Red Hat Product Errata RHSA-2021:3812 - Security Advisory

Issued:: 2021-10-12
Updated:: 2021-10-12

RHSA-2021:3812 - Security Advisory

Overview
Updated Packages

Synopsis

Important: kernel security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update Support, and Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks (CVE-2021-22543)
kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c (CVE-2021-22555)
kernel: powerpc: KVM guest OS users can cause host OS memory corruption (CVE-2021-37576)
kernel: SVM nested virtualization issue in KVM (AVIC support) (CVE-2021-3653)
kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE) (CVE-2021-3656)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

Red Hat Enterprise Linux Server - AUS 7.6 x86_64
Red Hat Enterprise Linux Server - TUS 7.6 x86_64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.6 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.6 x86_64

Fixes

BZ - 1965461 - CVE-2021-22543 kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks
BZ - 1980101 - CVE-2021-22555 kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c
BZ - 1983686 - CVE-2021-3653 kernel: SVM nested virtualization issue in KVM (AVIC support)
BZ - 1983988 - CVE-2021-3656 kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE)
BZ - 1986506 - CVE-2021-37576 kernel: powerpc: KVM guest OS users can cause host OS memory corruption

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 7.6

SRPM
kernel-3.10.0-957.84.1.el7.src.rpm	SHA-256: 4365a94a1712b3d512a878465621208ccd4673b14696b0f9018fc8d1a7a4a348
x86_64
bpftool-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 1acab7b605637db3fc7fa8e2cc889fa7b7d893104c933ca82d85f9452292622d
kernel-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 6eb761cc4b4c46bfb21043b5fbb80fe20dbf343284c4c3e8a20d6ffcb58b2ed1
kernel-abi-whitelists-3.10.0-957.84.1.el7.noarch.rpm	SHA-256: 30061e09ac310596e84edae946ce298e63effb1194347ff1c17d61d013dc7ea9
kernel-debug-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 5299451824dc5beb5e6f238350966b4ecbfc60be96d728e92f5181f3a9648ec2
kernel-debug-debuginfo-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 253a0627b9b8f70c3f51018eddb5ad0945de3e250953f110fac6be31e628162a
kernel-debug-debuginfo-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 253a0627b9b8f70c3f51018eddb5ad0945de3e250953f110fac6be31e628162a
kernel-debug-devel-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 3175a4aa903d66ac24b442b52ec71f9bf0c7f02b3df5f40e400cab00d59310bd
kernel-debuginfo-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 9584456877c0da7f3602ab2fedb1146fb712ae3b7fa6b883bed8d79d4985919d
kernel-debuginfo-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 9584456877c0da7f3602ab2fedb1146fb712ae3b7fa6b883bed8d79d4985919d
kernel-debuginfo-common-x86_64-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 1f19d0b2b2d84a9d35e0213e1849117cc33f6f3badce341ba5609f9f035a0c0b
kernel-debuginfo-common-x86_64-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 1f19d0b2b2d84a9d35e0213e1849117cc33f6f3badce341ba5609f9f035a0c0b
kernel-devel-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: de624c148f4a51d317d137ce1524f5d5a2cc7ad2616ea2f02c187154e2b23135
kernel-doc-3.10.0-957.84.1.el7.noarch.rpm	SHA-256: 12f065862a7c5df68a3942a8f1a1dd40b6faa104e061aff33ec8b0e7b354e63f
kernel-headers-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 1d839840aa2f462647f532d122f4f8d569eb0c4266fdca1c928345ca8c9e0b3b
kernel-tools-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: b77f7d0311fc0ae2eadda6c84f2bc0ac4f3f4fda391c9dead1ed1820a0a8ec57
kernel-tools-debuginfo-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: eb48c159632bbe6a61dfd14dedea107a5486f90ffc7ad615b65b3da12b9b93c4
kernel-tools-debuginfo-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: eb48c159632bbe6a61dfd14dedea107a5486f90ffc7ad615b65b3da12b9b93c4
kernel-tools-libs-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 4ee072fa52734f64c1bcfa4160fcb7e4e3412f9fecab93ad6ebd21edac3837f7
kernel-tools-libs-devel-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 7d78ff444817a1fef334aeb8adf102323063e1116612994bcba8dcf96ee8107c
perf-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 91e45f71d69ba5262316066344d56435b5bf3592fe1d4927391c3574649a4e04
perf-debuginfo-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: fa44508ddf5134f40965ce9602ddd34b14c2d21eb243110bfde76b49fe6ac8e1
perf-debuginfo-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: fa44508ddf5134f40965ce9602ddd34b14c2d21eb243110bfde76b49fe6ac8e1
python-perf-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 66f9825d225c442931faa8563da808d2ff0733d35d83c8e35aa09c93f37cfb32
python-perf-debuginfo-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 2d6e8c0d0a18ae12662884124a0ac9e2a6c6790ac18664bf5539f619b07db760
python-perf-debuginfo-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 2d6e8c0d0a18ae12662884124a0ac9e2a6c6790ac18664bf5539f619b07db760

Red Hat Enterprise Linux Server - TUS 7.6

SRPM
kernel-3.10.0-957.84.1.el7.src.rpm	SHA-256: 4365a94a1712b3d512a878465621208ccd4673b14696b0f9018fc8d1a7a4a348
x86_64
bpftool-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 1acab7b605637db3fc7fa8e2cc889fa7b7d893104c933ca82d85f9452292622d
kernel-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 6eb761cc4b4c46bfb21043b5fbb80fe20dbf343284c4c3e8a20d6ffcb58b2ed1
kernel-abi-whitelists-3.10.0-957.84.1.el7.noarch.rpm	SHA-256: 30061e09ac310596e84edae946ce298e63effb1194347ff1c17d61d013dc7ea9
kernel-debug-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 5299451824dc5beb5e6f238350966b4ecbfc60be96d728e92f5181f3a9648ec2
kernel-debug-debuginfo-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 253a0627b9b8f70c3f51018eddb5ad0945de3e250953f110fac6be31e628162a
kernel-debug-debuginfo-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 253a0627b9b8f70c3f51018eddb5ad0945de3e250953f110fac6be31e628162a
kernel-debug-devel-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 3175a4aa903d66ac24b442b52ec71f9bf0c7f02b3df5f40e400cab00d59310bd
kernel-debuginfo-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 9584456877c0da7f3602ab2fedb1146fb712ae3b7fa6b883bed8d79d4985919d
kernel-debuginfo-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 9584456877c0da7f3602ab2fedb1146fb712ae3b7fa6b883bed8d79d4985919d
kernel-debuginfo-common-x86_64-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 1f19d0b2b2d84a9d35e0213e1849117cc33f6f3badce341ba5609f9f035a0c0b
kernel-debuginfo-common-x86_64-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 1f19d0b2b2d84a9d35e0213e1849117cc33f6f3badce341ba5609f9f035a0c0b
kernel-devel-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: de624c148f4a51d317d137ce1524f5d5a2cc7ad2616ea2f02c187154e2b23135
kernel-doc-3.10.0-957.84.1.el7.noarch.rpm	SHA-256: 12f065862a7c5df68a3942a8f1a1dd40b6faa104e061aff33ec8b0e7b354e63f
kernel-headers-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 1d839840aa2f462647f532d122f4f8d569eb0c4266fdca1c928345ca8c9e0b3b
kernel-tools-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: b77f7d0311fc0ae2eadda6c84f2bc0ac4f3f4fda391c9dead1ed1820a0a8ec57
kernel-tools-debuginfo-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: eb48c159632bbe6a61dfd14dedea107a5486f90ffc7ad615b65b3da12b9b93c4
kernel-tools-debuginfo-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: eb48c159632bbe6a61dfd14dedea107a5486f90ffc7ad615b65b3da12b9b93c4
kernel-tools-libs-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 4ee072fa52734f64c1bcfa4160fcb7e4e3412f9fecab93ad6ebd21edac3837f7
kernel-tools-libs-devel-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 7d78ff444817a1fef334aeb8adf102323063e1116612994bcba8dcf96ee8107c
perf-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 91e45f71d69ba5262316066344d56435b5bf3592fe1d4927391c3574649a4e04
perf-debuginfo-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: fa44508ddf5134f40965ce9602ddd34b14c2d21eb243110bfde76b49fe6ac8e1
perf-debuginfo-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: fa44508ddf5134f40965ce9602ddd34b14c2d21eb243110bfde76b49fe6ac8e1
python-perf-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 66f9825d225c442931faa8563da808d2ff0733d35d83c8e35aa09c93f37cfb32
python-perf-debuginfo-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 2d6e8c0d0a18ae12662884124a0ac9e2a6c6790ac18664bf5539f619b07db760
python-perf-debuginfo-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 2d6e8c0d0a18ae12662884124a0ac9e2a6c6790ac18664bf5539f619b07db760

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.6

SRPM
kernel-3.10.0-957.84.1.el7.src.rpm	SHA-256: 4365a94a1712b3d512a878465621208ccd4673b14696b0f9018fc8d1a7a4a348
ppc64le
kernel-3.10.0-957.84.1.el7.ppc64le.rpm	SHA-256: bec8cdc06d246f3e52ff5a65e904c79dff659eb23b5c755b1a2cedbd82d046db
kernel-abi-whitelists-3.10.0-957.84.1.el7.noarch.rpm	SHA-256: 30061e09ac310596e84edae946ce298e63effb1194347ff1c17d61d013dc7ea9
kernel-bootwrapper-3.10.0-957.84.1.el7.ppc64le.rpm	SHA-256: b962c0fe817c2e62b2cbe5559e2d10b909a6f519d1834b70bd83f1286280ec79
kernel-debug-3.10.0-957.84.1.el7.ppc64le.rpm	SHA-256: d3c7042058fe5749120cddea100a0078c4b9464c7ed330e69ef55e9e03a8f1b9
kernel-debug-debuginfo-3.10.0-957.84.1.el7.ppc64le.rpm	SHA-256: 8eea3f2a07d1a932abca61c36daa9ab2457a44ac1fd07bc1b3ac4d73d0ed16a1
kernel-debug-debuginfo-3.10.0-957.84.1.el7.ppc64le.rpm	SHA-256: 8eea3f2a07d1a932abca61c36daa9ab2457a44ac1fd07bc1b3ac4d73d0ed16a1
kernel-debug-devel-3.10.0-957.84.1.el7.ppc64le.rpm	SHA-256: b925855cef5a64983d6d074d1e9425c24cb39362e9a07b4f82efd8b92a760e8e
kernel-debuginfo-3.10.0-957.84.1.el7.ppc64le.rpm	SHA-256: 9c8a84744ca53aab28f440a84e48ec2ad33ec3ceef3faed312fa7979448bf04f
kernel-debuginfo-3.10.0-957.84.1.el7.ppc64le.rpm	SHA-256: 9c8a84744ca53aab28f440a84e48ec2ad33ec3ceef3faed312fa7979448bf04f
kernel-debuginfo-common-ppc64le-3.10.0-957.84.1.el7.ppc64le.rpm	SHA-256: 5bd8e55887f4ccf91dd2d762b76db07641dcca303529e547f93b1df572df5b51
kernel-debuginfo-common-ppc64le-3.10.0-957.84.1.el7.ppc64le.rpm	SHA-256: 5bd8e55887f4ccf91dd2d762b76db07641dcca303529e547f93b1df572df5b51
kernel-devel-3.10.0-957.84.1.el7.ppc64le.rpm	SHA-256: 829bfb5ca7e56b8d03fd045da47772c7c1ae12a91d1a31d1831c8e7a4a19e7c0
kernel-doc-3.10.0-957.84.1.el7.noarch.rpm	SHA-256: 12f065862a7c5df68a3942a8f1a1dd40b6faa104e061aff33ec8b0e7b354e63f
kernel-headers-3.10.0-957.84.1.el7.ppc64le.rpm	SHA-256: bc075f68426ab27df72f8d2dd4d35ae31d8d945c335c7853df285b690c5e8b9b
kernel-tools-3.10.0-957.84.1.el7.ppc64le.rpm	SHA-256: 2aaf0dd18adfad2630324067bfa1db6b0f808a8c265852db0a26ea6ffdd6a16e
kernel-tools-debuginfo-3.10.0-957.84.1.el7.ppc64le.rpm	SHA-256: e0d34de70057ec82558ecb58bb36a84d36cc752982fdad03370698b989d6858f
kernel-tools-debuginfo-3.10.0-957.84.1.el7.ppc64le.rpm	SHA-256: e0d34de70057ec82558ecb58bb36a84d36cc752982fdad03370698b989d6858f
kernel-tools-libs-3.10.0-957.84.1.el7.ppc64le.rpm	SHA-256: 78911b04d0810f1554d51a56726296da20955cfd49b4ffc713861c4aac1f39b0
kernel-tools-libs-devel-3.10.0-957.84.1.el7.ppc64le.rpm	SHA-256: 16075bc650c116523799be642c11d65104e15bcda3af27b5480e6cefe3dc4092
perf-3.10.0-957.84.1.el7.ppc64le.rpm	SHA-256: cdf1121cd114725dfd5e23b6bd4a6002a5e3d3799a1b9929c388e4b6c5685341
perf-debuginfo-3.10.0-957.84.1.el7.ppc64le.rpm	SHA-256: c1799d1bb10ae787fd580804b98ecb8eec64a7bd8b16d7c4fcb4130b005e3a32
perf-debuginfo-3.10.0-957.84.1.el7.ppc64le.rpm	SHA-256: c1799d1bb10ae787fd580804b98ecb8eec64a7bd8b16d7c4fcb4130b005e3a32
python-perf-3.10.0-957.84.1.el7.ppc64le.rpm	SHA-256: f1cee28388e6de089aa4672a3d0af27b7f1753c1d85b3bcc883a25ec9ac829d6
python-perf-debuginfo-3.10.0-957.84.1.el7.ppc64le.rpm	SHA-256: 038f0bf70d5248e49be6a359c313eaa3aa6b578639ad4501ec3d6ed7c5525051
python-perf-debuginfo-3.10.0-957.84.1.el7.ppc64le.rpm	SHA-256: 038f0bf70d5248e49be6a359c313eaa3aa6b578639ad4501ec3d6ed7c5525051

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.6

SRPM
kernel-3.10.0-957.84.1.el7.src.rpm	SHA-256: 4365a94a1712b3d512a878465621208ccd4673b14696b0f9018fc8d1a7a4a348
x86_64
kernel-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 6eb761cc4b4c46bfb21043b5fbb80fe20dbf343284c4c3e8a20d6ffcb58b2ed1
kernel-abi-whitelists-3.10.0-957.84.1.el7.noarch.rpm	SHA-256: 30061e09ac310596e84edae946ce298e63effb1194347ff1c17d61d013dc7ea9
kernel-debug-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 5299451824dc5beb5e6f238350966b4ecbfc60be96d728e92f5181f3a9648ec2
kernel-debug-debuginfo-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 253a0627b9b8f70c3f51018eddb5ad0945de3e250953f110fac6be31e628162a
kernel-debug-debuginfo-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 253a0627b9b8f70c3f51018eddb5ad0945de3e250953f110fac6be31e628162a
kernel-debug-devel-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 3175a4aa903d66ac24b442b52ec71f9bf0c7f02b3df5f40e400cab00d59310bd
kernel-debuginfo-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 9584456877c0da7f3602ab2fedb1146fb712ae3b7fa6b883bed8d79d4985919d
kernel-debuginfo-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 9584456877c0da7f3602ab2fedb1146fb712ae3b7fa6b883bed8d79d4985919d
kernel-debuginfo-common-x86_64-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 1f19d0b2b2d84a9d35e0213e1849117cc33f6f3badce341ba5609f9f035a0c0b
kernel-debuginfo-common-x86_64-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 1f19d0b2b2d84a9d35e0213e1849117cc33f6f3badce341ba5609f9f035a0c0b
kernel-devel-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: de624c148f4a51d317d137ce1524f5d5a2cc7ad2616ea2f02c187154e2b23135
kernel-doc-3.10.0-957.84.1.el7.noarch.rpm	SHA-256: 12f065862a7c5df68a3942a8f1a1dd40b6faa104e061aff33ec8b0e7b354e63f
kernel-headers-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 1d839840aa2f462647f532d122f4f8d569eb0c4266fdca1c928345ca8c9e0b3b
kernel-tools-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: b77f7d0311fc0ae2eadda6c84f2bc0ac4f3f4fda391c9dead1ed1820a0a8ec57
kernel-tools-debuginfo-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: eb48c159632bbe6a61dfd14dedea107a5486f90ffc7ad615b65b3da12b9b93c4
kernel-tools-debuginfo-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: eb48c159632bbe6a61dfd14dedea107a5486f90ffc7ad615b65b3da12b9b93c4
kernel-tools-libs-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 4ee072fa52734f64c1bcfa4160fcb7e4e3412f9fecab93ad6ebd21edac3837f7
kernel-tools-libs-devel-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 7d78ff444817a1fef334aeb8adf102323063e1116612994bcba8dcf96ee8107c
perf-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 91e45f71d69ba5262316066344d56435b5bf3592fe1d4927391c3574649a4e04
perf-debuginfo-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: fa44508ddf5134f40965ce9602ddd34b14c2d21eb243110bfde76b49fe6ac8e1
perf-debuginfo-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: fa44508ddf5134f40965ce9602ddd34b14c2d21eb243110bfde76b49fe6ac8e1
python-perf-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 66f9825d225c442931faa8563da808d2ff0733d35d83c8e35aa09c93f37cfb32
python-perf-debuginfo-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 2d6e8c0d0a18ae12662884124a0ac9e2a6c6790ac18664bf5539f619b07db760
python-perf-debuginfo-3.10.0-957.84.1.el7.x86_64.rpm	SHA-256: 2d6e8c0d0a18ae12662884124a0ac9e2a6c6790ac18664bf5539f619b07db760

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation