RHSA-2018:1062-01 -- Redhat kernel, python-perf, perfID: oval:org.secpod.oval:def:502267 | Date: (C)2018-04-13 (M)2024-04-29 |
Class: PATCH | Family: unix |
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * hw: cpu: speculative execution permission faults handling * kernel: Buffer overflow in firewire driver via crafted incoming packets * kernel: Use-after-free vulnerability in DCCP socket * Kernel: kvm: nVMX: L2 guest could access hardware CR8 register * kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation * kernel: media: use-after-free in [tuner-xc2028] media driver * kernel: drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl * kernel: Incorrect type conversion for size during dma allocation * kernel: memory leak when merging buffers in SCSI IO vectors * kernel: vfs: BUG in truncate_inode_pages_range and fuse client * kernel: Use-after-free in userfaultfd_event_wait_completion function in userfaultfd.c * kernel: net: double-free and memory corruption in get_net_ns_by_id * kernel: Use-after-free in snd_seq_ioctl_create_port * kernel: Missing capabilities check in net/netfilter/nfnetlink_cthelper.c allows for unprivileged access to systemwide nfnl_cthelper_list structure * kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity * kernel: Unallocated memory access by malicious USB device via bNumInterfaces overflow * kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c * kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject allows local users to cause a denial of service * kernel: kvm: Reachable BUG on out-of-bounds guest IRQ * Kernel: KVM: DoS via write flood to I/O port 0x80 * kernel: Stack information leak in the EFS element * kernel: Kernel address information leak in drivers/acpi/sbshc.c:acpi_smbus_hc_add function potentially allowing KASLR bypass * kernel: Race condition in sound system can lead to denial of service * kernel: multiple Low security impact security issues Red Hat would like to thank Eyal Itkin for reporting CVE-2016-8633; Google Project Zero for reporting CVE-2017-5754; Mohamed Ghannam for reporting CVE-2017-8824; Jim Mattson for reporting CVE-2017-12154; Vitaly Mayatskih for reporting CVE-2017-12190; Andrea Arcangeli for reporting CVE-2017-15126; Kirill Tkhai for reporting CVE-2017-15129; Jan H. Schonherr for reporting CVE-2017-1000252; and Armis Labs for reporting CVE-2017-1000410. The CVE-2017-15121 issue was discovered by Miklos Szeredi and the CVE-2017-15116 issue was discovered by ChunYu Wang . For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section.
Platform: |
Red Hat Enterprise Linux 7 |
Product: |
kernel |
python-perf |
perf |