RHSA-2020:2851: Important: kernel security and bug fix update
First published: Tue Jul 07 2020(Updated: )
The kernel packages contain the Linux kernel, the core of any Linux operating system.<br>Security Fix(es):<br><li> kernel: Count overflow in FUSE request leading to use-after-free issues. (CVE-2019-11487)</li> <li> Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)</li> <li> Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario (CVE-2020-12888)</li> <li> kernel: denial of service via ioctl call in network tun handling (CVE-2018-7191)</li> <li> kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169)</li> <li> kernel: perf_event_open() and execve() race in setuid programs allows a data leak (CVE-2019-3901)</li> <li> kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233)</li> <li> kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916)</li> <li> kernel: powerpc: incomplete Spectre-RSB mitigation leads to information exposure (CVE-2019-18660)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>Bug Fix(es):<br><li> kernel: hw: provide reporting and microcode mitigation toggle for CVE-2020-0543 / Special Register Buffer Data Sampling (SRBDS) (BZ#1840677)</li>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/bpftool | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-abi-whitelists | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-debug | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-debug-debuginfo | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-debug-devel | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-debuginfo | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-devel | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-doc | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-headers | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-tools | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-tools-debuginfo | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-tools-libs | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-tools-libs-devel | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/perf | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/perf-debuginfo | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/python-perf | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/python-perf-debuginfo | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-debug | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-debug-debuginfo | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-debug-devel | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-debuginfo | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-debuginfo-common-s390x | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-devel | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-headers | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-kdump | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-kdump-debuginfo | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-kdump-devel | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/perf | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/perf-debuginfo | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/python-perf | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/python-perf-debuginfo | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-bootwrapper | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-debuginfo-common-ppc64 | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-tools | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-tools-debuginfo | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-tools-libs | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-tools-libs-devel | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-bootwrapper | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-debug | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-debug-debuginfo | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-debug-devel | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-debuginfo | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-debuginfo-common-ppc64le | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-devel | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-headers | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-tools | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-tools-debuginfo | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-tools-libs | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/kernel-tools-libs-devel | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/perf | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/perf-debuginfo | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/python-perf | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
| redhat/python-perf-debuginfo | <3.10.0-957.56.1.el7 | 3.10.0-957.56.1.el7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1660385
- https://bugzilla.redhat.com/show_bug.cgi?id=1701245
- https://bugzilla.redhat.com/show_bug.cgi?id=1703063
- https://bugzilla.redhat.com/show_bug.cgi?id=1716328
- https://bugzilla.redhat.com/show_bug.cgi?id=1727756
- https://bugzilla.redhat.com/show_bug.cgi?id=1746708
- https://bugzilla.redhat.com/show_bug.cgi?id=1750813
- https://bugzilla.redhat.com/show_bug.cgi?id=1777825
- https://bugzilla.redhat.com/show_bug.cgi?id=1836244
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/solutions/5142691
- https://access.redhat.com/errata/RHSA-2020:2851 (Advisory)
Frequently Asked Questions
What is the severity of RHSA-2020:2851?
The severity of RHSA-2020:2851 is typically categorized as critical due to the potential for system crashes and remote code execution.
How do I fix RHSA-2020:2851?
To address RHSA-2020:2851, update to the patched kernel version 3.10.0-957.56.1.el7 or later.
What vulnerabilities are addressed in RHSA-2020:2851?
RHSA-2020:2851 addresses vulnerabilities including CVE-2019-11487, which involves a count overflow in FUSE requests, and CVE-2019-14821, related to out-of-bounds memory access.
What are the affected software packages in RHSA-2020:2851?
The affected software packages include kernel, kernel-debug, kernel-devel, and several others based on Red Hat's repository.
Is RHSA-2020:2851 applicable to all Linux distributions?
No, RHSA-2020:2851 is specifically applicable to Red Hat Enterprise Linux versions that utilize the specified kernel version.
- agent/references
- agent/severity
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2020:2851
- agent/software-canonical-lookup
- agent/weakness
- agent/title
- agent/remedy
- agent/description
- agent/event
- agent/trending
- agent/tags
- agent/source
- package-manager/redhat