Oval Definition:oval:com.redhat.rhsa:def:20183083
Revision Date:2018-10-30Version:642
Title:RHSA-2018:3083: kernel security, bug fix, and enhancement update (Important)
Description:The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391)

  • kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c (CVE-2017-18344)

  • kernel: Integer overflow in udl_fb_mmap() can allow attackers to execute code in kernel space (CVE-2018-8781)

  • kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902)

  • kernel: Missing check in inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405)

  • kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830)

  • kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861)

  • kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661)

  • kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial of service (CVE-2017-17805)

  • kernel: Inifinite loop vulnerability in madvise_willneed() function allows local denial of service (CVE-2017-18208)

  • kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service (CVE-2018-1120)

  • kernel: a null pointer dereference in dccp_write_xmit() leads to a system crash (CVE-2018-1130)

  • kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial of service (CVE-2018-5344)

  • kernel: Missing length check of payload in _sctp_make_chunk() function allows denial of service (CVE-2018-5803)

  • kernel: buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848)

  • kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image (CVE-2018-10878)

  • kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet (CVE-2018-1000026)

  • kernel: Information leak when handling NM entries containing NUL (CVE-2016-4913)

  • kernel: Mishandling mutex within libsas allowing local Denial of Service (CVE-2017-18232)

  • kernel: NULL pointer dereference in ext4_process_freed_data() when mounting crafted ext4 image (CVE-2018-1092)

  • kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes crash with crafted ext4 image (CVE-2018-1094)

  • kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2018-1118)

  • kernel: Denial of service in resv_map_release function in mm/hugetlb.c (CVE-2018-7740)

  • kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c (CVE-2018-7757)

  • kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service (CVE-2018-10322)

  • kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file (CVE-2018-10879)

  • kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image (CVE-2018-10881)

  • kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function (CVE-2018-10883)

  • kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c (CVE-2018-10940)

    Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5391; Trend Micro Zero Day Initiative for reporting CVE-2018-10902; Qualys Research Labs for reporting CVE-2018-1120; Evgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130; and Wen Xu for reporting CVE-2018-1092 and CVE-2018-1094.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2015-8830
    CVE-2016-4913
    CVE-2017-0861
    CVE-2017-10661
    CVE-2017-17805
    CVE-2017-18208
    CVE-2017-18232
    CVE-2017-18344
    CVE-2017-18360
    CVE-2018-1000026
    CVE-2018-10322
    CVE-2018-10878
    CVE-2018-10879
    CVE-2018-10881
    CVE-2018-10883
    CVE-2018-10902
    CVE-2018-1092
    CVE-2018-1094
    CVE-2018-10940
    CVE-2018-1118
    CVE-2018-1120
    CVE-2018-1130
    CVE-2018-13405
    CVE-2018-18690
    CVE-2018-5344
    CVE-2018-5391
    CVE-2018-5803
    CVE-2018-5848
    CVE-2018-7740
    CVE-2018-7757
    CVE-2018-8781
    RHSA-2018:3083
    RHSA-2018:3083-01
    Platform(s):Red Hat Enterprise Linux 7
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • kernel earlier than 0:3.10.0-957.el7 is currently running
  • OR kernel earlier than 0:3.10.0-957.el7 is set to boot up on next boot
  • AND
  • bpftool is earlier than 0:3.10.0-957.el7
  • AND bpftool is signed with Red Hat redhatrelease2 key
  • kernel is earlier than 0:3.10.0-957.el7
  • AND kernel is signed with Red Hat redhatrelease2 key
  • kernel-abi-whitelists is earlier than 0:3.10.0-957.el7
  • AND kernel-abi-whitelists is signed with Red Hat redhatrelease2 key
  • kernel-bootwrapper is earlier than 0:3.10.0-957.el7
  • AND kernel-bootwrapper is signed with Red Hat redhatrelease2 key
  • kernel-debug is earlier than 0:3.10.0-957.el7
  • AND kernel-debug is signed with Red Hat redhatrelease2 key
  • kernel-debug-devel is earlier than 0:3.10.0-957.el7
  • AND kernel-debug-devel is signed with Red Hat redhatrelease2 key
  • kernel-devel is earlier than 0:3.10.0-957.el7
  • AND kernel-devel is signed with Red Hat redhatrelease2 key
  • kernel-doc is earlier than 0:3.10.0-957.el7
  • AND kernel-doc is signed with Red Hat redhatrelease2 key
  • kernel-headers is earlier than 0:3.10.0-957.el7
  • AND kernel-headers is signed with Red Hat redhatrelease2 key
  • kernel-kdump is earlier than 0:3.10.0-957.el7
  • AND kernel-kdump is signed with Red Hat redhatrelease2 key
  • kernel-kdump-devel is earlier than 0:3.10.0-957.el7
  • AND kernel-kdump-devel is signed with Red Hat redhatrelease2 key
  • kernel-tools is earlier than 0:3.10.0-957.el7
  • AND kernel-tools is signed with Red Hat redhatrelease2 key
  • kernel-tools-libs is earlier than 0:3.10.0-957.el7
  • AND kernel-tools-libs is signed with Red Hat redhatrelease2 key
  • kernel-tools-libs-devel is earlier than 0:3.10.0-957.el7
  • AND kernel-tools-libs-devel is signed with Red Hat redhatrelease2 key
  • perf is earlier than 0:3.10.0-957.el7
  • AND perf is signed with Red Hat redhatrelease2 key
  • python-perf is earlier than 0:3.10.0-957.el7
  • AND python-perf is signed with Red Hat redhatrelease2 key
    • BACK