rhsa-2018_0412
Vulnerability from csaf_redhat
Published
2018-03-06 21:41
Modified
2024-09-13 13:40
Summary
Red Hat Security Advisory: kernel-rt security and bug fix update
Notes
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* Kernel: KVM: MMU potential stack buffer overrun during page walks (CVE-2017-12188, Important)
* Kernel: KVM: debug exception via syscall emulation (CVE-2017-7518, Moderate)
Bug Fix(es):
* The kernel-rt packages have been upgraded to the 3.10.0-693.21.1 source tree, which provides a number of bug fixes over the previous version. (BZ#1537671)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for kernel-rt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* Kernel: KVM: MMU potential stack buffer overrun during page walks (CVE-2017-12188, Important)\n\n* Kernel: KVM: debug exception via syscall emulation (CVE-2017-7518, Moderate)\n\nBug Fix(es):\n\n* The kernel-rt packages have been upgraded to the 3.10.0-693.21.1 source tree, which provides a number of bug fixes over the previous version. (BZ#1537671)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:0412",
"url": "https://access.redhat.com/errata/RHSA-2018:0412"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1464473",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1464473"
},
{
"category": "external",
"summary": "1500380",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500380"
},
{
"category": "external",
"summary": "1537671",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1537671"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2018/rhsa-2018_0412.json"
}
],
"title": "Red Hat Security Advisory: kernel-rt security and bug fix update",
"tracking": {
"current_release_date": "2024-09-13T13:40:41+00:00",
"generator": {
"date": "2024-09-13T13:40:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2018:0412",
"initial_release_date": "2018-03-06T21:41:11+00:00",
"revision_history": [
{
"date": "2018-03-06T21:41:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-03-06T21:41:11+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-13T13:40:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.4.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras_rt:7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Realtime (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Realtime (v. 7)",
"product_id": "7Server-RT-7.4.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras_rt:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-debug-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product": {
"name": "kernel-rt-debug-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product_id": "kernel-rt-debug-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-kvm@3.10.0-693.21.1.rt56.639.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product": {
"name": "kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product_id": "kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@3.10.0-693.21.1.rt56.639.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-trace-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product": {
"name": "kernel-rt-trace-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product_id": "kernel-rt-trace-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-trace-debuginfo@3.10.0-693.21.1.rt56.639.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product": {
"name": "kernel-rt-debug-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product_id": "kernel-rt-debug-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug@3.10.0-693.21.1.rt56.639.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product": {
"name": "kernel-rt-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product_id": "kernel-rt-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-kvm-debuginfo@3.10.0-693.21.1.rt56.639.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product": {
"name": "kernel-rt-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product_id": "kernel-rt-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo@3.10.0-693.21.1.rt56.639.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-trace-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product": {
"name": "kernel-rt-trace-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product_id": "kernel-rt-trace-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-trace-devel@3.10.0-693.21.1.rt56.639.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product": {
"name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product_id": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@3.10.0-693.21.1.rt56.639.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product": {
"name": "kernel-rt-debug-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product_id": "kernel-rt-debug-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@3.10.0-693.21.1.rt56.639.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product": {
"name": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product_id": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-trace-kvm-debuginfo@3.10.0-693.21.1.rt56.639.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product": {
"name": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product_id": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-kvm-debuginfo@3.10.0-693.21.1.rt56.639.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product": {
"name": "kernel-rt-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product_id": "kernel-rt-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-kvm@3.10.0-693.21.1.rt56.639.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-trace-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product": {
"name": "kernel-rt-trace-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product_id": "kernel-rt-trace-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-trace-kvm@3.10.0-693.21.1.rt56.639.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-trace-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product": {
"name": "kernel-rt-trace-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product_id": "kernel-rt-trace-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-trace@3.10.0-693.21.1.rt56.639.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product": {
"name": "kernel-rt-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product_id": "kernel-rt-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-devel@3.10.0-693.21.1.rt56.639.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product": {
"name": "kernel-rt-debug-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product_id": "kernel-rt-debug-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-devel@3.10.0-693.21.1.rt56.639.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.src",
"product": {
"name": "kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.src",
"product_id": "kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@3.10.0-693.21.1.rt56.639.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-doc-0:3.10.0-693.21.1.rt56.639.el7.noarch",
"product": {
"name": "kernel-rt-doc-0:3.10.0-693.21.1.rt56.639.el7.noarch",
"product_id": "kernel-rt-doc-0:3.10.0-693.21.1.rt56.639.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-doc@3.10.0-693.21.1.rt56.639.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.src as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.src"
},
"product_reference": "kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.src",
"relates_to_product_reference": "7Server-NFV-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
},
"product_reference": "kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-0:3.10.0-693.21.1.rt56.639.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.4.Z:kernel-rt-debug-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
},
"product_reference": "kernel-rt-debug-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.4.Z:kernel-rt-debug-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
},
"product_reference": "kernel-rt-debug-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.4.Z:kernel-rt-debug-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
},
"product_reference": "kernel-rt-debug-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.4.Z:kernel-rt-debug-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
},
"product_reference": "kernel-rt-debug-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.4.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
},
"product_reference": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.4.Z:kernel-rt-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
},
"product_reference": "kernel-rt-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.21.1.rt56.639.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.4.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
},
"product_reference": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.4.Z:kernel-rt-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
},
"product_reference": "kernel-rt-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-doc-0:3.10.0-693.21.1.rt56.639.el7.noarch as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.4.Z:kernel-rt-doc-0:3.10.0-693.21.1.rt56.639.el7.noarch"
},
"product_reference": "kernel-rt-doc-0:3.10.0-693.21.1.rt56.639.el7.noarch",
"relates_to_product_reference": "7Server-NFV-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.4.Z:kernel-rt-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
},
"product_reference": "kernel-rt-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.4.Z:kernel-rt-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
},
"product_reference": "kernel-rt-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-0:3.10.0-693.21.1.rt56.639.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.4.Z:kernel-rt-trace-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
},
"product_reference": "kernel-rt-trace-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.4.Z:kernel-rt-trace-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
},
"product_reference": "kernel-rt-trace-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.4.Z:kernel-rt-trace-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
},
"product_reference": "kernel-rt-trace-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.4.Z:kernel-rt-trace-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
},
"product_reference": "kernel-rt-trace-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.4.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
},
"product_reference": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.src as a component of Red Hat Enterprise Linux Realtime (v. 7)",
"product_id": "7Server-RT-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.src"
},
"product_reference": "kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.src",
"relates_to_product_reference": "7Server-RT-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)",
"product_id": "7Server-RT-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
},
"product_reference": "kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-0:3.10.0-693.21.1.rt56.639.el7.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)",
"product_id": "7Server-RT-7.4.Z:kernel-rt-debug-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
},
"product_reference": "kernel-rt-debug-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)",
"product_id": "7Server-RT-7.4.Z:kernel-rt-debug-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
},
"product_reference": "kernel-rt-debug-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)",
"product_id": "7Server-RT-7.4.Z:kernel-rt-debug-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
},
"product_reference": "kernel-rt-debug-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)",
"product_id": "7Server-RT-7.4.Z:kernel-rt-debug-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
},
"product_reference": "kernel-rt-debug-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)",
"product_id": "7Server-RT-7.4.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
},
"product_reference": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)",
"product_id": "7Server-RT-7.4.Z:kernel-rt-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
},
"product_reference": "kernel-rt-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.21.1.rt56.639.el7.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)",
"product_id": "7Server-RT-7.4.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
},
"product_reference": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)",
"product_id": "7Server-RT-7.4.Z:kernel-rt-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
},
"product_reference": "kernel-rt-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-doc-0:3.10.0-693.21.1.rt56.639.el7.noarch as a component of Red Hat Enterprise Linux Realtime (v. 7)",
"product_id": "7Server-RT-7.4.Z:kernel-rt-doc-0:3.10.0-693.21.1.rt56.639.el7.noarch"
},
"product_reference": "kernel-rt-doc-0:3.10.0-693.21.1.rt56.639.el7.noarch",
"relates_to_product_reference": "7Server-RT-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)",
"product_id": "7Server-RT-7.4.Z:kernel-rt-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
},
"product_reference": "kernel-rt-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)",
"product_id": "7Server-RT-7.4.Z:kernel-rt-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
},
"product_reference": "kernel-rt-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-0:3.10.0-693.21.1.rt56.639.el7.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)",
"product_id": "7Server-RT-7.4.Z:kernel-rt-trace-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
},
"product_reference": "kernel-rt-trace-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)",
"product_id": "7Server-RT-7.4.Z:kernel-rt-trace-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
},
"product_reference": "kernel-rt-trace-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)",
"product_id": "7Server-RT-7.4.Z:kernel-rt-trace-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
},
"product_reference": "kernel-rt-trace-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)",
"product_id": "7Server-RT-7.4.Z:kernel-rt-trace-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
},
"product_reference": "kernel-rt-trace-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64 as a component of Red Hat Enterprise Linux Realtime (v. 7)",
"product_id": "7Server-RT-7.4.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
},
"product_reference": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.4.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-7518",
"cwe": {
"id": "CWE-250",
"name": "Execution with Unnecessary Privileges"
},
"discovery_date": "2017-06-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1464473"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way the Linux KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Kernel: KVM: debug exception via syscall emulation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.\n\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7. Future kernel updates for Red Hat Enterprise Linux 7\nmay address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-NFV-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.src",
"7Server-NFV-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-doc-0:3.10.0-693.21.1.rt56.639.el7.noarch",
"7Server-NFV-7.4.Z:kernel-rt-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.src",
"7Server-RT-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-doc-0:3.10.0-693.21.1.rt56.639.el7.noarch",
"7Server-RT-7.4.Z:kernel-rt-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-7518"
},
{
"category": "external",
"summary": "RHBZ#1464473",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1464473"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-7518",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7518"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7518",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7518"
}
],
"release_date": "2017-06-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-NFV-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.src",
"7Server-NFV-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-doc-0:3.10.0-693.21.1.rt56.639.el7.noarch",
"7Server-NFV-7.4.Z:kernel-rt-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.src",
"7Server-RT-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-doc-0:3.10.0-693.21.1.rt56.639.el7.noarch",
"7Server-RT-7.4.Z:kernel-rt-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0412"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-NFV-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.src",
"7Server-NFV-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-doc-0:3.10.0-693.21.1.rt56.639.el7.noarch",
"7Server-NFV-7.4.Z:kernel-rt-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.src",
"7Server-RT-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-doc-0:3.10.0-693.21.1.rt56.639.el7.noarch",
"7Server-RT-7.4.Z:kernel-rt-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Kernel: KVM: debug exception via syscall emulation"
},
{
"cve": "CVE-2017-12188",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2017-10-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1500380"
}
],
"notes": [
{
"category": "description",
"text": "The Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature enabled (nested=1), was vulnerable to a stack buffer overflow issue. The vulnerability could occur while traversing guest page table entries to resolve guest virtual address(gva). An L1 guest could use this flaw to crash the host kernel resulting in denial of service (DoS) or potentially execute arbitrary code on the host to gain privileges on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Kernel: KVM: MMU potential stack buffer overrun during page walks",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-NFV-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.src",
"7Server-NFV-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-doc-0:3.10.0-693.21.1.rt56.639.el7.noarch",
"7Server-NFV-7.4.Z:kernel-rt-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.src",
"7Server-RT-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-doc-0:3.10.0-693.21.1.rt56.639.el7.noarch",
"7Server-RT-7.4.Z:kernel-rt-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12188"
},
{
"category": "external",
"summary": "RHBZ#1500380",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500380"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12188",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12188"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12188",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12188"
}
],
"release_date": "2017-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-NFV-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.src",
"7Server-NFV-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-doc-0:3.10.0-693.21.1.rt56.639.el7.noarch",
"7Server-NFV-7.4.Z:kernel-rt-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.src",
"7Server-RT-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-doc-0:3.10.0-693.21.1.rt56.639.el7.noarch",
"7Server-RT-7.4.Z:kernel-rt-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0412"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-NFV-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.src",
"7Server-NFV-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-doc-0:3.10.0-693.21.1.rt56.639.el7.noarch",
"7Server-NFV-7.4.Z:kernel-rt-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.src",
"7Server-RT-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-doc-0:3.10.0-693.21.1.rt56.639.el7.noarch",
"7Server-RT-7.4.Z:kernel-rt-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Kernel: KVM: MMU potential stack buffer overrun during page walks"
},
{
"acknowledgments": [
{
"names": [
"Eric Biggers"
],
"organization": "Google"
}
],
"cve": "CVE-2017-18270",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2018-05-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1580979"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel in the way a local user could create keyrings for other users via keyctl commands. This may allow an attacker to set unwanted defaults, a denial of service, or possibly leak keyring information between users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: improper keyrings creation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact is Moderate, because the impact is only for userspace programs if using keyctl incorrectly. For root-level processes (usually during boot) keyctl being used securely without possibility of leaking keys between users.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-NFV-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.src",
"7Server-NFV-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-doc-0:3.10.0-693.21.1.rt56.639.el7.noarch",
"7Server-NFV-7.4.Z:kernel-rt-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.src",
"7Server-RT-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-doc-0:3.10.0-693.21.1.rt56.639.el7.noarch",
"7Server-RT-7.4.Z:kernel-rt-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-18270"
},
{
"category": "external",
"summary": "RHBZ#1580979",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1580979"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-18270",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18270"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-18270",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18270"
},
{
"category": "external",
"summary": "http://kernsec.org/pipermail/linux-security-module-archive/2017-September/003318.html",
"url": "http://kernsec.org/pipermail/linux-security-module-archive/2017-September/003318.html"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=237bbd29f7a049d310d907f4b2716a7feef9abf3",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=237bbd29f7a049d310d907f4b2716a7feef9abf3"
}
],
"release_date": "2017-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-NFV-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.src",
"7Server-NFV-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-doc-0:3.10.0-693.21.1.rt56.639.el7.noarch",
"7Server-NFV-7.4.Z:kernel-rt-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.src",
"7Server-RT-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-doc-0:3.10.0-693.21.1.rt56.639.el7.noarch",
"7Server-RT-7.4.Z:kernel-rt-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0412"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-NFV-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.src",
"7Server-NFV-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-doc-0:3.10.0-693.21.1.rt56.639.el7.noarch",
"7Server-NFV-7.4.Z:kernel-rt-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-NFV-7.4.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.src",
"7Server-RT-7.4.Z:kernel-rt-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-doc-0:3.10.0-693.21.1.rt56.639.el7.noarch",
"7Server-RT-7.4.Z:kernel-rt-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-devel-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-kvm-0:3.10.0-693.21.1.rt56.639.el7.x86_64",
"7Server-RT-7.4.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: improper keyrings creation"
}
]
}
Loading...