Headline
RHSA-2021:4356: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es):
- kernel: out-of-bounds reads in pinctrl subsystem (CVE-2020-0427)
- kernel: Improper input validation in some Intel® Ethernet E810 Adapter drivers (CVE-2020-24502)
- kernel: Insufficient access control in some Intel® Ethernet E810 Adapter drivers (CVE-2020-24503)
- kernel: Uncontrolled resource consumption in some Intel® Ethernet E810 Adapter drivers (CVE-2020-24504)
- kernel: Fragmentation cache not cleared on reconnection (CVE-2020-24586)
- kernel: Reassembling fragments encrypted under different keys (CVE-2020-24587)
- kernel: wifi frame payload being parsed incorrectly as an L2 frame (CVE-2020-24588)
- kernel: Forwarding EAPOL from unauthenticated wifi client (CVE-2020-26139)
- kernel: accepting plaintext data frames in protected networks (CVE-2020-26140)
- kernel: not verifying TKIP MIC of fragmented frames (CVE-2020-26141)
- kernel: accepting fragmented plaintext frames in protected networks (CVE-2020-26143)
- kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header (CVE-2020-26144)
- kernel: accepting plaintext broadcast fragments as full frames (CVE-2020-26145)
- kernel: powerpc: RTAS calls can be used to compromise kernel integrity (CVE-2020-27777)
- kernel: locking inconsistency in tty_io.c and tty_jobctrl.c can lead to a read-after-free (CVE-2020-29660)
- kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function via a long SSID value (CVE-2020-36158)
- kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() (CVE-2020-36386)
- kernel: Improper access control in BlueZ may allow information disclosure vulnerability. (CVE-2021-0129)
- kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c (CVE-2021-3348)
- kernel: Linux kernel eBPF RINGBUF map oversized allocation (CVE-2021-3489)
- kernel: double free in bluetooth subsystem when the HCI device initialization fails (CVE-2021-3564)
- kernel: use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573)
- kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600)
- kernel: DoS in rb_per_cpu_empty() (CVE-2021-3679)
- kernel: Mounting overlayfs inside an unprivileged user namespace can reveal files (CVE-2021-3732)
- kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt() (CVE-2021-20194)
- kernel: Race condition in sctp_destroy_sock list_del (CVE-2021-23133)
- kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode (CVE-2021-28950)
- kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c (CVE-2021-28971)
- kernel: protection can be bypassed to leak content of kernel memory (CVE-2021-29155)
- kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c (CVE-2021-29646)
- kernel: lack a full memory barrier may lead to DoS (CVE-2021-29650)
- kernel: local escalation of privileges in handling of eBPF programs (CVE-2021-31440)
- kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory (CVE-2021-31829)
- kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier (CVE-2021-33200)
- kernel: reassembling encrypted fragments with non-consecutive packet numbers (CVE-2020-26146)
- kernel: reassembling mixed encrypted/plaintext fragments (CVE-2020-26147)
- kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check (CVE-2020-29368)
- kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50 (CVE-2021-3635)
- kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (CVE-2021-3659)
- kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure (CVE-2021-20239)
- kernel: out of bounds array access in drivers/md/dm-ioctl.c (CVE-2021-31916) Related CVEs:
- CVE-2020-0427: kernel: out-of-bounds reads in pinctrl subsystem.
- CVE-2020-24502: kernel: Improper input validation in some Intel® Ethernet E810 Adapter drivers
- CVE-2020-24503: kernel: Insufficient access control in some Intel® Ethernet E810 Adapter drivers
- CVE-2020-24504: kernel: Uncontrolled resource consumption in some Intel® Ethernet E810 Adapter drivers
- CVE-2020-24586: kernel: Fragmentation cache not cleared on reconnection
- CVE-2020-24587: kernel: Reassembling fragments encrypted under different keys
- CVE-2020-24588: kernel: wifi frame payload being parsed incorrectly as an L2 frame
- CVE-2020-26139: kernel: Forwarding EAPOL from unauthenticated wifi client
- CVE-2020-26140: kernel: accepting plaintext data frames in protected networks
- CVE-2020-26141: kernel: not verifying TKIP MIC of fragmented frames
- CVE-2020-26143: kernel: accepting fragmented plaintext frames in protected networks
- CVE-2020-26144: kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header
- CVE-2020-26145: kernel: accepting plaintext broadcast fragments as full frames
- CVE-2020-26146: kernel: reassembling encrypted fragments with non-consecutive packet numbers
- CVE-2020-26147: kernel: reassembling mixed encrypted/plaintext fragments
- CVE-2020-27777: kernel: powerpc: RTAS calls can be used to compromise kernel integrity
- CVE-2020-29368: kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check
- CVE-2020-29660: kernel: locking inconsistency in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c can lead to a read-after-free
- CVE-2020-36158: kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function in drivers/net/wireless/marvell/mwifiex/join.c via a long SSID value
- CVE-2020-36386: kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() in net/bluetooth/hci_event.c
- CVE-2021-0129: kernel: Improper access control in BlueZ may allow information disclosure vulnerability.
- CVE-2021-3348: kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c
- CVE-2021-3489: kernel: Linux kernel eBPF RINGBUF map oversized allocation
- CVE-2021-3564: kernel: double free in bluetooth subsystem when the HCI device initialization fails
- CVE-2021-3573: kernel: use-after-free in function hci_sock_bound_ioctl()
- CVE-2021-3600: kernel: eBPF 32-bit source register truncation on div/mod
- CVE-2021-3635: kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50
- CVE-2021-3659: kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c
- CVE-2021-3679: kernel: DoS in rb_per_cpu_empty()
- CVE-2021-3732: kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files
- CVE-2021-20194: kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt()
- CVE-2021-20239: kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure
- CVE-2021-23133: kernel: Race condition in sctp_destroy_sock list_del
- CVE-2021-28950: kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode
- CVE-2021-28971: kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c
- CVE-2021-29155: kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory
- CVE-2021-29646: kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c
- CVE-2021-29650: kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS
- CVE-2021-31440: kernel: local escalation of privileges in handling of eBPF programs
- CVE-2021-31829: kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory
- CVE-2021-31916: kernel: out of bounds array access in drivers/md/dm-ioctl.c
- CVE-2021-33200: kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier
Related news
Updated packages that provide Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This release adds the new Apache HTTP Server 2.4.37 Service Pack 10 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 9 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Security Fix(es): * httpd: Single zero byte stack overflow in mod_auth_digest (CVE-2020-35452) * httpd: ...
An update for edk2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. The following packages have been upgraded to a later upstream version: edk2 (20210527gite1999b264f1f). (BZ#1846481, BZ#1938238) Security Fix(es): * openssl: integer overflow in CipherUpdate (CVE-2021-23840) * openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: Fo...
An update for dnf, dnf-plugins-core, and libdnf is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.dnf is a package manager that allows users to manage packages on their systems. It supports RPMs, modules and comps groups & environments. Security Fix(es): * libdnf: Signature verification bypass via signature placed in the main RPM header (CVE-2021-3445) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. Related CVEs: * CVE-2021-3445...
An update for ncurses is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The ncurses (new curses) library routines are a terminal-independent method of updating character screens with reasonable optimization. The ncurses packages contain support utilities including a terminfo compiler tic, a decompiler infocmp, clear, tput, tset, and a termcap conversion tool captoinfo. Security Fix(es): * ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c (CVE-2019-17594) * ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c (CVE-2019-17595) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refe...
An update for bluez is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts (Red Hat), and pcmcia configuration files. Security Fix(es): * bluez: Passkey Entry protocol of the Bluetooth Core is vulnerable to an impersonation attack (CVE-2020-26558) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the Reference...
An update for sqlite is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server. Security Fix(es): * sqlite: out-of-bounds access due to the use of 32-bit memory allocator interfaces (CVE-2019-5827) * sqlite: dropping of shadow tables not restricted in defensive mode (CVE-2019-13750) * sqlite: fts3: improve detection of corrupted records (CVE-2019-13751) * sqlite: ...
An update for linuxptp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The linuxptp packages provide Precision Time Protocol (PTP) implementation for Linux according to IEEE standard 1588 for Linux. The dual design goals are to provide a robust implementation of the standard and to use the most relevant and modern Application Programming Interfaces (API) offered by the Linux kernel. The following packages have been upgraded to a later upstream version: linuxptp (3.1.1). (BZ#1895005) Security Fix(es): * linuxptp: wrong length of one-step follow-up in transparent clock (CVE-2021-3571) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to t...
An update for libjpeg-turbo is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessing the libjpeg functions. These packages provide the same functionality and API as libjpeg but with better performance. Security Fix(es): * libjpeg-turbo: Stack-based buffer overflow in the "transform" component (CVE-2020-17541) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterpri...
An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427) * kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24502) * kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24503) * kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24504) * kernel: Fragmentation cache not cleared on reconnection (CVE-2020-24586) * kernel: Reassembling fragments encrypted un...
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: mod_session: NULL pointer dereference when parsing Cookie header (CVE-2021-26690) * httpd: Unexpected URL matching with 'MergeSlashes OFF' (CVE-2021-30641) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. Related CVEs: *...
An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.3.0. Security Fix(es): * Mozilla: Use-after-free in HTTP2 Session object * Mozilla: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3 * Mozilla: iframe sandbox rules did not apply to XSLT stylesheets (CVE-2021-38503) * Mozilla: Use-after-free in file picker dialog (CVE-2021-38504) * Mozilla: Firefox could be coaxed into going into fullscreen mode without notification or warning (CVE-2021-38506) * Mozilla: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports (CVE-2021-38...
An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.3.0. Security Fix(es): * Mozilla: Use-after-free in HTTP2 Session object * Mozilla: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3 * Mozilla: iframe sandbox rules did not apply to XSLT stylesheets (CVE-2021-38503) * Mozilla: Use-after-free in file picker dialog (CVE-2021-38504) * Mozilla: Firefox could be coaxed into going into fullscreen mode without notification or warning (CVE-2021-38506) * Mozilla: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports (CVE-2021-38...
An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.3.0. Security Fix(es): * Mozilla: Use-after-free in HTTP2 Session object * Mozilla: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3 * Mozilla: iframe sandbox rules did not apply to XSLT stylesheets (CVE-2021-38503) * Mozilla: Use-after-free in file picker dialog (CVE-2021-38504) * Mozilla: Firefox could be coaxed into going into fullscreen mode without notification or warning (CVE-2021-38506) * Mozilla: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted o...
An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.3.0. Security Fix(es): * Mozilla: Use-after-free in HTTP2 Session object * Mozilla: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3 * Mozilla: iframe sandbox rules did not apply to XSLT stylesheets (CVE-2021-38503) * Mozilla: Use-after-free in file picker dialog (CVE-2021-38504) * Mozilla: Firefox could be coaxed into going into fullscreen mode without notification or warning (CVE-2021-38506) * Mozilla: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted o...
An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.3.0 ESR. Security Fix(es): * Mozilla: Use-after-free in HTTP2 Session object * Mozilla: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3 * Mozilla: iframe sandbox rules did not apply to XSLT stylesheets (CVE-2021-38503) * Mozilla: Use-after-free in file picker dialog (CVE-2021-38504) * Mozilla: Firefox could be coaxed into going into fullscreen mode without notification or warning (CVE-2021-38506) * Mozilla: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy o...
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.3.0 ESR. Security Fix(es): * Mozilla: Use-after-free in HTTP2 Session object * Mozilla: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3 * Mozilla: iframe sandbox rules did not apply to XSLT stylesheets (CVE-2021-38503) * Mozilla: Use-after-free in file picker dialog (CVE-2021-38504) * Mozilla: Firefox could be coaxed into going into fullscreen mode without notification or warning (CVE-2021-38506) * Mozilla: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy o...
An update to the images for Red Hat Integration Service Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This release of Red Hat Integration - Service registry 2.0.2.GA serves as a replacement for 2.0.1.GA, and includes the below security fixes. Security Fix(es): * apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956) * RESTEasy: PathParam in RESTEasy can lead to a reflected XSS attack (CVE-2021-20293) * resteasy: Error message exposes endpoint class information (CVE-2021-20289) For more details about the security issue(s), including the impact, a CVSS score, ...
An update is now available for Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): * kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks (CVE-2021-22543) * kernel: powerpc: KVM guest OS users can cause host OS memory corruption (CVE-2021-37576) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs: * CVE-2021-22543: kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO ch...
An update for kernel is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use-after-free in drivers/infiniband/core/ucma.c ctx use-after-free (CVE-2020-36385) * kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks (CVE-2021-22543) * kernel: powerpc: KVM guest OS users can cause host OS memory corruption (CVE-2021-37576) * kernel: use-after-free in show_numa_stats function (CVE-2019-20934) * kernel: SVM nested virtualization issue in KVM (...