Patch  oval:com.redhat.rhsa:def:20183096
RHSA-2018:3096: kernel-rt security, bug fix, and enhancement update (Important)  

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391)
* kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c (CVE-2017-18344)
* kernel: Integer overflow in udl_fb_mmap() can allow attackers to execute code in kernel space (CVE-2018-8781)
* kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902)
* kernel: Missing check in inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405)
* kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830)
* kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861)
* kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661)
* kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial of service (CVE-2017-17805)
* kernel: Inifinite loop vulnerability in madvise_willneed() function allows local denial of service (CVE-2017-18208)
* kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service (CVE-2018-1120)
* kernel: a null pointer dereference in dccp_write_xmit() leads to a system crash (CVE-2018-1130)
* kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial of service (CVE-2018-5344)
* kernel: Missing length check of payload in _sctp_make_chunk() function allows denial of service (CVE-2018-5803)
* kernel: buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848)
* kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image (CVE-2018-10878)
* kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet (CVE-2018-1000026)
* kernel: Information leak when handling NM entries containing NUL (CVE-2016-4913)
* kernel: Mishandling mutex within libsas allowing local Denial of Service (CVE-2017-18232)
* kernel: NULL pointer dereference in ext4_process_freed_data() when mounting crafted ext4 image (CVE-2018-1092)
* kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes crash with crafted ext4 image (CVE-2018-1094)
* kernel: vhost: Information disclosure in vhost.c:vhost_new_msg() (CVE-2018-1118)
* kernel: Denial of service in resv_map_release function in mm/hugetlb.c (CVE-2018-7740)
* kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c (CVE-2018-7757)
* kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service (CVE-2018-10322)
* kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file (CVE-2018-10879)
* kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image (CVE-2018-10881)
* kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function (CVE-2018-10883)
* kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c (CVE-2018-10940)
Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5391; Trend Micro Zero Day Initiative for reporting CVE-2018-10902; Qualys Research Labs for reporting CVE-2018-1120; Evgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130; and Wen Xu for reporting CVE-2018-1092 and CVE-2018-1094.
Create Date: 2018-10-30 Last Update Date: 2018-10-30

Affected Platforms/Products

Affected Products (CPE + CVE references)
Total : 26
Platforms: unix (from OVAL definitions)
  • Red Hat Enterprise Linux 7

References

Total : 63 Click here to view references

Criteria

The patch should be installed
IF : Any one of the following are true
IF : Red Hat Enterprise Linux must be installed
WARNING! Unknown test oval:com.redhat.rhba:tst:20070026004. Please see help for possible reasons
IF : All of the following are true
IF : Red Hat Enterprise Linux 7 is installed
WARNING! Unknown test oval:com.redhat.rhba:tst:20150364027. Please see help for possible reasons
IF : Any one of the following are true
IF : All of the following are true
IF : kernel-rt-trace-kvm is signed with Red Hat redhatrelease2 key
WARNING! Unknown test oval:com.redhat.rhsa:tst:20160212016. Please see help for possible reasons
IF : kernel-rt-trace-kvm is earlier than 0:3.10.0-957.rt56.910.el7
WARNING! Unknown test oval:com.redhat.rhsa:tst:20183096019. Please see help for possible reasons
IF : All of the following are true
IF : kernel-rt-kvm is signed with Red Hat redhatrelease2 key
WARNING! Unknown test oval:com.redhat.rhsa:tst:20160212018. Please see help for possible reasons
IF : kernel-rt-kvm is earlier than 0:3.10.0-957.rt56.910.el7
WARNING! Unknown test oval:com.redhat.rhsa:tst:20183096017. Please see help for possible reasons
IF : All of the following are true
IF : kernel-rt-debug-kvm is signed with Red Hat redhatrelease2 key
WARNING! Unknown test oval:com.redhat.rhsa:tst:20160212020. Please see help for possible reasons
IF : kernel-rt-debug-kvm is earlier than 0:3.10.0-957.rt56.910.el7
WARNING! Unknown test oval:com.redhat.rhsa:tst:20183096015. Please see help for possible reasons
IF : All of the following are true
IF : kernel-rt-devel is signed with Red Hat redhatrelease2 key
Linux : RPM Test :  kernel-rt-devel is signed with Red Hat redhatrelease2 key 
At least one of the objects listed below must exist on the system (Existence check)
Unknown object oval:com.redhat.rhsa:obj:20150727008 (Object depth limit may be exceeded) !!!
signature_keyid equals 199e2f91fd431d51
linux : rpminfo_state 
IF : kernel-rt-devel is earlier than 0:3.10.0-957.rt56.910.el7
WARNING! Unknown test oval:com.redhat.rhsa:tst:20183096013. Please see help for possible reasons
IF : All of the following are true
IF : kernel-rt-trace is earlier than 0:3.10.0-957.rt56.910.el7
WARNING! Unknown test oval:com.redhat.rhsa:tst:20183096011. Please see help for possible reasons
IF : kernel-rt-trace is signed with Red Hat redhatrelease2 key
Linux : RPM Test :  kernel-rt-trace is signed with Red Hat redhatrelease2 key 
At least one of the objects listed below must exist on the system (Existence check)
Unknown object oval:com.redhat.rhsa:obj:20150727006 (Object depth limit may be exceeded) !!!
signature_keyid equals 199e2f91fd431d51
linux : rpminfo_state 
IF : All of the following are true
IF : kernel-rt-doc is earlier than 0:3.10.0-957.rt56.910.el7
WARNING! Unknown test oval:com.redhat.rhsa:tst:20183096001. Please see help for possible reasons
IF : kernel-rt-doc is signed with Red Hat redhatrelease2 key
WARNING! Unknown test oval:com.redhat.rhsa:tst:20150727002. Please see help for possible reasons
IF : All of the following are true
IF : kernel-rt-trace-devel is earlier than 0:3.10.0-957.rt56.910.el7
WARNING! Unknown test oval:com.redhat.rhsa:tst:20183096003. Please see help for possible reasons
IF : kernel-rt-trace-devel is signed with Red Hat redhatrelease2 key
WARNING! Unknown test oval:com.redhat.rhsa:tst:20150727004. Please see help for possible reasons
IF : All of the following are true
IF : kernel-rt is signed with Red Hat redhatrelease2 key
Linux : RPM Test :  kernel-rt is signed with Red Hat redhatrelease2 key 
At least one of the objects listed below must exist on the system (Existence check)
Unknown object oval:com.redhat.rhsa:obj:20150727005 (Object depth limit may be exceeded) !!!
signature_keyid equals 199e2f91fd431d51
linux : rpminfo_state 
IF : kernel-rt is earlier than 0:3.10.0-957.rt56.910.el7
WARNING! Unknown test oval:com.redhat.rhsa:tst:20183096005. Please see help for possible reasons
IF : All of the following are true
IF : kernel-rt-debug-devel is signed with Red Hat redhatrelease2 key
Linux : RPM Test :  kernel-rt-trace-devel is signed with Red Hat redhatrelease2 key 
At least one of the objects listed below must exist on the system (Existence check)
Unknown object oval:com.redhat.rhsa:obj:20150727007 (Object depth limit may be exceeded) !!!
signature_keyid equals 199e2f91fd431d51
linux : rpminfo_state 
IF : kernel-rt-debug-devel is earlier than 0:3.10.0-957.rt56.910.el7
WARNING! Unknown test oval:com.redhat.rhsa:tst:20183096007. Please see help for possible reasons
IF : All of the following are true
IF : kernel-rt-debug is signed with Red Hat redhatrelease2 key
Linux : RPM Test :  kernel-rt-debug is signed with Red Hat redhatrelease2 key 
At least one of the objects listed below must exist on the system (Existence check)
Unknown object oval:com.redhat.rhsa:obj:20150727009 (Object depth limit may be exceeded) !!!
signature_keyid equals 199e2f91fd431d51
linux : rpminfo_state 
IF : kernel-rt-debug is earlier than 0:3.10.0-957.rt56.910.el7
WARNING! Unknown test oval:com.redhat.rhsa:tst:20183096009. Please see help for possible reasons

Quick Help

Unknown Tests
There is a hardcoded maximum limit for number of tests displayed for a definition. For a small number of oval definitions, about ~1% of all, hundreds of test have been defined. This causes the pages to grow in size, exceed even 1mb, and they are unsuitable for display in a web page. So they are not displayed.Please refer to the xml definition files if you really want to view them.
Other Help Topics
Data Types
What is an Object?
What is a State?
What is a Test?
Other Help Topics
Regular Expression Patterns
Some object or state definitions are defined as regular expression patterns, you should interpret the regexp pattern while evaluating them.

OVAL Definitions By Referenced Objects

How does it work?   User agreement and privacy statement   About & Contact
CVE is a registred trademark of the MITRE Corporation and the authoritive source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritive source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritive source of OVAL content is MITRE's OVAL web site.
Warning: This site and all data are provided as is. It is not guaranteed that all information is accurate and complete. Use any information provided on this site at your own risk. By using this site you accept that you know that these data are provided as is and not guaranteed to be accurate, correct or complete. All trademarks appearing on this site are the property of their respective owners in the US or other countries. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss. PLEASE SEE nvd.nist.gov and oval.mitre.org for more details about OVAL language and definitions.
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor/web site owner/maintainer be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Use of OVAL and all related data is subject to terms of use defined by Mitre at http://oval.mitre.org/oval/about/termsofuse.html