RHEL 7 : kernel (RHSA-2018:3083)

high Nessus Plugin ID 118525

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3083 advisory.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391)

* kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c (CVE-2017-18344)

* kernel: Integer overflow in udl_fb_mmap() can allow attackers to execute code in kernel space (CVE-2018-8781)

* kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902)

* kernel: Missing check in inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405)

* kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830)

* kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861)

* kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661)

* kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial of service (CVE-2017-17805)

* kernel: Inifinite loop vulnerability in madvise_willneed() function allows local denial of service (CVE-2017-18208)

* kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service (CVE-2018-1120)

* kernel: a null pointer dereference in dccp_write_xmit() leads to a system crash (CVE-2018-1130)

* kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial of service (CVE-2018-5344)

* kernel: Missing length check of payload in _sctp_make_chunk() function allows denial of service (CVE-2018-5803)

* kernel: buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848)

* kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image (CVE-2018-10878)

* kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet (CVE-2018-1000026)

* kernel: Information leak when handling NM entries containing NUL (CVE-2016-4913)

* kernel: Mishandling mutex within libsas allowing local Denial of Service (CVE-2017-18232)

* kernel: NULL pointer dereference in ext4_process_freed_data() when mounting crafted ext4 image (CVE-2018-1092)

* kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes crash with crafted ext4 image (CVE-2018-1094)

* kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2018-1118)

* kernel: Denial of service in resv_map_release function in mm/hugetlb.c (CVE-2018-7740)

* kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c (CVE-2018-7757)

* kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service (CVE-2018-10322)

* kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file (CVE-2018-10879)

* kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image (CVE-2018-10881)

* kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function (CVE-2018-10883)

* kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c (CVE-2018-10940)

Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5391; Trend Micro Zero Day Initiative for reporting CVE-2018-10902; Qualys Research Labs for reporting CVE-2018-1120; Evgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130; and Wen Xu for reporting CVE-2018-1092 and CVE-2018-1094.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?0fb282dd

http://www.nessus.org/u?2b0cc1e7

https://access.redhat.com/articles/3553061

https://access.redhat.com/errata/RHSA-2018:3083

https://access.redhat.com/security/updates/classification/#important

https://bugzilla.redhat.com/show_bug.cgi?id=1314275

https://bugzilla.redhat.com/show_bug.cgi?id=1322930

https://bugzilla.redhat.com/show_bug.cgi?id=1337528

https://bugzilla.redhat.com/show_bug.cgi?id=1481136

https://bugzilla.redhat.com/show_bug.cgi?id=1488484

https://bugzilla.redhat.com/show_bug.cgi?id=1504058

https://bugzilla.redhat.com/show_bug.cgi?id=1507027

https://bugzilla.redhat.com/show_bug.cgi?id=1528312

https://bugzilla.redhat.com/show_bug.cgi?id=1568167

https://bugzilla.redhat.com/show_bug.cgi?id=1571062

https://bugzilla.redhat.com/show_bug.cgi?id=1571623

https://bugzilla.redhat.com/show_bug.cgi?id=1572983

https://bugzilla.redhat.com/show_bug.cgi?id=1573699

https://bugzilla.redhat.com/show_bug.cgi?id=1575472

https://bugzilla.redhat.com/show_bug.cgi?id=1576419

https://bugzilla.redhat.com/show_bug.cgi?id=1577408

https://bugzilla.redhat.com/show_bug.cgi?id=1584775

https://bugzilla.redhat.com/show_bug.cgi?id=1590720

https://bugzilla.redhat.com/show_bug.cgi?id=1590799

https://bugzilla.redhat.com/show_bug.cgi?id=1592654

https://bugzilla.redhat.com/show_bug.cgi?id=1596802

https://bugzilla.redhat.com/show_bug.cgi?id=1596806

https://bugzilla.redhat.com/show_bug.cgi?id=1596828

https://bugzilla.redhat.com/show_bug.cgi?id=1596846

https://bugzilla.redhat.com/show_bug.cgi?id=1599161

https://bugzilla.redhat.com/show_bug.cgi?id=1609664

https://bugzilla.redhat.com/show_bug.cgi?id=1609717

https://bugzilla.redhat.com/show_bug.cgi?id=1610958

https://bugzilla.redhat.com/show_bug.cgi?id=1533909

https://bugzilla.redhat.com/show_bug.cgi?id=1541846

https://bugzilla.redhat.com/show_bug.cgi?id=1542494

https://bugzilla.redhat.com/show_bug.cgi?id=1551051

https://bugzilla.redhat.com/show_bug.cgi?id=1551565

https://bugzilla.redhat.com/show_bug.cgi?id=1552867

https://bugzilla.redhat.com/show_bug.cgi?id=1553361

https://bugzilla.redhat.com/show_bug.cgi?id=1557434

https://bugzilla.redhat.com/show_bug.cgi?id=1557599

https://bugzilla.redhat.com/show_bug.cgi?id=1558066

https://bugzilla.redhat.com/show_bug.cgi?id=1558328

https://bugzilla.redhat.com/show_bug.cgi?id=1560777

https://bugzilla.redhat.com/show_bug.cgi?id=1560788

https://bugzilla.redhat.com/show_bug.cgi?id=1561162

https://bugzilla.redhat.com/show_bug.cgi?id=1563697

https://bugzilla.redhat.com/show_bug.cgi?id=1563994

https://bugzilla.redhat.com/show_bug.cgi?id=1564186

Plugin Details

Severity: High

ID: 118525

File Name: redhat-RHSA-2018-3083.nasl

Version: 1.17

Type: local

Agent: unix

Published: 10/31/2018

Updated: 11/5/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

Vendor

Vendor Severity: Important

CVSS v2

Risk Factor: High

Base Score: 7.6

Temporal Score: 6.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2017-10661

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2018-8781

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:bpftool, p-cpe:/a:redhat:enterprise_linux:kernel-tools, p-cpe:/a:redhat:enterprise_linux:kernel-headers, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:kernel-devel, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel, p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-kdump, p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs, p-cpe:/a:redhat:enterprise_linux:python-perf, p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel, p-cpe:/a:redhat:enterprise_linux:kernel, p-cpe:/a:redhat:enterprise_linux:kernel-debug, p-cpe:/a:redhat:enterprise_linux:perf

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/30/2018

Vulnerability Publication Date: 5/2/2016

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2015-8830, CVE-2016-4913, CVE-2017-0861, CVE-2017-10661, CVE-2017-17805, CVE-2017-18208, CVE-2017-18232, CVE-2017-18344, CVE-2017-18360, CVE-2018-1000026, CVE-2018-10322, CVE-2018-10878, CVE-2018-10879, CVE-2018-10881, CVE-2018-10883, CVE-2018-10902, CVE-2018-1092, CVE-2018-1094, CVE-2018-10940, CVE-2018-1118, CVE-2018-1120, CVE-2018-1130, CVE-2018-13405, CVE-2018-18690, CVE-2018-5344, CVE-2018-5391, CVE-2018-5803, CVE-2018-5848, CVE-2018-7740, CVE-2018-7757, CVE-2018-8781

CWE: 119, 120, 122, 125, 190, 20, 200, 284, 362, 369, 391, 400, 416, 476, 787, 833, 835

RHSA: 2018:3083