Page 1 of 1

CVE-2018-8781 resolution for Centos 7

Posted: 2018/05/16 10:17:28
by bayupermadi
Hi,

I just announced by our security that new CVE known CVE-2018-8781 has published. Based on my understanding, this vulnerability hit the USB module. I've check the Redhat webpage about this but cannot find the resolution. Here is the page https://access.redhat.com/security/cve/cve-2018-8781

I've tried to upgrade our Centos to kernel 3.10.0-862.2.3.el7.x86_64, but from rpm changelog information no update for CVE-2018-8781.

Can you help where I can get the information of the kernel fixing status?

Thank you for your information,

Bayu Permadi

Re: CVE-2018-8781 resolution for Centos 7

Posted: 2018/05/16 10:21:58
by avij
That page you linked to (and the related Bugzilla entry) has all the information that is available.

If you are looking for a schedule for when a fix might be published, that information is not available either.

Re: CVE-2018-8781 resolution for Centos 7

Posted: 2018/05/16 12:05:52
by TrevorH
There doesn't appear to be a udldrmfb module but there is a udl module that appears to be the thing affected. Since this is for USB attached displays, if you don't use one then you could mitigate this by blacklisting that module so it will not load.