—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel-rt security and bug fix update
Advisory ID: RHSA-2020:4062-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4062
Issue date: 2020-09-29
CVE Names: CVE-2017-18551 CVE-2018-20836 CVE-2019-9454
CVE-2019-9458 CVE-2019-15217 CVE-2019-15807
CVE-2019-15917 CVE-2019-16231 CVE-2019-16233
CVE-2019-16994 CVE-2019-17053 CVE-2019-17055
CVE-2019-18808 CVE-2019-19046 CVE-2019-19055
CVE-2019-19058 CVE-2019-19059 CVE-2019-19062
CVE-2019-19063 CVE-2019-19332 CVE-2019-19447
CVE-2019-19523 CVE-2019-19524 CVE-2019-19530
CVE-2019-19534 CVE-2019-19537 CVE-2019-19767
CVE-2019-19807 CVE-2019-20054 CVE-2019-20095
CVE-2019-20636 CVE-2020-1749 CVE-2020-2732
CVE-2020-8647 CVE-2020-8649 CVE-2020-9383
CVE-2020-10690 CVE-2020-10732 CVE-2020-10742
CVE-2020-10751 CVE-2020-10942 CVE-2020-11565
CVE-2020-12770 CVE-2020-12826 CVE-2020-14305
=====================================================================
1. Summary:
An update for kernel-rt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux for Real Time (v. 7) – noarch, x86_64
Red Hat Enterprise Linux for Real Time for NFV (v. 7) – noarch, x86_64
3. Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: use-after-free in sound/core/timer.c (CVE-2019-19807)
* kernel: out of bounds write in function i2c_smbus_xfer_emulated in
drivers/i2c/i2c-core-smbus.c (CVE-2017-18551)
* kernel: race condition in smp_task_timedout() and smp_task_done() in
drivers/scsi/libsas/sas_expander.c leads to use-after-free (CVE-2018-20836)
* kernel: out of bounds write in i2c driver leads to local escalation of
privilege (CVE-2019-9454)
* kernel: use after free due to race condition in the video driver leads to
local privilege escalation (CVE-2019-9458)
Space precludes documenting all of the security fixes in this advisory. See
the descriptions of the remaining security fixes in the related Knowledge
Article:
https://access.redhat.com/articles/5442481
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.9 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1427551 – mm/swap: Convert to percpu locked
1707796 – CVE-2018-20836 kernel: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c leads to use-after-free
1745528 – CVE-2019-15217 kernel: null pointer dereference in drivers/media/usb/zr364xx/zr364xx.c driver
1747216 – CVE-2019-15807 kernel: Memory leak in drivers/scsi/libsas/sas_expander.c
1757368 – CVE-2017-18551 kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c
1758242 – CVE-2019-17053 kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol
1758248 – CVE-2019-17055 kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol
1759681 – CVE-2019-16994 kernel: Memory leak in sit_init_net() in net/ipv6/sit.c
1760100 – CVE-2019-15917 kernel: use-after-free in drivers/bluetooth/hci_ldisc.c
1760310 – CVE-2019-16231 kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c
1760420 – CVE-2019-16233 kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c
1774988 – CVE-2019-19046 kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c
1775015 – CVE-2019-19063 kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c allow for a DoS
1775021 – CVE-2019-19062 kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS
1775042 – CVE-2019-19059 kernel: Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c allows for a DoS
1775047 – CVE-2019-19058 kernel: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c allows for a DoS
1775074 – CVE-2019-19055 kernel: memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c allows DoS
1777418 – CVE-2019-18808 kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c
1779594 – CVE-2019-19332 Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid
1781679 – CVE-2019-19447 kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c
1783434 – CVE-2019-19523 kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver
1783459 – CVE-2019-19524 kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free
1783518 – CVE-2019-19530 kernel: use-after-free caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver
1783540 – CVE-2019-19534 kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver
1783561 – CVE-2019-19537 kernel: race condition caused by a malicious USB device in the USB character device driver layer
1786078 – CVE-2019-19807 kernel: use-after-free in sound/core/timer.c
1786160 – CVE-2019-19767 kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c
1788009 – Request nx_huge_pages=N as default value to avoid kvm-rt guest large latency spike
1790063 – CVE-2019-20054 kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c
1791954 – CVE-2019-20095 kernel: memory leak in mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c
1802555 – CVE-2020-8649 kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c
1802563 – CVE-2020-8647 kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c
1805135 – CVE-2020-2732 Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources
1809833 – CVE-2020-1749 kernel: some ipv6 protocols not encrypted over ipsec tunnel
1810685 – CVE-2020-9383 kernel: out-of-bounds read in set_fdc in drivers/block/floppy.c
1817141 – CVE-2020-10690 kernel: use-after-free in cdev_put() when a PTP device is removed while it’s chardev is open
1817718 – CVE-2020-10942 kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field
1818818 – CVE-2019-9454 kernel: out of bounds write in i2c driver leads to local escalation of privilege
1819377 – CVE-2019-9458 kernel: use after free due to race condition in the video driver leads to local privilege escalation
1822077 – CVE-2020-12826 kernel: possible to send arbitrary signals to a privileged (suidroot) parent process
1824059 – CVE-2019-20636 kernel: out-of-bounds write via crafted keycode table
1824918 – CVE-2020-11565 kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c
1831399 – CVE-2020-10732 kernel: uninitialized kernel data leak in userspace coredumps
1834845 – CVE-2020-12770 kernel: sg_write function lacks an sg_remove_request call in a certain failure case
1835127 – CVE-2020-10742 kernel: NFS client crash due to index buffer overflow during Direct IO write causing kernel panic
1839634 – CVE-2020-10751 kernel: SELinux netlink permission check bypass
1850716 – CVE-2020-14305 kernel: memory corruption in Voice over IP nf_conntrack_h323 module
6. Package List:
Red Hat Enterprise Linux for Real Time for NFV (v. 7):
Source:
kernel-rt-3.10.0-1160.rt56.1131.el7.src.rpm
noarch:
kernel-rt-doc-3.10.0-1160.rt56.1131.el7.noarch.rpm
x86_64:
kernel-rt-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-debug-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-debug-debuginfo-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-debug-devel-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-debug-kvm-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-debug-kvm-debuginfo-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-debuginfo-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-devel-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-kvm-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-kvm-debuginfo-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-trace-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-trace-debuginfo-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-trace-devel-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-trace-kvm-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-trace-kvm-debuginfo-3.10.0-1160.rt56.1131.el7.x86_64.rpm
Red Hat Enterprise Linux for Real Time (v. 7):
Source:
kernel-rt-3.10.0-1160.rt56.1131.el7.src.rpm
noarch:
kernel-rt-doc-3.10.0-1160.rt56.1131.el7.noarch.rpm
x86_64:
kernel-rt-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-debug-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-debug-debuginfo-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-debug-devel-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-debuginfo-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-devel-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-trace-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-trace-debuginfo-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-trace-devel-3.10.0-1160.rt56.1131.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2017-18551
https://access.redhat.com/security/cve/CVE-2018-20836
https://access.redhat.com/security/cve/CVE-2019-9454
https://access.redhat.com/security/cve/CVE-2019-9458
https://access.redhat.com/security/cve/CVE-2019-15217
https://access.redhat.com/security/cve/CVE-2019-15807
https://access.redhat.com/security/cve/CVE-2019-15917
https://access.redhat.com/security/cve/CVE-2019-16231
https://access.redhat.com/security/cve/CVE-2019-16233
https://access.redhat.com/security/cve/CVE-2019-16994
https://access.redhat.com/security/cve/CVE-2019-17053
https://access.redhat.com/security/cve/CVE-2019-17055
https://access.redhat.com/security/cve/CVE-2019-18808
https://access.redhat.com/security/cve/CVE-2019-19046
https://access.redhat.com/security/cve/CVE-2019-19055
https://access.redhat.com/security/cve/CVE-2019-19058
https://access.redhat.com/security/cve/CVE-2019-19059
https://access.redhat.com/security/cve/CVE-2019-19062
https://access.redhat.com/security/cve/CVE-2019-19063
https://access.redhat.com/security/cve/CVE-2019-19332
https://access.redhat.com/security/cve/CVE-2019-19447
https://access.redhat.com/security/cve/CVE-2019-19523
https://access.redhat.com/security/cve/CVE-2019-19524
https://access.redhat.com/security/cve/CVE-2019-19530
https://access.redhat.com/security/cve/CVE-2019-19534
https://access.redhat.com/security/cve/CVE-2019-19537
https://access.redhat.com/security/cve/CVE-2019-19767
https://access.redhat.com/security/cve/CVE-2019-19807
https://access.redhat.com/security/cve/CVE-2019-20054
https://access.redhat.com/security/cve/CVE-2019-20095
https://access.redhat.com/security/cve/CVE-2019-20636
https://access.redhat.com/security/cve/CVE-2020-1749
https://access.redhat.com/security/cve/CVE-2020-2732
https://access.redhat.com/security/cve/CVE-2020-8647
https://access.redhat.com/security/cve/CVE-2020-8649
https://access.redhat.com/security/cve/CVE-2020-9383
https://access.redhat.com/security/cve/CVE-2020-10690
https://access.redhat.com/security/cve/CVE-2020-10732
https://access.redhat.com/security/cve/CVE-2020-10742
https://access.redhat.com/security/cve/CVE-2020-10751
https://access.redhat.com/security/cve/CVE-2020-10942
https://access.redhat.com/security/cve/CVE-2020-11565
https://access.redhat.com/security/cve/CVE-2020-12770
https://access.redhat.com/security/cve/CVE-2020-12826
https://access.redhat.com/security/cve/CVE-2020-14305
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index
https://access.redhat.com/articles/5442481
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIVAwUBX3OEB9zjgjWX9erEAQiuzw/+IFniE2/hnxrYUlyV8Q3kD7UFnBRh91AV
C5Y0jEWQRfxMLYwnMfWnojBJBSbwRV/l5e3WYauWcdiNUxEBUuf9h7/w59FNC6+S
+Zug4aZRqQb8ugtPtCXVjkllj2HGpUB7jb7RoxQuJoDbH+EM7kqIWoSpt9Z0F/hi
9NhZqvUhipSpBz2ogCAMx4rU8soUu13/NOXqPSGuezdtGVnOHvwJcTcTL0jk/oSI
IlPHtzA8ccIgFztS30Lbu+pJy09ZKp+0rkWYJFyj4JX3hKM0iOA/NFLKrkNtNRIK
63rtMmvIHlFKCAifzdq0ES5LNr94Ic4b3ik/PngDBDNyTJRzaV1Nc5V5xwaOz0S7
OxTyyam6IKY2hu+KeU9p+68gne890RBnqnbBaMB4e7AJOv3Sq9egc7mLsd1X+Sa+
Y9ic4mGUY0a2jeqNxeuFHwk6s3CnA60RHn3qL07mmH+O3gcgUWjoevu7UiYgkJag
mXTyziSv0tl66DbDIzkRuI/vcSS5DWpTGW/aZi0I5x5p1myA1LzQNXRcGJZrgKQh
DoVtxQMvKWZ28PP5XzY9mImjlqsrp2YcPVs02EqbUiV9GKLLDHaVwzr9xQ+WE0d/
L1Hu5F0gIjshVo0XUXLqoyYXvj8LRftKWY9OcaMg4JWaLURBtAOfJotTGCOSVVht
JV3JXmFiXu0=
=yWG6
—–END PGP SIGNATURE—–
—
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security, bug fix, and enhancement update
Advisory ID: RHSA-2020:4060-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4060
Issue date: 2020-09-29
CVE Names: CVE-2017-18551 CVE-2018-20836 CVE-2019-9454
CVE-2019-9458 CVE-2019-12614 CVE-2019-15217
CVE-2019-15807 CVE-2019-15917 CVE-2019-16231
CVE-2019-16233 CVE-2019-16994 CVE-2019-17053
CVE-2019-17055 CVE-2019-18808 CVE-2019-19046
CVE-2019-19055 CVE-2019-19058 CVE-2019-19059
CVE-2019-19062 CVE-2019-19063 CVE-2019-19332
CVE-2019-19447 CVE-2019-19523 CVE-2019-19524
CVE-2019-19530 CVE-2019-19534 CVE-2019-19537
CVE-2019-19767 CVE-2019-19807 CVE-2019-20054
CVE-2019-20095 CVE-2019-20636 CVE-2020-1749
CVE-2020-2732 CVE-2020-8647 CVE-2020-8649
CVE-2020-9383 CVE-2020-10690 CVE-2020-10732
CVE-2020-10742 CVE-2020-10751 CVE-2020-10942
CVE-2020-11565 CVE-2020-12770 CVE-2020-12826
CVE-2020-14305
=====================================================================
1. Summary:
An update for kernel is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) – noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) – x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) – noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) – x86_64
Red Hat Enterprise Linux Server (v. 7) – noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) – ppc64, ppc64le, x86_64
Red Hat Enterprise Linux Workstation (v. 7) – noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) – x86_64
3. Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security Fix(es):
* kernel: use-after-free in sound/core/timer.c (CVE-2019-19807)
* kernel: out of bounds write in function i2c_smbus_xfer_emulated in
drivers/i2c/i2c-core-smbus.c (CVE-2017-18551)
* kernel: race condition in smp_task_timedout() and smp_task_done() in
drivers/scsi/libsas/sas_expander.c leads to use-after-free (CVE-2018-20836)
* kernel: out of bounds write in i2c driver leads to local escalation of
privilege (CVE-2019-9454)
* kernel: use after free due to race condition in the video driver leads to
local privilege escalation (CVE-2019-9458)
Space precludes documenting all of the security fixes in this advisory. See
the descriptions of the remaining security fixes in the related Knowledge
Article:
https://access.redhat.com/articles/5442421
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.9 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1448750 – BUG: unable to handle kernel paging request at 0; IP: [<ffffffffc05ae76b>] nfsd4_cb_done+0x2b/0x310 [nfsd]
1699402 – smallfile caused kernel Cephfs crash in RHOCS (OpenShift-on-Ceph)
1707796 – CVE-2018-20836 kernel: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c leads to use-after-free
1718176 – CVE-2019-12614 kernel: null pointer dereference in dlpar_parse_cc_property in arch/powerrc/platforms/pseries/dlpar.c causing denial of service
1724345 – mkfs.xfs hangs issuing discards
1745528 – CVE-2019-15217 kernel: null pointer dereference in drivers/media/usb/zr364xx/zr364xx.c driver
1747216 – CVE-2019-15807 kernel: Memory leak in drivers/scsi/libsas/sas_expander.c
1757368 – CVE-2017-18551 kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c
1758242 – CVE-2019-17053 kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol
1758248 – CVE-2019-17055 kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol
1759681 – CVE-2019-16994 kernel: Memory leak in sit_init_net() in net/ipv6/sit.c
1760100 – CVE-2019-15917 kernel: use-after-free in drivers/bluetooth/hci_ldisc.c
1760310 – CVE-2019-16231 kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c
1760420 – CVE-2019-16233 kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c
1774988 – CVE-2019-19046 kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c
1775015 – CVE-2019-19063 kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c allow for a DoS
1775021 – CVE-2019-19062 kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS
1775042 – CVE-2019-19059 kernel: Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c allows for a DoS
1775047 – CVE-2019-19058 kernel: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c allows for a DoS
1775074 – CVE-2019-19055 kernel: memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c allows DoS
1777239 – Unable to exclude files from auditing
1777418 – CVE-2019-18808 kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c
1779594 – CVE-2019-19332 Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid
1781679 – CVE-2019-19447 kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c
1783434 – CVE-2019-19523 kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver
1783459 – CVE-2019-19524 kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free
1783518 – CVE-2019-19530 kernel: use-after-free caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver
1783540 – CVE-2019-19534 kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver
1783554 – Fix copy_file_range return value in case of same-file copy on NFS
1783561 – CVE-2019-19537 kernel: race condition caused by a malicious USB device in the USB character device driver layer
1786078 – CVE-2019-19807 kernel: use-after-free in sound/core/timer.c
1786160 – CVE-2019-19767 kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c
1790063 – CVE-2019-20054 kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c
1791954 – CVE-2019-20095 kernel: memory leak in mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c
1802555 – CVE-2020-8649 kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c
1802563 – CVE-2020-8647 kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c
1805135 – CVE-2020-2732 Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources
1809833 – CVE-2020-1749 kernel: some ipv6 protocols not encrypted over ipsec tunnel
1810685 – CVE-2020-9383 kernel: out-of-bounds read in set_fdc in drivers/block/floppy.c
1817141 – CVE-2020-10690 kernel: use-after-free in cdev_put() when a PTP device is removed while it’s chardev is open
1817718 – CVE-2020-10942 kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field
1818818 – CVE-2019-9454 kernel: out of bounds write in i2c driver leads to local escalation of privilege
1819377 – CVE-2019-9458 kernel: use after free due to race condition in the video driver leads to local privilege escalation
1822077 – CVE-2020-12826 kernel: possible to send arbitrary signals to a privileged (suidroot) parent process
1824059 – CVE-2019-20636 kernel: out-of-bounds write via crafted keycode table
1824270 – CVE-2020-10742 kernel: NFS client crash due to index buffer overflow during Direct IO write causing kernel panic [rhel-7]
1824918 – CVE-2020-11565 kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c
1829662 – kernel BUG at fs/fscache/operation.c:70! FS-Cache: 4 == 5 is false – current state is FSCACHE_OP_ST_COMPLETE but should be FSCACHE_OP_CANCELLED in fscache_enqueue_operation
1831399 – CVE-2020-10732 kernel: uninitialized kernel data leak in userspace coredumps
1832332 – “[sig-network] Services should be rejected when no endpoints exist” test fails frequently on RHEL7 nodes
1834845 – CVE-2020-12770 kernel: sg_write function lacks an sg_remove_request call in a certain failure case
1835127 – CVE-2020-10742 kernel: NFS client crash due to index buffer overflow during Direct IO write causing kernel panic
1839634 – CVE-2020-10751 kernel: SELinux netlink permission check bypass
1845326 – libaio is returning duplicate events
1850716 – CVE-2020-14305 kernel: memory corruption in Voice over IP nf_conntrack_h323 module
6. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
kernel-3.10.0-1160.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-1160.el7.noarch.rpm
kernel-doc-3.10.0-1160.el7.noarch.rpm
x86_64:
bpftool-3.10.0-1160.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-3.10.0-1160.el7.x86_64.rpm
kernel-debug-3.10.0-1160.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1160.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.el7.x86_64.rpm
kernel-devel-3.10.0-1160.el7.x86_64.rpm
kernel-headers-3.10.0-1160.el7.x86_64.rpm
kernel-tools-3.10.0-1160.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1160.el7.x86_64.rpm
perf-3.10.0-1160.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.el7.x86_64.rpm
python-perf-3.10.0-1160.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64:
bpftool-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1160.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
kernel-3.10.0-1160.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-1160.el7.noarch.rpm
kernel-doc-3.10.0-1160.el7.noarch.rpm
x86_64:
bpftool-3.10.0-1160.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-3.10.0-1160.el7.x86_64.rpm
kernel-debug-3.10.0-1160.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1160.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.el7.x86_64.rpm
kernel-devel-3.10.0-1160.el7.x86_64.rpm
kernel-headers-3.10.0-1160.el7.x86_64.rpm
kernel-tools-3.10.0-1160.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1160.el7.x86_64.rpm
perf-3.10.0-1160.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.el7.x86_64.rpm
python-perf-3.10.0-1160.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64:
bpftool-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1160.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
kernel-3.10.0-1160.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-1160.el7.noarch.rpm
kernel-doc-3.10.0-1160.el7.noarch.rpm
ppc64:
bpftool-3.10.0-1160.el7.ppc64.rpm
bpftool-debuginfo-3.10.0-1160.el7.ppc64.rpm
kernel-3.10.0-1160.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-1160.el7.ppc64.rpm
kernel-debug-3.10.0-1160.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-1160.el7.ppc64.rpm
kernel-debug-devel-3.10.0-1160.el7.ppc64.rpm
kernel-debuginfo-3.10.0-1160.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-1160.el7.ppc64.rpm
kernel-devel-3.10.0-1160.el7.ppc64.rpm
kernel-headers-3.10.0-1160.el7.ppc64.rpm
kernel-tools-3.10.0-1160.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-1160.el7.ppc64.rpm
kernel-tools-libs-3.10.0-1160.el7.ppc64.rpm
perf-3.10.0-1160.el7.ppc64.rpm
perf-debuginfo-3.10.0-1160.el7.ppc64.rpm
python-perf-3.10.0-1160.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-1160.el7.ppc64.rpm
ppc64le:
bpftool-3.10.0-1160.el7.ppc64le.rpm
bpftool-debuginfo-3.10.0-1160.el7.ppc64le.rpm
kernel-3.10.0-1160.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-1160.el7.ppc64le.rpm
kernel-debug-3.10.0-1160.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-1160.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-1160.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-1160.el7.ppc64le.rpm
kernel-devel-3.10.0-1160.el7.ppc64le.rpm
kernel-headers-3.10.0-1160.el7.ppc64le.rpm
kernel-tools-3.10.0-1160.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-1160.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-1160.el7.ppc64le.rpm
perf-3.10.0-1160.el7.ppc64le.rpm
perf-debuginfo-3.10.0-1160.el7.ppc64le.rpm
python-perf-3.10.0-1160.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-1160.el7.ppc64le.rpm
s390x:
bpftool-3.10.0-1160.el7.s390x.rpm
bpftool-debuginfo-3.10.0-1160.el7.s390x.rpm
kernel-3.10.0-1160.el7.s390x.rpm
kernel-debug-3.10.0-1160.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-1160.el7.s390x.rpm
kernel-debug-devel-3.10.0-1160.el7.s390x.rpm
kernel-debuginfo-3.10.0-1160.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-1160.el7.s390x.rpm
kernel-devel-3.10.0-1160.el7.s390x.rpm
kernel-headers-3.10.0-1160.el7.s390x.rpm
kernel-kdump-3.10.0-1160.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-1160.el7.s390x.rpm
kernel-kdump-devel-3.10.0-1160.el7.s390x.rpm
perf-3.10.0-1160.el7.s390x.rpm
perf-debuginfo-3.10.0-1160.el7.s390x.rpm
python-perf-3.10.0-1160.el7.s390x.rpm
python-perf-debuginfo-3.10.0-1160.el7.s390x.rpm
x86_64:
bpftool-3.10.0-1160.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-3.10.0-1160.el7.x86_64.rpm
kernel-debug-3.10.0-1160.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1160.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.el7.x86_64.rpm
kernel-devel-3.10.0-1160.el7.x86_64.rpm
kernel-headers-3.10.0-1160.el7.x86_64.rpm
kernel-tools-3.10.0-1160.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1160.el7.x86_64.rpm
perf-3.10.0-1160.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.el7.x86_64.rpm
python-perf-3.10.0-1160.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
bpftool-debuginfo-3.10.0-1160.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-1160.el7.ppc64.rpm
kernel-debuginfo-3.10.0-1160.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-1160.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-1160.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-1160.el7.ppc64.rpm
perf-debuginfo-3.10.0-1160.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-1160.el7.ppc64.rpm
ppc64le:
bpftool-debuginfo-3.10.0-1160.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-1160.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-1160.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-1160.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-1160.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-1160.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-1160.el7.ppc64le.rpm
perf-debuginfo-3.10.0-1160.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-1160.el7.ppc64le.rpm
x86_64:
bpftool-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1160.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
kernel-3.10.0-1160.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-1160.el7.noarch.rpm
kernel-doc-3.10.0-1160.el7.noarch.rpm
x86_64:
bpftool-3.10.0-1160.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-3.10.0-1160.el7.x86_64.rpm
kernel-debug-3.10.0-1160.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1160.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.el7.x86_64.rpm
kernel-devel-3.10.0-1160.el7.x86_64.rpm
kernel-headers-3.10.0-1160.el7.x86_64.rpm
kernel-tools-3.10.0-1160.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1160.el7.x86_64.rpm
perf-3.10.0-1160.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.el7.x86_64.rpm
python-perf-3.10.0-1160.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
bpftool-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1160.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2017-18551
https://access.redhat.com/security/cve/CVE-2018-20836
https://access.redhat.com/security/cve/CVE-2019-9454
https://access.redhat.com/security/cve/CVE-2019-9458
https://access.redhat.com/security/cve/CVE-2019-12614
https://access.redhat.com/security/cve/CVE-2019-15217
https://access.redhat.com/security/cve/CVE-2019-15807
https://access.redhat.com/security/cve/CVE-2019-15917
https://access.redhat.com/security/cve/CVE-2019-16231
https://access.redhat.com/security/cve/CVE-2019-16233
https://access.redhat.com/security/cve/CVE-2019-16994
https://access.redhat.com/security/cve/CVE-2019-17053
https://access.redhat.com/security/cve/CVE-2019-17055
https://access.redhat.com/security/cve/CVE-2019-18808
https://access.redhat.com/security/cve/CVE-2019-19046
https://access.redhat.com/security/cve/CVE-2019-19055
https://access.redhat.com/security/cve/CVE-2019-19058
https://access.redhat.com/security/cve/CVE-2019-19059
https://access.redhat.com/security/cve/CVE-2019-19062
https://access.redhat.com/security/cve/CVE-2019-19063
https://access.redhat.com/security/cve/CVE-2019-19332
https://access.redhat.com/security/cve/CVE-2019-19447
https://access.redhat.com/security/cve/CVE-2019-19523
https://access.redhat.com/security/cve/CVE-2019-19524
https://access.redhat.com/security/cve/CVE-2019-19530
https://access.redhat.com/security/cve/CVE-2019-19534
https://access.redhat.com/security/cve/CVE-2019-19537
https://access.redhat.com/security/cve/CVE-2019-19767
https://access.redhat.com/security/cve/CVE-2019-19807
https://access.redhat.com/security/cve/CVE-2019-20054
https://access.redhat.com/security/cve/CVE-2019-20095
https://access.redhat.com/security/cve/CVE-2019-20636
https://access.redhat.com/security/cve/CVE-2020-1749
https://access.redhat.com/security/cve/CVE-2020-2732
https://access.redhat.com/security/cve/CVE-2020-8647
https://access.redhat.com/security/cve/CVE-2020-8649
https://access.redhat.com/security/cve/CVE-2020-9383
https://access.redhat.com/security/cve/CVE-2020-10690
https://access.redhat.com/security/cve/CVE-2020-10732
https://access.redhat.com/security/cve/CVE-2020-10742
https://access.redhat.com/security/cve/CVE-2020-10751
https://access.redhat.com/security/cve/CVE-2020-10942
https://access.redhat.com/security/cve/CVE-2020-11565
https://access.redhat.com/security/cve/CVE-2020-12770
https://access.redhat.com/security/cve/CVE-2020-12826
https://access.redhat.com/security/cve/CVE-2020-14305
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index
https://access.redhat.com/articles/5442421
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIVAwUBX3OiL9zjgjWX9erEAQihSxAApxwgp4kpij7zRNbAhyJuEtRjbVL5gO/i
fwPX//BDQD1TPK5HfbCicmhLEgFvbM8PwV/p8DVYAeJqD6ipqGaJjUmZssr5jCRb
+EIz+7nJjq7x+iQ93/xt0nGBCRVEWwxb27nYvVQId0Prbby5TMGGmG8LmKGeMRBg
mEudwSaVgo2Rn/V6aBIQFLGwsOgpHpXd/5yY9JX6e6mclE23+yKc15zqVboJvt14
Q1beZAwtHkBWlHGzBRx3HPEJdXWZXPiYcWN+07BF7vyLSmD+opMvNGsgXlCrgyIc
ErgXdAIo3awyWwaU8JTv2pY/ZRsPYI2MTO0Ph+zHLy4ndpmMv9b/c0WbiEAan8iL
0Uj1zuSyWRDbnNwKEo2wc1Z7guMpDqKtV5QrZAFTSH3HVPSXF43WakDEZrO7LOse
T3SmYeWdP/rI50tMOtuPeldTh8kY/qUC6mRgFM45UmXlfIzQrw49l2fbgHnANIA5
8olnRowuCaM+AU4ruLM+qf5S9IoxeLQRmzRLQEZk4nH3zjSNgwO+9rFSK92E1cTj
E3mN+hH/4KP4ckOh3TDb8W9qx5DHA7U6N3XcuSloNOwROyBnnLbw8eZcJeddy0zX
SvESq0HLBOVtEBbpnmJtfXlvW5bXkajYlcSX8nSCcIJ6U7yJN9qHmlsO5bv53koB
7KUpNcbho+A=
=V/r8
—–END PGP SIGNATURE—–
—
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce