-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Moderate: kernel-rt security and bug fix update
Advisory ID:       RHSA-2021:4140-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:4140
Issue date:        2021-11-09
CVE Names:         CVE-2020-0427 CVE-2020-24502 CVE-2020-24503 
                   CVE-2020-24504 CVE-2020-24586 CVE-2020-24587 
                   CVE-2020-24588 CVE-2020-26139 CVE-2020-26140 
                   CVE-2020-26141 CVE-2020-26143 CVE-2020-26144 
                   CVE-2020-26145 CVE-2020-26146 CVE-2020-26147 
                   CVE-2020-29368 CVE-2020-29660 CVE-2020-36158 
                   CVE-2020-36386 CVE-2021-0129 CVE-2021-3348 
                   CVE-2021-3489 CVE-2021-3564 CVE-2021-3573 
                   CVE-2021-3600 CVE-2021-3635 CVE-2021-3659 
                   CVE-2021-3679 CVE-2021-3732 CVE-2021-20194 
                   CVE-2021-20239 CVE-2021-23133 CVE-2021-28950 
                   CVE-2021-28971 CVE-2021-29155 CVE-2021-29646 
                   CVE-2021-29650 CVE-2021-31440 CVE-2021-31829 
                   CVE-2021-31916 CVE-2021-33200 
====================================================================
1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux NFV (v. 8) - x86_64
Red Hat Enterprise Linux RT (v. 8) - x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):
* kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)
* kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter
drivers (CVE-2020-24502)
* kernel: Insufficient access control in some Intel(R) Ethernet E810
Adapter drivers (CVE-2020-24503)
* kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810
Adapter drivers (CVE-2020-24504)
* kernel: Fragmentation cache not cleared on reconnection (CVE-2020-24586)
* kernel: Reassembling fragments encrypted under different keys
(CVE-2020-24587)
* kernel: wifi frame payload being parsed incorrectly as an L2 frame
(CVE-2020-24588)
* kernel: Forwarding EAPOL from unauthenticated wifi client
(CVE-2020-26139)
* kernel: accepting plaintext data frames in protected networks
(CVE-2020-26140)
* kernel: not verifying TKIP MIC of fragmented frames (CVE-2020-26141)
* kernel: accepting fragmented plaintext frames in protected networks
(CVE-2020-26143)
* kernel: accepting unencrypted A-MSDU frames that start with RFC1042
header (CVE-2020-26144)
* kernel: accepting plaintext broadcast fragments as full frames
(CVE-2020-26145)
* kernel: locking inconsistency in tty_io.c and tty_jobctrl.c can lead to a
read-after-free (CVE-2020-29660)
* kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function via a
long SSID value (CVE-2020-36158)
* kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt()
(CVE-2020-36386)
* kernel: Improper access control in BlueZ may allow information disclosure
vulnerability. (CVE-2021-0129)
* kernel: Use-after-free in ndb_queue_rq() (CVE-2021-3348)
* kernel: Linux kernel eBPF RINGBUF map oversized allocation
(CVE-2021-3489)
* kernel: double free in bluetooth subsystem when the HCI device
initialization fails (CVE-2021-3564)
* kernel: use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573)
* kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600)
* kernel: DoS in rb_per_cpu_empty() (CVE-2021-3679)
* kernel: overlayfs: Mounting overlayfs inside an unprivileged user
namespace can reveal files (CVE-2021-3732)
* kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt()
(CVE-2021-20194)
* kernel: Race condition in sctp_destroy_sock list_del (CVE-2021-23133)
* kernel: fuse: stall on CPU can occur because a retry loop continually
finds the same bad inode (CVE-2021-28950)
* kernel: System crash in intel_pmu_drain_pebs_nhm (CVE-2021-28971)
* kernel: protection for sequences of pointer arithmetic operations against
speculatively out-of-bounds loads can be bypassed to leak content of kernel
memory (CVE-2021-29155)
* kernel: improper input validation in tipc_nl_retrieve_key function
(CVE-2021-29646)
* kernel: lack a full memory barrier upon the assignment of a new table
value in x_tables.h may lead to DoS (CVE-2021-29650)
* kernel: local escalation of privileges in handling of eBPF programs
(CVE-2021-31440)
* kernel: protection of stack pointer against speculative pointer
arithmetic can be bypassed to leak content of kernel memory
(CVE-2021-31829)
* kernel: out-of-bounds reads and writes due to enforcing incorrect limits
for pointer arithmetic operations by BPF verifier (CVE-2021-33200)
* kernel: reassembling encrypted fragments with non-consecutive packet
numbers (CVE-2020-26146)
* kernel: reassembling mixed encrypted/plaintext fragments (CVE-2020-26147)
* kernel: the copy-on-write implementation can grant unintended write
access because of a race condition in a THP mapcount check (CVE-2020-29368)
* kernel: flowtable list del corruption with kernel BUG (CVE-2021-3635)
* kernel: NULL pointer dereference in llsec_key_alloc()  (CVE-2021-3659)
* kernel: setsockopt System Call Untrusted Pointer Dereference Information
Disclosure (CVE-2021-20239)
* kernel: out of bounds array access in drivers/md/dm-ioctl.c
(CVE-2021-31916)

4. Solution:

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.5 Release Notes linked from the References section.

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1875275 - Failure to enter full_nohz due to needless SCHED softirqs
1902412 - [kernel-rt] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u129:3/1367837 observed with blktests nvme-tcp tests
1903244 - CVE-2020-29368 kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check
1905747 - kernel-rt-debug: WARNING: possible circular locking dependency detected(&serv->sv_lock -> (softirq_ctrl.lock).lock)
1906522 - CVE-2020-29660 kernel: locking inconsistency in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c can lead to a read-after-free
1912683 - CVE-2021-20194 kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt()
1913348 - CVE-2020-36158 kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function in drivers/net/wireless/marvell/mwifiex/join.c via a long SSID value
1919893 - CVE-2020-0427 kernel: out-of-bounds reads in pinctrl subsystem.
1921958 - CVE-2021-3348 kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c
1923636 - CVE-2021-20239 kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure
1930376 - CVE-2020-24504 kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers1930379 - CVE-2020-24502 kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers1930381 - CVE-2020-24503 kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers1941762 - CVE-2021-28950 kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode
1941784 - CVE-2021-28971 kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c
1945345 - CVE-2021-29646 kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c
1945388 - CVE-2021-29650 kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS
1946965 - CVE-2021-31916 kernel: out of bounds array access in drivers/md/dm-ioctl.c
1948772 - CVE-2021-23133 kernel: Race condition in sctp_destroy_sock list_del
1951595 - CVE-2021-29155 kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory
1957788 - CVE-2021-31829 kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory
1959559 - CVE-2021-3489 kernel: Linux kernel eBPF RINGBUF map oversized allocation
1959642 - CVE-2020-24586 kernel: Fragmentation cache not cleared on reconnection
1959654 - CVE-2020-24587 kernel: Reassembling fragments encrypted under different keys
1959657 - CVE-2020-24588 kernel: wifi frame payload being parsed incorrectly as an L2 frame
1959663 - CVE-2020-26139 kernel: Forwarding EAPOL from unauthenticated wifi client
1960490 - CVE-2020-26140 kernel: accepting plaintext data frames in protected networks
1960492 - CVE-2020-26141 kernel: not verifying TKIP MIC of fragmented frames
1960496 - CVE-2020-26143 kernel: accepting fragmented plaintext frames in protected networks
1960498 - CVE-2020-26144 kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header
1960500 - CVE-2020-26145 kernel: accepting plaintext broadcast fragments as full frames
1960502 - CVE-2020-26146 kernel: reassembling encrypted fragments with non-consecutive packet numbers1960504 - CVE-2020-26147 kernel: reassembling mixed encrypted/plaintext fragments
1964028 - CVE-2021-31440 kernel: local escalation of privileges in handling of eBPF programs
1964139 - CVE-2021-3564 kernel: double free in bluetooth subsystem when the HCI device initialization fails
1965038 - CVE-2021-0129 kernel: Improper access control in BlueZ may allow information disclosure vulnerability.
1965458 - CVE-2021-33200 kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier
1966578 - CVE-2021-3573 kernel: use-after-free in function hci_sock_bound_ioctl()
1969489 - CVE-2020-36386 kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() in net/bluetooth/hci_event.c
1975949 - CVE-2021-3659 kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c
1976946 - CVE-2021-3635 kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50
1981954 - CVE-2021-3600 kernel: eBPF 32-bit source register truncation on div/mod
1989165 - CVE-2021-3679 kernel: DoS in rb_per_cpu_empty()
1995249 - CVE-2021-3732 kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files

6. Package List:

Red Hat Enterprise Linux NFV (v. 8):

Source:
kernel-rt-4.18.0-348.rt7.130.el8.src.rpm

x86_64:
kernel-rt-4.18.0-348.rt7.130.el8.x86_64.rpm
kernel-rt-core-4.18.0-348.rt7.130.el8.x86_64.rpm
kernel-rt-debug-4.18.0-348.rt7.130.el8.x86_64.rpm
kernel-rt-debug-core-4.18.0-348.rt7.130.el8.x86_64.rpm
kernel-rt-debug-debuginfo-4.18.0-348.rt7.130.el8.x86_64.rpm
kernel-rt-debug-devel-4.18.0-348.rt7.130.el8.x86_64.rpm
kernel-rt-debug-kvm-4.18.0-348.rt7.130.el8.x86_64.rpm
kernel-rt-debug-modules-4.18.0-348.rt7.130.el8.x86_64.rpm
kernel-rt-debug-modules-extra-4.18.0-348.rt7.130.el8.x86_64.rpm
kernel-rt-debuginfo-4.18.0-348.rt7.130.el8.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-4.18.0-348.rt7.130.el8.x86_64.rpm
kernel-rt-devel-4.18.0-348.rt7.130.el8.x86_64.rpm
kernel-rt-kvm-4.18.0-348.rt7.130.el8.x86_64.rpm
kernel-rt-modules-4.18.0-348.rt7.130.el8.x86_64.rpm
kernel-rt-modules-extra-4.18.0-348.rt7.130.el8.x86_64.rpm

Red Hat Enterprise Linux RT (v. 8):

Source:
kernel-rt-4.18.0-348.rt7.130.el8.src.rpm

x86_64:
kernel-rt-4.18.0-348.rt7.130.el8.x86_64.rpm
kernel-rt-core-4.18.0-348.rt7.130.el8.x86_64.rpm
kernel-rt-debug-4.18.0-348.rt7.130.el8.x86_64.rpm
kernel-rt-debug-core-4.18.0-348.rt7.130.el8.x86_64.rpm
kernel-rt-debug-debuginfo-4.18.0-348.rt7.130.el8.x86_64.rpm
kernel-rt-debug-devel-4.18.0-348.rt7.130.el8.x86_64.rpm
kernel-rt-debug-modules-4.18.0-348.rt7.130.el8.x86_64.rpm
kernel-rt-debug-modules-extra-4.18.0-348.rt7.130.el8.x86_64.rpm
kernel-rt-debuginfo-4.18.0-348.rt7.130.el8.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-4.18.0-348.rt7.130.el8.x86_64.rpm
kernel-rt-devel-4.18.0-348.rt7.130.el8.x86_64.rpm
kernel-rt-modules-4.18.0-348.rt7.130.el8.x86_64.rpm
kernel-rt-modules-extra-4.18.0-348.rt7.130.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-0427
https://access.redhat.com/security/cve/CVE-2020-24502
https://access.redhat.com/security/cve/CVE-2020-24503
https://access.redhat.com/security/cve/CVE-2020-24504
https://access.redhat.com/security/cve/CVE-2020-24586
https://access.redhat.com/security/cve/CVE-2020-24587
https://access.redhat.com/security/cve/CVE-2020-24588
https://access.redhat.com/security/cve/CVE-2020-26139
https://access.redhat.com/security/cve/CVE-2020-26140
https://access.redhat.com/security/cve/CVE-2020-26141
https://access.redhat.com/security/cve/CVE-2020-26143
https://access.redhat.com/security/cve/CVE-2020-26144
https://access.redhat.com/security/cve/CVE-2020-26145
https://access.redhat.com/security/cve/CVE-2020-26146
https://access.redhat.com/security/cve/CVE-2020-26147
https://access.redhat.com/security/cve/CVE-2020-29368
https://access.redhat.com/security/cve/CVE-2020-29660
https://access.redhat.com/security/cve/CVE-2020-36158
https://access.redhat.com/security/cve/CVE-2020-36386
https://access.redhat.com/security/cve/CVE-2021-0129
https://access.redhat.com/security/cve/CVE-2021-3348
https://access.redhat.com/security/cve/CVE-2021-3489
https://access.redhat.com/security/cve/CVE-2021-3564
https://access.redhat.com/security/cve/CVE-2021-3573
https://access.redhat.com/security/cve/CVE-2021-3600
https://access.redhat.com/security/cve/CVE-2021-3635
https://access.redhat.com/security/cve/CVE-2021-3659
https://access.redhat.com/security/cve/CVE-2021-3679
https://access.redhat.com/security/cve/CVE-2021-3732
https://access.redhat.com/security/cve/CVE-2021-20194
https://access.redhat.com/security/cve/CVE-2021-20239
https://access.redhat.com/security/cve/CVE-2021-23133
https://access.redhat.com/security/cve/CVE-2021-28950
https://access.redhat.com/security/cve/CVE-2021-28971
https://access.redhat.com/security/cve/CVE-2021-29155
https://access.redhat.com/security/cve/CVE-2021-29646
https://access.redhat.com/security/cve/CVE-2021-29650
https://access.redhat.com/security/cve/CVE-2021-31440
https://access.redhat.com/security/cve/CVE-2021-31829
https://access.redhat.com/security/cve/CVE-2021-31916
https://access.redhat.com/security/cve/CVE-2021-33200
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYYre49zjgjWX9erEAQhgMQ/7BqqKbZkZDUEDyUeAzIUcDicxQ3b0LM3D
jM/Iyk+ZN1YCjlhovu1Y6vI2eYDzW9YLIsaPJUg4ZnliClQckKZM4wVqjb881j6g
2l1Pj+9r99OQsqOHoRMHC0XhwQjGITwG8YWYf8vRlEVsQHFGDz1PBK7rdgt4adMb
olziPhDRSdfeTUETLOPzpRyePDv6UghcN841SBYXy1OnWROANm0gVAOTpFtqFgaC
RJQJkGGdpaBnRkwyqPUG9NYPwLDkVxjNM/ku6eDfZ9D3zBKdULzxfGNOoMAIXvxS
t8mC2quyy0HE6320Wj+q78kRUyvRBJHbNiYRKrmvkDrm2g6lxaB3d4ZN4uMq8wY8
7tMonZGZd8O3pnT2Lpr71pYSb5YC8TceYshMQHU+m40v+ByWQuuOvCXM636/iphr
wgv7a6fvku5H/XVQs34u4RldobhDmEdwPd4vQ+IfoSz7uouBwWjD9Fkm1JBeZ3oC
0A/D2rLT+uCTszWqzp9Rz61iMKIqEiLPirgVNnWdYskv0HO+2ePYiXjGdSRqXnIT
q1ypdKCqHYHuDdxk468fH0bToxjbjpbVS43Vkhzof44MqS+iGotpRUnOZeWjmKRp
8Fe3BHS4cXWkqrxzMcHMVHP1/7XV82o4RgqDQvnvxo71DOvZxfDwEzyTUHF1LiYZ
nbdCAvai1OE=/lv0
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2021-4140:02 Moderate: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8

Summary

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es): * kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427) * kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24502) * kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24503) * kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24504) * kernel: Fragmentation cache not cleared on reconnection (CVE-2020-24586) * kernel: Reassembling fragments encrypted under different keys (CVE-2020-24587) * kernel: wifi frame payload being parsed incorrectly as an L2 frame (CVE-2020-24588) * kernel: Forwarding EAPOL from unauthenticated wifi client (CVE-2020-26139) * kernel: accepting plaintext data frames in protected networks (CVE-2020-26140) * kernel: not verifying TKIP MIC of fragmented frames (CVE-2020-26141) * kernel: accepting fragmented plaintext frames in protected networks (CVE-2020-26143) * kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header (CVE-2020-26144) * kernel: accepting plaintext broadcast fragments as full frames (CVE-2020-26145) * kernel: locking inconsistency in tty_io.c and tty_jobctrl.c can lead to a read-after-free (CVE-2020-29660) * kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function via a long SSID value (CVE-2020-36158) * kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() (CVE-2020-36386) * kernel: Improper access control in BlueZ may allow information disclosure vulnerability. (CVE-2021-0129) * kernel: Use-after-free in ndb_queue_rq() (CVE-2021-3348) * kernel: Linux kernel eBPF RINGBUF map oversized allocation (CVE-2021-3489) * kernel: double free in bluetooth subsystem when the HCI device initialization fails (CVE-2021-3564) * kernel: use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573) * kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600) * kernel: DoS in rb_per_cpu_empty() (CVE-2021-3679) * kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files (CVE-2021-3732) * kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt() (CVE-2021-20194) * kernel: Race condition in sctp_destroy_sock list_del (CVE-2021-23133) * kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode (CVE-2021-28950) * kernel: System crash in intel_pmu_drain_pebs_nhm (CVE-2021-28971) * kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory (CVE-2021-29155) * kernel: improper input validation in tipc_nl_retrieve_key function (CVE-2021-29646) * kernel: lack a full memory barrier upon the assignment of a new table value in x_tables.h may lead to DoS (CVE-2021-29650) * kernel: local escalation of privileges in handling of eBPF programs (CVE-2021-31440) * kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory (CVE-2021-31829) * kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier (CVE-2021-33200) * kernel: reassembling encrypted fragments with non-consecutive packet numbers (CVE-2020-26146) * kernel: reassembling mixed encrypted/plaintext fragments (CVE-2020-26147) * kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check (CVE-2020-29368) * kernel: flowtable list del corruption with kernel BUG (CVE-2021-3635) * kernel: NULL pointer dereference in llsec_key_alloc() (CVE-2021-3659) * kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure (CVE-2021-20239) * kernel: out of bounds array access in drivers/md/dm-ioctl.c (CVE-2021-31916)



Summary


Solution

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.

References

https://access.redhat.com/security/cve/CVE-2020-0427 https://access.redhat.com/security/cve/CVE-2020-24502 https://access.redhat.com/security/cve/CVE-2020-24503 https://access.redhat.com/security/cve/CVE-2020-24504 https://access.redhat.com/security/cve/CVE-2020-24586 https://access.redhat.com/security/cve/CVE-2020-24587 https://access.redhat.com/security/cve/CVE-2020-24588 https://access.redhat.com/security/cve/CVE-2020-26139 https://access.redhat.com/security/cve/CVE-2020-26140 https://access.redhat.com/security/cve/CVE-2020-26141 https://access.redhat.com/security/cve/CVE-2020-26143 https://access.redhat.com/security/cve/CVE-2020-26144 https://access.redhat.com/security/cve/CVE-2020-26145 https://access.redhat.com/security/cve/CVE-2020-26146 https://access.redhat.com/security/cve/CVE-2020-26147 https://access.redhat.com/security/cve/CVE-2020-29368 https://access.redhat.com/security/cve/CVE-2020-29660 https://access.redhat.com/security/cve/CVE-2020-36158 https://access.redhat.com/security/cve/CVE-2020-36386 https://access.redhat.com/security/cve/CVE-2021-0129 https://access.redhat.com/security/cve/CVE-2021-3348 https://access.redhat.com/security/cve/CVE-2021-3489 https://access.redhat.com/security/cve/CVE-2021-3564 https://access.redhat.com/security/cve/CVE-2021-3573 https://access.redhat.com/security/cve/CVE-2021-3600 https://access.redhat.com/security/cve/CVE-2021-3635 https://access.redhat.com/security/cve/CVE-2021-3659 https://access.redhat.com/security/cve/CVE-2021-3679 https://access.redhat.com/security/cve/CVE-2021-3732 https://access.redhat.com/security/cve/CVE-2021-20194 https://access.redhat.com/security/cve/CVE-2021-20239 https://access.redhat.com/security/cve/CVE-2021-23133 https://access.redhat.com/security/cve/CVE-2021-28950 https://access.redhat.com/security/cve/CVE-2021-28971 https://access.redhat.com/security/cve/CVE-2021-29155 https://access.redhat.com/security/cve/CVE-2021-29646 https://access.redhat.com/security/cve/CVE-2021-29650 https://access.redhat.com/security/cve/CVE-2021-31440 https://access.redhat.com/security/cve/CVE-2021-31829 https://access.redhat.com/security/cve/CVE-2021-31916 https://access.redhat.com/security/cve/CVE-2021-33200 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/

Package List

Red Hat Enterprise Linux NFV (v. 8):
Source: kernel-rt-4.18.0-348.rt7.130.el8.src.rpm
x86_64: kernel-rt-4.18.0-348.rt7.130.el8.x86_64.rpm kernel-rt-core-4.18.0-348.rt7.130.el8.x86_64.rpm kernel-rt-debug-4.18.0-348.rt7.130.el8.x86_64.rpm kernel-rt-debug-core-4.18.0-348.rt7.130.el8.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-348.rt7.130.el8.x86_64.rpm kernel-rt-debug-devel-4.18.0-348.rt7.130.el8.x86_64.rpm kernel-rt-debug-kvm-4.18.0-348.rt7.130.el8.x86_64.rpm kernel-rt-debug-modules-4.18.0-348.rt7.130.el8.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-348.rt7.130.el8.x86_64.rpm kernel-rt-debuginfo-4.18.0-348.rt7.130.el8.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-348.rt7.130.el8.x86_64.rpm kernel-rt-devel-4.18.0-348.rt7.130.el8.x86_64.rpm kernel-rt-kvm-4.18.0-348.rt7.130.el8.x86_64.rpm kernel-rt-modules-4.18.0-348.rt7.130.el8.x86_64.rpm kernel-rt-modules-extra-4.18.0-348.rt7.130.el8.x86_64.rpm
Red Hat Enterprise Linux RT (v. 8):
Source: kernel-rt-4.18.0-348.rt7.130.el8.src.rpm
x86_64: kernel-rt-4.18.0-348.rt7.130.el8.x86_64.rpm kernel-rt-core-4.18.0-348.rt7.130.el8.x86_64.rpm kernel-rt-debug-4.18.0-348.rt7.130.el8.x86_64.rpm kernel-rt-debug-core-4.18.0-348.rt7.130.el8.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-348.rt7.130.el8.x86_64.rpm kernel-rt-debug-devel-4.18.0-348.rt7.130.el8.x86_64.rpm kernel-rt-debug-modules-4.18.0-348.rt7.130.el8.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-348.rt7.130.el8.x86_64.rpm kernel-rt-debuginfo-4.18.0-348.rt7.130.el8.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-348.rt7.130.el8.x86_64.rpm kernel-rt-devel-4.18.0-348.rt7.130.el8.x86_64.rpm kernel-rt-modules-4.18.0-348.rt7.130.el8.x86_64.rpm kernel-rt-modules-extra-4.18.0-348.rt7.130.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Severity
Advisory ID: RHSA-2021:4140-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:4140
Issued Date: : 2021-11-09
CVE Names: CVE-2020-0427 CVE-2020-24502 CVE-2020-24503 CVE-2020-24504 CVE-2020-24586 CVE-2020-24587 CVE-2020-24588 CVE-2020-26139 CVE-2020-26140 CVE-2020-26141 CVE-2020-26143 CVE-2020-26144 CVE-2020-26145 CVE-2020-26146 CVE-2020-26147 CVE-2020-29368 CVE-2020-29660 CVE-2020-36158 CVE-2020-36386 CVE-2021-0129 CVE-2021-3348 CVE-2021-3489 CVE-2021-3564 CVE-2021-3573 CVE-2021-3600 CVE-2021-3635 CVE-2021-3659 CVE-2021-3679 CVE-2021-3732 CVE-2021-20194 CVE-2021-20239 CVE-2021-23133 CVE-2021-28950 CVE-2021-28971 CVE-2021-29155 CVE-2021-29646 CVE-2021-29650 CVE-2021-31440 CVE-2021-31829 CVE-2021-31916 CVE-2021-33200

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux NFV (v. 8) - x86_64

Red Hat Enterprise Linux RT (v. 8) - x86_64


Bugs Fixed

1875275 - Failure to enter full_nohz due to needless SCHED softirqs

1902412 - [kernel-rt] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u129:3/1367837 observed with blktests nvme-tcp tests

1903244 - CVE-2020-29368 kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check

1905747 - kernel-rt-debug: WARNING: possible circular locking dependency detected(&serv->sv_lock -> (softirq_ctrl.lock).lock)

1906522 - CVE-2020-29660 kernel: locking inconsistency in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c can lead to a read-after-free

1912683 - CVE-2021-20194 kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt()

1913348 - CVE-2020-36158 kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function in drivers/net/wireless/marvell/mwifiex/join.c via a long SSID value

1919893 - CVE-2020-0427 kernel: out-of-bounds reads in pinctrl subsystem.

1921958 - CVE-2021-3348 kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c

1923636 - CVE-2021-20239 kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure

1930376 - CVE-2020-24504 kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers1930379 - CVE-2020-24502 kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers1930381 - CVE-2020-24503 kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers1941762 - CVE-2021-28950 kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode

1941784 - CVE-2021-28971 kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c

1945345 - CVE-2021-29646 kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c

1945388 - CVE-2021-29650 kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS

1946965 - CVE-2021-31916 kernel: out of bounds array access in drivers/md/dm-ioctl.c

1948772 - CVE-2021-23133 kernel: Race condition in sctp_destroy_sock list_del

1951595 - CVE-2021-29155 kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory

1957788 - CVE-2021-31829 kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory

1959559 - CVE-2021-3489 kernel: Linux kernel eBPF RINGBUF map oversized allocation

1959642 - CVE-2020-24586 kernel: Fragmentation cache not cleared on reconnection

1959654 - CVE-2020-24587 kernel: Reassembling fragments encrypted under different keys

1959657 - CVE-2020-24588 kernel: wifi frame payload being parsed incorrectly as an L2 frame

1959663 - CVE-2020-26139 kernel: Forwarding EAPOL from unauthenticated wifi client

1960490 - CVE-2020-26140 kernel: accepting plaintext data frames in protected networks

1960492 - CVE-2020-26141 kernel: not verifying TKIP MIC of fragmented frames

1960496 - CVE-2020-26143 kernel: accepting fragmented plaintext frames in protected networks

1960498 - CVE-2020-26144 kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header

1960500 - CVE-2020-26145 kernel: accepting plaintext broadcast fragments as full frames

1960502 - CVE-2020-26146 kernel: reassembling encrypted fragments with non-consecutive packet numbers1960504 - CVE-2020-26147 kernel: reassembling mixed encrypted/plaintext fragments

1964028 - CVE-2021-31440 kernel: local escalation of privileges in handling of eBPF programs

1964139 - CVE-2021-3564 kernel: double free in bluetooth subsystem when the HCI device initialization fails

1965038 - CVE-2021-0129 kernel: Improper access control in BlueZ may allow information disclosure vulnerability.

1965458 - CVE-2021-33200 kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier

1966578 - CVE-2021-3573 kernel: use-after-free in function hci_sock_bound_ioctl()

1969489 - CVE-2020-36386 kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() in net/bluetooth/hci_event.c

1975949 - CVE-2021-3659 kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c

1976946 - CVE-2021-3635 kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50

1981954 - CVE-2021-3600 kernel: eBPF 32-bit source register truncation on div/mod

1989165 - CVE-2021-3679 kernel: DoS in rb_per_cpu_empty()

1995249 - CVE-2021-3732 kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files


Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved