Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Red Hat Enterprise Linux 7: RHSA-2020:2854-01 Important Kernel-Alt Update

red hat
Calendar Grey July 7, 2020
Dist Redhat Esm H88
Important kernel-alt update for Red Hat addresses critical security issues, with details on vulnerabilities and fixes.
An update for kernel-alt is now available for Red Hat Enterprise Linux 7

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Summary

The kernel-alt packages provide the Linux kernel version 4.x.
Security Fix(es):
* kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)
* Kernel: ppc: kvm: conflicting use of HSTATE_HOST_R1 to store r1 state leads to host stack corruption (CVE-2020-8834)
* Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario (CVE-2020-12888)
* kernel: use after free due to race condition in the video driver leads to local privilege escalation (CVE-2019-9458)
* kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)
* kernel: use-after-free in drivers/bluetooth/hci_ldisc.c (CVE-2019-15917)
* kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c (CVE-2019-18808)
* kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c (CVE-2019-19767)
* kernel: an out-of-bounds write via crafted keycode table (CVE-2019-20636)
* kernel: use-after-free read in napi_gro_frags() in the Linux kernel (CVE-2020-10720)
* kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c (CVE-2020-11565)
* kernel: A memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for a DoS (CVE-2019-19062)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* XFS: Metadata corruption detected at xfs_attr3_leaf_read_verify [rhel-alt-7.6.z] (BZ#1830836)

Topics%20covered

Topics Covered

security advisory bug fix Red Hat Enterprise Linux DoS threat security impact kernel-alt

References

https://access.redhat.com/security/cve/CVE-2018-16884 https://access.redhat.com/security/cve/CVE-2019-9458 https://access.redhat.com/security/cve/CVE-2019-11811 https://access.redhat.com/security/cve/CVE-2019-15917 https://access.redhat.com/security/cve/CVE-2019-18808 https://access.redhat.com/security/cve/CVE-2019-19062 https://access.redhat.com/security/cve/CVE-2019-19767 https://access.redhat.com/security/cve/CVE-2019-20636 https://access.redhat.com/security/cve/CVE-2020-8834 https://access.redhat.com/security/cve/CVE-2020-10720 https://access.redhat.com/security/cve/CVE-2020-11565 https://access.redhat.com/security/cve/CVE-2020-12888 https://access.redhat.com/security/updates/classification#important

Package List

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):
Source: kernel-alt-4.14.0-115.26.1.el7a.src.rpm
aarch64: kernel-4.14.0-115.26.1.el7a.aarch64.rpm kernel-debug-4.14.0-115.26.1.el7a.aarch64.rpm kernel-debug-debuginfo-4.14.0-115.26.1.el7a.aarch64.rpm kernel-debug-devel-4.14.0-115.26.1.el7a.aarch64.rpm kernel-debuginfo-4.14.0-115.26.1.el7a.aarch64.rpm kernel-debuginfo-common-aarch64-4.14.0-115.26.1.el7a.aarch64.rpm kernel-devel-4.14.0-115.26.1.el7a.aarch64.rpm kernel-headers-4.14.0-115.26.1.el7a.aarch64.rpm kernel-tools-4.14.0-115.26.1.el7a.aarch64.rpm kernel-tools-debuginfo-4.14.0-115.26.1.el7a.aarch64.rpm kernel-tools-libs-4.14.0-115.26.1.el7a.aarch64.rpm perf-4.14.0-115.26.1.el7a.aarch64.rpm perf-debuginfo-4.14.0-115.26.1.el7a.aarch64.rpm python-perf-4.14.0-115.26.1.el7a.aarch64.rpm python-perf-debuginfo-4.14.0-115.26.1.el7a.aarch64.rpm
noarch: kernel-abi-whitelists-4.14.0-115.26.1.el7a.noarch.rpm kernel-doc-4.14.0-115.26.1.el7a.noarch.rpm
ppc64le: kernel-4.14.0-115.26.1.el7a.ppc64le.rpm kernel-bootwrapper-4.14.0-115.26.1.el7a.ppc64le.rpm kernel-debug-4.14.0-115.26.1.el7a.ppc64le.rpm kernel-debug-debuginfo-4.14.0-115.26.1.el7a.ppc64le.rpm kernel-debuginfo-4.14.0-115.26.1.el7a.ppc64le.rpm

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2020:2854-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:2854
Issue date: 2020-07-07

Topic

An update for kernel-alt is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory bug fix Red Hat Enterprise Linux DoS threat security impact kernel-alt

Relevant Releases Architectures

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le

Bugs Fixed

1660375 - CVE-2018-16884 kernel: nfs: use-after-free in svc_process_common()

1709180 - CVE-2019-11811 kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c

1760100 - CVE-2019-15917 kernel: use-after-free in drivers/bluetooth/hci_ldisc.c

1775021 - CVE-2019-19062 kernel: A memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for a DoS

1777418 - CVE-2019-18808 kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c

1781204 - CVE-2020-10720 kernel: use-after-free read in napi_gro_frags() in the Linux kernel

1786160 - CVE-2019-19767 kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c

1819377 - CVE-2019-9458 kernel: use after free due to race condition in the video driver leads to local privilege escalation

1819615 - CVE-2020-8834 Kernel: ppc: kvm: conflicting use of HSTATE_HOST_R1 to store r1 state leads to host stack corruption

1824059 - CVE-2019-20636 kernel: an out-of-bounds write via crafted keycode table

1824918 - CVE-2020-11565 kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c

1836244 - CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here