Red Hat Product Errata RHSA-2019:4058 - Security Advisory
Issued:
2019-12-03
Updated:
2019-12-03

RHSA-2019:4058 - Security Advisory

Synopsis

Important: kernel security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900)
  • Kernel: page cache side channel attacks (CVE-2019-5489)
  • Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer (CVE-2019-7221)
  • kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661)
  • kernel: Inifinite loop vulnerability in mm/madvise.c:madvise_willneed() function allows local denial of service (CVE-2017-18208)
  • kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • [LLNL 7.5 Bug] slab leak causing a crash when using kmem control group (BZ#1748234)
  • kmem, memcg: system crash due to cache destruction race (BZ#1754829)
  • kernel build: parallelize redhat/mod-sign.sh (BZ#1755327)
  • kernel build: speed up module compression step (BZ#1755336)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux Server - AUS 7.4 x86_64
  • Red Hat Enterprise Linux Server - TUS 7.4 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.4 x86_64

Fixes

  • BZ - 1481136 - CVE-2017-10661 kernel: Handling of might_cancel queueing is not properly pretected against race
  • BZ - 1551565 - CVE-2017-18208 kernel: Inifinite loop vulnerability in mm/madvise.c:madvise_willneed() function allows local denial of service
  • BZ - 1664110 - CVE-2019-5489 Kernel: page cache side channel attacks
  • BZ - 1671904 - CVE-2019-7221 Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer
  • BZ - 1698757 - CVE-2019-3900 Kernel: vhost_net: infinite loop while receiving packets leads to DoS
  • BZ - 1709180 - CVE-2019-11811 kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c

Red Hat Enterprise Linux Server - AUS 7.4

SRPM
kernel-3.10.0-693.61.1.el7.src.rpm SHA-256: 1a9f8c1cb6fab79c7e9351875cf81ed93c6a5d815f64669389d558cc86680e5b
x86_64
kernel-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: af984b72f13f953eda9e24588dd89d5afc86ed0db288663f1a3e23ee4ab0d94f
kernel-abi-whitelists-3.10.0-693.61.1.el7.noarch.rpm SHA-256: ac906ddf41531201adeea4a77dd01ce78b96a8677688ce7ae1b40d033ec6c762
kernel-debug-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: d29634202ea3b17b8199a982ce36997d136b746ed86115aa303f0497d9c580dc
kernel-debug-debuginfo-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: b90114e93abadce636c8201db2632fee4be756ec67ad7f9eb890f35c8cd2b2e8
kernel-debug-debuginfo-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: b90114e93abadce636c8201db2632fee4be756ec67ad7f9eb890f35c8cd2b2e8
kernel-debug-devel-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: 8d539d59136e939839b0081cddda600b02983d7f8ea418e404a2f9bbbd99b788
kernel-debuginfo-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: 9be1ef6bc52b4919de3bddf3d110a3393ffd0299f7605e7f087a7c88688cdac1
kernel-debuginfo-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: 9be1ef6bc52b4919de3bddf3d110a3393ffd0299f7605e7f087a7c88688cdac1
kernel-debuginfo-common-x86_64-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: a6b2536bc0450103a9be6606c1667da9b2e7ca818e73ab9cb76a68176c8380d2
kernel-debuginfo-common-x86_64-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: a6b2536bc0450103a9be6606c1667da9b2e7ca818e73ab9cb76a68176c8380d2
kernel-devel-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: 5ec8d4123319e1b267386533a2c585271d18d9d141c25f9dce5f4b6bed222b1a
kernel-doc-3.10.0-693.61.1.el7.noarch.rpm SHA-256: 04720cc8aa464061be1609490245638d2e7a5c7a0da60c232a2eed6fd21d828c
kernel-headers-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: ae0c3d354e44a96ef9189d8a10a7247f0ab772bd9a02bb9a80fe7194f48130fb
kernel-tools-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: 63914d8e77cd715a6fabdfd960e0213604073dedee8e12a685ae1e4dab17716f
kernel-tools-debuginfo-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: e7035a6869872f4ddb815c058047d38e3a162788d6cddac9dedcc5faf29cf7c1
kernel-tools-debuginfo-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: e7035a6869872f4ddb815c058047d38e3a162788d6cddac9dedcc5faf29cf7c1
kernel-tools-libs-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: c86c677de43df0e02f18f5230fd1dc3082576a6b248b851167598d8aab969893
kernel-tools-libs-devel-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: 91ebe22393504e5e5aaceb1d8d3d49bc628b242234c84a62f766f51310291f62
perf-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: 6eb188bd285466c0c3a22d91cebb255999bbd80b536925f86909995b1c19856c
perf-debuginfo-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: d70614190795cadd87bae4f6db79b19d000c14ff790b08ab41ae2d69990007cb
perf-debuginfo-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: d70614190795cadd87bae4f6db79b19d000c14ff790b08ab41ae2d69990007cb
python-perf-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: 2261ed6667d5d8bf9cf4e93504fd0be772e6406aa027bf3390ad0a9c433556f0
python-perf-debuginfo-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: 02cfad4667df9932332cb9acbcbf72ee170a89ecdca40bf31aea6ac91c63ccc2
python-perf-debuginfo-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: 02cfad4667df9932332cb9acbcbf72ee170a89ecdca40bf31aea6ac91c63ccc2

Red Hat Enterprise Linux Server - TUS 7.4

SRPM
kernel-3.10.0-693.61.1.el7.src.rpm SHA-256: 1a9f8c1cb6fab79c7e9351875cf81ed93c6a5d815f64669389d558cc86680e5b
x86_64
kernel-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: af984b72f13f953eda9e24588dd89d5afc86ed0db288663f1a3e23ee4ab0d94f
kernel-abi-whitelists-3.10.0-693.61.1.el7.noarch.rpm SHA-256: ac906ddf41531201adeea4a77dd01ce78b96a8677688ce7ae1b40d033ec6c762
kernel-debug-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: d29634202ea3b17b8199a982ce36997d136b746ed86115aa303f0497d9c580dc
kernel-debug-debuginfo-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: b90114e93abadce636c8201db2632fee4be756ec67ad7f9eb890f35c8cd2b2e8
kernel-debug-debuginfo-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: b90114e93abadce636c8201db2632fee4be756ec67ad7f9eb890f35c8cd2b2e8
kernel-debug-devel-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: 8d539d59136e939839b0081cddda600b02983d7f8ea418e404a2f9bbbd99b788
kernel-debuginfo-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: 9be1ef6bc52b4919de3bddf3d110a3393ffd0299f7605e7f087a7c88688cdac1
kernel-debuginfo-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: 9be1ef6bc52b4919de3bddf3d110a3393ffd0299f7605e7f087a7c88688cdac1
kernel-debuginfo-common-x86_64-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: a6b2536bc0450103a9be6606c1667da9b2e7ca818e73ab9cb76a68176c8380d2
kernel-debuginfo-common-x86_64-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: a6b2536bc0450103a9be6606c1667da9b2e7ca818e73ab9cb76a68176c8380d2
kernel-devel-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: 5ec8d4123319e1b267386533a2c585271d18d9d141c25f9dce5f4b6bed222b1a
kernel-doc-3.10.0-693.61.1.el7.noarch.rpm SHA-256: 04720cc8aa464061be1609490245638d2e7a5c7a0da60c232a2eed6fd21d828c
kernel-headers-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: ae0c3d354e44a96ef9189d8a10a7247f0ab772bd9a02bb9a80fe7194f48130fb
kernel-tools-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: 63914d8e77cd715a6fabdfd960e0213604073dedee8e12a685ae1e4dab17716f
kernel-tools-debuginfo-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: e7035a6869872f4ddb815c058047d38e3a162788d6cddac9dedcc5faf29cf7c1
kernel-tools-debuginfo-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: e7035a6869872f4ddb815c058047d38e3a162788d6cddac9dedcc5faf29cf7c1
kernel-tools-libs-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: c86c677de43df0e02f18f5230fd1dc3082576a6b248b851167598d8aab969893
kernel-tools-libs-devel-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: 91ebe22393504e5e5aaceb1d8d3d49bc628b242234c84a62f766f51310291f62
perf-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: 6eb188bd285466c0c3a22d91cebb255999bbd80b536925f86909995b1c19856c
perf-debuginfo-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: d70614190795cadd87bae4f6db79b19d000c14ff790b08ab41ae2d69990007cb
perf-debuginfo-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: d70614190795cadd87bae4f6db79b19d000c14ff790b08ab41ae2d69990007cb
python-perf-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: 2261ed6667d5d8bf9cf4e93504fd0be772e6406aa027bf3390ad0a9c433556f0
python-perf-debuginfo-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: 02cfad4667df9932332cb9acbcbf72ee170a89ecdca40bf31aea6ac91c63ccc2
python-perf-debuginfo-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: 02cfad4667df9932332cb9acbcbf72ee170a89ecdca40bf31aea6ac91c63ccc2

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.4

SRPM
kernel-3.10.0-693.61.1.el7.src.rpm SHA-256: 1a9f8c1cb6fab79c7e9351875cf81ed93c6a5d815f64669389d558cc86680e5b
ppc64le
kernel-3.10.0-693.61.1.el7.ppc64le.rpm SHA-256: 5cde3fe57f9de5ef805399d4a7418b97c68068a59e9bf1e1ca84e16463d25d26
kernel-abi-whitelists-3.10.0-693.61.1.el7.noarch.rpm SHA-256: ac906ddf41531201adeea4a77dd01ce78b96a8677688ce7ae1b40d033ec6c762
kernel-bootwrapper-3.10.0-693.61.1.el7.ppc64le.rpm SHA-256: ed0a6bdd7a030eca99b7d1417d215550d45fd66a55af2fec14c57b86bcc4012c
kernel-debug-3.10.0-693.61.1.el7.ppc64le.rpm SHA-256: 74357b3a34ce26c0ed2b1bac69020ae5e5462de2cd9f7d9126a7511df898bcd4
kernel-debug-debuginfo-3.10.0-693.61.1.el7.ppc64le.rpm SHA-256: c78b1c72614eca3c3e9f3026ca0d9d3adc202218142212459102795132063372
kernel-debug-debuginfo-3.10.0-693.61.1.el7.ppc64le.rpm SHA-256: c78b1c72614eca3c3e9f3026ca0d9d3adc202218142212459102795132063372
kernel-debug-devel-3.10.0-693.61.1.el7.ppc64le.rpm SHA-256: d72b37bffdc79e9243accc386e68511ef9a5e3de0e442ccb5f9747aed2a1ad22
kernel-debuginfo-3.10.0-693.61.1.el7.ppc64le.rpm SHA-256: a90d7b77372a03dddb579ce209815734f4a6c8a65621421bb2acab10f0b1e9b6
kernel-debuginfo-3.10.0-693.61.1.el7.ppc64le.rpm SHA-256: a90d7b77372a03dddb579ce209815734f4a6c8a65621421bb2acab10f0b1e9b6
kernel-debuginfo-common-ppc64le-3.10.0-693.61.1.el7.ppc64le.rpm SHA-256: 37d1033f21a7ddd321b84ebd41c0dd8b8706bf5ffb83debd8046cf58adf03062
kernel-debuginfo-common-ppc64le-3.10.0-693.61.1.el7.ppc64le.rpm SHA-256: 37d1033f21a7ddd321b84ebd41c0dd8b8706bf5ffb83debd8046cf58adf03062
kernel-devel-3.10.0-693.61.1.el7.ppc64le.rpm SHA-256: d0429fc533c6d134ee12c186c0dbc5a9b27468d114e039280c8ca2c5a3234db1
kernel-doc-3.10.0-693.61.1.el7.noarch.rpm SHA-256: 04720cc8aa464061be1609490245638d2e7a5c7a0da60c232a2eed6fd21d828c
kernel-headers-3.10.0-693.61.1.el7.ppc64le.rpm SHA-256: 93be53e3f2ca3d6853b0a0083b7192acc02a083e96900678b639de2ee542e770
kernel-tools-3.10.0-693.61.1.el7.ppc64le.rpm SHA-256: 48f988c6f557b0c8b361c52e71a21cd40884cb6cb8a635c319c07d42ccd26f7b
kernel-tools-debuginfo-3.10.0-693.61.1.el7.ppc64le.rpm SHA-256: b0889bcf7518295863fa6bf2117323ead61020a08185fd631f201c9277ff4e8a
kernel-tools-debuginfo-3.10.0-693.61.1.el7.ppc64le.rpm SHA-256: b0889bcf7518295863fa6bf2117323ead61020a08185fd631f201c9277ff4e8a
kernel-tools-libs-3.10.0-693.61.1.el7.ppc64le.rpm SHA-256: a61e6929a8815474c2a390151ae61e97d84ab8673bbbaa16bf11544fbc6ca658
kernel-tools-libs-devel-3.10.0-693.61.1.el7.ppc64le.rpm SHA-256: e3a4e7204157dbcf9483690050542336366832a5c5bfa0d020734c5a6837cdaf
perf-3.10.0-693.61.1.el7.ppc64le.rpm SHA-256: 200e86713103bcf6775f34b9ddbab200f4306e43f69c1db5fe1a96dd3276b4d7
perf-debuginfo-3.10.0-693.61.1.el7.ppc64le.rpm SHA-256: 0a2822ee2311169a427b82f20944248c6ef2db7eaa1b786e9088361fdfea36d8
perf-debuginfo-3.10.0-693.61.1.el7.ppc64le.rpm SHA-256: 0a2822ee2311169a427b82f20944248c6ef2db7eaa1b786e9088361fdfea36d8
python-perf-3.10.0-693.61.1.el7.ppc64le.rpm SHA-256: 531f695346aa779e7c1d9c02ebb9c7538b85accd24a84ecdb8e4c259825827a2
python-perf-debuginfo-3.10.0-693.61.1.el7.ppc64le.rpm SHA-256: 48a0068e369344d25b6e6734dccaf0e10964004836434904f83dd6361cd560ff
python-perf-debuginfo-3.10.0-693.61.1.el7.ppc64le.rpm SHA-256: 48a0068e369344d25b6e6734dccaf0e10964004836434904f83dd6361cd560ff

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.4

SRPM
kernel-3.10.0-693.61.1.el7.src.rpm SHA-256: 1a9f8c1cb6fab79c7e9351875cf81ed93c6a5d815f64669389d558cc86680e5b
x86_64
kernel-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: af984b72f13f953eda9e24588dd89d5afc86ed0db288663f1a3e23ee4ab0d94f
kernel-abi-whitelists-3.10.0-693.61.1.el7.noarch.rpm SHA-256: ac906ddf41531201adeea4a77dd01ce78b96a8677688ce7ae1b40d033ec6c762
kernel-debug-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: d29634202ea3b17b8199a982ce36997d136b746ed86115aa303f0497d9c580dc
kernel-debug-debuginfo-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: b90114e93abadce636c8201db2632fee4be756ec67ad7f9eb890f35c8cd2b2e8
kernel-debug-debuginfo-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: b90114e93abadce636c8201db2632fee4be756ec67ad7f9eb890f35c8cd2b2e8
kernel-debug-devel-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: 8d539d59136e939839b0081cddda600b02983d7f8ea418e404a2f9bbbd99b788
kernel-debuginfo-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: 9be1ef6bc52b4919de3bddf3d110a3393ffd0299f7605e7f087a7c88688cdac1
kernel-debuginfo-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: 9be1ef6bc52b4919de3bddf3d110a3393ffd0299f7605e7f087a7c88688cdac1
kernel-debuginfo-common-x86_64-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: a6b2536bc0450103a9be6606c1667da9b2e7ca818e73ab9cb76a68176c8380d2
kernel-debuginfo-common-x86_64-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: a6b2536bc0450103a9be6606c1667da9b2e7ca818e73ab9cb76a68176c8380d2
kernel-devel-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: 5ec8d4123319e1b267386533a2c585271d18d9d141c25f9dce5f4b6bed222b1a
kernel-doc-3.10.0-693.61.1.el7.noarch.rpm SHA-256: 04720cc8aa464061be1609490245638d2e7a5c7a0da60c232a2eed6fd21d828c
kernel-headers-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: ae0c3d354e44a96ef9189d8a10a7247f0ab772bd9a02bb9a80fe7194f48130fb
kernel-tools-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: 63914d8e77cd715a6fabdfd960e0213604073dedee8e12a685ae1e4dab17716f
kernel-tools-debuginfo-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: e7035a6869872f4ddb815c058047d38e3a162788d6cddac9dedcc5faf29cf7c1
kernel-tools-debuginfo-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: e7035a6869872f4ddb815c058047d38e3a162788d6cddac9dedcc5faf29cf7c1
kernel-tools-libs-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: c86c677de43df0e02f18f5230fd1dc3082576a6b248b851167598d8aab969893
kernel-tools-libs-devel-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: 91ebe22393504e5e5aaceb1d8d3d49bc628b242234c84a62f766f51310291f62
perf-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: 6eb188bd285466c0c3a22d91cebb255999bbd80b536925f86909995b1c19856c
perf-debuginfo-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: d70614190795cadd87bae4f6db79b19d000c14ff790b08ab41ae2d69990007cb
perf-debuginfo-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: d70614190795cadd87bae4f6db79b19d000c14ff790b08ab41ae2d69990007cb
python-perf-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: 2261ed6667d5d8bf9cf4e93504fd0be772e6406aa027bf3390ad0a9c433556f0
python-perf-debuginfo-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: 02cfad4667df9932332cb9acbcbf72ee170a89ecdca40bf31aea6ac91c63ccc2
python-perf-debuginfo-3.10.0-693.61.1.el7.x86_64.rpm SHA-256: 02cfad4667df9932332cb9acbcbf72ee170a89ecdca40bf31aea6ac91c63ccc2

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.