Red Hat Security Advisory: kernel-rt security and bug fix update
🔗 CVE IDs covered (46)
📋 Description
CVE-2019-14615 — kernel: Intel graphics card information leak. CVE-2020-0427 — kernel: out-of-bounds reads in pinctrl subsystem. CVE-2020-24502 — kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers CVE-2020-24503 — kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers CVE-2020-24504 — kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers CVE-2020-24586 — kernel: Fragmentation cache not cleared on reconnection CVE-2020-24587 — kernel: Reassembling fragments encrypted under different keys CVE-2020-24588 — kernel: wifi frame payload being parsed incorrectly as an L2 frame CVE-2020-26139 — kernel: Forwarding EAPOL from unauthenticated wifi client CVE-2020-26140 — kernel: accepting plaintext data frames in protected networks CVE-2020-26141 — kernel: not verifying TKIP MIC of fragmented frames CVE-2020-26143 — kernel: accepting fragmented plaintext frames in protected networks CVE-2020-26144 — kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header CVE-2020-26145 — kernel: accepting plaintext broadcast fragments as full frames CVE-2020-26146 — kernel: reassembling encrypted fragments with non-consecutive packet numbers CVE-2020-26147 — kernel: reassembling mixed encrypted/plaintext fragments CVE-2020-29368 — kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check CVE-2020-29660 — kernel: locking inconsistency in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c can lead to a read-after-free CVE-2020-36158 — kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function in drivers/net/wireless/marvell/mwifiex/join.c via a long SSID value CVE-2020-36312 — kernel: memory leak upon a kmalloc failure in kvm_io_bus_unregister_dev function in virt/kvm/kvm_main.c CVE-2020-36386 — kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() in net/bluetooth/hci_event.c CVE-2021-0129 — kernel: Improper access control in BlueZ may allow information disclosure vulnerability. CVE-2021-3348 — kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c CVE-2021-3489 — kernel: Linux kernel eBPF RINGBUF map oversized allocation CVE-2021-3564 — kernel: double free in bluetooth subsystem when the HCI device initialization fails CVE-2021-3573 — kernel: use-after-free in function hci_sock_bound_ioctl() CVE-2021-3600 — kernel: eBPF 32-bit source register truncation on div/mod CVE-2021-3635 — kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50 CVE-2021-3659 — kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c CVE-2021-3679 — kernel: DoS in rb_per_cpu_empty() CVE-2021-3732 — kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files CVE-2021-20194 — kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt() CVE-2021-20239 — kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure CVE-2021-23133 — kernel: Race condition in sctp_destroy_sock list_del CVE-2021-28950 — kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode CVE-2021-28971 — kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c CVE-2021-29155 — kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory CVE-2021-29646 — kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c CVE-2021-29650 — kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS CVE-2021-31440 — kernel: local escalation of privileges in handling of eBPF programs CVE-2021-31829 — kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory CVE-2021-31916 — kernel: out of bounds array access in drivers/md/dm-ioctl.c CVE-2021-33033 — kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c CVE-2021-33200 — kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier CVE-2021-46905 — kernel: NULL-deref on disconnect regression CVE-2022-20166 — kernel: possible buffer overflow in sysfs reading
🔗 References (48)
- selfhttps://access.redhat.com/errata/RHSA-2021:4140
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1875275
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1902412
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1903244
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1905747
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1906522
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1912683
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1913348
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1919893
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1921958
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1923636
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1930376
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1930379
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1930381
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1941762
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1941784
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1945345
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1945388
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1946965
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1948772
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1951595
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1957788
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1959559
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1959642
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1959654
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1959657
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1959663
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1960490
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1960492
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1960496
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1960498
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1960500
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1960502
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1960504
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1964028
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1964139
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1965038
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1965458
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1966578
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1969489
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1975949
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1976946
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1981954
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1989165
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1995249
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4140.json