- Issued:
- 2018-10-30
- Updated:
- 2018-10-30
RHSA-2018:3083 - Important: kernel security, bug fix, and enhancement update
Synopsis
Important: kernel security, bug fix, and enhancement update
Type/Severity
Security Advisory Important
Topic
An update for kernel is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
-
A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391)
-
kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c (CVE-2017-18344)
-
kernel: Integer overflow in udl_fb_mmap() can allow attackers to execute code in kernel space (CVE-2018-8781)
-
kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902)
-
kernel: Missing check in inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405)
-
kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830)
-
kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861)
-
kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661)
-
kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial of service (CVE-2017-17805)
-
kernel: Inifinite loop vulnerability in madvise_willneed() function allows local denial of service (CVE-2017-18208)
-
kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service (CVE-2018-1120)
-
kernel: a null pointer dereference in dccp_write_xmit() leads to a system crash (CVE-2018-1130)
-
kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial of service (CVE-2018-5344)
-
kernel: Missing length check of payload in _sctp_make_chunk() function allows denial of service (CVE-2018-5803)
-
kernel: buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848)
-
kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image (CVE-2018-10878)
-
kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet (CVE-2018-1000026)
-
kernel: Information leak when handling NM entries containing NUL (CVE-2016-4913)
-
kernel: Mishandling mutex within libsas allowing local Denial of Service (CVE-2017-18232)
-
kernel: NULL pointer dereference in ext4_process_freed_data() when mounting crafted ext4 image (CVE-2018-1092)
-
kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes crash with crafted ext4 image (CVE-2018-1094)
-
kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2018-1118)
-
kernel: Denial of service in resv_map_release function in mm/hugetlb.c (CVE-2018-7740)
-
kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c (CVE-2018-7757)
-
kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service (CVE-2018-10322)
-
kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file (CVE-2018-10879)
-
kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image (CVE-2018-10881)
-
kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function (CVE-2018-10883)
-
kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c (CVE-2018-10940)
Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5391; Trend Micro Zero Day Initiative for reporting CVE-2018-10902; Qualys Research Labs for reporting CVE-2018-1120; Evgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130; and Wen Xu for reporting CVE-2018-1092 and CVE-2018-1094.
Solution
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Virtualization Host | 4 | x86_64 |
| Red Hat Enterprise Linux for Scientific Computing | 7 | x86_64 |
| Red Hat Enterprise Linux for Power, little endian | 7 | ppc64le |
| Red Hat Enterprise Linux for Power, big endian | 7 | ppc64 |
| Red Hat Enterprise Linux for Power 9 | 7 | ppc64le |
| Red Hat Enterprise Linux for IBM z Systems | 7 | s390x |
| Red Hat Enterprise Linux for IBM System z (Structure A) | 7 | s390x |
| Red Hat Enterprise Linux for ARM 64 | 7 | aarch64 |
| Red Hat Enterprise Linux Workstation | 7 | x86_64 |
| Red Hat Enterprise Linux Server | 7 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 7 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian | 7 | ppc64le |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian | 7 | ppc64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) | 7 | s390x |
| Red Hat Enterprise Linux Desktop | 7 | x86_64 |
Updated Packages
- kernel-debug-devel-3.10.0-957.el7.ppc64.rpm
- kernel-debug-debuginfo-3.10.0-957.el7.ppc64le.rpm
- perf-3.10.0-957.el7.ppc64.rpm
- kernel-debug-devel-3.10.0-957.el7.x86_64.rpm
- python-perf-debuginfo-3.10.0-957.el7.ppc64.rpm
- kernel-debuginfo-3.10.0-957.el7.s390x.rpm
- kernel-debug-3.10.0-957.el7.ppc64le.rpm
- kernel-3.10.0-957.el7.ppc64.rpm
- kernel-devel-3.10.0-957.el7.ppc64.rpm
- kernel-bootwrapper-3.10.0-957.el7.ppc64le.rpm
- kernel-debuginfo-common-ppc64le-3.10.0-957.el7.ppc64le.rpm
- kernel-tools-3.10.0-957.el7.ppc64.rpm
- kernel-tools-debuginfo-3.10.0-957.el7.x86_64.rpm
- kernel-debug-3.10.0-957.el7.ppc64.rpm
- kernel-tools-libs-devel-3.10.0-957.el7.ppc64le.rpm
- perf-3.10.0-957.el7.s390x.rpm
- kernel-tools-debuginfo-3.10.0-957.el7.ppc64le.rpm
- perf-3.10.0-957.el7.x86_64.rpm
- kernel-debug-3.10.0-957.el7.x86_64.rpm
- kernel-debuginfo-common-s390x-3.10.0-957.el7.s390x.rpm
- kernel-kdump-debuginfo-3.10.0-957.el7.s390x.rpm
- kernel-headers-3.10.0-957.el7.ppc64le.rpm
- perf-debuginfo-3.10.0-957.el7.x86_64.rpm
- kernel-tools-3.10.0-957.el7.x86_64.rpm
- bpftool-3.10.0-957.el7.x86_64.rpm
- kernel-debug-debuginfo-3.10.0-957.el7.x86_64.rpm
- kernel-tools-debuginfo-3.10.0-957.el7.ppc64.rpm
- kernel-3.10.0-957.el7.x86_64.rpm
- kernel-tools-libs-3.10.0-957.el7.ppc64.rpm
- kernel-headers-3.10.0-957.el7.x86_64.rpm
- kernel-debuginfo-common-ppc64-3.10.0-957.el7.ppc64.rpm
- kernel-tools-libs-devel-3.10.0-957.el7.x86_64.rpm
- perf-debuginfo-3.10.0-957.el7.ppc64.rpm
- python-perf-3.10.0-957.el7.ppc64.rpm
- python-perf-debuginfo-3.10.0-957.el7.ppc64le.rpm
- kernel-headers-3.10.0-957.el7.ppc64.rpm
- python-perf-3.10.0-957.el7.s390x.rpm
- kernel-debuginfo-3.10.0-957.el7.ppc64le.rpm
- kernel-tools-libs-3.10.0-957.el7.x86_64.rpm
- kernel-bootwrapper-3.10.0-957.el7.ppc64.rpm
- kernel-debug-3.10.0-957.el7.s390x.rpm
- kernel-debug-devel-3.10.0-957.el7.ppc64le.rpm
- kernel-doc-3.10.0-957.el7.noarch.rpm
- kernel-devel-3.10.0-957.el7.s390x.rpm
- kernel-debug-debuginfo-3.10.0-957.el7.s390x.rpm
- kernel-tools-3.10.0-957.el7.ppc64le.rpm
- perf-debuginfo-3.10.0-957.el7.ppc64le.rpm
- python-perf-3.10.0-957.el7.ppc64le.rpm
- perf-debuginfo-3.10.0-957.el7.s390x.rpm
- python-perf-3.10.0-957.el7.x86_64.rpm
- kernel-devel-3.10.0-957.el7.ppc64le.rpm
- kernel-debuginfo-3.10.0-957.el7.x86_64.rpm
- kernel-debuginfo-common-x86_64-3.10.0-957.el7.x86_64.rpm
- kernel-kdump-devel-3.10.0-957.el7.s390x.rpm
- kernel-kdump-3.10.0-957.el7.s390x.rpm
- kernel-debug-debuginfo-3.10.0-957.el7.ppc64.rpm
- python-perf-debuginfo-3.10.0-957.el7.s390x.rpm
- python-perf-debuginfo-3.10.0-957.el7.x86_64.rpm
- kernel-debug-devel-3.10.0-957.el7.s390x.rpm
- kernel-3.10.0-957.el7.src.rpm
- kernel-tools-libs-3.10.0-957.el7.ppc64le.rpm
- kernel-headers-3.10.0-957.el7.s390x.rpm
- kernel-abi-whitelists-3.10.0-957.el7.noarch.rpm
- kernel-debuginfo-3.10.0-957.el7.ppc64.rpm
- kernel-3.10.0-957.el7.ppc64le.rpm
- kernel-tools-libs-devel-3.10.0-957.el7.ppc64.rpm
- perf-3.10.0-957.el7.ppc64le.rpm
- kernel-devel-3.10.0-957.el7.x86_64.rpm
- kernel-3.10.0-957.el7.s390x.rpm
Fixes
- This content is not included.BZ - 1314275
- This content is not included.BZ - 1322930
- This content is not included.BZ - 1337528
- This content is not included.BZ - 1481136
- This content is not included.BZ - 1488484
- This content is not included.BZ - 1504058
- This content is not included.BZ - 1507027
- This content is not included.BZ - 1528312
- This content is not included.BZ - 1533909
- This content is not included.BZ - 1541846
- This content is not included.BZ - 1542494
- This content is not included.BZ - 1551051
- This content is not included.BZ - 1551565
- This content is not included.BZ - 1552867
- This content is not included.BZ - 1553361
- This content is not included.BZ - 1557434
- This content is not included.BZ - 1557599
- This content is not included.BZ - 1558066
- This content is not included.BZ - 1558328
- This content is not included.BZ - 1560777
- This content is not included.BZ - 1560788
- This content is not included.BZ - 1561162
- This content is not included.BZ - 1563697
- This content is not included.BZ - 1563994
- This content is not included.BZ - 1564186
- This content is not included.BZ - 1568167
- This content is not included.BZ - 1571062
- This content is not included.BZ - 1571623
- This content is not included.BZ - 1572983
- This content is not included.BZ - 1573699
- This content is not included.BZ - 1575472
- This content is not included.BZ - 1576419
- This content is not included.BZ - 1577408
- This content is not included.BZ - 1584775
- This content is not included.BZ - 1590720
- This content is not included.BZ - 1590799
- This content is not included.BZ - 1592654
- This content is not included.BZ - 1596802
- This content is not included.BZ - 1596806
- This content is not included.BZ - 1596828
- This content is not included.BZ - 1596846
- This content is not included.BZ - 1599161
- This content is not included.BZ - 1609664
- This content is not included.BZ - 1609717
- This content is not included.BZ - 1610958
CVEs
- CVE-2015-8830
- CVE-2016-4913
- CVE-2017-0861
- CVE-2017-10661
- CVE-2017-17805
- CVE-2017-18208
- CVE-2017-18232
- CVE-2017-18344
- CVE-2017-18360
- CVE-2018-1092
- CVE-2018-1094
- CVE-2018-1118
- CVE-2018-1120
- CVE-2018-1130
- CVE-2018-5344
- CVE-2018-5391
- CVE-2018-5803
- CVE-2018-5848
- CVE-2018-7740
- CVE-2018-7757
- CVE-2018-8781
- CVE-2018-10322
- CVE-2018-10878
- CVE-2018-10879
- CVE-2018-10881
- CVE-2018-10883
- CVE-2018-10902
- CVE-2018-10940
- CVE-2018-13405
- CVE-2018-18690
- CVE-2018-1000026
References
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/articles/3553061
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.