CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
98.3%
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390)
A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391)
kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5390 and CVE-2018-5391.
Bug Fix(es):
On systems running Red Hat Enterprise Linux 7 with Red Hat OpenShift Container Platform 3.5, a node sometimes got into “NodeNotReady” state after a CPU softlockup. Consequently, the node was not available. This update fixes an irq latency source in memory compaction. As a result, nodes no longer get into “NodeNotReady” state under the described circumstances. (BZ#1596281)
Previously, the kernel source code was missing support to report the Speculative Store Bypass Disable (SSBD) vulnerability status on IBM Power Systems and the little-endian variants of IBM Power Systems. As a consequence, the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file incorrectly reported “Not affected” on both CPU architectures. This fix updates the kernel source code to properly report the SSBD status either as “Vulnerable” or “Mitigation: Kernel entry/exit barrier (TYPE)” where TYPE is one of “eieio”, “hwsync”, “fallback”, or “unknown”. (BZ#1612351)
The hypervisors of Red Hat Enterprise Linux 7 virtual machines (VMs) in certain circumstances mishandled the microcode update in the kernel. As a consequence, the VMs sometimes became unresponsive when booting. This update applies an upstream patch to avoid early microcode update when running under a hypervisor. As a result, kernel hangs no longer occur in the described scenario. (BZ#1618388)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | noarch | kernel-doc | < 3.10.0-514.58.1.el7 | kernel-doc-3.10.0-514.58.1.el7.noarch.rpm |
RedHat | 7 | ppc64 | perf | < 3.10.0-514.58.1.el7 | perf-3.10.0-514.58.1.el7.ppc64.rpm |
RedHat | 7 | ppc64 | kernel-tools-debuginfo | < 3.10.0-514.58.1.el7 | kernel-tools-debuginfo-3.10.0-514.58.1.el7.ppc64.rpm |
RedHat | 7 | s390x | kernel-kdump | < 3.10.0-514.58.1.el7 | kernel-kdump-3.10.0-514.58.1.el7.s390x.rpm |
RedHat | 7 | s390x | kernel-kdump-debuginfo | < 3.10.0-514.58.1.el7 | kernel-kdump-debuginfo-3.10.0-514.58.1.el7.s390x.rpm |
RedHat | 7 | ppc64le | python-perf | < 3.10.0-514.58.1.el7 | python-perf-3.10.0-514.58.1.el7.ppc64le.rpm |
RedHat | 7 | s390x | kernel-kdump-devel | < 3.10.0-514.58.1.el7 | kernel-kdump-devel-3.10.0-514.58.1.el7.s390x.rpm |
RedHat | 7 | x86_64 | kernel-tools-debuginfo | < 3.10.0-514.58.1.el7 | kernel-tools-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm |
RedHat | 7 | ppc64le | kernel-tools-libs | < 3.10.0-514.58.1.el7 | kernel-tools-libs-3.10.0-514.58.1.el7.ppc64le.rpm |
RedHat | 7 | ppc64le | perf-debuginfo | < 3.10.0-514.58.1.el7 | perf-debuginfo-3.10.0-514.58.1.el7.ppc64le.rpm |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
98.3%