A new important Linux kernel security update has been released on February 26th for the Red Hat Enterprise Linux 7 and CentOS Linux 7 operating system series to address critical vulnerabilities.
While CVE-2019-14816 could allow an attacker on the same Wi-Fi physical network segment to cause a denial of service (system crash) or even maybe execute arbitrary code, CVE-2019-14901is more dangerous as it lets a remote attacker crash the system or execute arbitrary code.
“The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system,” reads CVE-2019-14901.
Moreover, the Linux kernel update addresses a heap-based buffer overflow (CVE-2019-14895) also discovered in the Marvell Wi-Fi chip driver. This could allow a remote device to cause a denial of service (system crash) or possibly execute arbitrary code during the handling of country settings.
Another buffer overflow issue (CVE-2019-17133) was patched in Linux kernel’s generic Wi-Fi ESSID handling implementation, which could allow a physically proximate attacker to cause a denial of service (system crash), and an incomplete fix for a race condition in the coredump implementation (CVE-2019-11599) was addressed as well (CVE-2019-14898).
The security patch also fixes numerous bugs that may affect the performance of the systems. More details are available here. All Red Hat Enterprise Linux 7 and CentOS Linux 7 users are urged to update as soon as possible to kernel-3.10.0-1062.12.1.el7.x86_64 and reboot their systems.
Last updated 4 years ago