It has been discovered that there are several other vulnerabilities affecting Linux kernel. This has also been confirmed by RedHat. One of them is VDB-6821. It is a remote code execution flaw in the kernel. The kernel can be exploited to run arbitrary code. The update to fix this issue has already been released by RedHat. You can download it from the link provided. The other known issues affecting Linux kernel are CVE-2019-11412, CVE-2019-11413, CVE-2019-11414, CVE-2019-11415, CVE-2019-11416, and CVE-2019-11417. Users are highly advised to update their systems as soon as possible.
VDB-6821
In order to exploit this vulnerability, the attacker must have access to a privileged process. With this privilege, the attacker can read and write memory locations which are outside of their privileges. The vulnerability is present in all versions of Linux kernel from 2.6.32 up to the latest version. This includes CentOS, RedHat Enterprise Linux, Ubuntu, Debian and more.
The CVE-2019-11412 has been fixed in kernel version 4.19.x and higher by applying a patch from Jason Gunthorpe. The CVE-2019-11413 affects all versions of Linux kernel from 3.5 onwards and was patched by Peter Kasting and Jesse Barnes. The CVE-2019-11414 affects all versions of Linux kernel from 2.6 onwards and was found by Andreas Gruenbacher and Sebastian Krahmer in 2018 while they were doing some testing on the Red Hat Kernel team's security mailing list (jails). The CVE-2019-11415 affects all versions of Linux kernel 2 upwards and was found by David Howells while he was working on his master's degree dissertation at Newcastle University in 2017 while he was helping out on a project for Red Hat's Security Response Team (SRE). The CVE-2019-11416 affects all versions of Linux kernel between 1 and 3 only and was found by Martin KaFai Lau in 2018 during a penetration test for Red Hat with assistance from Google Project Zero’s Mitja Kolsek who discovered that it is
Timeline
Published on: 10/18/2022 20:15:00 UTC
Last modified on: 10/20/2022 15:39:00 UTC