Stay Secure with the Latest Linux Advisories

security advisoryRed Hatkernel update

Critical Kernel Update for Red Hat 8 RHSA-2021-1578-01 Boosts Security

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2021:1578-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1578 Issue date: 2021-05-18 CVE Names: CVE-2019-18811 CVE-2019-19523 CVE-2019-19528 CVE-2020-0431 CVE-2020-11608 CVE-2020-12114 CVE-2020-12362 CVE-2020-12464 CVE-2020-14314 CVE-2020-14356 CVE-2020-15437 CVE-2020-24394 CVE-2020-25212 CVE-2020-25284 CVE-2020-25285 CVE-2020-25643 CVE-2020-25704 CVE-2020-27786 CVE-2020-27835 CVE-2020-28974 CVE-2020-35508 CVE-2020-36322 CVE-2021-0342 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362) * kernel: memory leakin sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c (CVE-2019-18811) * kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver (CVE-2019-19523) * kernel: use-after-free bug caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver (CVE-2019-19528) * kernel: possible out of bounds write in kbd_keycode of keyboard.c (CVE-2020-0431) * kernel: DoS by corrupting mountpoint reference counter (CVE-2020-12114) * kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c (CVE-2020-12464) * kernel: buffer uses out of index in ext3/4 filesystem (CVE-2020-14314) * kernel: Use After Free vulnerability in cgroup BPF component (CVE-2020-14356) * kernel: NULL pointer dereference in serial8250_isa_init_ports function in drivers/tty/serial/8250/8250_core.c (CVE-2020-15437) * kernel: umask not applied on filesystem without ACL support (CVE-2020-24394) * kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212) * kernel: incomplete permission checking for access to rbd devices (CVE-2020-25284) * kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c (CVE-2020-25285) * kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow (CVE-2020-25643) * kernel: perf_event_parse_addr_filter memory (CVE-2020-25704) * kernel: use-after-free in kernel midi subsystem (CVE-2020-27786) * kernel: child process is able to access parent mm through hfi dev file handle (CVE-2020-27835) * kernel: slab-out-of-bounds read in fbcon (CVE-2020-28974) * kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting - -> real_parent (CVE-2020-35508) * kernel: fuse: fuse_do_getattr() calls make_bad_inode() in inappropriate situations (CVE-2020-36322) * kernel: use after free in tun_get_user of tun.c could lead to local escalation of privilege (CVE-2021-0342) * kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c(CVE-2020-11608) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1777455 - CVE-2019-18811 kernel: memory leak in sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c 1783434 - CVE-2019-19523 kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver 1783507 - CVE-2019-19528 kernel: use-after-free bug caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver 1831726 - CVE-2020-12464 kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c 1833445 - CVE-2020-11608 kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c 1848084 - i_version is turned off whenever filesystem is remounted 1848652 - CVE-2020-12114 kernel: DoS by corrupting mountpoint reference counter 1853922 - CVE-2020-14314 kernel: buffer uses out of index in ext3/4 filesystem 1859244 - Failure when modifying bridge multicast-snooping from 0 to 1 1860479 - Unable to attach VLAN-based logical networks to a bond 1868453 - CVE-2020-14356 kernel: Use After Free vulnerability in cgroup BPF component 1869141 - CVE-2020-24394 kernel: umask not applied on filesystem without ACL support 1876840 - logs are filled with: sending ioctl to DM device without required privilege 1877575 - CVE-2020-25212 kernel: TOCTOU mismatch in the NFS client code 1879981 - CVE-2020-25643 kernel: improper input validation in ppp_cp_parse_cr function leads to memorycorruption and read overflow 1882591 - CVE-2020-25285 kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c 1882594 - CVE-2020-25284 kernel: incomplete permission checking for access to rbd devices 1890373 - kernel version update cause qemu live migration failed 1895961 - CVE-2020-25704 kernel: perf_event_parse_addr_filter memory 1900933 - CVE-2020-27786 kernel: use-after-free in kernel midi subsystem 1901161 - CVE-2020-15437 kernel: NULL pointer dereference in serial8250_isa_init_ports function in drivers/tty/serial/8250/8250_core.c 1901709 - CVE-2020-27835 kernel: child process is able to access parent mm through hfi dev file handle 1902724 - CVE-2020-35508 kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting -> real_parent 1903126 - CVE-2020-28974 kernel: slab-out-of-bounds read in fbcon 1903387 - fsfreeze of xfs filesystem can be significantly delayed in xfs_wait_buftarg if a process continues to grab and release buffers1903983 - rootless mode doesn't work 1911343 - blk_alloc_queue() ABI change 1915799 - CVE-2021-0342 kernel: use after free in tun_get_user of tun.c could lead to local escalation of privilege 1919889 - CVE-2020-0431 kernel: possible out of bounds write in kbd_keycode of keyboard.c 1930246 - CVE-2020-12362 kernel: Integer overflow in Intel(R) Graphics Drivers1949560 - CVE-2020-36322 kernel: fuse: fuse_do_getattr() calls make_bad_inode() in inappropriate situations 6. Package List: Red Hat Enterprise Linux BaseOS (v.8): Source: kernel-4.18.0-305.el8.src.rpm aarch64: bpftool-4.18.0-305.el8.aarch64.rpm bpftool-debuginfo-4.18.0-305.el8.aarch64.rpm kernel-4.18.0-305.el8.aarch64.rpm kernel-core-4.18.0-305.el8.aarch64.rpm kernel-cross-headers-4.18.0-305.el8.aarch64.rpm kernel-debug-4.18.0-305.el8.aarch64.rpm kernel-debug-core-4.18.0-305.el8.aarch64.rpm kernel-debug-debuginfo-4.18.0-305.el8.aarch64.rpm kernel-debug-devel-4.18.0-305.el8.aarch64.rpm kernel-debug-modules-4.18.0-305.el8.aarch64.rpm kernel-debug-modules-extra-4.18.0-305.el8.aarch64.rpm kernel-debuginfo-4.18.0-305.el8.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-305.el8.aarch64.rpm kernel-devel-4.18.0-305.el8.aarch64.rpm kernel-headers-4.18.0-305.el8.aarch64.rpm kernel-modules-4.18.0-305.el8.aarch64.rpm kernel-modules-extra-4.18.0-305.el8.aarch64.rpm kernel-tools-4.18.0-305.el8.aarch64.rpm kernel-tools-debuginfo-4.18.0-305.el8.aarch64.rpm kernel-tools-libs-4.18.0-305.el8.aarch64.rpm perf-4.18.0-305.el8.aarch64.rpm perf-debuginfo-4.18.0-305.el8.aarch64.rpm python3-perf-4.18.0-305.el8.aarch64.rpm python3-perf-debuginfo-4.18.0-305.el8.aarch64.rpm noarch: kernel-abi-stablelists-4.18.0-305.el8.noarch.rpm kernel-doc-4.18.0-305.el8.noarch.rpm ppc64le: bpftool-4.18.0-305.el8.ppc64le.rpm bpftool-debuginfo-4.18.0-305.el8.ppc64le.rpm kernel-4.18.0-305.el8.ppc64le.rpm kernel-core-4.18.0-305.el8.ppc64le.rpm kernel-cross-headers-4.18.0-305.el8.ppc64le.rpm kernel-debug-4.18.0-305.el8.ppc64le.rpm kernel-debug-core-4.18.0-305.el8.ppc64le.rpm kernel-debug-debuginfo-4.18.0-305.el8.ppc64le.rpm kernel-debug-devel-4.18.0-305.el8.ppc64le.rpm kernel-debug-modules-4.18.0-305.el8.ppc64le.rpm kernel-debug-modules-extra-4.18.0-305.el8.ppc64le.rpm kernel-debuginfo-4.18.0-305.el8.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-305.el8.ppc64le.rpm kernel-devel-4.18.0-305.el8.ppc64le.rpm kernel-headers-4.18.0-305.el8.ppc64le.rpm kernel-modules-4.18.0-305.el8.ppc64le.rpm kernel-modules-extra-4.18.0-305.el8.ppc64le.rpm kernel-tools-4.18.0-305.el8.ppc64le.rpm kernel-tools-debuginfo-4.18.0-305.el8.ppc64le.rpm kernel-tools-libs-4.18.0-305.el8.ppc64le.rpm perf-4.18.0-305.el8.ppc64le.rpm perf-debuginfo-4.18.0-305.el8.ppc64le.rpm python3-perf-4.18.0-305.el8.ppc64le.rpm python3-perf-debuginfo-4.18.0-305.el8.ppc64le.rpm s390x: bpftool-4.18.0-305.el8.s390x.rpm bpftool-debuginfo-4.18.0-305.el8.s390x.rpm kernel-4.18.0-305.el8.s390x.rpm kernel-core-4.18.0-305.el8.s390x.rpm kernel-cross-headers-4.18.0-305.el8.s390x.rpm kernel-debug-4.18.0-305.el8.s390x.rpm kernel-debug-core-4.18.0-305.el8.s390x.rpm kernel-debug-debuginfo-4.18.0-305.el8.s390x.rpm kernel-debug-devel-4.18.0-305.el8.s390x.rpm kernel-debug-modules-4.18.0-305.el8.s390x.rpm kernel-debug-modules-extra-4.18.0-305.el8.s390x.rpm kernel-debuginfo-4.18.0-305.el8.s390x.rpm kernel-debuginfo-common-s390x-4.18.0-305.el8.s390x.rpm kernel-devel-4.18.0-305.el8.s390x.rpm kernel-headers-4.18.0-305.el8.s390x.rpm kernel-modules-4.18.0-305.el8.s390x.rpm kernel-modules-extra-4.18.0-305.el8.s390x.rpm kernel-tools-4.18.0-305.el8.s390x.rpm kernel-tools-debuginfo-4.18.0-305.el8.s390x.rpm kernel-zfcpdump-4.18.0-305.el8.s390x.rpm kernel-zfcpdump-core-4.18.0-305.el8.s390x.rpm kernel-zfcpdump-debuginfo-4.18.0-305.el8.s390x.rpm kernel-zfcpdump-devel-4.18.0-305.el8.s390x.rpm kernel-zfcpdump-modules-4.18.0-305.el8.s390x.rpm kernel-zfcpdump-modules-extra-4.18.0-305.el8.s390x.rpm perf-4.18.0-305.el8.s390x.rpm perf-debuginfo-4.18.0-305.el8.s390x.rpm python3-perf-4.18.0-305.el8.s390x.rpm python3-perf-debuginfo-4.18.0-305.el8.s390x.rpm x86_64: bpftool-4.18.0-305.el8.x86_64.rpm bpftool-debuginfo-4.18.0-305.el8.x86_64.rpm kernel-4.18.0-305.el8.x86_64.rpm kernel-core-4.18.0-305.el8.x86_64.rpm kernel-cross-headers-4.18.0-305.el8.x86_64.rpm kernel-debug-4.18.0-305.el8.x86_64.rpm kernel-debug-core-4.18.0-305.el8.x86_64.rpm kernel-debug-debuginfo-4.18.0-305.el8.x86_64.rpm kernel-debug-devel-4.18.0-305.el8.x86_64.rpm kernel-debug-modules-4.18.0-305.el8.x86_64.rpm kernel-debug-modules-extra-4.18.0-305.el8.x86_64.rpm kernel-debuginfo-4.18.0-305.el8.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-305.el8.x86_64.rpm kernel-devel-4.18.0-305.el8.x86_64.rpm kernel-headers-4.18.0-305.el8.x86_64.rpm kernel-modules-4.18.0-305.el8.x86_64.rpm kernel-modules-extra-4.18.0-305.el8.x86_64.rpm kernel-tools-4.18.0-305.el8.x86_64.rpm kernel-tools-debuginfo-4.18.0-305.el8.x86_64.rpm kernel-tools-libs-4.18.0-305.el8.x86_64.rpm perf-4.18.0-305.el8.x86_64.rpm perf-debuginfo-4.18.0-305.el8.x86_64.rpm python3-perf-4.18.0-305.el8.x86_64.rpm python3-perf-debuginfo-4.18.0-305.el8.x86_64.rpm Red Hat CodeReady Linux Builder (v. 8): aarch64: bpftool-debuginfo-4.18.0-305.el8.aarch64.rpm kernel-debug-debuginfo-4.18.0-305.el8.aarch64.rpm kernel-debuginfo-4.18.0-305.el8.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-305.el8.aarch64.rpm kernel-tools-debuginfo-4.18.0-305.el8.aarch64.rpm kernel-tools-libs-devel-4.18.0-305.el8.aarch64.rpm perf-debuginfo-4.18.0-305.el8.aarch64.rpm python3-perf-debuginfo-4.18.0-305.el8.aarch64.rpm ppc64le: bpftool-debuginfo-4.18.0-305.el8.ppc64le.rpm kernel-debug-debuginfo-4.18.0-305.el8.ppc64le.rpm kernel-debuginfo-4.18.0-305.el8.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-305.el8.ppc64le.rpm kernel-tools-debuginfo-4.18.0-305.el8.ppc64le.rpm kernel-tools-libs-devel-4.18.0-305.el8.ppc64le.rpm perf-debuginfo-4.18.0-305.el8.ppc64le.rpm python3-perf-debuginfo-4.18.0-305.el8.ppc64le.rpm x86_64: bpftool-debuginfo-4.18.0-305.el8.x86_64.rpm kernel-debug-debuginfo-4.18.0-305.el8.x86_64.rpm kernel-debuginfo-4.18.0-305.el8.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-305.el8.x86_64.rpm kernel-tools-debuginfo-4.18.0-305.el8.x86_64.rpm kernel-tools-libs-devel-4.18.0-305.el8.x86_64.rpm perf-debuginfo-4.18.0-305.el8.x86_64.rpm python3-perf-debuginfo-4.18.0-305.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2019-18811 https://access.redhat.com/security/cve/CVE-2019-19523 https://access.redhat.com/security/cve/CVE-2019-19528 https://access.redhat.com/security/cve/CVE-2020-0431 https://access.redhat.com/security/cve/CVE-2020-11608 https://access.redhat.com/security/cve/CVE-2020-12114 https://access.redhat.com/security/cve/CVE-2020-12362 https://access.redhat.com/security/cve/CVE-2020-12464 https://access.redhat.com/security/cve/CVE-2020-14314 https://access.redhat.com/security/cve/CVE-2020-14356 https://access.redhat.com/security/cve/CVE-2020-15437 https://access.redhat.com/security/cve/CVE-2020-24394 https://access.redhat.com/security/cve/CVE-2020-25212 https://access.redhat.com/security/cve/CVE-2020-25284 https://access.redhat.com/security/cve/CVE-2020-25285 https://access.redhat.com/security/cve/CVE-2020-25643 https://access.redhat.com/security/cve/CVE-2020-25704 https://access.redhat.com/security/cve/CVE-2020-27786 https://access.redhat.com/security/cve/CVE-2020-27835 https://access.redhat.com/security/cve/CVE-2020-28974 https://access.redhat.com/security/cve/CVE-2020-35508 https://access.redhat.com/security/cve/CVE-2020-36322 https://access.redhat.com/security/cve/CVE-2021-0342 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYKPtUtzjgjWX9erEAQhNzw/9F6cpeKdpnVS3awWzATKfC4r16pIGJmLl je5fSRHlPqZPu1aO9PcxAQbW3WDQ0S2MWDZDko+XdZTcob7ekBg2F/UQh/wkN4dr 2SE+HlhoRMzykUwKXyVkeqHV8o3lhbbBWwLCO4Mvo/3EWZMwE84YkuYZGMlbkiP/ 5LXomS+exfm3IGe9u5ByyVVvl0JrDmvMxDULjqUoqoQwCO7pu37lPcnmk0D0z/RR eJzTK4Fg9bg74eGkZu1d7169CbXJ5/JMIO6mAfjCqCLzGqP1Dqy19rONbZfq5FYB LXkWmPW6uxecT+FVirUjS2l8almi+Vu9K9H0IcfnYxctMg80CcdAoNhkCfoSFb/Q eBFhDGU0w4X6ll5KtXFju+qZuYLp4nu7PiF9vvFHiM7kps13eoOShstgyyc7urtY M3rUSyM3ll31Ci6cmnTW6q1vc9HaLF+XfQtv4x/lMfDP+YhWpQJOefDRuQIqftLO NwjOTJOpbqTz8hvkRS1pZm4b3bppNs7dfygV1xKP96JuDVk107UjHZj5ygYKsWSw XrHUXRnVpgTrGBhOOnGRAA51fjfCYDmooaWCHpOyNqNoAcJTdPJFz3y/wEU4W4Dk hy/TIXykL0AHKFTcZpyjkVOfGCNtG1POP1MzwoAaY/gAbDqxyUHDnh4z2hYEmnNy EfZ3tn1MwzI=RRkk -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://listman.redhat.com/mailman/listinfo/rhsa-announce . A significant kernel patch from Red Hat tackles several security flaws and weaknesses in Enterprise Linux 8. Discover further details.. Red Hat Kernel Update, Security Advisory, Enterprise Linux, Bug Fix, Kernel Security Effects. . Severity: Important. LinuxSecurity.com Team

May 18, 2021 •Important Red Hat