RedHat: RHSA-2019-3309:01 Important: kernel-rt security and bug fix update

    Date05 Nov 2019
    CategoryRed Hat
    56
    Posted ByLinuxSecurity Advisories
    An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Important: kernel-rt security and bug fix update
    Advisory ID:       RHSA-2019:3309-01
    Product:           Red Hat Enterprise Linux
    Advisory URL:      https://access.redhat.com/errata/RHSA-2019:3309
    Issue date:        2019-11-05
    CVE Names:         CVE-2018-16884 CVE-2018-19854 CVE-2018-19985 
                       CVE-2018-20169 CVE-2019-3459 CVE-2019-3460 
                       CVE-2019-3874 CVE-2019-3882 CVE-2019-3900 
                       CVE-2019-5489 CVE-2019-7222 CVE-2019-9506 
                       CVE-2019-10126 CVE-2019-10207 CVE-2019-10638 
                       CVE-2019-11599 CVE-2019-11833 CVE-2019-11884 
                       CVE-2019-13233 CVE-2019-14821 CVE-2019-15916 
    =====================================================================
    
    1. Summary:
    
    An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
    
    Red Hat Product Security has rated this update as having a security impact
    of Important. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available for each vulnerability
    from the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat Enterprise Linux Real Time (v. 8) - x86_64
    Red Hat Enterprise Linux Real Time for NFV (v. 8) - x86_64
    
    3. Description:
    
    The kernel-rt packages provide the Real Time Linux Kernel, which enables
    fine-tuning for systems with extremely high determinism requirements.
    
    Security Fix(es):
    
    * kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)
    
    * Kernel: vhost_net: infinite loop while receiving packets leads to DoS
    (CVE-2019-3900)
    
    * Kernel: page cache side channel attacks (CVE-2019-5489)
    
    * hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB)
    (CVE-2019-9506)
    
    * kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in
    drivers/net/wireless/marvell/mwifiex/ie.c (CVE-2019-10126)
    
    * Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)
    
    * kernel: Information Disclosure in crypto_report_one in
    crypto/crypto_user.c (CVE-2018-19854)
    
    * kernel: usb: missing size check in the __usb_get_extra_descriptor()
    leading to DoS (CVE-2018-20169)
    
    * kernel: Heap address information leak while using L2CAP_GET_CONF_OPT
    (CVE-2019-3459)
    
    * kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP
    (CVE-2019-3460)
    
    * kernel: SCTP socket buffer memory leak leading to denial of service
    (CVE-2019-3874)
    
    * kernel: denial of service vector through vfio DMA mappings
    (CVE-2019-3882)
    
    * kernel: null-pointer dereference in hci_uart_set_flow_control
    (CVE-2019-10207)
    
    * kernel: fix race condition between mmget_not_zero()/get_task_mm() and
    core dumping (CVE-2019-11599)
    
    * kernel: fs/ext4/extents.c leads to information disclosure
    (CVE-2019-11833)
    
    * kernel: sensitive information disclosure from kernel stack memory via
    HIDPCONNADD command (CVE-2019-11884)
    
    * kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233)
    
    * kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c
    leads to denial of service (CVE-2019-15916)
    
    * kernel: oob memory read in hso_probe in drivers/net/usb/hso.c
    (CVE-2018-19985)
    
    * Kernel: KVM: leak of uninitialized stack contents to guest
    (CVE-2019-7222)
    
    * Kernel: net: weak IP ID generation leads to remote device tracking
    (CVE-2019-10638)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    Additional Changes:
    
    For detailed information on changes in this release, see the Red Hat
    Enterprise Linux 8.1 Release Notes linked from the References section.
    
    4. Solution:
    
    For details on how to apply this update, which includes the changes
    described in this advisory, refer to:
    
    https://access.redhat.com/articles/11258
    
    The system must be rebooted for this update to take effect.
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1656986 - CVE-2018-19854 kernel: Information Disclosure in crypto_report_one in crypto/crypto_user.c
    1660375 - CVE-2018-16884 kernel: nfs: use-after-free in svc_process_common()
    1660385 - CVE-2018-20169 kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS
    1663176 - CVE-2019-3459 kernel: Heap address information leak while using L2CAP_GET_CONF_OPT
    1663179 - CVE-2019-3460 kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP
    1664110 - CVE-2019-5489 Kernel: page cache side channel attacks
    1666106 - CVE-2018-19985 kernel: oob memory read in hso_probe in drivers/net/usb/hso.c
    1671930 - CVE-2019-7222 Kernel: KVM: leak of uninitialized stack contents to guest
    1678887 - RT: update RT source tree to the RHEL-8.1 tree
    1686373 - CVE-2019-3874 kernel: SCTP socket buffer memory leak leading to denial of service
    1689426 - CVE-2019-3882 kernel: denial of service vector through vfio DMA mappings
    1698757 - CVE-2019-3900 Kernel: vhost_net: infinite loop while receiving packets leads to DoS
    1700666 - Make kernel-rt require rt-setup
    1705937 - CVE-2019-11599 kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
    1709837 - CVE-2019-11884 kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command
    1712072 - CVE-2019-11833 kernel: fs/ext4/extents.c leads to information disclosure
    1716992 - CVE-2019-10126 kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c
    1724657 - BUG: scheduling while atomic in zswap
    1727756 - CVE-2019-13233 kernel: use-after-free in arch/x86/lib/insn-eval.c
    1727857 - CVE-2019-9506 hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB)
    1728765 - BUG: scheduling while atomic: rcuc/13/134/0x00000002
    1729931 - CVE-2019-10638 Kernel: net: weak IP ID generation leads to remote device tracking
    1733472 - BUG: scheduling while atomic: rcuc/1/24/0x00000002
    1733874 - CVE-2019-10207 kernel: null-pointer dereference in hci_uart_set_flow_control
    1743931 - BUG: unable to handle kernel NULL pointer dereference at 0000000000000020
    1745646 - [RT] sched/fair: Robustify CFS-bandwidth timer locking
    1746708 - CVE-2019-14821 Kernel: KVM: OOB memory access via mmio ring buffer
    1750813 - CVE-2019-15916 kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service
    
    6. Package List:
    
    Red Hat Enterprise Linux Real Time for NFV (v. 8):
    
    Source:
    kernel-rt-4.18.0-147.rt24.93.el8.src.rpm
    
    x86_64:
    kernel-rt-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-core-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-debug-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-debug-core-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-debug-debuginfo-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-debug-devel-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-debug-kvm-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-debug-kvm-debuginfo-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-debug-modules-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-debug-modules-extra-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-debuginfo-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-debuginfo-common-x86_64-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-devel-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-kvm-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-kvm-debuginfo-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-modules-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-modules-extra-4.18.0-147.rt24.93.el8.x86_64.rpm
    
    Red Hat Enterprise Linux Real Time (v. 8):
    
    Source:
    kernel-rt-4.18.0-147.rt24.93.el8.src.rpm
    
    x86_64:
    kernel-rt-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-core-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-debug-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-debug-core-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-debug-debuginfo-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-debug-devel-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-debug-kvm-debuginfo-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-debug-modules-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-debug-modules-extra-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-debuginfo-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-debuginfo-common-x86_64-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-devel-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-kvm-debuginfo-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-modules-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-modules-extra-4.18.0-147.rt24.93.el8.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2018-16884
    https://access.redhat.com/security/cve/CVE-2018-19854
    https://access.redhat.com/security/cve/CVE-2018-19985
    https://access.redhat.com/security/cve/CVE-2018-20169
    https://access.redhat.com/security/cve/CVE-2019-3459
    https://access.redhat.com/security/cve/CVE-2019-3460
    https://access.redhat.com/security/cve/CVE-2019-3874
    https://access.redhat.com/security/cve/CVE-2019-3882
    https://access.redhat.com/security/cve/CVE-2019-3900
    https://access.redhat.com/security/cve/CVE-2019-5489
    https://access.redhat.com/security/cve/CVE-2019-7222
    https://access.redhat.com/security/cve/CVE-2019-9506
    https://access.redhat.com/security/cve/CVE-2019-10126
    https://access.redhat.com/security/cve/CVE-2019-10207
    https://access.redhat.com/security/cve/CVE-2019-10638
    https://access.redhat.com/security/cve/CVE-2019-11599
    https://access.redhat.com/security/cve/CVE-2019-11833
    https://access.redhat.com/security/cve/CVE-2019-11884
    https://access.redhat.com/security/cve/CVE-2019-13233
    https://access.redhat.com/security/cve/CVE-2019-14821
    https://access.redhat.com/security/cve/CVE-2019-15916
    https://access.redhat.com/security/updates/classification/#important
    https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2019 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXcHp0tzjgjWX9erEAQglbQ//TSJNycuRkc20sRHAEGD0gAf3o3Bh6ddd
    SuqZn81Lo4R5dDlGLQzfiPtHzS5YjnP8DZoy8Ezg8kzpVt2CfBH+9LBJ7J8VIIlx
    O39uM7BxCQ4nevWwXcXf4TyBkOrwx2dOMHHllVjLeKzi4WeKx18IZlnbT++qvVMw
    vbqLnNLMfKA47BfZ/Umfq7ElbJIuSkglVx/217YqpEIxGrm7I74RYCASm5KGRLmY
    rgyW83glaiHZLEleXZwac81/OB8i5Gs6joIhQ+77AxJkzJ1FGuFzOBtFSRcp2UTl
    jm+adv8YYlMiv9DYoCPEaWL22Anxl7KNkDpPGULiFRml5bL1eCFuiEjt969MBe1f
    xkeXxWMfw6dqtKUynB0rixVqNqmJ2U/bpiVr+yaSeVKRR0f9uCTdpm+rQL00CcGZ
    QzIR1otD34cP5ccP4VRwqbggYE1Ag3wsFRGVSxP0O9I+0yQIPFN52Rc4UOtrLlai
    ezM3kY89gJcg3AalKq+UTP2yMvp8ckbeu3cYfu1Xs+uaMW3uuoaFSQpWU/xeQwfD
    ShffAhDC3ruGPthIGfY9gRrOqBfb9nWDvpoi0oR3hO+R2j2N8TL5ijXjYYek8oj2
    LaFF4SWnwLK4P1GZcQdNHk/Kz2WUnWX4KDjPIR+G7CFWBGADkh9S10c7FAy1BO//
    +dTe2joyO2k=
    =Zhbj
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"64","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.39,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.46,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.