Wednesday, July 11, 2018

RHSA-2018:2164 Important: kernel security and bug fix update


URL: https://access.redhat.com/errata/RHSA-2018:2164

Fixes


  • BZ - 1566890 - CVE-2018-3639 hw: cpu: speculative store bypass
  • BZ - 1575065 - CVE-2018-10675 kernel: Use-after-free vulnerability in mm/mempolicy.c:do_get_mempolicy function allows local denial-of-service or other unspecified impact
  • BZ - 1585011 - CVE-2018-3665 Kernel: FPU state information leakage via lazy FPU restore
  • BZ - 1596094 - CVE-2018-10872 kernel: error in exception handling leads to DoS (CVE-2018-8897 regression)



CVEs



  • CVE-2018-10872
    CVSS3 Base Score 6.5
    CVSS3 Base Metrics CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  • CVE-2018-3639
    CVSS3 Base Score 5.6
    CVSS3 Base Metrics CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  • CVE-2018-3665
    CVSS3 Base Score 5.6
    CVSS3 Base Metrics CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  • CVE-2018-10675
    CVSS3 Base Score 5.5
    CVSS3 Base Metrics CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H



Prioritization

As RHEL v6 systems don't face users, this vulnerability has LOW priority.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)