-2018-1120, CVE-2018-1130, CVE-2018-13405, CVE-2018-18690, CVE-2018-5344, CVE-2018-5391, CVE-2018-5803, CVE-2018-5848, CVE-2018-7740, CVE-2018-7757, CVE-2018-8781

RHSA: 2018:3096