rhsa-2018_1170
Vulnerability from csaf_redhat
Published
2018-04-17 15:29
Modified
2024-09-13 16:50
Summary
Red Hat Security Advisory: kernel-rt security and bug fix update
Notes
Topic
An update for kernel-rt is now available for Red Hat Enterprise MRG 2.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: Use-after-free vulnerability in DCCP socket (CVE-2017-8824, Important)
* kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation (CVE-2017-13166, Important)
* kernel: Incorrect type conversion for size during dma allocation (CVE-2017-9725, Moderate)
* kernel: Use-after-free in snd_seq_ioctl_create_port() (CVE-2017-15265, Moderate)
* kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity (CVE-2017-17449, Moderate)
* kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c (CVE-2017-18017, Moderate)
* kernel: Stack information leak in the EFS element (CVE-2017-1000410, Moderate)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Mohamed Ghannam for reporting CVE-2017-8824 and Armis Labs for reporting CVE-2017-1000410.
Bug Fix(es):
* The kernel-rt packages have been upgraded to version 3.10.0-693.25.2.rt56.612, which provides a number of security and bug fixes over the previous version. (BZ#1549731)
* Intel Core X-Series (Skylake) processors use a hardcoded Time Stamp Counter (TSC) frequency of 25 MHz. In some cases this can be imprecise and lead to timing-related problems such as time drift, timers being triggered early, or TSC clock instability. This update mitigates these problems by no longer using the "native_calibrate_tsc()" function to define the TSC frequency. Refined calibration is now used to update the clock rate accordingly in these cases. (BZ#1547854)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for kernel-rt is now available for Red Hat Enterprise MRG 2.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: Use-after-free vulnerability in DCCP socket (CVE-2017-8824, Important)\n\n* kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation (CVE-2017-13166, Important)\n\n* kernel: Incorrect type conversion for size during dma allocation (CVE-2017-9725, Moderate)\n\n* kernel: Use-after-free in snd_seq_ioctl_create_port() (CVE-2017-15265, Moderate)\n\n* kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity (CVE-2017-17449, Moderate)\n\n* kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c (CVE-2017-18017, Moderate)\n\n* kernel: Stack information leak in the EFS element (CVE-2017-1000410, Moderate)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Mohamed Ghannam for reporting CVE-2017-8824 and Armis Labs for reporting CVE-2017-1000410.\n\nBug Fix(es):\n\n* The kernel-rt packages have been upgraded to version 3.10.0-693.25.2.rt56.612, which provides a number of security and bug fixes over the previous version. (BZ#1549731)\n\n* Intel Core X-Series (Skylake) processors use a hardcoded Time Stamp Counter (TSC) frequency of 25 MHz. In some cases this can be imprecise and lead to timing-related problems such as time drift, timers being triggered early, or TSC clock instability. This update mitigates these problems by no longer using the \"native_calibrate_tsc()\" function to define the TSC frequency. Refined calibration is now used to update the clock rate accordingly in these cases. (BZ#1547854)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:1170",
"url": "https://access.redhat.com/errata/RHSA-2018:1170"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1489088",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489088"
},
{
"category": "external",
"summary": "1501878",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501878"
},
{
"category": "external",
"summary": "1519160",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519160"
},
{
"category": "external",
"summary": "1519591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519591"
},
{
"category": "external",
"summary": "1525762",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525762"
},
{
"category": "external",
"summary": "1531135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531135"
},
{
"category": "external",
"summary": "1547854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547854"
},
{
"category": "external",
"summary": "1548412",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548412"
},
{
"category": "external",
"summary": "1549731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549731"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2018/rhsa-2018_1170.json"
}
],
"title": "Red Hat Security Advisory: kernel-rt security and bug fix update",
"tracking": {
"current_release_date": "2024-09-13T16:50:48+00:00",
"generator": {
"date": "2024-09-13T16:50:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2018:1170",
"initial_release_date": "2018-04-17T15:29:43+00:00",
"revision_history": [
{
"date": "2018-04-17T15:29:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-04-17T15:29:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-13T16:50:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat MRG Realtime for RHEL 6 Server v.2",
"product": {
"name": "Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise MRG for RHEL-6"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-doc-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"product": {
"name": "kernel-rt-doc-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"product_id": "kernel-rt-doc-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-doc@3.10.0-693.25.2.rt56.612.el6rt?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-firmware-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"product": {
"name": "kernel-rt-firmware-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"product_id": "kernel-rt-firmware-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-firmware@3.10.0-693.25.2.rt56.612.el6rt?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-debug-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"product": {
"name": "kernel-rt-debug-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"product_id": "kernel-rt-debug-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-devel@3.10.0-693.25.2.rt56.612.el6rt?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-vanilla-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"product": {
"name": "kernel-rt-vanilla-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"product_id": "kernel-rt-vanilla-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-vanilla-debuginfo@3.10.0-693.25.2.rt56.612.el6rt?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"product": {
"name": "kernel-rt-debug-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"product_id": "kernel-rt-debug-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug@3.10.0-693.25.2.rt56.612.el6rt?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"product": {
"name": "kernel-rt-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"product_id": "kernel-rt-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-devel@3.10.0-693.25.2.rt56.612.el6rt?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"product": {
"name": "kernel-rt-debug-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"product_id": "kernel-rt-debug-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@3.10.0-693.25.2.rt56.612.el6rt?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-trace-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"product": {
"name": "kernel-rt-trace-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"product_id": "kernel-rt-trace-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-trace-debuginfo@3.10.0-693.25.2.rt56.612.el6rt?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-vanilla-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"product": {
"name": "kernel-rt-vanilla-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"product_id": "kernel-rt-vanilla-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-vanilla-devel@3.10.0-693.25.2.rt56.612.el6rt?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"product": {
"name": "kernel-rt-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"product_id": "kernel-rt-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo@3.10.0-693.25.2.rt56.612.el6rt?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"product": {
"name": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"product_id": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@3.10.0-693.25.2.rt56.612.el6rt?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"product": {
"name": "kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"product_id": "kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@3.10.0-693.25.2.rt56.612.el6rt?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-trace-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"product": {
"name": "kernel-rt-trace-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"product_id": "kernel-rt-trace-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-trace@3.10.0-693.25.2.rt56.612.el6rt?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-vanilla-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"product": {
"name": "kernel-rt-vanilla-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"product_id": "kernel-rt-vanilla-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-vanilla@3.10.0-693.25.2.rt56.612.el6rt?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-trace-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"product": {
"name": "kernel-rt-trace-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"product_id": "kernel-rt-trace-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-trace-devel@3.10.0-693.25.2.rt56.612.el6rt?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.src",
"product": {
"name": "kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.src",
"product_id": "kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@3.10.0-693.25.2.rt56.612.el6rt?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.src as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.src"
},
"product_reference": "kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.src",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64"
},
"product_reference": "kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64"
},
"product_reference": "kernel-rt-debug-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64"
},
"product_reference": "kernel-rt-debug-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64"
},
"product_reference": "kernel-rt-debug-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64"
},
"product_reference": "kernel-rt-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64"
},
"product_reference": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64"
},
"product_reference": "kernel-rt-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-doc-1:3.10.0-693.25.2.rt56.612.el6rt.noarch as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.25.2.rt56.612.el6rt.noarch"
},
"product_reference": "kernel-rt-doc-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-firmware-1:3.10.0-693.25.2.rt56.612.el6rt.noarch as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.25.2.rt56.612.el6rt.noarch"
},
"product_reference": "kernel-rt-firmware-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64"
},
"product_reference": "kernel-rt-trace-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64"
},
"product_reference": "kernel-rt-trace-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64"
},
"product_reference": "kernel-rt-trace-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-vanilla-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64"
},
"product_reference": "kernel-rt-vanilla-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-vanilla-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64"
},
"product_reference": "kernel-rt-vanilla-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-vanilla-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64"
},
"product_reference": "kernel-rt-vanilla-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Mohamed Ghannam"
]
}
],
"cve": "CVE-2017-8824",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2017-11-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1519591"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in DCCP socket code affecting the Linux kernel since 2.6.16. This vulnerability could allow an attacker to their escalate privileges.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Use-after-free vulnerability in DCCP socket",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7, Red Hat Enterprise MRG 2 and real-time kernels. Future updates for the respective releases may address this issue.\n\nThis issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 for ARM and Red Hat Enterprise Linux 7 for Power LE.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-8824"
},
{
"category": "external",
"summary": "RHBZ#1519591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-8824",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8824"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-8824",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8824"
}
],
"release_date": "2017-12-05T05:43:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1170"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: Use-after-free vulnerability in DCCP socket"
},
{
"cve": "CVE-2017-9725",
"cwe": {
"id": "CWE-681",
"name": "Incorrect Conversion between Numeric Types"
},
"discovery_date": "2017-09-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1489088"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found where the kernel truncated the value used to indicate the size of a buffer which it would later become zero using an untruncated value. This can corrupt memory outside of the original allocation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Incorrect type conversion for size during dma allocation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2.\n\nFuture Linux kernel updates for the respective releases may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-9725"
},
{
"category": "external",
"summary": "RHBZ#1489088",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489088"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-9725",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9725"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9725",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9725"
},
{
"category": "external",
"summary": "https://source.android.com/security/bulletin/2017-09-01",
"url": "https://source.android.com/security/bulletin/2017-09-01"
}
],
"release_date": "2015-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1170"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Incorrect type conversion for size during dma allocation"
},
{
"cve": "CVE-2017-13166",
"cwe": {
"id": "CWE-266",
"name": "Incorrect Privilege Assignment"
},
"discovery_date": "2018-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1548412"
}
],
"notes": [
{
"category": "description",
"text": "A bug in the 32-bit compatibility layer of the ioctl handling code of the v4l2 video driver in the Linux kernel has been found. A memory protection mechanism ensuring that user-provided buffers always point to a userspace memory were disabled, allowing destination address to be in a kernel space. This flaw could be exploited by an attacker to overwrite a kernel memory from an unprivileged userspace process, leading to privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-13166"
},
{
"category": "external",
"summary": "RHBZ#1548412",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548412"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-13166",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13166"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-13166",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13166"
}
],
"release_date": "2017-07-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1170"
},
{
"category": "workaround",
"details": "A systemtap script intercepting v4l2_compat_ioctl32() function of the [videodev] module and making it to return -ENOIOCTLCMD error value would work just fine, except breaking all 32bit video capturing software, but not 64bit ones.\n\nAlternatively, blacklisting [videodev] module will work too, but it will break all video capturing software.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation"
},
{
"cve": "CVE-2017-15265",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2017-10-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1501878"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found when issuing an ioctl to a sound device. This could allow a user to exploit a race condition and create memory corruption or possibly privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Use-after-free in snd_seq_ioctl_create_port()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 5,6, 7, realtime and MRG-2.\n\nRed Hat Enterprise Linux 5 has transitioned to Production phase 3. \nDuring the Production 3 Phase, Critical impact Security Advisories (RHSAs) \nand selected Urgent Priority Bug Fix Advisories (RHBAs) may be released \nas they become available.\n\nThe official life cycle policy can be reviewed here:\n\nhttp://redhat.com/rhel/lifecycle\n\nFuture Linux kernel updates for the respective releases may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-15265"
},
{
"category": "external",
"summary": "RHBZ#1501878",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501878"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-15265",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15265"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-15265",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15265"
}
],
"release_date": "2017-10-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1170"
},
{
"category": "workaround",
"details": "It is possible to prevent the affected code from being loaded by blacklisting the kernel module snd_seq. Instructions relating to how to blacklist a kernel module are shown here: https://access.redhat.com/solutions/41278 \n\nAlternatively a custom permission set can be created by udev, the correct permissions will depend on your use case. Please contact Red Hat customer support for creating a rule set that can minimize flaw exposure.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Use-after-free in snd_seq_ioctl_create_port()"
},
{
"cve": "CVE-2017-17449",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2017-12-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1525762"
}
],
"notes": [
{
"category": "description",
"text": "The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel, through 4.14.4, does not restrict observations of Netlink messages to a single net namespace, when CONFIG_NLMON is enabled. This allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6, as a code with the flaw is not present or is not built in the products listed.\n\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-17449"
},
{
"category": "external",
"summary": "RHBZ#1525762",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525762"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-17449",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17449"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-17449",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17449"
}
],
"release_date": "2017-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1170"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity"
},
{
"cve": "CVE-2017-18017",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2018-01-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1531135"
}
],
"notes": [
{
"category": "description",
"text": "The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This is not currently planned to be addressed in future updates of the product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-18017"
},
{
"category": "external",
"summary": "RHBZ#1531135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531135"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-18017",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18017"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-18017",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18017"
}
],
"release_date": "2018-01-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1170"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c"
},
{
"acknowledgments": [
{
"names": [
"Armis Labs"
]
}
],
"cve": "CVE-2017-1000410",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2017-11-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1519160"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the processing of incoming L2CAP bluetooth commands. Uninitialized stack variables can be sent to an attacker leaking data in kernel address space.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Stack information leak in the EFS element",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 5.\n\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-1000410"
},
{
"category": "external",
"summary": "RHBZ#1519160",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519160"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-1000410",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000410"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000410",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000410"
}
],
"release_date": "2017-12-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1170"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.25.2.rt56.612.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.25.2.rt56.612.el6rt.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Stack information leak in the EFS element"
}
]
}
Loading...