RedHat: RHSA-2021-1578:01 Important: kernel security, bug fix,
Summary
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security Fix(es):
* kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)
* kernel: memory leak in sof_set_get_large_ctrl_data() function in
sound/soc/sof/ipc.c (CVE-2019-18811)
* kernel: use-after-free caused by a malicious USB device in the
drivers/usb/misc/adutux.c driver (CVE-2019-19523)
* kernel: use-after-free bug caused by a malicious USB device in the
drivers/usb/misc/iowarrior.c driver (CVE-2019-19528)
* kernel: possible out of bounds write in kbd_keycode of keyboard.c
(CVE-2020-0431)
* kernel: DoS by corrupting mountpoint reference counter (CVE-2020-12114)
* kernel: use-after-free in usb_sg_cancel function in
drivers/usb/core/message.c (CVE-2020-12464)
* kernel: buffer uses out of index in ext3/4 filesystem (CVE-2020-14314)
* kernel: Use After Free vulnerability in cgroup BPF component
(CVE-2020-14356)
* kernel: NULL pointer dereference in serial8250_isa_init_ports function in
drivers/tty/serial/8250/8250_core.c (CVE-2020-15437)
* kernel: umask not applied on filesystem without ACL support
(CVE-2020-24394)
* kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212)
* kernel: incomplete permission checking for access to rbd devices
(CVE-2020-25284)
* kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c
(CVE-2020-25285)
* kernel: improper input validation in ppp_cp_parse_cr function leads to
memory corruption and read overflow (CVE-2020-25643)
* kernel: perf_event_parse_addr_filter memory (CVE-2020-25704)
* kernel: use-after-free in kernel midi subsystem (CVE-2020-27786)
* kernel: child process is able to access parent mm through hfi dev file
handle (CVE-2020-27835)
* kernel: slab-out-of-bounds read in fbcon (CVE-2020-28974)
* kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting
- ->real_parent (CVE-2020-35508)
* kernel: fuse: fuse_do_getattr() calls make_bad_inode() in inappropriate
situations (CVE-2020-36322)
* kernel: use after free in tun_get_user of tun.c could lead to local
escalation of privilege (CVE-2021-0342)
* kernel: NULL pointer dereferences in ov511_mode_init_regs and
ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c (CVE-2020-11608)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.4 Release Notes linked from the References section.
Summary
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
References
https://access.redhat.com/security/cve/CVE-2019-18811 https://access.redhat.com/security/cve/CVE-2019-19523 https://access.redhat.com/security/cve/CVE-2019-19528 https://access.redhat.com/security/cve/CVE-2020-0431 https://access.redhat.com/security/cve/CVE-2020-11608 https://access.redhat.com/security/cve/CVE-2020-12114 https://access.redhat.com/security/cve/CVE-2020-12362 https://access.redhat.com/security/cve/CVE-2020-12464 https://access.redhat.com/security/cve/CVE-2020-14314 https://access.redhat.com/security/cve/CVE-2020-14356 https://access.redhat.com/security/cve/CVE-2020-15437 https://access.redhat.com/security/cve/CVE-2020-24394 https://access.redhat.com/security/cve/CVE-2020-25212 https://access.redhat.com/security/cve/CVE-2020-25284 https://access.redhat.com/security/cve/CVE-2020-25285 https://access.redhat.com/security/cve/CVE-2020-25643 https://access.redhat.com/security/cve/CVE-2020-25704 https://access.redhat.com/security/cve/CVE-2020-27786 https://access.redhat.com/security/cve/CVE-2020-27835 https://access.redhat.com/security/cve/CVE-2020-28974 https://access.redhat.com/security/cve/CVE-2020-35508 https://access.redhat.com/security/cve/CVE-2020-36322 https://access.redhat.com/security/cve/CVE-2021-0342 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/
Package List
Red Hat Enterprise Linux BaseOS (v. 8):
Source:
kernel-4.18.0-305.el8.src.rpm
aarch64:
bpftool-4.18.0-305.el8.aarch64.rpm
bpftool-debuginfo-4.18.0-305.el8.aarch64.rpm
kernel-4.18.0-305.el8.aarch64.rpm
kernel-core-4.18.0-305.el8.aarch64.rpm
kernel-cross-headers-4.18.0-305.el8.aarch64.rpm
kernel-debug-4.18.0-305.el8.aarch64.rpm
kernel-debug-core-4.18.0-305.el8.aarch64.rpm
kernel-debug-debuginfo-4.18.0-305.el8.aarch64.rpm
kernel-debug-devel-4.18.0-305.el8.aarch64.rpm
kernel-debug-modules-4.18.0-305.el8.aarch64.rpm
kernel-debug-modules-extra-4.18.0-305.el8.aarch64.rpm
kernel-debuginfo-4.18.0-305.el8.aarch64.rpm
kernel-debuginfo-common-aarch64-4.18.0-305.el8.aarch64.rpm
kernel-devel-4.18.0-305.el8.aarch64.rpm
kernel-headers-4.18.0-305.el8.aarch64.rpm
kernel-modules-4.18.0-305.el8.aarch64.rpm
kernel-modules-extra-4.18.0-305.el8.aarch64.rpm
kernel-tools-4.18.0-305.el8.aarch64.rpm
kernel-tools-debuginfo-4.18.0-305.el8.aarch64.rpm
kernel-tools-libs-4.18.0-305.el8.aarch64.rpm
perf-4.18.0-305.el8.aarch64.rpm
perf-debuginfo-4.18.0-305.el8.aarch64.rpm
python3-perf-4.18.0-305.el8.aarch64.rpm
python3-perf-debuginfo-4.18.0-305.el8.aarch64.rpm
noarch:
kernel-abi-stablelists-4.18.0-305.el8.noarch.rpm
kernel-doc-4.18.0-305.el8.noarch.rpm
ppc64le:
bpftool-4.18.0-305.el8.ppc64le.rpm
bpftool-debuginfo-4.18.0-305.el8.ppc64le.rpm
kernel-4.18.0-305.el8.ppc64le.rpm
kernel-core-4.18.0-305.el8.ppc64le.rpm
kernel-cross-headers-4.18.0-305.el8.ppc64le.rpm
kernel-debug-4.18.0-305.el8.ppc64le.rpm
kernel-debug-core-4.18.0-305.el8.ppc64le.rpm
kernel-debug-debuginfo-4.18.0-305.el8.ppc64le.rpm
kernel-debug-devel-4.18.0-305.el8.ppc64le.rpm
kernel-debug-modules-4.18.0-305.el8.ppc64le.rpm
kernel-debug-modules-extra-4.18.0-305.el8.ppc64le.rpm
kernel-debuginfo-4.18.0-305.el8.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.18.0-305.el8.ppc64le.rpm
kernel-devel-4.18.0-305.el8.ppc64le.rpm
kernel-headers-4.18.0-305.el8.ppc64le.rpm
kernel-modules-4.18.0-305.el8.ppc64le.rpm
kernel-modules-extra-4.18.0-305.el8.ppc64le.rpm
kernel-tools-4.18.0-305.el8.ppc64le.rpm
kernel-tools-debuginfo-4.18.0-305.el8.ppc64le.rpm
kernel-tools-libs-4.18.0-305.el8.ppc64le.rpm
perf-4.18.0-305.el8.ppc64le.rpm
perf-debuginfo-4.18.0-305.el8.ppc64le.rpm
python3-perf-4.18.0-305.el8.ppc64le.rpm
python3-perf-debuginfo-4.18.0-305.el8.ppc64le.rpm
s390x:
bpftool-4.18.0-305.el8.s390x.rpm
bpftool-debuginfo-4.18.0-305.el8.s390x.rpm
kernel-4.18.0-305.el8.s390x.rpm
kernel-core-4.18.0-305.el8.s390x.rpm
kernel-cross-headers-4.18.0-305.el8.s390x.rpm
kernel-debug-4.18.0-305.el8.s390x.rpm
kernel-debug-core-4.18.0-305.el8.s390x.rpm
kernel-debug-debuginfo-4.18.0-305.el8.s390x.rpm
kernel-debug-devel-4.18.0-305.el8.s390x.rpm
kernel-debug-modules-4.18.0-305.el8.s390x.rpm
kernel-debug-modules-extra-4.18.0-305.el8.s390x.rpm
kernel-debuginfo-4.18.0-305.el8.s390x.rpm
kernel-debuginfo-common-s390x-4.18.0-305.el8.s390x.rpm
kernel-devel-4.18.0-305.el8.s390x.rpm
kernel-headers-4.18.0-305.el8.s390x.rpm
kernel-modules-4.18.0-305.el8.s390x.rpm
kernel-modules-extra-4.18.0-305.el8.s390x.rpm
kernel-tools-4.18.0-305.el8.s390x.rpm
kernel-tools-debuginfo-4.18.0-305.el8.s390x.rpm
kernel-zfcpdump-4.18.0-305.el8.s390x.rpm
kernel-zfcpdump-core-4.18.0-305.el8.s390x.rpm
kernel-zfcpdump-debuginfo-4.18.0-305.el8.s390x.rpm
kernel-zfcpdump-devel-4.18.0-305.el8.s390x.rpm
kernel-zfcpdump-modules-4.18.0-305.el8.s390x.rpm
kernel-zfcpdump-modules-extra-4.18.0-305.el8.s390x.rpm
perf-4.18.0-305.el8.s390x.rpm
perf-debuginfo-4.18.0-305.el8.s390x.rpm
python3-perf-4.18.0-305.el8.s390x.rpm
python3-perf-debuginfo-4.18.0-305.el8.s390x.rpm
x86_64:
bpftool-4.18.0-305.el8.x86_64.rpm
bpftool-debuginfo-4.18.0-305.el8.x86_64.rpm
kernel-4.18.0-305.el8.x86_64.rpm
kernel-core-4.18.0-305.el8.x86_64.rpm
kernel-cross-headers-4.18.0-305.el8.x86_64.rpm
kernel-debug-4.18.0-305.el8.x86_64.rpm
kernel-debug-core-4.18.0-305.el8.x86_64.rpm
kernel-debug-debuginfo-4.18.0-305.el8.x86_64.rpm
kernel-debug-devel-4.18.0-305.el8.x86_64.rpm
kernel-debug-modules-4.18.0-305.el8.x86_64.rpm
kernel-debug-modules-extra-4.18.0-305.el8.x86_64.rpm
kernel-debuginfo-4.18.0-305.el8.x86_64.rpm
kernel-debuginfo-common-x86_64-4.18.0-305.el8.x86_64.rpm
kernel-devel-4.18.0-305.el8.x86_64.rpm
kernel-headers-4.18.0-305.el8.x86_64.rpm
kernel-modules-4.18.0-305.el8.x86_64.rpm
kernel-modules-extra-4.18.0-305.el8.x86_64.rpm
kernel-tools-4.18.0-305.el8.x86_64.rpm
kernel-tools-debuginfo-4.18.0-305.el8.x86_64.rpm
kernel-tools-libs-4.18.0-305.el8.x86_64.rpm
perf-4.18.0-305.el8.x86_64.rpm
perf-debuginfo-4.18.0-305.el8.x86_64.rpm
python3-perf-4.18.0-305.el8.x86_64.rpm
python3-perf-debuginfo-4.18.0-305.el8.x86_64.rpm
Red Hat CodeReady Linux Builder (v. 8):
aarch64:
bpftool-debuginfo-4.18.0-305.el8.aarch64.rpm
kernel-debug-debuginfo-4.18.0-305.el8.aarch64.rpm
kernel-debuginfo-4.18.0-305.el8.aarch64.rpm
kernel-debuginfo-common-aarch64-4.18.0-305.el8.aarch64.rpm
kernel-tools-debuginfo-4.18.0-305.el8.aarch64.rpm
kernel-tools-libs-devel-4.18.0-305.el8.aarch64.rpm
perf-debuginfo-4.18.0-305.el8.aarch64.rpm
python3-perf-debuginfo-4.18.0-305.el8.aarch64.rpm
ppc64le:
bpftool-debuginfo-4.18.0-305.el8.ppc64le.rpm
kernel-debug-debuginfo-4.18.0-305.el8.ppc64le.rpm
kernel-debuginfo-4.18.0-305.el8.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.18.0-305.el8.ppc64le.rpm
kernel-tools-debuginfo-4.18.0-305.el8.ppc64le.rpm
kernel-tools-libs-devel-4.18.0-305.el8.ppc64le.rpm
perf-debuginfo-4.18.0-305.el8.ppc64le.rpm
python3-perf-debuginfo-4.18.0-305.el8.ppc64le.rpm
x86_64:
bpftool-debuginfo-4.18.0-305.el8.x86_64.rpm
kernel-debug-debuginfo-4.18.0-305.el8.x86_64.rpm
kernel-debuginfo-4.18.0-305.el8.x86_64.rpm
kernel-debuginfo-common-x86_64-4.18.0-305.el8.x86_64.rpm
kernel-tools-debuginfo-4.18.0-305.el8.x86_64.rpm
kernel-tools-libs-devel-4.18.0-305.el8.x86_64.rpm
perf-debuginfo-4.18.0-305.el8.x86_64.rpm
python3-perf-debuginfo-4.18.0-305.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
Topic
An update for kernel is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
Bugs Fixed
1777455 - CVE-2019-18811 kernel: memory leak in sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c
1783434 - CVE-2019-19523 kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver
1783507 - CVE-2019-19528 kernel: use-after-free bug caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver
1831726 - CVE-2020-12464 kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c
1833445 - CVE-2020-11608 kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c
1848084 - i_version is turned off whenever filesystem is remounted
1848652 - CVE-2020-12114 kernel: DoS by corrupting mountpoint reference counter
1853922 - CVE-2020-14314 kernel: buffer uses out of index in ext3/4 filesystem
1859244 - Failure when modifying bridge multicast-snooping from 0 to 1
1860479 - Unable to attach VLAN-based logical networks to a bond
1868453 - CVE-2020-14356 kernel: Use After Free vulnerability in cgroup BPF component
1869141 - CVE-2020-24394 kernel: umask not applied on filesystem without ACL support
1876840 - logs are filled with: sending ioctl to DM device without required privilege
1877575 - CVE-2020-25212 kernel: TOCTOU mismatch in the NFS client code
1879981 - CVE-2020-25643 kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow
1882591 - CVE-2020-25285 kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c
1882594 - CVE-2020-25284 kernel: incomplete permission checking for access to rbd devices
1890373 - kernel version update cause qemu live migration failed
1895961 - CVE-2020-25704 kernel: perf_event_parse_addr_filter memory
1900933 - CVE-2020-27786 kernel: use-after-free in kernel midi subsystem
1901161 - CVE-2020-15437 kernel: NULL pointer dereference in serial8250_isa_init_ports function in drivers/tty/serial/8250/8250_core.c
1901709 - CVE-2020-27835 kernel: child process is able to access parent mm through hfi dev file handle
1902724 - CVE-2020-35508 kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
1903126 - CVE-2020-28974 kernel: slab-out-of-bounds read in fbcon
1903387 - fsfreeze of xfs filesystem can be significantly delayed in xfs_wait_buftarg if a process continues to grab and release buffers1903983 - rootless mode doesn't work
1911343 - blk_alloc_queue() ABI change
1915799 - CVE-2021-0342 kernel: use after free in tun_get_user of tun.c could lead to local escalation of privilege
1919889 - CVE-2020-0431 kernel: possible out of bounds write in kbd_keycode of keyboard.c
1930246 - CVE-2020-12362 kernel: Integer overflow in Intel(R) Graphics Drivers1949560 - CVE-2020-36322 kernel: fuse: fuse_do_getattr() calls make_bad_inode() in inappropriate situations