Severity rating: Medium
Software affected
Red Hat Enterprise Linux Server - AUS 7.2 x86_64
Red Hat Enterprise Linux Server - AUS 7.3 x86_64
Red Hat Enterprise Linux Server - TUS 7.3 x86_64
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for
SAP Solutions 7.3 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.3
x86_64
Overview
Multiple vulnerabilities have been reported in Red Hat Kernel which could
allow an attacker to gain escalated privileges or cause denial of service
conditions.
Description
1. Denial of Service Vulnerability (CVE-2020-12888)
This vulnerability exists in VFIO PCI driver due to mishandling attempts to
access disabled memory space. An attacker could exploit this vulnerability
by accessing the read/write devices MMIO address space when it is disabled.
Successful exploitation of this vulnerability could crash the system or
cause a denial of service conditions on the targeted system.
2. Buffer Overflow Vulnerability (CVE-2020-12653)
This vulnerability exists in drivers/net/wireless/marvell/mwifiex/scan.c
due to an incorrect memcpy and buffer overflow in
mwifiex_cmd_append_vsie_tlv function.
Successful exploitation of this vulnerability could allow a local attacker
to gain privileges or cause a denial of service conditions on the targeted
system.
3. Heap-based Buffer Overflow Vulnerability (CVE-2020-12654)
This vulnerability exists in drivers/net/wireless/marvell/mwifiex/wmm.c due
to heap-based buffer overflow in mwifiex_ret_wmm_get_status function.
Successful exploitation of this vulnerability could allow the attacker to
cause threat to data integrity and system availability.
Solution
Apply appropriate updates as mentioned in the vendor advisory
Vendor Information
Redhat
References
Redhat
CVE Name
CVE-2020-12888
CVE-2020-12653
CVE-2020-12654
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.