Linux Security
Linux Security
Linux Security

RedHat: RHSA-2021-1093:01 Important: kernel security, bug fix,

Date 06 Apr 2021
317
Posted By LinuxSecurity Advisories
An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security, bug fix, and enhancement update
Advisory ID:       RHSA-2021:1093-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:1093
Issue date:        2021-04-06
CVE Names:         CVE-2020-0466 CVE-2020-27152 CVE-2020-28374 
                   CVE-2021-3347 CVE-2021-26708 CVE-2021-27363 
                   CVE-2021-27364 CVE-2021-27365 
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* kernel: use after free in eventpoll.c may lead to escalation of privilege
(CVE-2020-0466)

* kernel: SCSI target (LIO) write to any block on ILO backstore
(CVE-2020-28374)

* kernel: Use after free via PI futex state (CVE-2021-3347)

* kernel: race conditions caused by wrong locking in
net/vmw_vsock/af_vsock.c (CVE-2021-26708)

* kernel: out-of-bounds read in libiscsi module (CVE-2021-27364)

* kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365)

* Kernel: KVM: host stack overflow due to lazy update IOAPIC
(CVE-2020-27152)

* kernel: iscsi: unrestricted access to sessions and handles
(CVE-2021-27363)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* race condition when creating child sockets from syncookies (BZ#1915529)

* On System Z, a hash needs state randomized for entropy extraction
(BZ#1915816)

* scsi: target: core_tmr_abort_task() reporting multiple aborts for the
same se_cmd->tag (BZ#1918354)

* [mlx5] VF interface stats are not reflected in "ip -s link show" /
"ifconfig " commands (BZ#1921060)

* Win10 guest automatic reboot after migration in Win10 and WSL2 on Intel
hosts (BZ#1923281)

* [RHEL 8.3] Repeated messages - Unable to burst-read optrom segment
(BZ#1924222)

* Backport bug fix RDMA/umem: Prevent small pages from being returned by
ib_umem_find_best_pgsz (BZ#1924691)

* [Cisco 8.3] RHEL/Cent 8.2 fNIC driver needs a patch fix that addresses
crash (BZ#1925186)

* RHEL8.3 - The kernel misdetects zCX with z/VM (BZ#1925508)

* Backport 22e4663e91 ("mm/slub: fix panic in slab_alloc_node()")
(BZ#1925511)

* SCTP "Address already in use" when no active endpoints from RHEL 8.2
onwards (BZ#1927521)

* lpfc: Fix initial FLOGI failure due to BBSCN not supported  (BZ#1927921)

* [mm] mm, oom: remove oom_lock from oom_reaper (BZ#1929738)

* Unexpected thread movement with AMD Milan compared to Rome (BZ#1929740)

* rpmbuild cannot build the userspace RPMs in the kernel package when the
kernel itself is not built (BZ#1929910)

* [Regression] RHEL8.2 - ISST-LTE:pVM:diapvmlp83:sum:memory DLPAR fails to
add memory on multiple trials[mm/memory_hotplug.c:1163] (mm-) (BZ#1930168)

* Configuring the system with non-RT kernel will hang the system
(BZ#1930735)

* Upstream Patch for Gracefully handle DMAR units with no supported address
widthsx86/vt-d (BZ#1932199)

* gfs2: Deadlock between gfs2_{create_inode,inode_lookup} and
delete_work_func (BZ#1937109)

* Failing on tsx-ctrl when the flag doesn't change anything (BZ#1939013)

Enhancement(s):

* RFE: Backport all Audit enhancements and fixes up to version 5.10-rc1
(BZ#1907520)

* RHEL8.4: Update the target driver (BZ#1918363)

* [Mellanox 8.4 FEAT] mlx5: Hairpin Support in Switch Mode (BZ#1924689)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1888886 - CVE-2020-27152 Kernel: KVM: host stack overflow due to lazy update IOAPIC
1899804 - CVE-2020-28374 kernel: SCSI target (LIO) write to any block on ILO backstore
1920480 - CVE-2020-0466 kernel: use after free in eventpoll.c may lead to escalation of privilege
1922249 - CVE-2021-3347 kernel: Use after free via PI futex state
1925588 - CVE-2021-26708 kernel: race conditions caused by wrong locking in net/vmw_vsock/af_vsock.c
1930078 - CVE-2021-27365 kernel: heap buffer overflow in the iSCSI subsystem
1930079 - CVE-2021-27363 kernel: iscsi: unrestricted access to sessions and handles
1930080 - CVE-2021-27364 kernel: out-of-bounds read in libiscsi module

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:
kernel-4.18.0-240.22.1.el8_3.src.rpm

aarch64:
bpftool-4.18.0-240.22.1.el8_3.aarch64.rpm
bpftool-debuginfo-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-core-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-cross-headers-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-debug-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-debug-core-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-debug-debuginfo-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-debug-devel-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-debug-modules-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-debug-modules-extra-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-debuginfo-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-debuginfo-common-aarch64-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-devel-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-headers-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-modules-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-modules-extra-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-tools-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-tools-debuginfo-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-tools-libs-4.18.0-240.22.1.el8_3.aarch64.rpm
perf-4.18.0-240.22.1.el8_3.aarch64.rpm
perf-debuginfo-4.18.0-240.22.1.el8_3.aarch64.rpm
python3-perf-4.18.0-240.22.1.el8_3.aarch64.rpm
python3-perf-debuginfo-4.18.0-240.22.1.el8_3.aarch64.rpm

noarch:
kernel-abi-whitelists-4.18.0-240.22.1.el8_3.noarch.rpm
kernel-doc-4.18.0-240.22.1.el8_3.noarch.rpm

ppc64le:
bpftool-4.18.0-240.22.1.el8_3.ppc64le.rpm
bpftool-debuginfo-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-core-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-cross-headers-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-debug-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-debug-core-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-debug-debuginfo-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-debug-devel-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-debug-modules-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-debug-modules-extra-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-debuginfo-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-devel-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-headers-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-modules-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-modules-extra-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-tools-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-tools-debuginfo-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-tools-libs-4.18.0-240.22.1.el8_3.ppc64le.rpm
perf-4.18.0-240.22.1.el8_3.ppc64le.rpm
perf-debuginfo-4.18.0-240.22.1.el8_3.ppc64le.rpm
python3-perf-4.18.0-240.22.1.el8_3.ppc64le.rpm
python3-perf-debuginfo-4.18.0-240.22.1.el8_3.ppc64le.rpm

s390x:
bpftool-4.18.0-240.22.1.el8_3.s390x.rpm
bpftool-debuginfo-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-core-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-cross-headers-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-debug-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-debug-core-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-debug-debuginfo-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-debug-devel-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-debug-modules-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-debug-modules-extra-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-debuginfo-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-debuginfo-common-s390x-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-devel-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-headers-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-modules-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-modules-extra-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-tools-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-tools-debuginfo-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-zfcpdump-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-zfcpdump-core-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-zfcpdump-debuginfo-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-zfcpdump-devel-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-zfcpdump-modules-4.18.0-240.22.1.el8_3.s390x.rpm
kernel-zfcpdump-modules-extra-4.18.0-240.22.1.el8_3.s390x.rpm
perf-4.18.0-240.22.1.el8_3.s390x.rpm
perf-debuginfo-4.18.0-240.22.1.el8_3.s390x.rpm
python3-perf-4.18.0-240.22.1.el8_3.s390x.rpm
python3-perf-debuginfo-4.18.0-240.22.1.el8_3.s390x.rpm

x86_64:
bpftool-4.18.0-240.22.1.el8_3.x86_64.rpm
bpftool-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-core-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-cross-headers-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-debug-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-debug-core-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-debug-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-debug-devel-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-debug-modules-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-debug-modules-extra-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-debuginfo-common-x86_64-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-devel-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-headers-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-modules-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-modules-extra-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-tools-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-tools-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-tools-libs-4.18.0-240.22.1.el8_3.x86_64.rpm
perf-4.18.0-240.22.1.el8_3.x86_64.rpm
perf-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm
python3-perf-4.18.0-240.22.1.el8_3.x86_64.rpm
python3-perf-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:
bpftool-debuginfo-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-debug-debuginfo-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-debuginfo-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-debuginfo-common-aarch64-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-tools-debuginfo-4.18.0-240.22.1.el8_3.aarch64.rpm
kernel-tools-libs-devel-4.18.0-240.22.1.el8_3.aarch64.rpm
perf-debuginfo-4.18.0-240.22.1.el8_3.aarch64.rpm
python3-perf-debuginfo-4.18.0-240.22.1.el8_3.aarch64.rpm

ppc64le:
bpftool-debuginfo-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-debug-debuginfo-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-debuginfo-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-tools-debuginfo-4.18.0-240.22.1.el8_3.ppc64le.rpm
kernel-tools-libs-devel-4.18.0-240.22.1.el8_3.ppc64le.rpm
perf-debuginfo-4.18.0-240.22.1.el8_3.ppc64le.rpm
python3-perf-debuginfo-4.18.0-240.22.1.el8_3.ppc64le.rpm

x86_64:
bpftool-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-debug-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-debuginfo-common-x86_64-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-tools-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm
kernel-tools-libs-devel-4.18.0-240.22.1.el8_3.x86_64.rpm
perf-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm
python3-perf-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-0466
https://access.redhat.com/security/cve/CVE-2020-27152
https://access.redhat.com/security/cve/CVE-2020-28374
https://access.redhat.com/security/cve/CVE-2021-3347
https://access.redhat.com/security/cve/CVE-2021-26708
https://access.redhat.com/security/cve/CVE-2021-27363
https://access.redhat.com/security/cve/CVE-2021-27364
https://access.redhat.com/security/cve/CVE-2021-27365
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYGxuX9zjgjWX9erEAQjjwA//eytWPJuijFL/ECxnISUNZ9i41Ff8r/zg
SWX8qN9lO2NJZCfHffhQlUeP+tGVKjYQ4XLeUZ0qCpC1tElApZsjzQY85HufOksI
xo99uDI4kC2bn16kcRbKUBahfSsEMF4tjXKkfU08R4hXOmuBYIVfcs/QjhVWpy3I
NALgTd56ZzHFYB24oVraZ9l35GAWmM7fdMvXJGGus1QFNjjoKCiyL3gHP/82g6wn
vMTtQDiO3fTIAUM1KV0oi3eUPComfpAyAjTwNf3q5Xp30efAvXVLAg6QpN4lpjZ8
z4BpngPb6LovLdc9k9XE86ubLQfpK3J9wTVXaVdWRD8L+k89pJtFTor/E5qRBvEC
lvq1BrELiWruuVLIOP27TDKzy7dGd20Qn5f3YyQaCBuwsw+XgnKijtbc8vaN6VT8
q78QZh1Exp5V5DNQaLkjYSWDkoX8BogbJ7+t7aSsOPgWd05zsN6bhxAR37vIzH9m
nolQ092zF3U5l86Rpwfb8ZEoPF2n6wu0ORXyJNeXN2WJaf3cPGpQMu0KR/cLBGEf
0J3tDRKuh3++AZmQHYXSM4Q6SlsOYpRb4eGeHSuGcIjQbiIyhJMr8JCdJ307dGK1
2G/bRrJ8gPqTBSeICMuUkSMkRPzEhnZKUQzNMfMmYxFAjBUaQBSnD2D/3ZdnjIXJ
P3ZmzmeD/BA=
=eIA0
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
This email address is being protected from spambots. You need JavaScript enabled to view it.
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Advisories

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
/main-polls/52-how-frequently-do-you-patch-update-your-system?task=poll.vote&format=json
52
radio
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"47","type":"x","order":"1","pct":79.66,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"7","type":"x","order":"2","pct":11.86,"resources":[]},{"id":"181","title":"Hardly ever","votes":"5","type":"x","order":"3","pct":8.47,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.

VOTE ON THE POLL PAGE


VIEW MORE POLLS

bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.