-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Important: kernel security, bug fix, and enhancement update
Advisory ID:       RHSA-2020:4060-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:4060
Issue date:        2020-09-29
CVE Names:         CVE-2017-18551 CVE-2018-20836 CVE-2019-9454 
                   CVE-2019-9458 CVE-2019-12614 CVE-2019-15217 
                   CVE-2019-15807 CVE-2019-15917 CVE-2019-16231 
                   CVE-2019-16233 CVE-2019-16994 CVE-2019-17053 
                   CVE-2019-17055 CVE-2019-18808 CVE-2019-19046 
                   CVE-2019-19055 CVE-2019-19058 CVE-2019-19059 
                   CVE-2019-19062 CVE-2019-19063 CVE-2019-19332 
                   CVE-2019-19447 CVE-2019-19523 CVE-2019-19524 
                   CVE-2019-19530 CVE-2019-19534 CVE-2019-19537 
                   CVE-2019-19767 CVE-2019-19807 CVE-2019-20054 
                   CVE-2019-20095 CVE-2019-20636 CVE-2020-1749 
                   CVE-2020-2732 CVE-2020-8647 CVE-2020-8649 
                   CVE-2020-9383 CVE-2020-10690 CVE-2020-10732 
                   CVE-2020-10742 CVE-2020-10751 CVE-2020-10942 
                   CVE-2020-11565 CVE-2020-12770 CVE-2020-12826 
                   CVE-2020-14305 
====================================================================
1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* kernel: use-after-free in sound/core/timer.c (CVE-2019-19807)

* kernel: out of bounds write in function i2c_smbus_xfer_emulated in
drivers/i2c/i2c-core-smbus.c (CVE-2017-18551)

* kernel: race condition in smp_task_timedout() and smp_task_done() in
drivers/scsi/libsas/sas_expander.c leads to use-after-free (CVE-2018-20836)

* kernel: out of bounds write in i2c driver leads to local escalation of
privilege (CVE-2019-9454)

* kernel: use after free due to race condition in the video driver leads to
local privilege escalation (CVE-2019-9458)

Space precludes documenting all of the security fixes in this advisory. See
the descriptions of the remaining security fixes in the related Knowledge
Article:

https://access.redhat.com/articles/5442421

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.9 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1448750 - BUG: unable to handle kernel paging request at 0; IP: [] nfsd4_cb_done+0x2b/0x310 [nfsd]
1699402 - smallfile caused kernel Cephfs crash in RHOCS (OpenShift-on-Ceph)
1707796 - CVE-2018-20836 kernel: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c leads to use-after-free
1718176 - CVE-2019-12614 kernel: null pointer dereference in dlpar_parse_cc_property in arch/powerrc/platforms/pseries/dlpar.c causing denial of service
1724345 - mkfs.xfs hangs issuing discards
1745528 - CVE-2019-15217 kernel: null pointer dereference in drivers/media/usb/zr364xx/zr364xx.c driver
1747216 - CVE-2019-15807 kernel: Memory leak in drivers/scsi/libsas/sas_expander.c
1757368 - CVE-2017-18551 kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c
1758242 - CVE-2019-17053 kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol
1758248 - CVE-2019-17055 kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol
1759681 - CVE-2019-16994 kernel: Memory leak in sit_init_net() in net/ipv6/sit.c
1760100 - CVE-2019-15917 kernel: use-after-free in drivers/bluetooth/hci_ldisc.c
1760310 - CVE-2019-16231 kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c
1760420 - CVE-2019-16233 kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c
1774988 - CVE-2019-19046 kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c
1775015 - CVE-2019-19063 kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c allow for a DoS
1775021 - CVE-2019-19062 kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS
1775042 - CVE-2019-19059 kernel: Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c allows for a DoS
1775047 - CVE-2019-19058 kernel: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c allows for a DoS
1775074 - CVE-2019-19055 kernel: memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c allows DoS
1777239 - Unable to exclude files from auditing
1777418 - CVE-2019-18808 kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c
1779594 - CVE-2019-19332 Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid
1781679 - CVE-2019-19447 kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c
1783434 - CVE-2019-19523 kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver
1783459 - CVE-2019-19524 kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free
1783518 - CVE-2019-19530 kernel: use-after-free caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver
1783540 - CVE-2019-19534 kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver
1783554 - Fix copy_file_range return value in case of same-file copy on NFS
1783561 - CVE-2019-19537 kernel: race condition caused by a malicious USB device in the USB character device driver layer
1786078 - CVE-2019-19807 kernel: use-after-free in sound/core/timer.c
1786160 - CVE-2019-19767 kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c
1790063 - CVE-2019-20054 kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c
1791954 - CVE-2019-20095 kernel: memory leak in mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c
1802555 - CVE-2020-8649 kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c
1802563 - CVE-2020-8647 kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c
1805135 - CVE-2020-2732 Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources
1809833 - CVE-2020-1749 kernel: some ipv6 protocols not encrypted over ipsec tunnel
1810685 - CVE-2020-9383 kernel: out-of-bounds read in set_fdc in drivers/block/floppy.c
1817141 - CVE-2020-10690 kernel: use-after-free in cdev_put() when a PTP device is removed while it's chardev is open
1817718 - CVE-2020-10942 kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field
1818818 - CVE-2019-9454 kernel: out of bounds write in i2c driver leads to local escalation of privilege
1819377 - CVE-2019-9458 kernel: use after free due to race condition in the video driver leads to local privilege escalation
1822077 - CVE-2020-12826 kernel: possible to send arbitrary signals to a privileged (suidroot) parent process
1824059 - CVE-2019-20636 kernel: out-of-bounds write via crafted keycode table
1824270 - CVE-2020-10742 kernel: NFS client crash due to index buffer overflow during Direct IO write causing kernel panic [rhel-7]
1824918 - CVE-2020-11565 kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c
1829662 - kernel BUG at fs/fscache/operation.c:70! FS-Cache: 4 == 5 is false - current state is FSCACHE_OP_ST_COMPLETE but should be FSCACHE_OP_CANCELLED in fscache_enqueue_operation
1831399 - CVE-2020-10732 kernel: uninitialized kernel data leak in userspace coredumps
1832332 - "[sig-network] Services should be rejected when no endpoints exist" test fails frequently on RHEL7 nodes
1834845 - CVE-2020-12770 kernel: sg_write function lacks an sg_remove_request call in a certain failure case
1835127 - CVE-2020-10742 kernel: NFS client crash due to index buffer overflow during Direct IO write causing kernel panic
1839634 - CVE-2020-10751 kernel: SELinux netlink permission check bypass
1845326 - libaio is returning duplicate events
1850716 - CVE-2020-14305 kernel: memory corruption in Voice over IP nf_conntrack_h323 module

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
kernel-3.10.0-1160.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-1160.el7.noarch.rpm
kernel-doc-3.10.0-1160.el7.noarch.rpm

x86_64:
bpftool-3.10.0-1160.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-3.10.0-1160.el7.x86_64.rpm
kernel-debug-3.10.0-1160.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1160.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.el7.x86_64.rpm
kernel-devel-3.10.0-1160.el7.x86_64.rpm
kernel-headers-3.10.0-1160.el7.x86_64.rpm
kernel-tools-3.10.0-1160.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1160.el7.x86_64.rpm
perf-3.10.0-1160.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.el7.x86_64.rpm
python-perf-3.10.0-1160.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.el7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
bpftool-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1160.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
kernel-3.10.0-1160.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-1160.el7.noarch.rpm
kernel-doc-3.10.0-1160.el7.noarch.rpm

x86_64:
bpftool-3.10.0-1160.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-3.10.0-1160.el7.x86_64.rpm
kernel-debug-3.10.0-1160.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1160.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.el7.x86_64.rpm
kernel-devel-3.10.0-1160.el7.x86_64.rpm
kernel-headers-3.10.0-1160.el7.x86_64.rpm
kernel-tools-3.10.0-1160.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1160.el7.x86_64.rpm
perf-3.10.0-1160.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.el7.x86_64.rpm
python-perf-3.10.0-1160.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
bpftool-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1160.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.el7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
kernel-3.10.0-1160.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-1160.el7.noarch.rpm
kernel-doc-3.10.0-1160.el7.noarch.rpm

ppc64:
bpftool-3.10.0-1160.el7.ppc64.rpm
bpftool-debuginfo-3.10.0-1160.el7.ppc64.rpm
kernel-3.10.0-1160.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-1160.el7.ppc64.rpm
kernel-debug-3.10.0-1160.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-1160.el7.ppc64.rpm
kernel-debug-devel-3.10.0-1160.el7.ppc64.rpm
kernel-debuginfo-3.10.0-1160.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-1160.el7.ppc64.rpm
kernel-devel-3.10.0-1160.el7.ppc64.rpm
kernel-headers-3.10.0-1160.el7.ppc64.rpm
kernel-tools-3.10.0-1160.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-1160.el7.ppc64.rpm
kernel-tools-libs-3.10.0-1160.el7.ppc64.rpm
perf-3.10.0-1160.el7.ppc64.rpm
perf-debuginfo-3.10.0-1160.el7.ppc64.rpm
python-perf-3.10.0-1160.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-1160.el7.ppc64.rpm

ppc64le:
bpftool-3.10.0-1160.el7.ppc64le.rpm
bpftool-debuginfo-3.10.0-1160.el7.ppc64le.rpm
kernel-3.10.0-1160.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-1160.el7.ppc64le.rpm
kernel-debug-3.10.0-1160.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-1160.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-1160.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-1160.el7.ppc64le.rpm
kernel-devel-3.10.0-1160.el7.ppc64le.rpm
kernel-headers-3.10.0-1160.el7.ppc64le.rpm
kernel-tools-3.10.0-1160.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-1160.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-1160.el7.ppc64le.rpm
perf-3.10.0-1160.el7.ppc64le.rpm
perf-debuginfo-3.10.0-1160.el7.ppc64le.rpm
python-perf-3.10.0-1160.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-1160.el7.ppc64le.rpm

s390x:
bpftool-3.10.0-1160.el7.s390x.rpm
bpftool-debuginfo-3.10.0-1160.el7.s390x.rpm
kernel-3.10.0-1160.el7.s390x.rpm
kernel-debug-3.10.0-1160.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-1160.el7.s390x.rpm
kernel-debug-devel-3.10.0-1160.el7.s390x.rpm
kernel-debuginfo-3.10.0-1160.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-1160.el7.s390x.rpm
kernel-devel-3.10.0-1160.el7.s390x.rpm
kernel-headers-3.10.0-1160.el7.s390x.rpm
kernel-kdump-3.10.0-1160.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-1160.el7.s390x.rpm
kernel-kdump-devel-3.10.0-1160.el7.s390x.rpm
perf-3.10.0-1160.el7.s390x.rpm
perf-debuginfo-3.10.0-1160.el7.s390x.rpm
python-perf-3.10.0-1160.el7.s390x.rpm
python-perf-debuginfo-3.10.0-1160.el7.s390x.rpm

x86_64:
bpftool-3.10.0-1160.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-3.10.0-1160.el7.x86_64.rpm
kernel-debug-3.10.0-1160.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1160.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.el7.x86_64.rpm
kernel-devel-3.10.0-1160.el7.x86_64.rpm
kernel-headers-3.10.0-1160.el7.x86_64.rpm
kernel-tools-3.10.0-1160.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1160.el7.x86_64.rpm
perf-3.10.0-1160.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.el7.x86_64.rpm
python-perf-3.10.0-1160.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:
bpftool-debuginfo-3.10.0-1160.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-1160.el7.ppc64.rpm
kernel-debuginfo-3.10.0-1160.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-1160.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-1160.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-1160.el7.ppc64.rpm
perf-debuginfo-3.10.0-1160.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-1160.el7.ppc64.rpm

ppc64le:
bpftool-debuginfo-3.10.0-1160.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-1160.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-1160.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-1160.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-1160.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-1160.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-1160.el7.ppc64le.rpm
perf-debuginfo-3.10.0-1160.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-1160.el7.ppc64le.rpm

x86_64:
bpftool-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1160.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
kernel-3.10.0-1160.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-1160.el7.noarch.rpm
kernel-doc-3.10.0-1160.el7.noarch.rpm

x86_64:
bpftool-3.10.0-1160.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-3.10.0-1160.el7.x86_64.rpm
kernel-debug-3.10.0-1160.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1160.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.el7.x86_64.rpm
kernel-devel-3.10.0-1160.el7.x86_64.rpm
kernel-headers-3.10.0-1160.el7.x86_64.rpm
kernel-tools-3.10.0-1160.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1160.el7.x86_64.rpm
perf-3.10.0-1160.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.el7.x86_64.rpm
python-perf-3.10.0-1160.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
bpftool-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1160.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-18551
https://access.redhat.com/security/cve/CVE-2018-20836
https://access.redhat.com/security/cve/CVE-2019-9454
https://access.redhat.com/security/cve/CVE-2019-9458
https://access.redhat.com/security/cve/CVE-2019-12614
https://access.redhat.com/security/cve/CVE-2019-15217
https://access.redhat.com/security/cve/CVE-2019-15807
https://access.redhat.com/security/cve/CVE-2019-15917
https://access.redhat.com/security/cve/CVE-2019-16231
https://access.redhat.com/security/cve/CVE-2019-16233
https://access.redhat.com/security/cve/CVE-2019-16994
https://access.redhat.com/security/cve/CVE-2019-17053
https://access.redhat.com/security/cve/CVE-2019-17055
https://access.redhat.com/security/cve/CVE-2019-18808
https://access.redhat.com/security/cve/CVE-2019-19046
https://access.redhat.com/security/cve/CVE-2019-19055
https://access.redhat.com/security/cve/CVE-2019-19058
https://access.redhat.com/security/cve/CVE-2019-19059
https://access.redhat.com/security/cve/CVE-2019-19062
https://access.redhat.com/security/cve/CVE-2019-19063
https://access.redhat.com/security/cve/CVE-2019-19332
https://access.redhat.com/security/cve/CVE-2019-19447
https://access.redhat.com/security/cve/CVE-2019-19523
https://access.redhat.com/security/cve/CVE-2019-19524
https://access.redhat.com/security/cve/CVE-2019-19530
https://access.redhat.com/security/cve/CVE-2019-19534
https://access.redhat.com/security/cve/CVE-2019-19537
https://access.redhat.com/security/cve/CVE-2019-19767
https://access.redhat.com/security/cve/CVE-2019-19807
https://access.redhat.com/security/cve/CVE-2019-20054
https://access.redhat.com/security/cve/CVE-2019-20095
https://access.redhat.com/security/cve/CVE-2019-20636
https://access.redhat.com/security/cve/CVE-2020-1749
https://access.redhat.com/security/cve/CVE-2020-2732
https://access.redhat.com/security/cve/CVE-2020-8647
https://access.redhat.com/security/cve/CVE-2020-8649
https://access.redhat.com/security/cve/CVE-2020-9383
https://access.redhat.com/security/cve/CVE-2020-10690
https://access.redhat.com/security/cve/CVE-2020-10732
https://access.redhat.com/security/cve/CVE-2020-10742
https://access.redhat.com/security/cve/CVE-2020-10751
https://access.redhat.com/security/cve/CVE-2020-10942
https://access.redhat.com/security/cve/CVE-2020-11565
https://access.redhat.com/security/cve/CVE-2020-12770
https://access.redhat.com/security/cve/CVE-2020-12826
https://access.redhat.com/security/cve/CVE-2020-14305
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index
https://access.redhat.com/articles/5442421

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX3OiL9zjgjWX9erEAQihSxAApxwgp4kpij7zRNbAhyJuEtRjbVL5gO/i
fwPX//BDQD1TPK5HfbCicmhLEgFvbM8PwV/p8DVYAeJqD6ipqGaJjUmZssr5jCRb
+EIz+7nJjq7x+iQ93/xt0nGBCRVEWwxb27nYvVQId0Prbby5TMGGmG8LmKGeMRBg
mEudwSaVgo2Rn/V6aBIQFLGwsOgpHpXd/5yY9JX6e6mclE23+yKc15zqVboJvt14
Q1beZAwtHkBWlHGzBRx3HPEJdXWZXPiYcWN+07BF7vyLSmD+opMvNGsgXlCrgyIc
ErgXdAIo3awyWwaU8JTv2pY/ZRsPYI2MTO0Ph+zHLy4ndpmMv9b/c0WbiEAan8iL
0Uj1zuSyWRDbnNwKEo2wc1Z7guMpDqKtV5QrZAFTSH3HVPSXF43WakDEZrO7LOse
T3SmYeWdP/rI50tMOtuPeldTh8kY/qUC6mRgFM45UmXlfIzQrw49l2fbgHnANIA5
8olnRowuCaM+AU4ruLM+qf5S9IoxeLQRmzRLQEZk4nH3zjSNgwO+9rFSK92E1cTj
E3mN+hH/4KP4ckOh3TDb8W9qx5DHA7U6N3XcuSloNOwROyBnnLbw8eZcJeddy0zX
SvESq0HLBOVtEBbpnmJtfXlvW5bXkajYlcSX8nSCcIJ6U7yJN9qHmlsO5bv53koB
7KUpNcbho+A=V/r8
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2020-4060:01 Important: kernel security, bug fix,

An update for kernel is now available for Red Hat Enterprise Linux 7

Summary

The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: use-after-free in sound/core/timer.c (CVE-2019-19807)
* kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c (CVE-2017-18551)
* kernel: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c leads to use-after-free (CVE-2018-20836)
* kernel: out of bounds write in i2c driver leads to local escalation of privilege (CVE-2019-9454)
* kernel: use after free due to race condition in the video driver leads to local privilege escalation (CVE-2019-9458)
Space precludes documenting all of the security fixes in this advisory. See the descriptions of the remaining security fixes in the related Knowledge Article:
https://access.redhat.com/articles/5442421
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.



Summary


Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.

References

https://access.redhat.com/security/cve/CVE-2017-18551 https://access.redhat.com/security/cve/CVE-2018-20836 https://access.redhat.com/security/cve/CVE-2019-9454 https://access.redhat.com/security/cve/CVE-2019-9458 https://access.redhat.com/security/cve/CVE-2019-12614 https://access.redhat.com/security/cve/CVE-2019-15217 https://access.redhat.com/security/cve/CVE-2019-15807 https://access.redhat.com/security/cve/CVE-2019-15917 https://access.redhat.com/security/cve/CVE-2019-16231 https://access.redhat.com/security/cve/CVE-2019-16233 https://access.redhat.com/security/cve/CVE-2019-16994 https://access.redhat.com/security/cve/CVE-2019-17053 https://access.redhat.com/security/cve/CVE-2019-17055 https://access.redhat.com/security/cve/CVE-2019-18808 https://access.redhat.com/security/cve/CVE-2019-19046 https://access.redhat.com/security/cve/CVE-2019-19055 https://access.redhat.com/security/cve/CVE-2019-19058 https://access.redhat.com/security/cve/CVE-2019-19059 https://access.redhat.com/security/cve/CVE-2019-19062 https://access.redhat.com/security/cve/CVE-2019-19063 https://access.redhat.com/security/cve/CVE-2019-19332 https://access.redhat.com/security/cve/CVE-2019-19447 https://access.redhat.com/security/cve/CVE-2019-19523 https://access.redhat.com/security/cve/CVE-2019-19524 https://access.redhat.com/security/cve/CVE-2019-19530 https://access.redhat.com/security/cve/CVE-2019-19534 https://access.redhat.com/security/cve/CVE-2019-19537 https://access.redhat.com/security/cve/CVE-2019-19767 https://access.redhat.com/security/cve/CVE-2019-19807 https://access.redhat.com/security/cve/CVE-2019-20054 https://access.redhat.com/security/cve/CVE-2019-20095 https://access.redhat.com/security/cve/CVE-2019-20636 https://access.redhat.com/security/cve/CVE-2020-1749 https://access.redhat.com/security/cve/CVE-2020-2732 https://access.redhat.com/security/cve/CVE-2020-8647 https://access.redhat.com/security/cve/CVE-2020-8649 https://access.redhat.com/security/cve/CVE-2020-9383 https://access.redhat.com/security/cve/CVE-2020-10690 https://access.redhat.com/security/cve/CVE-2020-10732 https://access.redhat.com/security/cve/CVE-2020-10742 https://access.redhat.com/security/cve/CVE-2020-10751 https://access.redhat.com/security/cve/CVE-2020-10942 https://access.redhat.com/security/cve/CVE-2020-11565 https://access.redhat.com/security/cve/CVE-2020-12770 https://access.redhat.com/security/cve/CVE-2020-12826 https://access.redhat.com/security/cve/CVE-2020-14305 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index https://access.redhat.com/articles/5442421

Package List

Red Hat Enterprise Linux Client (v. 7):
Source: kernel-3.10.0-1160.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-1160.el7.noarch.rpm kernel-doc-3.10.0-1160.el7.noarch.rpm
x86_64: bpftool-3.10.0-1160.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.el7.x86_64.rpm kernel-3.10.0-1160.el7.x86_64.rpm kernel-debug-3.10.0-1160.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.el7.x86_64.rpm kernel-devel-3.10.0-1160.el7.x86_64.rpm kernel-headers-3.10.0-1160.el7.x86_64.rpm kernel-tools-3.10.0-1160.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.el7.x86_64.rpm perf-3.10.0-1160.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.el7.x86_64.rpm python-perf-3.10.0-1160.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: bpftool-debuginfo-3.10.0-1160.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: kernel-3.10.0-1160.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-1160.el7.noarch.rpm kernel-doc-3.10.0-1160.el7.noarch.rpm
x86_64: bpftool-3.10.0-1160.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.el7.x86_64.rpm kernel-3.10.0-1160.el7.x86_64.rpm kernel-debug-3.10.0-1160.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.el7.x86_64.rpm kernel-devel-3.10.0-1160.el7.x86_64.rpm kernel-headers-3.10.0-1160.el7.x86_64.rpm kernel-tools-3.10.0-1160.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.el7.x86_64.rpm perf-3.10.0-1160.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.el7.x86_64.rpm python-perf-3.10.0-1160.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: bpftool-debuginfo-3.10.0-1160.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: kernel-3.10.0-1160.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-1160.el7.noarch.rpm kernel-doc-3.10.0-1160.el7.noarch.rpm
ppc64: bpftool-3.10.0-1160.el7.ppc64.rpm bpftool-debuginfo-3.10.0-1160.el7.ppc64.rpm kernel-3.10.0-1160.el7.ppc64.rpm kernel-bootwrapper-3.10.0-1160.el7.ppc64.rpm kernel-debug-3.10.0-1160.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1160.el7.ppc64.rpm kernel-debug-devel-3.10.0-1160.el7.ppc64.rpm kernel-debuginfo-3.10.0-1160.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1160.el7.ppc64.rpm kernel-devel-3.10.0-1160.el7.ppc64.rpm kernel-headers-3.10.0-1160.el7.ppc64.rpm kernel-tools-3.10.0-1160.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1160.el7.ppc64.rpm kernel-tools-libs-3.10.0-1160.el7.ppc64.rpm perf-3.10.0-1160.el7.ppc64.rpm perf-debuginfo-3.10.0-1160.el7.ppc64.rpm python-perf-3.10.0-1160.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1160.el7.ppc64.rpm
ppc64le: bpftool-3.10.0-1160.el7.ppc64le.rpm bpftool-debuginfo-3.10.0-1160.el7.ppc64le.rpm kernel-3.10.0-1160.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-1160.el7.ppc64le.rpm kernel-debug-3.10.0-1160.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1160.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1160.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1160.el7.ppc64le.rpm kernel-devel-3.10.0-1160.el7.ppc64le.rpm kernel-headers-3.10.0-1160.el7.ppc64le.rpm kernel-tools-3.10.0-1160.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1160.el7.ppc64le.rpm kernel-tools-libs-3.10.0-1160.el7.ppc64le.rpm perf-3.10.0-1160.el7.ppc64le.rpm perf-debuginfo-3.10.0-1160.el7.ppc64le.rpm python-perf-3.10.0-1160.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1160.el7.ppc64le.rpm
s390x: bpftool-3.10.0-1160.el7.s390x.rpm bpftool-debuginfo-3.10.0-1160.el7.s390x.rpm kernel-3.10.0-1160.el7.s390x.rpm kernel-debug-3.10.0-1160.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-1160.el7.s390x.rpm kernel-debug-devel-3.10.0-1160.el7.s390x.rpm kernel-debuginfo-3.10.0-1160.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-1160.el7.s390x.rpm kernel-devel-3.10.0-1160.el7.s390x.rpm kernel-headers-3.10.0-1160.el7.s390x.rpm kernel-kdump-3.10.0-1160.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-1160.el7.s390x.rpm kernel-kdump-devel-3.10.0-1160.el7.s390x.rpm perf-3.10.0-1160.el7.s390x.rpm perf-debuginfo-3.10.0-1160.el7.s390x.rpm python-perf-3.10.0-1160.el7.s390x.rpm python-perf-debuginfo-3.10.0-1160.el7.s390x.rpm
x86_64: bpftool-3.10.0-1160.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.el7.x86_64.rpm kernel-3.10.0-1160.el7.x86_64.rpm kernel-debug-3.10.0-1160.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.el7.x86_64.rpm kernel-devel-3.10.0-1160.el7.x86_64.rpm kernel-headers-3.10.0-1160.el7.x86_64.rpm kernel-tools-3.10.0-1160.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.el7.x86_64.rpm perf-3.10.0-1160.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.el7.x86_64.rpm python-perf-3.10.0-1160.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: bpftool-debuginfo-3.10.0-1160.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1160.el7.ppc64.rpm kernel-debuginfo-3.10.0-1160.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1160.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1160.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-1160.el7.ppc64.rpm perf-debuginfo-3.10.0-1160.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1160.el7.ppc64.rpm
ppc64le: bpftool-debuginfo-3.10.0-1160.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1160.el7.ppc64le.rpm kernel-debug-devel-3.10.0-1160.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1160.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1160.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1160.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-1160.el7.ppc64le.rpm perf-debuginfo-3.10.0-1160.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1160.el7.ppc64le.rpm
x86_64: bpftool-debuginfo-3.10.0-1160.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: kernel-3.10.0-1160.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-1160.el7.noarch.rpm kernel-doc-3.10.0-1160.el7.noarch.rpm
x86_64: bpftool-3.10.0-1160.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.el7.x86_64.rpm kernel-3.10.0-1160.el7.x86_64.rpm kernel-debug-3.10.0-1160.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.el7.x86_64.rpm kernel-devel-3.10.0-1160.el7.x86_64.rpm kernel-headers-3.10.0-1160.el7.x86_64.rpm kernel-tools-3.10.0-1160.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.el7.x86_64.rpm perf-3.10.0-1160.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.el7.x86_64.rpm python-perf-3.10.0-1160.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: bpftool-debuginfo-3.10.0-1160.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Severity
Advisory ID: RHSA-2020:4060-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4060
Issued Date: : 2020-09-29
CVE Names: CVE-2017-18551 CVE-2018-20836 CVE-2019-9454 CVE-2019-9458 CVE-2019-12614 CVE-2019-15217 CVE-2019-15807 CVE-2019-15917 CVE-2019-16231 CVE-2019-16233 CVE-2019-16994 CVE-2019-17053 CVE-2019-17055 CVE-2019-18808 CVE-2019-19046 CVE-2019-19055 CVE-2019-19058 CVE-2019-19059 CVE-2019-19062 CVE-2019-19063 CVE-2019-19332 CVE-2019-19447 CVE-2019-19523 CVE-2019-19524 CVE-2019-19530 CVE-2019-19534 CVE-2019-19537 CVE-2019-19767 CVE-2019-19807 CVE-2019-20054 CVE-2019-20095 CVE-2019-20636 CVE-2020-1749 CVE-2020-2732 CVE-2020-8647 CVE-2020-8649 CVE-2020-9383 CVE-2020-10690 CVE-2020-10732 CVE-2020-10742 CVE-2020-10751 CVE-2020-10942 CVE-2020-11565 CVE-2020-12770 CVE-2020-12826 CVE-2020-14305

Topic

An update for kernel is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64

Red Hat Enterprise Linux Client Optional (v. 7) - x86_64

Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64

Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64

Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64

Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64


Bugs Fixed

1448750 - BUG: unable to handle kernel paging request at 0; IP: [] nfsd4_cb_done+0x2b/0x310 [nfsd]

1699402 - smallfile caused kernel Cephfs crash in RHOCS (OpenShift-on-Ceph)

1707796 - CVE-2018-20836 kernel: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c leads to use-after-free

1718176 - CVE-2019-12614 kernel: null pointer dereference in dlpar_parse_cc_property in arch/powerrc/platforms/pseries/dlpar.c causing denial of service

1724345 - mkfs.xfs hangs issuing discards

1745528 - CVE-2019-15217 kernel: null pointer dereference in drivers/media/usb/zr364xx/zr364xx.c driver

1747216 - CVE-2019-15807 kernel: Memory leak in drivers/scsi/libsas/sas_expander.c

1757368 - CVE-2017-18551 kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c

1758242 - CVE-2019-17053 kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol

1758248 - CVE-2019-17055 kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol

1759681 - CVE-2019-16994 kernel: Memory leak in sit_init_net() in net/ipv6/sit.c

1760100 - CVE-2019-15917 kernel: use-after-free in drivers/bluetooth/hci_ldisc.c

1760310 - CVE-2019-16231 kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c

1760420 - CVE-2019-16233 kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c

1774988 - CVE-2019-19046 kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c

1775015 - CVE-2019-19063 kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c allow for a DoS

1775021 - CVE-2019-19062 kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS

1775042 - CVE-2019-19059 kernel: Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c allows for a DoS

1775047 - CVE-2019-19058 kernel: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c allows for a DoS

1775074 - CVE-2019-19055 kernel: memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c allows DoS

1777239 - Unable to exclude files from auditing

1777418 - CVE-2019-18808 kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c

1779594 - CVE-2019-19332 Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid

1781679 - CVE-2019-19447 kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c

1783434 - CVE-2019-19523 kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver

1783459 - CVE-2019-19524 kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free

1783518 - CVE-2019-19530 kernel: use-after-free caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver

1783540 - CVE-2019-19534 kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver

1783554 - Fix copy_file_range return value in case of same-file copy on NFS

1783561 - CVE-2019-19537 kernel: race condition caused by a malicious USB device in the USB character device driver layer

1786078 - CVE-2019-19807 kernel: use-after-free in sound/core/timer.c

1786160 - CVE-2019-19767 kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c

1790063 - CVE-2019-20054 kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c

1791954 - CVE-2019-20095 kernel: memory leak in mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c

1802555 - CVE-2020-8649 kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c

1802563 - CVE-2020-8647 kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c

1805135 - CVE-2020-2732 Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources

1809833 - CVE-2020-1749 kernel: some ipv6 protocols not encrypted over ipsec tunnel

1810685 - CVE-2020-9383 kernel: out-of-bounds read in set_fdc in drivers/block/floppy.c

1817141 - CVE-2020-10690 kernel: use-after-free in cdev_put() when a PTP device is removed while it's chardev is open

1817718 - CVE-2020-10942 kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field

1818818 - CVE-2019-9454 kernel: out of bounds write in i2c driver leads to local escalation of privilege

1819377 - CVE-2019-9458 kernel: use after free due to race condition in the video driver leads to local privilege escalation

1822077 - CVE-2020-12826 kernel: possible to send arbitrary signals to a privileged (suidroot) parent process

1824059 - CVE-2019-20636 kernel: out-of-bounds write via crafted keycode table

1824270 - CVE-2020-10742 kernel: NFS client crash due to index buffer overflow during Direct IO write causing kernel panic [rhel-7]

1824918 - CVE-2020-11565 kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c

1829662 - kernel BUG at fs/fscache/operation.c:70! FS-Cache: 4 == 5 is false - current state is FSCACHE_OP_ST_COMPLETE but should be FSCACHE_OP_CANCELLED in fscache_enqueue_operation

1831399 - CVE-2020-10732 kernel: uninitialized kernel data leak in userspace coredumps

1832332 - "[sig-network] Services should be rejected when no endpoints exist" test fails frequently on RHEL7 nodes

1834845 - CVE-2020-12770 kernel: sg_write function lacks an sg_remove_request call in a certain failure case

1835127 - CVE-2020-10742 kernel: NFS client crash due to index buffer overflow during Direct IO write causing kernel panic

1839634 - CVE-2020-10751 kernel: SELinux netlink permission check bypass

1845326 - libaio is returning duplicate events

1850716 - CVE-2020-14305 kernel: memory corruption in Voice over IP nf_conntrack_h323 module


Related News

30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved