RedHat: RHSA-2020-1372:01 Moderate: kernel security and bug fix update

    Date 07 Apr 2020
    255
    Posted By LinuxSecurity Advisories
    An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: kernel security and bug fix update
    Advisory ID:       RHSA-2020:1372-01
    Product:           Red Hat Enterprise Linux
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:1372
    Issue date:        2020-04-07
    CVE Names:         CVE-2019-15030 CVE-2019-15031 CVE-2019-18660 
                       CVE-2019-19527 
    =====================================================================
    
    1. Summary:
    
    An update for kernel is now available for Red Hat Enterprise Linux 8.
    
    Red Hat Product Security has rated this update as having a security impact
    of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    gives a detailed severity rating, is available for each vulnerability from
    the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64
    Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
    
    3. Description:
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    Security Fix(es):
    
    * kernel: powerpc: local user can read vector registers of other users'
    processes via a Facility Unavailable exception (CVE-2019-15030)
    
    * kernel: powerpc: local user can read vector registers of other users'
    processes via an interrupt (CVE-2019-15031)
    
    * kernel: powerpc: incomplete Spectre-RSB mitigation leads to information
    exposure (CVE-2019-18660)
    
    * kernel: use-after-free caused by a malicious USB device in the
    drivers/hid/usbhid/hiddev.c driver (CVE-2019-19527)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    Bug Fix(es):
    
    * [FJ8.1 Bug]: fs/devpts: always delete dcache dentry-s in dput()
    (BZ#1783959)
    
    * qla2xxx: call dma_free_coherent with correct size in all cases in
    qla24xx_sp_unmap (BZ#1788206)
    
    * qla2xxxx: Firmware update for Gen7 adapter could result in an unusable
    adapter (BZ#1790350)
    
    * s390/sclp: Fix bit checked for has_sipl (BZ#1791408)
    
    * RHEL8.1 - Error output for CPU-MF auxtrace data in perf: (BZ#1792198)
    
    * [FJ8.0 Bug]: [kernel]: using "kexec -e" to reboot A64FX system causes
    system panic during the boot of the 2nd kernel (BZ#1792200)
    
    * Fixup tlbie vs store ordering issue on POWER9 (BZ#1794058)
    
    * RHEL8.1 - qeth: add safeguards to RX data path (BZ#1794059)
    
    * RHEL8.1 - STC940:ZZ:Fleet:RHEL:LPM failed with no rmc connection during
    6th iteration (ibmvnic) (BZ#1794060)
    
    * RHEL8.1 - disable trace-imc feature (perf:) (BZ#1794061)
    
    * [Broadcom RHEL8.2 FEAT]: megaraid_sas driver update request (BZ#1795335)
    
    * RHEL8.1 pre-Beta - [ FW940 ] [ zz P9 ] kdump fails when XIVE is enabled
    and dump is trigged from HMC. (BZ#1795337)
    
    * T10 DIF: OOM observed while running I/O (BZ#1795338)
    
    * backport fix for potential deadlock relative to snapshot COW throttling
    (BZ#1796490)
    
    * Neoverse n1 errata 1542419 "Core may fetch stale instructions from memory
    and violate ordering" (BZ#1797518)
    
    * [HPE 8.1 Bug] hpsa: bug fix for reset issue (BZ#1797519)
    
    * [HPE 8.0 BUG] System crash when reading /sys/block//mq/0/cpu_list
    file (BZ#1797960)
    
    * kernel: T10 CRC not using hardware-accelerated version from
    crct10dif_pclmul (BZ#1797961)
    
    * [FJ8.1 Bug]: Dirty pages remain when write() returns ENOSPC. (BZ#1797962)
    
    * RHEL 8 - NVMe/FC Fabric Broadcom Autoconnect Script Fails to Reconnect
    after Controller Reset (BZ#1798381)
    
    * [RHEL8.2]: Chelsio crypto co-processor Driver (chcr) bugfixes
    (BZ#1798527)
    
    * [RHEL8.1][Snapshot-1]LUN discovery says unrecognized (BZ#1801216)
    
    * 8.2 snap2 kernel incorrectly signed in brew (BZ#1807231)
    
    4. Solution:
    
    For details on how to apply this update, which includes the changes
    described in this advisory, refer to:
    
    https://access.redhat.com/articles/11258
    
    The system must be rebooted for this update to take effect.
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1759313 - CVE-2019-15030 kernel: powerpc: local user can read vector registers of other users' processes via a Facility Unavailable exception
    1760063 - CVE-2019-15031 kernel: powerpc: local user can read vector registers of other users' processes via an interrupt
    1777825 - CVE-2019-18660 kernel: powerpc: incomplete Spectre-RSB mitigation leads to information exposure
    1783498 - CVE-2019-19527 kernel: use-after-free caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver
    
    6. Package List:
    
    Red Hat Enterprise Linux BaseOS (v. 8):
    
    Source:
    kernel-4.18.0-147.8.1.el8_1.src.rpm
    
    aarch64:
    bpftool-4.18.0-147.8.1.el8_1.aarch64.rpm
    bpftool-debuginfo-4.18.0-147.8.1.el8_1.aarch64.rpm
    kernel-4.18.0-147.8.1.el8_1.aarch64.rpm
    kernel-core-4.18.0-147.8.1.el8_1.aarch64.rpm
    kernel-cross-headers-4.18.0-147.8.1.el8_1.aarch64.rpm
    kernel-debug-4.18.0-147.8.1.el8_1.aarch64.rpm
    kernel-debug-core-4.18.0-147.8.1.el8_1.aarch64.rpm
    kernel-debug-debuginfo-4.18.0-147.8.1.el8_1.aarch64.rpm
    kernel-debug-devel-4.18.0-147.8.1.el8_1.aarch64.rpm
    kernel-debug-modules-4.18.0-147.8.1.el8_1.aarch64.rpm
    kernel-debug-modules-extra-4.18.0-147.8.1.el8_1.aarch64.rpm
    kernel-debuginfo-4.18.0-147.8.1.el8_1.aarch64.rpm
    kernel-debuginfo-common-aarch64-4.18.0-147.8.1.el8_1.aarch64.rpm
    kernel-devel-4.18.0-147.8.1.el8_1.aarch64.rpm
    kernel-headers-4.18.0-147.8.1.el8_1.aarch64.rpm
    kernel-modules-4.18.0-147.8.1.el8_1.aarch64.rpm
    kernel-modules-extra-4.18.0-147.8.1.el8_1.aarch64.rpm
    kernel-tools-4.18.0-147.8.1.el8_1.aarch64.rpm
    kernel-tools-debuginfo-4.18.0-147.8.1.el8_1.aarch64.rpm
    kernel-tools-libs-4.18.0-147.8.1.el8_1.aarch64.rpm
    perf-4.18.0-147.8.1.el8_1.aarch64.rpm
    perf-debuginfo-4.18.0-147.8.1.el8_1.aarch64.rpm
    python3-perf-4.18.0-147.8.1.el8_1.aarch64.rpm
    python3-perf-debuginfo-4.18.0-147.8.1.el8_1.aarch64.rpm
    
    noarch:
    kernel-abi-whitelists-4.18.0-147.8.1.el8_1.noarch.rpm
    kernel-doc-4.18.0-147.8.1.el8_1.noarch.rpm
    
    ppc64le:
    bpftool-4.18.0-147.8.1.el8_1.ppc64le.rpm
    bpftool-debuginfo-4.18.0-147.8.1.el8_1.ppc64le.rpm
    kernel-4.18.0-147.8.1.el8_1.ppc64le.rpm
    kernel-core-4.18.0-147.8.1.el8_1.ppc64le.rpm
    kernel-cross-headers-4.18.0-147.8.1.el8_1.ppc64le.rpm
    kernel-debug-4.18.0-147.8.1.el8_1.ppc64le.rpm
    kernel-debug-core-4.18.0-147.8.1.el8_1.ppc64le.rpm
    kernel-debug-debuginfo-4.18.0-147.8.1.el8_1.ppc64le.rpm
    kernel-debug-devel-4.18.0-147.8.1.el8_1.ppc64le.rpm
    kernel-debug-modules-4.18.0-147.8.1.el8_1.ppc64le.rpm
    kernel-debug-modules-extra-4.18.0-147.8.1.el8_1.ppc64le.rpm
    kernel-debuginfo-4.18.0-147.8.1.el8_1.ppc64le.rpm
    kernel-debuginfo-common-ppc64le-4.18.0-147.8.1.el8_1.ppc64le.rpm
    kernel-devel-4.18.0-147.8.1.el8_1.ppc64le.rpm
    kernel-headers-4.18.0-147.8.1.el8_1.ppc64le.rpm
    kernel-modules-4.18.0-147.8.1.el8_1.ppc64le.rpm
    kernel-modules-extra-4.18.0-147.8.1.el8_1.ppc64le.rpm
    kernel-tools-4.18.0-147.8.1.el8_1.ppc64le.rpm
    kernel-tools-debuginfo-4.18.0-147.8.1.el8_1.ppc64le.rpm
    kernel-tools-libs-4.18.0-147.8.1.el8_1.ppc64le.rpm
    perf-4.18.0-147.8.1.el8_1.ppc64le.rpm
    perf-debuginfo-4.18.0-147.8.1.el8_1.ppc64le.rpm
    python3-perf-4.18.0-147.8.1.el8_1.ppc64le.rpm
    python3-perf-debuginfo-4.18.0-147.8.1.el8_1.ppc64le.rpm
    
    s390x:
    bpftool-4.18.0-147.8.1.el8_1.s390x.rpm
    bpftool-debuginfo-4.18.0-147.8.1.el8_1.s390x.rpm
    kernel-4.18.0-147.8.1.el8_1.s390x.rpm
    kernel-core-4.18.0-147.8.1.el8_1.s390x.rpm
    kernel-cross-headers-4.18.0-147.8.1.el8_1.s390x.rpm
    kernel-debug-4.18.0-147.8.1.el8_1.s390x.rpm
    kernel-debug-core-4.18.0-147.8.1.el8_1.s390x.rpm
    kernel-debug-debuginfo-4.18.0-147.8.1.el8_1.s390x.rpm
    kernel-debug-devel-4.18.0-147.8.1.el8_1.s390x.rpm
    kernel-debug-modules-4.18.0-147.8.1.el8_1.s390x.rpm
    kernel-debug-modules-extra-4.18.0-147.8.1.el8_1.s390x.rpm
    kernel-debuginfo-4.18.0-147.8.1.el8_1.s390x.rpm
    kernel-debuginfo-common-s390x-4.18.0-147.8.1.el8_1.s390x.rpm
    kernel-devel-4.18.0-147.8.1.el8_1.s390x.rpm
    kernel-headers-4.18.0-147.8.1.el8_1.s390x.rpm
    kernel-modules-4.18.0-147.8.1.el8_1.s390x.rpm
    kernel-modules-extra-4.18.0-147.8.1.el8_1.s390x.rpm
    kernel-tools-4.18.0-147.8.1.el8_1.s390x.rpm
    kernel-tools-debuginfo-4.18.0-147.8.1.el8_1.s390x.rpm
    kernel-zfcpdump-4.18.0-147.8.1.el8_1.s390x.rpm
    kernel-zfcpdump-core-4.18.0-147.8.1.el8_1.s390x.rpm
    kernel-zfcpdump-debuginfo-4.18.0-147.8.1.el8_1.s390x.rpm
    kernel-zfcpdump-devel-4.18.0-147.8.1.el8_1.s390x.rpm
    kernel-zfcpdump-modules-4.18.0-147.8.1.el8_1.s390x.rpm
    kernel-zfcpdump-modules-extra-4.18.0-147.8.1.el8_1.s390x.rpm
    perf-4.18.0-147.8.1.el8_1.s390x.rpm
    perf-debuginfo-4.18.0-147.8.1.el8_1.s390x.rpm
    python3-perf-4.18.0-147.8.1.el8_1.s390x.rpm
    python3-perf-debuginfo-4.18.0-147.8.1.el8_1.s390x.rpm
    
    x86_64:
    bpftool-4.18.0-147.8.1.el8_1.x86_64.rpm
    bpftool-debuginfo-4.18.0-147.8.1.el8_1.x86_64.rpm
    kernel-4.18.0-147.8.1.el8_1.x86_64.rpm
    kernel-core-4.18.0-147.8.1.el8_1.x86_64.rpm
    kernel-cross-headers-4.18.0-147.8.1.el8_1.x86_64.rpm
    kernel-debug-4.18.0-147.8.1.el8_1.x86_64.rpm
    kernel-debug-core-4.18.0-147.8.1.el8_1.x86_64.rpm
    kernel-debug-debuginfo-4.18.0-147.8.1.el8_1.x86_64.rpm
    kernel-debug-devel-4.18.0-147.8.1.el8_1.x86_64.rpm
    kernel-debug-modules-4.18.0-147.8.1.el8_1.x86_64.rpm
    kernel-debug-modules-extra-4.18.0-147.8.1.el8_1.x86_64.rpm
    kernel-debuginfo-4.18.0-147.8.1.el8_1.x86_64.rpm
    kernel-debuginfo-common-x86_64-4.18.0-147.8.1.el8_1.x86_64.rpm
    kernel-devel-4.18.0-147.8.1.el8_1.x86_64.rpm
    kernel-headers-4.18.0-147.8.1.el8_1.x86_64.rpm
    kernel-modules-4.18.0-147.8.1.el8_1.x86_64.rpm
    kernel-modules-extra-4.18.0-147.8.1.el8_1.x86_64.rpm
    kernel-tools-4.18.0-147.8.1.el8_1.x86_64.rpm
    kernel-tools-debuginfo-4.18.0-147.8.1.el8_1.x86_64.rpm
    kernel-tools-libs-4.18.0-147.8.1.el8_1.x86_64.rpm
    perf-4.18.0-147.8.1.el8_1.x86_64.rpm
    perf-debuginfo-4.18.0-147.8.1.el8_1.x86_64.rpm
    python3-perf-4.18.0-147.8.1.el8_1.x86_64.rpm
    python3-perf-debuginfo-4.18.0-147.8.1.el8_1.x86_64.rpm
    
    Red Hat CodeReady Linux Builder (v. 8):
    
    aarch64:
    bpftool-debuginfo-4.18.0-147.8.1.el8_1.aarch64.rpm
    kernel-debug-debuginfo-4.18.0-147.8.1.el8_1.aarch64.rpm
    kernel-debuginfo-4.18.0-147.8.1.el8_1.aarch64.rpm
    kernel-debuginfo-common-aarch64-4.18.0-147.8.1.el8_1.aarch64.rpm
    kernel-tools-debuginfo-4.18.0-147.8.1.el8_1.aarch64.rpm
    kernel-tools-libs-devel-4.18.0-147.8.1.el8_1.aarch64.rpm
    perf-debuginfo-4.18.0-147.8.1.el8_1.aarch64.rpm
    python3-perf-debuginfo-4.18.0-147.8.1.el8_1.aarch64.rpm
    
    ppc64le:
    bpftool-debuginfo-4.18.0-147.8.1.el8_1.ppc64le.rpm
    kernel-debug-debuginfo-4.18.0-147.8.1.el8_1.ppc64le.rpm
    kernel-debuginfo-4.18.0-147.8.1.el8_1.ppc64le.rpm
    kernel-debuginfo-common-ppc64le-4.18.0-147.8.1.el8_1.ppc64le.rpm
    kernel-tools-debuginfo-4.18.0-147.8.1.el8_1.ppc64le.rpm
    kernel-tools-libs-devel-4.18.0-147.8.1.el8_1.ppc64le.rpm
    perf-debuginfo-4.18.0-147.8.1.el8_1.ppc64le.rpm
    python3-perf-debuginfo-4.18.0-147.8.1.el8_1.ppc64le.rpm
    
    x86_64:
    bpftool-debuginfo-4.18.0-147.8.1.el8_1.x86_64.rpm
    kernel-debug-debuginfo-4.18.0-147.8.1.el8_1.x86_64.rpm
    kernel-debuginfo-4.18.0-147.8.1.el8_1.x86_64.rpm
    kernel-debuginfo-common-x86_64-4.18.0-147.8.1.el8_1.x86_64.rpm
    kernel-tools-debuginfo-4.18.0-147.8.1.el8_1.x86_64.rpm
    kernel-tools-libs-devel-4.18.0-147.8.1.el8_1.x86_64.rpm
    perf-debuginfo-4.18.0-147.8.1.el8_1.x86_64.rpm
    python3-perf-debuginfo-4.18.0-147.8.1.el8_1.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2019-15030
    https://access.redhat.com/security/cve/CVE-2019-15031
    https://access.redhat.com/security/cve/CVE-2019-18660
    https://access.redhat.com/security/cve/CVE-2019-19527
    https://access.redhat.com/security/updates/classification/#moderate
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXoxxI9zjgjWX9erEAQglqg//V7jw/NFuBLWCLcvsLC1TIFcu65XEPdcr
    Ap0xLBbPjhHsjUXfGRKwKykeU/BYDk/Gmq9Jphv59+YXPeBEPKMYmAr1heMweAeX
    NPEy1CefuEEZMFj/8nscO4Z3+WS4GDKYwyu3ANcC0dkgpodb2MBaKA8qIiutPmoD
    KouOnBUbC6XVDulTYae5RzQXxS2PSlngK02cJShsVeYXkhhIiNkHn5d7mT2rPilF
    UZJtzkQeND14BqCGx1oynk6VdlIF8KiblwtBCe7ydAC9n9e94sWsgj71xd9B/UWg
    odBrZ5HGqyU9OvXiv2ANpVmrbVyL/B6SHqaL4YoBgCO9kaDjqropku+fNd4m2oVV
    NNyvVx2ojkmJD7PVE0OuYSUtotduKpT4Pkx7Rz/517hCTy82hbwNThd1pFuqXxWE
    UAeTyhJMXHvo2lCGQLZRoXIRGE7webNOEp+qtHVAcJLuhs82jX0nfn8XK77OyMNf
    K+aMLaypg0BtElEF/qeHnHyvWR+6setHLqXHQ0U3+okCVd/YJo7R3L+/nLFh2/r0
    1LeTbbqnIBr0tiu7zs9Nrosp9mNyDQITDm/+CJS3VC+Xu645HEeFka+gNBFDx2/E
    mjAGXW5aFrkObTs/Qy849ttQRf9wpB2cCcls19fAkpQbr+4BWZDZUnIC2XpwnrUi
    QwDqhE+7upo=
    =gFMk
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    LinuxSecurity Poll

    Do you agree with Linus Torvalds' decision to reject the controversial patch mitigating the Snoop attack on Intel CPUs?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/28-do-you-agree-with-linus-torvalds-decision-to-reject-the-controversial-patch-mitigating-the-snoop-attack-on-intel-cpus?task=poll.vote&format=json
    28
    radio
    [{"id":"100","title":"Yes - this was undoubtedly the right decision.","votes":"1","type":"x","order":"1","pct":33.33,"resources":[]},{"id":"101","title":"Not sure...","votes":"2","type":"x","order":"2","pct":66.67,"resources":[]},{"id":"102","title":"No - he made a big mistake here.","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.