What is the severity of RHSA-2018:3586?

The vulnerability RHSA-2018:3586 is classified as high severity due to the potential impact on system security and data integrity.

How do I fix RHSA-2018:3586?

To fix RHSA-2018:3586, upgrade your kernel-rt packages to version 3.10.0-693.43.1.rt56.630.el6 or later.

What systems are affected by RHSA-2018:3586?

RHSA-2018:3586 affects systems running the kernel-rt package and its related packages on Red Hat Enterprise Linux 6.

What does the vulnerability in RHSA-2018:3586 involve?

The vulnerability in RHSA-2018:3586 involves a flaw in the Linux kernel's handling of fragmented IPv4 and IPv6 packets.

Is there a workaround for RHSA-2018:3586 if I cannot upgrade?

There are currently no recommended workarounds for RHSA-2018:3586; upgrading to the fixed version is the only solution.

Vulnerability/
RHSA-2018:3586

CWE

190 416

13/11/2018

22/1/2025

RHSA-2018:3586: Important: kernel-rt security and bug fix update

First published: Tue Nov 13 2018(Updated: )

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): <li> A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391)</li> <li> kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c (CVE-2017-18344)</li> <li> kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675)</li> <li> kernel: Integer overflow in Linux's create_elf_tables function (CVE-2018-14634)</li> For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5391 and Qualys Research Labs for reporting CVE-2018-14634. Bug Fix(es): <li> The kernel-rt packages have been upgraded to the 3.10.0-693.43.1 source tree, which provides a number of bug fixes over the previous version. (BZ#1632422)</li>

Affected Software	Affected Version	How to fix
redhat/kernel-rt	<3.10.0-693.43.1.rt56.630.el6	3.10.0-693.43.1.rt56.630.el6
redhat/kernel-rt-debug	<3.10.0-693.43.1.rt56.630.el6	3.10.0-693.43.1.rt56.630.el6
redhat/kernel-rt-debug-debuginfo	<3.10.0-693.43.1.rt56.630.el6	3.10.0-693.43.1.rt56.630.el6
redhat/kernel-rt-debug-devel	<3.10.0-693.43.1.rt56.630.el6	3.10.0-693.43.1.rt56.630.el6
redhat/kernel-rt-debuginfo	<3.10.0-693.43.1.rt56.630.el6	3.10.0-693.43.1.rt56.630.el6
redhat/kernel-rt-devel	<3.10.0-693.43.1.rt56.630.el6	3.10.0-693.43.1.rt56.630.el6
redhat/kernel-rt-doc	<3.10.0-693.43.1.rt56.630.el6	3.10.0-693.43.1.rt56.630.el6
redhat/kernel-rt-firmware	<3.10.0-693.43.1.rt56.630.el6	3.10.0-693.43.1.rt56.630.el6
redhat/kernel-rt-trace	<3.10.0-693.43.1.rt56.630.el6	3.10.0-693.43.1.rt56.630.el6
redhat/kernel-rt-trace-debuginfo	<3.10.0-693.43.1.rt56.630.el6	3.10.0-693.43.1.rt56.630.el6
redhat/kernel-rt-trace-devel	<3.10.0-693.43.1.rt56.630.el6	3.10.0-693.43.1.rt56.630.el6
redhat/kernel-rt-vanilla	<3.10.0-693.43.1.rt56.630.el6	3.10.0-693.43.1.rt56.630.el6
redhat/kernel-rt-vanilla-debuginfo	<3.10.0-693.43.1.rt56.630.el6	3.10.0-693.43.1.rt56.630.el6
redhat/kernel-rt-vanilla-devel	<3.10.0-693.43.1.rt56.630.el6	3.10.0-693.43.1.rt56.630.el6

Never miss a vulnerability like this again

Reference Links

https://access.redhat.com/errata/RHSA-2018:3586 (Advisory)

Frequently Asked Questions

What is the severity of RHSA-2018:3586?
The vulnerability RHSA-2018:3586 is classified as high severity due to the potential impact on system security and data integrity.
How do I fix RHSA-2018:3586?
To fix RHSA-2018:3586, upgrade your kernel-rt packages to version 3.10.0-693.43.1.rt56.630.el6 or later.
What systems are affected by RHSA-2018:3586?
RHSA-2018:3586 affects systems running the kernel-rt package and its related packages on Red Hat Enterprise Linux 6.
What does the vulnerability in RHSA-2018:3586 involve?
The vulnerability in RHSA-2018:3586 involves a flaw in the Linux kernel's handling of fragmented IPv4 and IPv6 packets.
Is there a workaround for RHSA-2018:3586 if I cannot upgrade?
There are currently no recommended workarounds for RHSA-2018:3586; upgrading to the fixed version is the only solution.

agent/severity
agent/references
agent/weakness
agent/type
agent/first-publish-date
agent/softwarecombine
agent/last-modified-date
agent/remedy
agent/title
agent/description
agent/event
agent/trending
agent/source
agent/tags
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2018:3586
agent/software-canonical-lookup
package-manager/redhat