- Issued:
- 2020-07-07
- Updated:
- 2020-07-07
RHSA-2020:2854 - Security Advisory
Synopsis
Important: kernel-alt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-alt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-alt packages provide the Linux kernel version 4.x.
Security Fix(es):
- kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)
- Kernel: ppc: kvm: conflicting use of HSTATE_HOST_R1 to store r1 state leads to host stack corruption (CVE-2020-8834)
- Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario (CVE-2020-12888)
- kernel: use after free due to race condition in the video driver leads to local privilege escalation (CVE-2019-9458)
- kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)
- kernel: use-after-free in drivers/bluetooth/hci_ldisc.c (CVE-2019-15917)
- kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c (CVE-2019-18808)
- kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c (CVE-2019-19767)
- kernel: an out-of-bounds write via crafted keycode table (CVE-2019-20636)
- kernel: use-after-free read in napi_gro_frags() in the Linux kernel (CVE-2020-10720)
- kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c (CVE-2020-11565)
- kernel: A memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for a DoS (CVE-2019-19062)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- XFS: Metadata corruption detected at xfs_attr3_leaf_read_verify [rhel-alt-7.6.z] (BZ#1830836)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for ARM 64 7 aarch64
- Red Hat Enterprise Linux for Power 9 7 ppc64le
- Red Hat Enterprise Linux for IBM System z (Structure A) 7 s390x
Fixes
- BZ - 1660375 - CVE-2018-16884 kernel: nfs: use-after-free in svc_process_common()
- BZ - 1709180 - CVE-2019-11811 kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c
- BZ - 1760100 - CVE-2019-15917 kernel: use-after-free in drivers/bluetooth/hci_ldisc.c
- BZ - 1775021 - CVE-2019-19062 kernel: A memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for a DoS
- BZ - 1777418 - CVE-2019-18808 kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c
- BZ - 1781204 - CVE-2020-10720 kernel: use-after-free read in napi_gro_frags() in the Linux kernel
- BZ - 1786160 - CVE-2019-19767 kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c
- BZ - 1819377 - CVE-2019-9458 kernel: use after free due to race condition in the video driver leads to local privilege escalation
- BZ - 1819615 - CVE-2020-8834 Kernel: ppc: kvm: conflicting use of HSTATE_HOST_R1 to store r1 state leads to host stack corruption
- BZ - 1824059 - CVE-2019-20636 kernel: an out-of-bounds write via crafted keycode table
- BZ - 1824918 - CVE-2020-11565 kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c
- BZ - 1836244 - CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario
CVEs
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for ARM 64 7
| SRPM | |
|---|---|
| kernel-alt-4.14.0-115.26.1.el7a.src.rpm | SHA-256: 03a0a1fc52bc921fe6260792df048ab1898cd6e6a394b2d5c0048498bf08504c |
| aarch64 | |
| kernel-4.14.0-115.26.1.el7a.aarch64.rpm | SHA-256: 3f04eaffd18a750bf56109ac2ba16439e8544dde9924eafd32173a3ba5329097 |
| kernel-abi-whitelists-4.14.0-115.26.1.el7a.noarch.rpm | SHA-256: 462612cd4a8e04a0e42cfc9f1acd00f4a8786e18ebf7d15b26ac4e46a17666e6 |
| kernel-debug-4.14.0-115.26.1.el7a.aarch64.rpm | SHA-256: a8cdeb4cfe0aeabcba9cd6a1a900deb7c9c5d2139dd81282838c8878109c3ffa |
| kernel-debug-debuginfo-4.14.0-115.26.1.el7a.aarch64.rpm | SHA-256: 548026b1d67c8ab7f2d6571aa8641a587bb285da36ecfb7859098f2bc3279d90 |
| kernel-debug-debuginfo-4.14.0-115.26.1.el7a.aarch64.rpm | SHA-256: 548026b1d67c8ab7f2d6571aa8641a587bb285da36ecfb7859098f2bc3279d90 |
| kernel-debug-devel-4.14.0-115.26.1.el7a.aarch64.rpm | SHA-256: eadf98302aa1d6cb5c42d3bfc64fcac4cc95913e553c5e73494f49049c082c9f |
| kernel-debuginfo-4.14.0-115.26.1.el7a.aarch64.rpm | SHA-256: 8c6a21083e2b7d6323b990ddb26e5ac99b19321a4c894aef83004dfb356f0b59 |
| kernel-debuginfo-4.14.0-115.26.1.el7a.aarch64.rpm | SHA-256: 8c6a21083e2b7d6323b990ddb26e5ac99b19321a4c894aef83004dfb356f0b59 |
| kernel-debuginfo-common-aarch64-4.14.0-115.26.1.el7a.aarch64.rpm | SHA-256: 96db1e6d780817ae9590a314e20da71bae4243e5f9e9b242b8aa5bdeefd95b90 |
| kernel-debuginfo-common-aarch64-4.14.0-115.26.1.el7a.aarch64.rpm | SHA-256: 96db1e6d780817ae9590a314e20da71bae4243e5f9e9b242b8aa5bdeefd95b90 |
| kernel-devel-4.14.0-115.26.1.el7a.aarch64.rpm | SHA-256: d1f5107e716bc0f2e7fec84585e949a4c32fdd0975283a254d0a8b7d3ff27ffb |
| kernel-doc-4.14.0-115.26.1.el7a.noarch.rpm | SHA-256: 85cf6595d4c42fffeed55ebccf097cc553b637a1386c3806c5409ffd7df7d820 |
| kernel-doc-4.14.0-115.26.1.el7a.noarch.rpm | SHA-256: 85cf6595d4c42fffeed55ebccf097cc553b637a1386c3806c5409ffd7df7d820 |
| kernel-headers-4.14.0-115.26.1.el7a.aarch64.rpm | SHA-256: 270f300d3fa4142ffd9b59eb9112a1e3ba957674e48f6756068b24b7c370db1b |
| kernel-tools-4.14.0-115.26.1.el7a.aarch64.rpm | SHA-256: 0ee91a42438f24559e701fd6915f846cdcf77dd52c9bbaa7ed09ed07e10a0318 |
| kernel-tools-debuginfo-4.14.0-115.26.1.el7a.aarch64.rpm | SHA-256: 35a3ca473a5febde663f57f69924ff01970d4da74553a131e26f0d01ddba5317 |
| kernel-tools-debuginfo-4.14.0-115.26.1.el7a.aarch64.rpm | SHA-256: 35a3ca473a5febde663f57f69924ff01970d4da74553a131e26f0d01ddba5317 |
| kernel-tools-libs-4.14.0-115.26.1.el7a.aarch64.rpm | SHA-256: 90378ecadf46f4d3a5f89a03a71ae17df8b2491e0ecd948759330fc47c56d105 |
| kernel-tools-libs-devel-4.14.0-115.26.1.el7a.aarch64.rpm | SHA-256: 92968698cc5978c726f349d45f57d36ba0700316e69fe6bc97f10c2a2c8eea57 |
| perf-4.14.0-115.26.1.el7a.aarch64.rpm | SHA-256: d141f1e9cd52e3ef614a9133e2c779a9567e844afb2550791f27647141249a35 |
| perf-debuginfo-4.14.0-115.26.1.el7a.aarch64.rpm | SHA-256: 41c46376e628a66a2686041f7ec4f0f12a04a9cfe827ee742ae8b873af15fa6d |
| perf-debuginfo-4.14.0-115.26.1.el7a.aarch64.rpm | SHA-256: 41c46376e628a66a2686041f7ec4f0f12a04a9cfe827ee742ae8b873af15fa6d |
| python-perf-4.14.0-115.26.1.el7a.aarch64.rpm | SHA-256: 550ee19f8da86e48bb99c425cd19f79a3dbc64884db29fb54e5d737042eaf335 |
| python-perf-debuginfo-4.14.0-115.26.1.el7a.aarch64.rpm | SHA-256: 352462c45efaea465cbe96c8ea56fbbe2d884611d4d4a54562beca56c5d5bc53 |
| python-perf-debuginfo-4.14.0-115.26.1.el7a.aarch64.rpm | SHA-256: 352462c45efaea465cbe96c8ea56fbbe2d884611d4d4a54562beca56c5d5bc53 |
Red Hat Enterprise Linux for Power 9 7
| SRPM | |
|---|---|
| kernel-alt-4.14.0-115.26.1.el7a.src.rpm | SHA-256: 03a0a1fc52bc921fe6260792df048ab1898cd6e6a394b2d5c0048498bf08504c |
| ppc64le | |
| kernel-4.14.0-115.26.1.el7a.ppc64le.rpm | SHA-256: 77a5d1faf2f7d1baed0d1fa6d1fe119791b2f13874825edd07d6897295e79f21 |
| kernel-abi-whitelists-4.14.0-115.26.1.el7a.noarch.rpm | SHA-256: 462612cd4a8e04a0e42cfc9f1acd00f4a8786e18ebf7d15b26ac4e46a17666e6 |
| kernel-bootwrapper-4.14.0-115.26.1.el7a.ppc64le.rpm | SHA-256: 980eaacb44a3d6723714140d235225377cd9df9e9b003c1177cff7cd4303b657 |
| kernel-debug-4.14.0-115.26.1.el7a.ppc64le.rpm | SHA-256: 96c68a0849bbd87acd8efa1dcf7e9115842183b20081b51e5a9b45414844a9b5 |
| kernel-debug-debuginfo-4.14.0-115.26.1.el7a.ppc64le.rpm | SHA-256: 04d8d67aea7ec7ade30a84638a8199d58a841cb32660e6a76fc798cb9bdc58a9 |
| kernel-debug-debuginfo-4.14.0-115.26.1.el7a.ppc64le.rpm | SHA-256: 04d8d67aea7ec7ade30a84638a8199d58a841cb32660e6a76fc798cb9bdc58a9 |
| kernel-debug-devel-4.14.0-115.26.1.el7a.ppc64le.rpm | SHA-256: 9fe95580cf90b1030aeb90ff67604515b765123cddfca191cecff066b16e9b7d |
| kernel-debuginfo-4.14.0-115.26.1.el7a.ppc64le.rpm | SHA-256: 53756744e04b0e00f668ae8f59a208bae3ddadd827ba5f7ae7f0800b9ac38806 |
| kernel-debuginfo-4.14.0-115.26.1.el7a.ppc64le.rpm | SHA-256: 53756744e04b0e00f668ae8f59a208bae3ddadd827ba5f7ae7f0800b9ac38806 |
| kernel-debuginfo-common-ppc64le-4.14.0-115.26.1.el7a.ppc64le.rpm | SHA-256: d69747c7eab1b01aaf75d5d6a2b59b1e1e8d4b50c3fe897fc537582a628d22f7 |
| kernel-debuginfo-common-ppc64le-4.14.0-115.26.1.el7a.ppc64le.rpm | SHA-256: d69747c7eab1b01aaf75d5d6a2b59b1e1e8d4b50c3fe897fc537582a628d22f7 |
| kernel-devel-4.14.0-115.26.1.el7a.ppc64le.rpm | SHA-256: f429d0f518530331f9a17120b765a2953929c942cf5044a6e25cbb4be16e7a41 |
| kernel-doc-4.14.0-115.26.1.el7a.noarch.rpm | SHA-256: 85cf6595d4c42fffeed55ebccf097cc553b637a1386c3806c5409ffd7df7d820 |
| kernel-headers-4.14.0-115.26.1.el7a.ppc64le.rpm | SHA-256: 587b9499a4dcb40a4fdc51584dc51b5f2921e9c5e9a4e8c5177ba3ab1e4eb5cb |
| kernel-tools-4.14.0-115.26.1.el7a.ppc64le.rpm | SHA-256: a61c88d47b15c42bb8cd31209c1985ada26d708b3b5a45fe75e83bd964062ace |
| kernel-tools-debuginfo-4.14.0-115.26.1.el7a.ppc64le.rpm | SHA-256: b46e57344fd84436a16c5aba534e129477c9b865737e4d33de6513a37247bac9 |
| kernel-tools-debuginfo-4.14.0-115.26.1.el7a.ppc64le.rpm | SHA-256: b46e57344fd84436a16c5aba534e129477c9b865737e4d33de6513a37247bac9 |
| kernel-tools-libs-4.14.0-115.26.1.el7a.ppc64le.rpm | SHA-256: 896da04f0da018bb1717c648c39ae538ade68d970e3d9c8d9843f8bca5c8c17a |
| kernel-tools-libs-devel-4.14.0-115.26.1.el7a.ppc64le.rpm | SHA-256: ac39452f50b475c1d85a9d0fd5e471cc27bccdc161d6360f1bb0ae9e2461ad96 |
| perf-4.14.0-115.26.1.el7a.ppc64le.rpm | SHA-256: 0c6756834aa1b185d228836e24f349885a671e373a50c0efe2dad259b878f1ec |
| perf-debuginfo-4.14.0-115.26.1.el7a.ppc64le.rpm | SHA-256: 2d1b66de20dd878c73055745f8f361ee7d968ce8b963cd9343d48e2ba6089661 |
| perf-debuginfo-4.14.0-115.26.1.el7a.ppc64le.rpm | SHA-256: 2d1b66de20dd878c73055745f8f361ee7d968ce8b963cd9343d48e2ba6089661 |
| python-perf-4.14.0-115.26.1.el7a.ppc64le.rpm | SHA-256: 234407627b6d2894836715cb7b53f1a342e7118e4c8f6d96897a722cf8ced69a |
| python-perf-debuginfo-4.14.0-115.26.1.el7a.ppc64le.rpm | SHA-256: cbe813bf9c29093e4f93d7945a012ea9bab4afc7a68f37be03f1b177f0bb67df |
| python-perf-debuginfo-4.14.0-115.26.1.el7a.ppc64le.rpm | SHA-256: cbe813bf9c29093e4f93d7945a012ea9bab4afc7a68f37be03f1b177f0bb67df |
Red Hat Enterprise Linux for IBM System z (Structure A) 7
| SRPM | |
|---|---|
| kernel-alt-4.14.0-115.26.1.el7a.src.rpm | SHA-256: 03a0a1fc52bc921fe6260792df048ab1898cd6e6a394b2d5c0048498bf08504c |
| s390x | |
| kernel-4.14.0-115.26.1.el7a.s390x.rpm | SHA-256: 4e61344a28754bd56e8734c0cb3ad0bb324cfdd95924ac48db66e1330c6711e6 |
| kernel-abi-whitelists-4.14.0-115.26.1.el7a.noarch.rpm | SHA-256: 462612cd4a8e04a0e42cfc9f1acd00f4a8786e18ebf7d15b26ac4e46a17666e6 |
| kernel-debug-4.14.0-115.26.1.el7a.s390x.rpm | SHA-256: cb0e2197c380627c135a63af187312e4bbc18603be4ac7330b02284f0645e9a1 |
| kernel-debug-debuginfo-4.14.0-115.26.1.el7a.s390x.rpm | SHA-256: 6d2604cf545f086e66ca48f88291018a71051b469b6e24f5094e8c57ea3cdd74 |
| kernel-debug-devel-4.14.0-115.26.1.el7a.s390x.rpm | SHA-256: ccc7c3073f4749b190a9391eabeea546bd4b09105d7fbd49eebf4aae33089145 |
| kernel-debuginfo-4.14.0-115.26.1.el7a.s390x.rpm | SHA-256: 62826d812315ab6b00c7bea3392f90eefc0cdfb5fc89e8a043f6bde45ab9d0f1 |
| kernel-debuginfo-common-s390x-4.14.0-115.26.1.el7a.s390x.rpm | SHA-256: 37923adf65a7efd160c6d7be026502477d2e100141446add102f0b10ddf54f2a |
| kernel-devel-4.14.0-115.26.1.el7a.s390x.rpm | SHA-256: e85a19ca0da0e902ede7cdd09bc6d44beb87d0bbc08027cf29680d4efa5b5d6c |
| kernel-doc-4.14.0-115.26.1.el7a.noarch.rpm | SHA-256: 85cf6595d4c42fffeed55ebccf097cc553b637a1386c3806c5409ffd7df7d820 |
| kernel-headers-4.14.0-115.26.1.el7a.s390x.rpm | SHA-256: e2736a8211fc0225f15a5d893d694f22282104f4bb1b67a75d98e33d58bf5b9c |
| kernel-kdump-4.14.0-115.26.1.el7a.s390x.rpm | SHA-256: e0d287b733037eb369ff72cbff0a3564ef995ce3343249115a8dd97f3df8d0e8 |
| kernel-kdump-debuginfo-4.14.0-115.26.1.el7a.s390x.rpm | SHA-256: b9d041d5b069b9fb543ed6ca98c2888a1ee6b98fc021400a543c80bced9d98f4 |
| kernel-kdump-devel-4.14.0-115.26.1.el7a.s390x.rpm | SHA-256: e21aa6f151fb86f62013928fd49786a0c8c6156d4589a2cce4947732a0f98698 |
| perf-4.14.0-115.26.1.el7a.s390x.rpm | SHA-256: c734082cec7b0ba1d174e004283365d4dcdf90a0c0daea4b34e3b98eb88b9537 |
| perf-debuginfo-4.14.0-115.26.1.el7a.s390x.rpm | SHA-256: c4269aa6619e3baebbd545171ea41759247273ffc942397e06b3945718268ed8 |
| python-perf-4.14.0-115.26.1.el7a.s390x.rpm | SHA-256: bacfda03c6b0547ca2f6bec23f1af069d02da632f81a9db89ce6f654ef1d2dca |
| python-perf-debuginfo-4.14.0-115.26.1.el7a.s390x.rpm | SHA-256: 3cc02e1ffe9c07524481e874363ee4d71a8b2c800ae962b4437d311c85caa6f5 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.