RHSA-2018:2948 Important: kernel-alt security, bug fix, and enhancement update

Updated

The kernel-alt packages provide the Linux kernel version 4.x.

Initial Security Fixes are described in RHSA-2018:2948.

This update also fixes these remaining security issues:

Security Fix(es):

  • kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation (CVE-2017-13166)

  • kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c (CVE-2017-18344)

  • kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c (CVE-2018-1068)

  • kernel: Integer overflow in drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() can allow attackers to execute code in kernel space (CVE-2018-8781)

  • kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405)

  • kernel: crash (possible privesc) in kernel crypto api. (CVE-2018-14619)

  • kernel: a bug in ip_frag_reasm() can cause a crash in ip_do_fragment() (CVE-2018-14641)

  • kernel: Use-after-free in drivers/media/dvb-core/dvb_frontend.c (CVE-2017-16648)

  • kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial of service (CVE-2017-17805)

  • kernel: HMAC implementation does not validate that the underlying cryptographic hash algorithm is unkeyed allowing local attackers to cause denial of service (CVE-2017-17806)

  • kernel: Mishandled freeing of instances in pcrypt.c can allow a local user to cause a denial of service (CVE-2017-18075)

  • kernel: Inifinite loop vulnerability in mm/madvise.c:madvise_willneed() function allows local denial of service (CVE-2017-18208)

  • kernel: netfilter: xtables NULL pointer dereference in ip6_tables.c:ip6t_do_table() leading to a crash (CVE-2018-1065)

  • kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service (CVE-2018-1120)

  • kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial-of-service (CVE-2018-5344)

  • kernel: Kernel address information leak in drivers/acpi/sbshc.c:acpi_smbus_hc_add() function potentially allowing KASLR bypass (CVE-2018-5750)

  • kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service (CVE-2018-5803)

  • kernel: buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848)

  • kernel: race condition in snd_seq_write() may lead to UAF or OOB-access (CVE-2018-7566)

  • kernel: Buffer overflow in hidp_process_report (CVE-2018-9363)

  • kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image (CVE-2018-10878)

  • kernel: Stack-based buffer overflow in drivers/scsi/sr_ioctl.c allows denial of service or other unspecified impact (CVE-2018-11506)

  • kernel: NULL pointer dereference if close and fchownat system calls share a socket file descriptor (CVE-2018-12232)

  • kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet (CVE-2018-1000026)

  • kernel: NULL pointer dereference on OOM kill of large mlocked process (CVE-2018-1000200)

  • kernel: NULL pointer dereference in ext4/mballoc.c:ext4_process_freed_data() when mounting crafted ext4 image (CVE-2018-1092)

  • kernel: NULL pointer dereference in ext4/xattr.c:ext4_xattr_inode_hash() causes crash with crafted ext4 image (CVE-2018-1094)

  • kernel: out-of-bound access in fs/posix_acl.c:get_acl() causes crash with crafted ext4 image (CVE-2018-1095)

  • kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2018-1118)

  • kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c (CVE-2018-7757)

  • kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service (CVE-2018-10322)

  • kernel: out-of-bound access in ext4_ext_drop_refs function with a crafted ext4 image (CVE-2018-10877)

  • kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file (CVE-2018-10879)

  • kernel: stack-out-of-bounds write in ext4_update_inline_data function (CVE-2018-10880)

  • kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image (CVE-2018-10881)

  • kernel: stack-out-of-bounds write infs/jbd2/transaction.c (CVE-2018-10882)

  • kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function (CVE-2018-10883)

  • kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c (CVE-2018-10940)

  • kernel: Infoleak caused by incorrect handling of the SG_IO ioctl (CVE-2018-1000204)

Article Type