Headline

RHSA-2021:0856: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es):

kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c (CVE-2020-25211)
kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374)
kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)
kernel: malicious USB devices can lead to multiple out-of-bounds write (CVE-2019-19532)
kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)
kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c (CVE-2020-7053)
kernel: performance counters race condition use-after-free (CVE-2020-14351)
kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints (CVE-2020-25645)
kernel: use-after-free in read in vt_do_kdgkb_ioctl (CVE-2020-25656)
kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)
kernel: increase slab leak leads to DoS (CVE-2021-20265) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es):
BUG: scheduling while atomic: memory allocation under spinlock in scsi_register_device_handler() (BZ#1619147)
WARNING in __iscsit_free_cmd during recovery Abort (BZ#1784540)
lpfc does not issue adisc to fcp-2 devices, does not respond to nvme targer that send an adisc. (BZ#1875961)
Panic in semctl_nolock.constprop.15+0x25b (BZ#1877264)
[RHEL 7.7][md]Crash due to invalid pool workqueue pointer, work queue race (BZ#1889372)
Guest crash on intel CPU with -cpu host,-spec-ctrl,+ibpb (BZ#1890669)
RHEL7.9 - kernel/uv: handle length extension properly (BZ#1899172)
Commit b144f013fc16a06d7a4b9a4be668a3583fafeda2 ‘i40e: don’t report link up for a VF who hasn’t enabled queues’ introducing issues with VM using DPDK (BZ#1901064)
writing to /sys/devices/(…)/net/eno49/queues/tx-16/xps_cpus triggers kernel panic (BZ#1903819)
[Hyper-V][RHEL-7.9]video: hyperv_fb: Fix the cache type when mapping the VRAM Edit (BZ#1908896)
kvm-rhel7.9 [AMD] - system crash observed while powering on virtual machine with attached VF interfaces. (BZ#1909036)
kernel: nvme nvme7: Connect command failed, error wo/DNR bit: 2 (BZ#1910817)
dm-mirror crashes from assuming underlying storage will have a non-NULL merge_bvec_fn (BZ#1916407)
watchdog: use nmi registers snapshot in hardlockup handler (BZ#1916589)
[DELL EMC 7.9 BUG] - Intel E810 NIC interfaces are not functional in RHEL 7.9 on system with AMD Rome CPUs (BZ#1918273)
[DELL EMC BUG] RHEL system log shows AMD-Vi error when system connected with Gen 4 NVMe drives. (BZ#1921187) Related CVEs:
CVE-2019-19532: kernel: malicious USB devices can lead to multiple out-of-bounds write
CVE-2020-0427: kernel: out-of-bounds reads in pinctrl subsystem.
CVE-2020-7053: kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c
CVE-2020-14351: kernel: performance counters race condition use-after-free
CVE-2020-25211: kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c
CVE-2020-25645: kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints
CVE-2020-25656: kernel: use-after-free in read in vt_do_kdgkb_ioctl
CVE-2020-25705: kernel: ICMP rate limiting can be used for DNS poisoning attack
CVE-2020-28374: kernel: SCSI target (LIO) write to any block on ILO backstore
CVE-2020-29661: kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free
CVE-2021-20265: kernel: increase slab leak leads to DoS