rhsa-2019_1190
Vulnerability from csaf_redhat
Published
2019-05-14 20:26
Modified
2024-09-13 19:50
Summary
Red Hat Security Advisory: kernel-rt security and bug fix update
Notes
Topic
An update for kernel-rt is now available for Red Hat Enterprise MRG 2.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)
* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)
* Microprocessors use a ‘load port’ subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU’s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)
* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)
* kernel: Buffer overflow in firewire driver via crafted incoming packets (CVE-2016-8633)
* kernel: crypto: privilege escalation in skcipher_recvmsg function (CVE-2017-13215)
* Kernel: ipsec: xfrm: use-after-free leading to potential privilege escalation (CVE-2017-16939)
* kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c (CVE-2018-1068)
* kernel: Use-after-free due to race condition in AF_PACKET implementation (CVE-2018-18559)
* kernel: media: use-after-free in [tuner-xc2028] media driver (CVE-2016-7913)
* kernel: Out-of-bounds access via an XFRM_MSG_MIGRATE xfrm Netlink message (CVE-2017-11600)
* kernel: memory leak when merging buffers in SCSI IO vectors (CVE-2017-12190)
* kernel: Unallocated memory access by malicious USB device via bNumInterfaces overflow (CVE-2017-17558)
* Kernel: FPU state information leakage via lazy FPU restore (CVE-2018-3665)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* update the MRG 2.5.z 3.10 kernel-rt sources (BZ#1692711)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for kernel-rt is now available for Red Hat Enterprise MRG 2.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the \u0027processor store buffer\u0027. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU\u0027s processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the \u0027load port\u0027 table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\n* kernel: Buffer overflow in firewire driver via crafted incoming packets (CVE-2016-8633)\n\n* kernel: crypto: privilege escalation in skcipher_recvmsg function (CVE-2017-13215)\n\n* Kernel: ipsec: xfrm: use-after-free leading to potential privilege escalation (CVE-2017-16939)\n\n* kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c (CVE-2018-1068)\n\n* kernel: Use-after-free due to race condition in AF_PACKET implementation (CVE-2018-18559)\n\n* kernel: media: use-after-free in [tuner-xc2028] media driver (CVE-2016-7913)\n\n* kernel: Out-of-bounds access via an XFRM_MSG_MIGRATE xfrm Netlink message (CVE-2017-11600)\n\n* kernel: memory leak when merging buffers in SCSI IO vectors (CVE-2017-12190)\n\n* kernel: Unallocated memory access by malicious USB device via bNumInterfaces overflow (CVE-2017-17558)\n\n* Kernel: FPU state information leakage via lazy FPU restore (CVE-2018-3665)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* update the MRG 2.5.z 3.10 kernel-rt sources (BZ#1692711)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:1190",
"url": "https://access.redhat.com/errata/RHSA-2019:1190"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/mds",
"url": "https://access.redhat.com/security/vulnerabilities/mds"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1391490",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1391490"
},
{
"category": "external",
"summary": "1402885",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402885"
},
{
"category": "external",
"summary": "1474928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1474928"
},
{
"category": "external",
"summary": "1495089",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495089"
},
{
"category": "external",
"summary": "1517220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517220"
},
{
"category": "external",
"summary": "1525474",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525474"
},
{
"category": "external",
"summary": "1535173",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1535173"
},
{
"category": "external",
"summary": "1552048",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552048"
},
{
"category": "external",
"summary": "1585011",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1585011"
},
{
"category": "external",
"summary": "1641878",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641878"
},
{
"category": "external",
"summary": "1646781",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646781"
},
{
"category": "external",
"summary": "1646784",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646784"
},
{
"category": "external",
"summary": "1667782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1667782"
},
{
"category": "external",
"summary": "1692711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1692711"
},
{
"category": "external",
"summary": "1705312",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705312"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2019/rhsa-2019_1190.json"
}
],
"title": "Red Hat Security Advisory: kernel-rt security and bug fix update",
"tracking": {
"current_release_date": "2024-09-13T19:50:37+00:00",
"generator": {
"date": "2024-09-13T19:50:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2019:1190",
"initial_release_date": "2019-05-14T20:26:53+00:00",
"revision_history": [
{
"date": "2019-05-14T20:26:53+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-05-14T20:26:53+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-13T19:50:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat MRG Realtime for RHEL 6 Server v.2",
"product": {
"name": "Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise MRG for RHEL-6"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"product": {
"name": "kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"product_id": "kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@3.10.0-693.47.2.rt56.641.el6rt?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"product": {
"name": "kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"product_id": "kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-trace-devel@3.10.0-693.47.2.rt56.641.el6rt?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"product": {
"name": "kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"product_id": "kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@3.10.0-693.47.2.rt56.641.el6rt?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"product": {
"name": "kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"product_id": "kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-trace-debuginfo@3.10.0-693.47.2.rt56.641.el6rt?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"product": {
"name": "kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"product_id": "kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-vanilla@3.10.0-693.47.2.rt56.641.el6rt?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"product": {
"name": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"product_id": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@3.10.0-693.47.2.rt56.641.el6rt?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"product": {
"name": "kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"product_id": "kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-trace@3.10.0-693.47.2.rt56.641.el6rt?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"product": {
"name": "kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"product_id": "kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug@3.10.0-693.47.2.rt56.641.el6rt?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"product": {
"name": "kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"product_id": "kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-devel@3.10.0-693.47.2.rt56.641.el6rt?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"product": {
"name": "kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"product_id": "kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo@3.10.0-693.47.2.rt56.641.el6rt?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"product": {
"name": "kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"product_id": "kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-vanilla-devel@3.10.0-693.47.2.rt56.641.el6rt?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"product": {
"name": "kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"product_id": "kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-devel@3.10.0-693.47.2.rt56.641.el6rt?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"product": {
"name": "kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"product_id": "kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-vanilla-debuginfo@3.10.0-693.47.2.rt56.641.el6rt?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"product": {
"name": "kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"product_id": "kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@3.10.0-693.47.2.rt56.641.el6rt?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"product": {
"name": "kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"product_id": "kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-doc@3.10.0-693.47.2.rt56.641.el6rt?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"product": {
"name": "kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"product_id": "kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-firmware@3.10.0-693.47.2.rt56.641.el6rt?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src"
},
"product_reference": "kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
},
"product_reference": "kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
},
"product_reference": "kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
},
"product_reference": "kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
},
"product_reference": "kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
},
"product_reference": "kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
},
"product_reference": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
},
"product_reference": "kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch"
},
"product_reference": "kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch"
},
"product_reference": "kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
},
"product_reference": "kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
},
"product_reference": "kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
},
"product_reference": "kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
},
"product_reference": "kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
},
"product_reference": "kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
},
"product_reference": "kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-7913",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2016-01-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1402885"
}
],
"notes": [
{
"category": "description",
"text": "The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: media: use-after-free in [tuner-xc2028] media driver",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code with the flaw is not present in the products listed.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG-2. Future Linux kernel updates for the respective releases might address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-7913"
},
{
"category": "external",
"summary": "RHBZ#1402885",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402885"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-7913",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7913"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-7913",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7913"
}
],
"release_date": "2016-01-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:1190"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: media: use-after-free in [tuner-xc2028] media driver"
},
{
"acknowledgments": [
{
"names": [
"Eyal Itkin"
]
}
],
"cve": "CVE-2016-8633",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2016-11-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1391490"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overflow vulnerability due to a lack of input filtering of incoming fragmented datagrams was found in the IP-over-1394 driver [firewire-net] in a fragment handling code in the Linux kernel. The vulnerability exists since firewire supported IPv4, i.e. since version 2.6.31 (year 2009) till version v4.9-rc4. A maliciously formed fragment with a respectively large datagram offset would cause a memcpy() past the datagram buffer, which would cause a system panic or possible arbitrary code execution.\r\n\r\nThe flaw requires [firewire-net] module to be loaded and is remotely exploitable from connected firewire devices, but not over a local network.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Buffer overflow in firewire driver via crafted incoming packets",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG 2.x. This issue has been rated as having Moderate security impact. Future Linux kernel updates for the respective releases might address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-8633"
},
{
"category": "external",
"summary": "RHBZ#1391490",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1391490"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-8633",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8633"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8633",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8633"
}
],
"release_date": "2016-11-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:1190"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 5.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: Buffer overflow in firewire driver via crafted incoming packets"
},
{
"cve": "CVE-2017-11600",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2017-07-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1474928"
}
],
"notes": [
{
"category": "description",
"text": "The xfrm_migrate() function in the net/xfrm/xfrm_policy.c file in the Linux kernel built with CONFIG_XFRM_MIGRATE does not verify if the dir parameter is less than XFRM_POLICY_MAX. This allows a local attacker to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact by sending a XFRM_MSG_MIGRATE netlink message. This flaw is present in the Linux kernel since an introduction of XFRM_MSG_MIGRATE in 2.6.21-rc1, up to 4.13-rc3.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Out-of-bounds access via an XFRM_MSG_MIGRATE xfrm Netlink message",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 as the code with the flaw is not present in the products listed or is not exploitable.\n\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates for these products may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-11600"
},
{
"category": "external",
"summary": "RHBZ#1474928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1474928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-11600",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11600"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-11600",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11600"
}
],
"release_date": "2017-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:1190"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Out-of-bounds access via an XFRM_MSG_MIGRATE xfrm Netlink message"
},
{
"acknowledgments": [
{
"names": [
"Vitaly Mayatskih"
]
}
],
"cve": "CVE-2017-12190",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2017-09-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1495089"
}
],
"notes": [
{
"category": "description",
"text": "It was found that in the Linux kernel through v4.14-rc5, bio_map_user_iov() and bio_unmap_user() in \u0027block/bio.c\u0027 do unbalanced pages refcounting if IO vector has small consecutive buffers belonging to the same page. bio_add_pc_page() merges them into one, but the page reference is never dropped, causing a memory leak and possible system lockup due to out-of-memory condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: memory leak when merging buffers in SCSI IO vectors",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This is not currently planned to be addressed in future updates of the product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future updates for the respective releases may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12190"
},
{
"category": "external",
"summary": "RHBZ#1495089",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495089"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12190",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12190"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12190",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12190"
}
],
"release_date": "2017-09-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:1190"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: memory leak when merging buffers in SCSI IO vectors"
},
{
"cve": "CVE-2017-13215",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2018-01-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1535173"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel\u0027s skcipher component, which affects the skcipher_recvmsg function. Attackers using a specific input can lead to a privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: crypto: privilege escalation in skcipher_recvmsg function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6, and kernel-alt packages.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7, MRG-2 and real-time kernels.\n\nFuture Linux kernel updates for the respective releases may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-13215"
},
{
"category": "external",
"summary": "RHBZ#1535173",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1535173"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-13215",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13215"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-13215",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13215"
}
],
"release_date": "2018-01-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:1190"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: crypto: privilege escalation in skcipher_recvmsg function"
},
{
"cve": "CVE-2017-16939",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2017-11-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1517220"
}
],
"notes": [
{
"category": "description",
"text": "The Linux kernel is vulerable to a use-after-free flaw when Transformation User configuration interface(CONFIG_XFRM_USER) compile-time configuration were enabled. This vulnerability occurs while closing a xfrm netlink socket in xfrm_dump_policy_done. A user/process could abuse this flaw to potentially escalate their privileges on a system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Kernel: ipsec: xfrm: use-after-free leading to potential privilege escalation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.\n\nThis issue affects the version of the kernel package as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2 may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-16939"
},
{
"category": "external",
"summary": "RHBZ#1517220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-16939",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16939"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-16939",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16939"
}
],
"release_date": "2017-11-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:1190"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Kernel: ipsec: xfrm: use-after-free leading to potential privilege escalation"
},
{
"cve": "CVE-2017-17558",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2017-12-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1525474"
}
],
"notes": [
{
"category": "description",
"text": "The usb_destroy_configuration() function, in \u0027drivers/usb/core/config.c\u0027 in the USB core subsystem, in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources. This allows local users to cause a denial of service, due to out-of-bounds write access, or possibly have unspecified other impact via a crafted USB device. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Unallocated memory access by malicious USB device via bNumInterfaces overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This is not currently planned to be addressed in future updates of the product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-17558"
},
{
"category": "external",
"summary": "RHBZ#1525474",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525474"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-17558",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-17558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17558"
}
],
"release_date": "2017-12-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:1190"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Unallocated memory access by malicious USB device via bNumInterfaces overflow"
},
{
"cve": "CVE-2018-1068",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2018-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1552048"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel\u0027s implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1068"
},
{
"category": "external",
"summary": "RHBZ#1552048",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552048"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1068",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1068"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1068",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1068"
}
],
"release_date": "2018-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:1190"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c"
},
{
"acknowledgments": [
{
"names": [
"Julian Stecklina"
],
"organization": "Amazon.de"
},
{
"names": [
"Thomas Prescher"
],
"organization": "cyberus-technology.de"
},
{
"names": [
"Zdenek Sojka"
],
"organization": "sysgo.com"
}
],
"cve": "CVE-2018-3665",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2018-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1585011"
}
],
"notes": [
{
"category": "description",
"text": "A Floating Point Unit (FPU) state information leakage flaw was found in the way the Linux kernel saved and restored the FPU state during task switch. Linux kernels that follow the \"Lazy FPU Restore\" scheme are vulnerable to the FPU state information leakage issue. An unprivileged local attacker could use this flaw to read FPU state bits by conducting targeted cache side-channel attacks, similar to the Meltdown vulnerability disclosed earlier this year.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Kernel: FPU state information leakage via lazy FPU restore",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7, and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6, 7, and Red Hat Enterprise MRG 2 may address this issue.\n\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and\nmaintenance life cycle. This has been rated as having Moderate security\nimpact and is not currently planned to be addressed in future updates. For\nadditional information, refer to the Red Hat Enterprise Linux Life\nCycle: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-3665"
},
{
"category": "external",
"summary": "RHBZ#1585011",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1585011"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-3665",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3665"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-3665",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3665"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2018/06/15/5",
"url": "http://www.openwall.com/lists/oss-security/2018/06/15/5"
},
{
"category": "external",
"summary": "https://access.redhat.com/solutions/3485131",
"url": "https://access.redhat.com/solutions/3485131"
},
{
"category": "external",
"summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html"
}
],
"release_date": "2018-06-13T21:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:1190"
},
{
"category": "workaround",
"details": "RHEL-7 will automatically default to (safe) \u201ceager\u201d floating point register restore on Sandy Bridge and newer Intel processors. AMD processors are not affected. You can mitigate this issue on older processors by booting the kernel with the \u0027eagerfpu=on\u0027 parameter to enable eager FPU restore mode. In this mode FPU state is saved and restored for every task/context switch regardless of whether the current process invokes FPU instructions or not. The parameter does not affect performance negatively, and can be applied with no adverse effects to processors that are not affected.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Kernel: FPU state information leakage via lazy FPU restore"
},
{
"cve": "CVE-2018-12126",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2018-11-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1646781"
}
],
"notes": [
{
"category": "description",
"text": "Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the \u0027processor store buffer\u0027. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU\u0027s processor store buffer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hardware: Microarchitectural Store Buffer Data Sampling (MSBDS)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the \u0027Vulnerability Response\u0027 URL.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-12126"
},
{
"category": "external",
"summary": "RHBZ#1646781",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646781"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-12126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12126",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12126"
},
{
"category": "external",
"summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html"
}
],
"release_date": "2019-05-14T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:1190"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hardware: Microarchitectural Store Buffer Data Sampling (MSBDS)"
},
{
"cve": "CVE-2018-12127",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2019-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1667782"
}
],
"notes": [
{
"category": "description",
"text": "Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the \u0027load port\u0027 table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the \u0027Vulnerability Response\u0027 URL.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-12127"
},
{
"category": "external",
"summary": "RHBZ#1667782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1667782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-12127",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12127",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12127"
},
{
"category": "external",
"summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html"
}
],
"release_date": "2019-05-14T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:1190"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS)"
},
{
"cve": "CVE-2018-12130",
"cwe": {
"id": "CWE-226",
"name": "Sensitive Information in Resource Not Removed Before Reuse"
},
"discovery_date": "2018-11-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1646784"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the \u0027Vulnerability Response\u0027 URL.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-12130"
},
{
"category": "external",
"summary": "RHBZ#1646784",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646784"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-12130",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12130",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12130"
}
],
"release_date": "2019-05-14T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:1190"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS)"
},
{
"cve": "CVE-2018-18559",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2018-10-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1641878"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free flaw can occur in the Linux kernel due to a race condition between packet_do_bind() and packet_notifier() functions called for an AF_PACKET socket. An unprivileged, local user could use this flaw to induce kernel memory corruption on the system, leading to an unresponsive system or to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Use-after-free due to race condition in AF_PACKET implementation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-18559"
},
{
"category": "external",
"summary": "RHBZ#1641878",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641878"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-18559",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18559"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18559",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18559"
},
{
"category": "external",
"summary": "https://blogs.securiteam.com/index.php/archives/3731",
"url": "https://blogs.securiteam.com/index.php/archives/3731"
}
],
"release_date": "2018-06-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:1190"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: Use-after-free due to race condition in AF_PACKET implementation"
},
{
"cve": "CVE-2019-11091",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2018-11-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1705312"
}
],
"notes": [
{
"category": "description",
"text": "Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the \u0027Vulnerability Response\u0027 URL.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11091"
},
{
"category": "external",
"summary": "RHBZ#1705312",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705312"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11091",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11091",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11091"
}
],
"release_date": "2019-05-14T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:1190"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)"
}
]
}
Loading...