Red Hat Security Advisory 2021-1578-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service, integer overflow, memory leak, null pointer, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
0b297866a632113c376963bf7d56d126ab8d48aba795a17aa0f66bba161b11ee-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security, bug fix, and enhancement update
Advisory ID: RHSA-2021:1578-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:1578
Issue date: 2021-05-18
CVE Names: CVE-2019-18811 CVE-2019-19523 CVE-2019-19528
CVE-2020-0431 CVE-2020-11608 CVE-2020-12114
CVE-2020-12362 CVE-2020-12464 CVE-2020-14314
CVE-2020-14356 CVE-2020-15437 CVE-2020-24394
CVE-2020-25212 CVE-2020-25284 CVE-2020-25285
CVE-2020-25643 CVE-2020-25704 CVE-2020-27786
CVE-2020-27835 CVE-2020-28974 CVE-2020-35508
CVE-2020-36322 CVE-2021-0342
====================================================================
1. Summary:
An update for kernel is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
3. Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security Fix(es):
* kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)
* kernel: memory leak in sof_set_get_large_ctrl_data() function in
sound/soc/sof/ipc.c (CVE-2019-18811)
* kernel: use-after-free caused by a malicious USB device in the
drivers/usb/misc/adutux.c driver (CVE-2019-19523)
* kernel: use-after-free bug caused by a malicious USB device in the
drivers/usb/misc/iowarrior.c driver (CVE-2019-19528)
* kernel: possible out of bounds write in kbd_keycode of keyboard.c
(CVE-2020-0431)
* kernel: DoS by corrupting mountpoint reference counter (CVE-2020-12114)
* kernel: use-after-free in usb_sg_cancel function in
drivers/usb/core/message.c (CVE-2020-12464)
* kernel: buffer uses out of index in ext3/4 filesystem (CVE-2020-14314)
* kernel: Use After Free vulnerability in cgroup BPF component
(CVE-2020-14356)
* kernel: NULL pointer dereference in serial8250_isa_init_ports function in
drivers/tty/serial/8250/8250_core.c (CVE-2020-15437)
* kernel: umask not applied on filesystem without ACL support
(CVE-2020-24394)
* kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212)
* kernel: incomplete permission checking for access to rbd devices
(CVE-2020-25284)
* kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c
(CVE-2020-25285)
* kernel: improper input validation in ppp_cp_parse_cr function leads to
memory corruption and read overflow (CVE-2020-25643)
* kernel: perf_event_parse_addr_filter memory (CVE-2020-25704)
* kernel: use-after-free in kernel midi subsystem (CVE-2020-27786)
* kernel: child process is able to access parent mm through hfi dev file
handle (CVE-2020-27835)
* kernel: slab-out-of-bounds read in fbcon (CVE-2020-28974)
* kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting
- ->real_parent (CVE-2020-35508)
* kernel: fuse: fuse_do_getattr() calls make_bad_inode() in inappropriate
situations (CVE-2020-36322)
* kernel: use after free in tun_get_user of tun.c could lead to local
escalation of privilege (CVE-2021-0342)
* kernel: NULL pointer dereferences in ov511_mode_init_regs and
ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c (CVE-2020-11608)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.4 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1777455 - CVE-2019-18811 kernel: memory leak in sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c
1783434 - CVE-2019-19523 kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver
1783507 - CVE-2019-19528 kernel: use-after-free bug caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver
1831726 - CVE-2020-12464 kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c
1833445 - CVE-2020-11608 kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c
1848084 - i_version is turned off whenever filesystem is remounted
1848652 - CVE-2020-12114 kernel: DoS by corrupting mountpoint reference counter
1853922 - CVE-2020-14314 kernel: buffer uses out of index in ext3/4 filesystem
1859244 - Failure when modifying bridge multicast-snooping from 0 to 1
1860479 - Unable to attach VLAN-based logical networks to a bond
1868453 - CVE-2020-14356 kernel: Use After Free vulnerability in cgroup BPF component
1869141 - CVE-2020-24394 kernel: umask not applied on filesystem without ACL support
1876840 - logs are filled with: sending ioctl to DM device without required privilege
1877575 - CVE-2020-25212 kernel: TOCTOU mismatch in the NFS client code
1879981 - CVE-2020-25643 kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow
1882591 - CVE-2020-25285 kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c
1882594 - CVE-2020-25284 kernel: incomplete permission checking for access to rbd devices
1890373 - kernel version update cause qemu live migration failed
1895961 - CVE-2020-25704 kernel: perf_event_parse_addr_filter memory
1900933 - CVE-2020-27786 kernel: use-after-free in kernel midi subsystem
1901161 - CVE-2020-15437 kernel: NULL pointer dereference in serial8250_isa_init_ports function in drivers/tty/serial/8250/8250_core.c
1901709 - CVE-2020-27835 kernel: child process is able to access parent mm through hfi dev file handle
1902724 - CVE-2020-35508 kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
1903126 - CVE-2020-28974 kernel: slab-out-of-bounds read in fbcon
1903387 - fsfreeze of xfs filesystem can be significantly delayed in xfs_wait_buftarg if a process continues to grab and release buffers
1903983 - rootless mode doesn't work
1911343 - blk_alloc_queue() ABI change
1915799 - CVE-2021-0342 kernel: use after free in tun_get_user of tun.c could lead to local escalation of privilege
1919889 - CVE-2020-0431 kernel: possible out of bounds write in kbd_keycode of keyboard.c
1930246 - CVE-2020-12362 kernel: Integer overflow in Intel(R) Graphics Drivers
1949560 - CVE-2020-36322 kernel: fuse: fuse_do_getattr() calls make_bad_inode() in inappropriate situations
6. Package List:
Red Hat Enterprise Linux BaseOS (v. 8):
Source:
kernel-4.18.0-305.el8.src.rpm
aarch64:
bpftool-4.18.0-305.el8.aarch64.rpm
bpftool-debuginfo-4.18.0-305.el8.aarch64.rpm
kernel-4.18.0-305.el8.aarch64.rpm
kernel-core-4.18.0-305.el8.aarch64.rpm
kernel-cross-headers-4.18.0-305.el8.aarch64.rpm
kernel-debug-4.18.0-305.el8.aarch64.rpm
kernel-debug-core-4.18.0-305.el8.aarch64.rpm
kernel-debug-debuginfo-4.18.0-305.el8.aarch64.rpm
kernel-debug-devel-4.18.0-305.el8.aarch64.rpm
kernel-debug-modules-4.18.0-305.el8.aarch64.rpm
kernel-debug-modules-extra-4.18.0-305.el8.aarch64.rpm
kernel-debuginfo-4.18.0-305.el8.aarch64.rpm
kernel-debuginfo-common-aarch64-4.18.0-305.el8.aarch64.rpm
kernel-devel-4.18.0-305.el8.aarch64.rpm
kernel-headers-4.18.0-305.el8.aarch64.rpm
kernel-modules-4.18.0-305.el8.aarch64.rpm
kernel-modules-extra-4.18.0-305.el8.aarch64.rpm
kernel-tools-4.18.0-305.el8.aarch64.rpm
kernel-tools-debuginfo-4.18.0-305.el8.aarch64.rpm
kernel-tools-libs-4.18.0-305.el8.aarch64.rpm
perf-4.18.0-305.el8.aarch64.rpm
perf-debuginfo-4.18.0-305.el8.aarch64.rpm
python3-perf-4.18.0-305.el8.aarch64.rpm
python3-perf-debuginfo-4.18.0-305.el8.aarch64.rpm
noarch:
kernel-abi-stablelists-4.18.0-305.el8.noarch.rpm
kernel-doc-4.18.0-305.el8.noarch.rpm
ppc64le:
bpftool-4.18.0-305.el8.ppc64le.rpm
bpftool-debuginfo-4.18.0-305.el8.ppc64le.rpm
kernel-4.18.0-305.el8.ppc64le.rpm
kernel-core-4.18.0-305.el8.ppc64le.rpm
kernel-cross-headers-4.18.0-305.el8.ppc64le.rpm
kernel-debug-4.18.0-305.el8.ppc64le.rpm
kernel-debug-core-4.18.0-305.el8.ppc64le.rpm
kernel-debug-debuginfo-4.18.0-305.el8.ppc64le.rpm
kernel-debug-devel-4.18.0-305.el8.ppc64le.rpm
kernel-debug-modules-4.18.0-305.el8.ppc64le.rpm
kernel-debug-modules-extra-4.18.0-305.el8.ppc64le.rpm
kernel-debuginfo-4.18.0-305.el8.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.18.0-305.el8.ppc64le.rpm
kernel-devel-4.18.0-305.el8.ppc64le.rpm
kernel-headers-4.18.0-305.el8.ppc64le.rpm
kernel-modules-4.18.0-305.el8.ppc64le.rpm
kernel-modules-extra-4.18.0-305.el8.ppc64le.rpm
kernel-tools-4.18.0-305.el8.ppc64le.rpm
kernel-tools-debuginfo-4.18.0-305.el8.ppc64le.rpm
kernel-tools-libs-4.18.0-305.el8.ppc64le.rpm
perf-4.18.0-305.el8.ppc64le.rpm
perf-debuginfo-4.18.0-305.el8.ppc64le.rpm
python3-perf-4.18.0-305.el8.ppc64le.rpm
python3-perf-debuginfo-4.18.0-305.el8.ppc64le.rpm
s390x:
bpftool-4.18.0-305.el8.s390x.rpm
bpftool-debuginfo-4.18.0-305.el8.s390x.rpm
kernel-4.18.0-305.el8.s390x.rpm
kernel-core-4.18.0-305.el8.s390x.rpm
kernel-cross-headers-4.18.0-305.el8.s390x.rpm
kernel-debug-4.18.0-305.el8.s390x.rpm
kernel-debug-core-4.18.0-305.el8.s390x.rpm
kernel-debug-debuginfo-4.18.0-305.el8.s390x.rpm
kernel-debug-devel-4.18.0-305.el8.s390x.rpm
kernel-debug-modules-4.18.0-305.el8.s390x.rpm
kernel-debug-modules-extra-4.18.0-305.el8.s390x.rpm
kernel-debuginfo-4.18.0-305.el8.s390x.rpm
kernel-debuginfo-common-s390x-4.18.0-305.el8.s390x.rpm
kernel-devel-4.18.0-305.el8.s390x.rpm
kernel-headers-4.18.0-305.el8.s390x.rpm
kernel-modules-4.18.0-305.el8.s390x.rpm
kernel-modules-extra-4.18.0-305.el8.s390x.rpm
kernel-tools-4.18.0-305.el8.s390x.rpm
kernel-tools-debuginfo-4.18.0-305.el8.s390x.rpm
kernel-zfcpdump-4.18.0-305.el8.s390x.rpm
kernel-zfcpdump-core-4.18.0-305.el8.s390x.rpm
kernel-zfcpdump-debuginfo-4.18.0-305.el8.s390x.rpm
kernel-zfcpdump-devel-4.18.0-305.el8.s390x.rpm
kernel-zfcpdump-modules-4.18.0-305.el8.s390x.rpm
kernel-zfcpdump-modules-extra-4.18.0-305.el8.s390x.rpm
perf-4.18.0-305.el8.s390x.rpm
perf-debuginfo-4.18.0-305.el8.s390x.rpm
python3-perf-4.18.0-305.el8.s390x.rpm
python3-perf-debuginfo-4.18.0-305.el8.s390x.rpm
x86_64:
bpftool-4.18.0-305.el8.x86_64.rpm
bpftool-debuginfo-4.18.0-305.el8.x86_64.rpm
kernel-4.18.0-305.el8.x86_64.rpm
kernel-core-4.18.0-305.el8.x86_64.rpm
kernel-cross-headers-4.18.0-305.el8.x86_64.rpm
kernel-debug-4.18.0-305.el8.x86_64.rpm
kernel-debug-core-4.18.0-305.el8.x86_64.rpm
kernel-debug-debuginfo-4.18.0-305.el8.x86_64.rpm
kernel-debug-devel-4.18.0-305.el8.x86_64.rpm
kernel-debug-modules-4.18.0-305.el8.x86_64.rpm
kernel-debug-modules-extra-4.18.0-305.el8.x86_64.rpm
kernel-debuginfo-4.18.0-305.el8.x86_64.rpm
kernel-debuginfo-common-x86_64-4.18.0-305.el8.x86_64.rpm
kernel-devel-4.18.0-305.el8.x86_64.rpm
kernel-headers-4.18.0-305.el8.x86_64.rpm
kernel-modules-4.18.0-305.el8.x86_64.rpm
kernel-modules-extra-4.18.0-305.el8.x86_64.rpm
kernel-tools-4.18.0-305.el8.x86_64.rpm
kernel-tools-debuginfo-4.18.0-305.el8.x86_64.rpm
kernel-tools-libs-4.18.0-305.el8.x86_64.rpm
perf-4.18.0-305.el8.x86_64.rpm
perf-debuginfo-4.18.0-305.el8.x86_64.rpm
python3-perf-4.18.0-305.el8.x86_64.rpm
python3-perf-debuginfo-4.18.0-305.el8.x86_64.rpm
Red Hat CodeReady Linux Builder (v. 8):
aarch64:
bpftool-debuginfo-4.18.0-305.el8.aarch64.rpm
kernel-debug-debuginfo-4.18.0-305.el8.aarch64.rpm
kernel-debuginfo-4.18.0-305.el8.aarch64.rpm
kernel-debuginfo-common-aarch64-4.18.0-305.el8.aarch64.rpm
kernel-tools-debuginfo-4.18.0-305.el8.aarch64.rpm
kernel-tools-libs-devel-4.18.0-305.el8.aarch64.rpm
perf-debuginfo-4.18.0-305.el8.aarch64.rpm
python3-perf-debuginfo-4.18.0-305.el8.aarch64.rpm
ppc64le:
bpftool-debuginfo-4.18.0-305.el8.ppc64le.rpm
kernel-debug-debuginfo-4.18.0-305.el8.ppc64le.rpm
kernel-debuginfo-4.18.0-305.el8.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.18.0-305.el8.ppc64le.rpm
kernel-tools-debuginfo-4.18.0-305.el8.ppc64le.rpm
kernel-tools-libs-devel-4.18.0-305.el8.ppc64le.rpm
perf-debuginfo-4.18.0-305.el8.ppc64le.rpm
python3-perf-debuginfo-4.18.0-305.el8.ppc64le.rpm
x86_64:
bpftool-debuginfo-4.18.0-305.el8.x86_64.rpm
kernel-debug-debuginfo-4.18.0-305.el8.x86_64.rpm
kernel-debuginfo-4.18.0-305.el8.x86_64.rpm
kernel-debuginfo-common-x86_64-4.18.0-305.el8.x86_64.rpm
kernel-tools-debuginfo-4.18.0-305.el8.x86_64.rpm
kernel-tools-libs-devel-4.18.0-305.el8.x86_64.rpm
perf-debuginfo-4.18.0-305.el8.x86_64.rpm
python3-perf-debuginfo-4.18.0-305.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-18811
https://access.redhat.com/security/cve/CVE-2019-19523
https://access.redhat.com/security/cve/CVE-2019-19528
https://access.redhat.com/security/cve/CVE-2020-0431
https://access.redhat.com/security/cve/CVE-2020-11608
https://access.redhat.com/security/cve/CVE-2020-12114
https://access.redhat.com/security/cve/CVE-2020-12362
https://access.redhat.com/security/cve/CVE-2020-12464
https://access.redhat.com/security/cve/CVE-2020-14314
https://access.redhat.com/security/cve/CVE-2020-14356
https://access.redhat.com/security/cve/CVE-2020-15437
https://access.redhat.com/security/cve/CVE-2020-24394
https://access.redhat.com/security/cve/CVE-2020-25212
https://access.redhat.com/security/cve/CVE-2020-25284
https://access.redhat.com/security/cve/CVE-2020-25285
https://access.redhat.com/security/cve/CVE-2020-25643
https://access.redhat.com/security/cve/CVE-2020-25704
https://access.redhat.com/security/cve/CVE-2020-27786
https://access.redhat.com/security/cve/CVE-2020-27835
https://access.redhat.com/security/cve/CVE-2020-28974
https://access.redhat.com/security/cve/CVE-2020-35508
https://access.redhat.com/security/cve/CVE-2020-36322
https://access.redhat.com/security/cve/CVE-2021-0342
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYKPtUtzjgjWX9erEAQhNzw/9F6cpeKdpnVS3awWzATKfC4r16pIGJmLl
je5fSRHlPqZPu1aO9PcxAQbW3WDQ0S2MWDZDko+XdZTcob7ekBg2F/UQh/wkN4dr
2SE+HlhoRMzykUwKXyVkeqHV8o3lhbbBWwLCO4Mvo/3EWZMwE84YkuYZGMlbkiP/
5LXomS+exfm3IGe9u5ByyVVvl0JrDmvMxDULjqUoqoQwCO7pu37lPcnmk0D0z/RR
eJzTK4Fg9bg74eGkZu1d7169CbXJ5/JMIO6mAfjCqCLzGqP1Dqy19rONbZfq5FYB
LXkWmPW6uxecT+FVirUjS2l8almi+Vu9K9H0IcfnYxctMg80CcdAoNhkCfoSFb/Q
eBFhDGU0w4X6ll5KtXFju+qZuYLp4nu7PiF9vvFHiM7kps13eoOShstgyyc7urtY
M3rUSyM3ll31Ci6cmnTW6q1vc9HaLF+XfQtv4x/lMfDP+YhWpQJOefDRuQIqftLO
NwjOTJOpbqTz8hvkRS1pZm4b3bppNs7dfygV1xKP96JuDVk107UjHZj5ygYKsWSw
XrHUXRnVpgTrGBhOOnGRAA51fjfCYDmooaWCHpOyNqNoAcJTdPJFz3y/wEU4W4Dk
hy/TIXykL0AHKFTcZpyjkVOfGCNtG1POP1MzwoAaY/gAbDqxyUHDnh4z2hYEmnNy
EfZ3tn1MwzI=RRkk
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed