RHSA-2018:2948HighCVSS 8.1

Red Hat Security Advisory: kernel-alt security, bug fix, and enhancement update

Published
October 30, 2018
Last Modified
May 29, 2026

🔗 CVE IDs covered (42)

CVE-2018-10881CVE-2018-10883CVE-2018-10940CVE-2018-14619CVE-2017-16648CVE-2017-17806CVE-2018-7757CVE-2018-8781CVE-2018-10877CVE-2018-13405CVE-2017-17805CVE-2018-5803CVE-2018-11506CVE-2018-1095CVE-2018-5390CVE-2018-5750CVE-2018-7566CVE-2018-10882CVE-2018-5344CVE-2018-9363CVE-2018-10880CVE-2018-10878CVE-2018-1065CVE-2018-1092CVE-2018-1118CVE-2018-1120CVE-2018-10879CVE-2018-12232CVE-2017-18075CVE-2018-1068CVE-2018-5391CVE-2018-5848CVE-2018-10322CVE-2018-14641CVE-2018-1000204CVE-2017-18208CVE-2018-3639CVE-2018-1000026CVE-2018-1000200CVE-2017-13166CVE-2017-18344CVE-2018-1094

📋 Description

CVE-2017-13166 — kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation CVE-2017-16648 — kernel: Use-after-free in drivers/media/dvb-core/dvb_frontend.c CVE-2017-17805 — kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial-of-service CVE-2017-17806 — kernel: HMAC implementation does not validate that the underlying cryptographic hash algorithm is unkeyed allowing local attackers to cause denial-of-service CVE-2017-18075 — kernel: Mishandled freeing of instances in pcrypt.c can allow a local user to cause a denial of service CVE-2017-18208 — kernel: Inifinite loop vulnerability in mm/madvise.c:madvise_willneed() function allows local denial of service CVE-2017-18344 — kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c CVE-2018-1065 — kernel: netfilter: xtables NULL pointer dereference in ip6_tables.c:ip6t_do_table() leading to a crash CVE-2018-1068 — kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c CVE-2018-1092 — kernel: NULL pointer dereference in ext4/mballoc.c:ext4_process_freed_data() when mounting crafted ext4 image CVE-2018-1094 — kernel: NULL pointer dereference in ext4/xattr.c:ext4_xattr_inode_hash() causes crash with crafted ext4 image CVE-2018-1095 — kernel: out-of-bound access in fs/posix_acl.c:get_acl() causes crash with crafted ext4 image CVE-2018-1118 — kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg() CVE-2018-1120 — kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service CVE-2018-3639 — hw: cpu: speculative store bypass CVE-2018-5344 — kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial-of-service CVE-2018-5390 — kernel: TCP segments with random offsets allow a remote denial of service (SegmentSmack) CVE-2018-5391 — kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack) CVE-2018-5750 — kernel: Kernel address information leak in drivers/acpi/sbshc.c:acpi_smbus_hc_add() function potentially allowing KASLR bypass CVE-2018-5803 — kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service CVE-2018-5848 — kernel: buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory corruption CVE-2018-7566 — kernel: race condition in snd_seq_write() may lead to UAF or OOB-access CVE-2018-7757 — kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c CVE-2018-8781 — kernel: Integer overflow in drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() can allow attackers to execute code in kernel space CVE-2018-9363 — kernel: Buffer overflow in hidp_process_report CVE-2018-10322 — kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service CVE-2018-10877 — kernel: out-of-bound access in ext4_ext_drop_refs function with a crafted ext4 image CVE-2018-10878 — kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image CVE-2018-10879 — kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file CVE-2018-10880 — kernel: stack-out-of-bounds write in ext4_update_inline_data function CVE-2018-10881 — kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image CVE-2018-10882 — kernel: stack-out-of-bounds write infs/jbd2/transaction.c CVE-2018-10883 — kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function CVE-2018-10940 — kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c CVE-2018-11506 — kernel: Stack-based buffer overflow in drivers/scsi/sr_ioctl.c allows denial of service or other unspecified impact CVE-2018-12232 — kernel: NULL pointer dereference if close and fchownat system calls share a socket file descriptor CVE-2018-13405 — kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members CVE-2018-14619 — kernel: crash (possible privesc) in kernel crypto api. CVE-2018-14641 — kernel: a bug in ip_frag_reasm() can cause a crash in ip_do_fragment() CVE-2018-1000026 — kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet CVE-2018-1000200 — kernel: NULL pointer dereference on OOM kill of large mlocked process CVE-2018-1000204 — kernel: Infoleak caused by incorrect handling of the SG_IO ioctl

🔗 References (49)