Table of Contents
This issue does not affect Red Hat Enterprise Linux 5.
In a default or common use of Red Hat Enterprise Linux 6 and 7 this issue does not allow an unprivileged local user elevate their privileges on the system. In order to exploit this issue the attacker needs CAP_NET_RAW capability, which needs to be granted by the administrator to the attacker's account. Since Red Hat Enterprise Linux 6 does not have namespaces support and Red Hat Enterprise Linux 7 does not have unprivileged user namespaces enabled by default, local unprivileged users also cannot abuse namespaces feature to grant this capability to themselves and elevate their privileges.
So, this issue does not affect Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 in the default configuration. Future updates for the respective releases will address this issue to secure non-default configurations.
In the non-default configuration mentioned above only Red Hat Enterprise Linux 7 is vulnerable to a privilege escalation. Red Hat Enterprise Linux 6 is vulnerable only to a denial of service (DoS) due to a system crash, hence the impact on Red Hat Enterprise Linux 6 is rated as being Moderate.
CVSS v3 metrics
|CVSS3 Base Score||7|
|CVSS3 Base Metrics||CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H|
Red Hat Security Errata
|Red Hat MRG Grid for RHEL 6 Server v.2 (kernel-rt)||RHSA-2017:1297||2017-05-25|
|Red Hat Enterprise Linux for Real Time for NFV (v. 7) (kernel-rt)||RHSA-2017:1298||2017-05-25|
|Red Hat Enterprise Linux 6 (kernel)||RHSA-2018:1854||2018-06-19|
|Red Hat Enterprise Linux 7 (kernel)||RHSA-2017:1308||2017-05-25|
Affected Packages State
|Red Hat Enterprise Linux 5||kernel||Not affected|