rhsa-2020_4062
Vulnerability from csaf_redhat
Published
2020-09-29 19:00
Modified
2024-11-05 22:46
Summary
Red Hat Security Advisory: kernel-rt security and bug fix update
Notes
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: use-after-free in sound/core/timer.c (CVE-2019-19807)
* kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c (CVE-2017-18551)
* kernel: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c leads to use-after-free (CVE-2018-20836)
* kernel: out of bounds write in i2c driver leads to local escalation of privilege (CVE-2019-9454)
* kernel: use after free due to race condition in the video driver leads to local privilege escalation (CVE-2019-9458)
Space precludes documenting all of the security fixes in this advisory. See the descriptions of the remaining security fixes in the related Knowledge Article:
https://access.redhat.com/articles/5442481
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for kernel-rt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: use-after-free in sound/core/timer.c (CVE-2019-19807)\n\n* kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c (CVE-2017-18551)\n\n* kernel: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c leads to use-after-free (CVE-2018-20836)\n\n* kernel: out of bounds write in i2c driver leads to local escalation of privilege (CVE-2019-9454)\n\n* kernel: use after free due to race condition in the video driver leads to local privilege escalation (CVE-2019-9458)\n\nSpace precludes documenting all of the security fixes in this advisory. See the descriptions of the remaining security fixes in the related Knowledge Article:\n\nhttps://access.redhat.com/articles/5442481\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:4062", "url": "https://access.redhat.com/errata/RHSA-2020:4062" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index", "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index" }, { "category": "external", "summary": "https://access.redhat.com/articles/5442481", "url": "https://access.redhat.com/articles/5442481" }, { "category": "external", "summary": "1427551", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1427551" }, { "category": "external", "summary": "1707796", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1707796" }, { "category": "external", "summary": "1745528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1745528" }, { "category": "external", "summary": "1747216", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1747216" }, { "category": "external", "summary": "1757368", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1757368" }, { "category": "external", "summary": "1758242", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758242" }, { "category": "external", "summary": "1758248", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758248" }, { "category": "external", "summary": "1759681", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1759681" }, { "category": "external", "summary": "1760100", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760100" }, { "category": "external", "summary": "1760310", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760310" }, { "category": "external", "summary": "1760420", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760420" }, { "category": "external", "summary": "1774988", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1774988" }, { "category": "external", "summary": "1775015", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775015" }, { "category": "external", "summary": "1775021", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775021" }, { "category": "external", "summary": "1775042", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775042" }, { "category": "external", "summary": "1775047", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775047" }, { "category": "external", "summary": "1775074", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775074" }, { "category": "external", "summary": "1777418", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1777418" }, { "category": "external", "summary": "1779594", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1779594" }, { "category": "external", "summary": "1781679", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781679" }, { "category": "external", "summary": "1783434", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1783434" }, { "category": "external", "summary": "1783459", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1783459" }, { "category": "external", "summary": "1783518", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1783518" }, { "category": "external", "summary": "1783540", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1783540" }, { "category": "external", "summary": "1783561", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1783561" }, { "category": "external", "summary": "1786078", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1786078" }, { "category": "external", "summary": "1786160", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1786160" }, { "category": "external", "summary": "1788009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788009" }, { "category": "external", "summary": "1790063", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790063" }, { "category": "external", "summary": "1791954", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791954" }, { "category": "external", "summary": "1802555", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802555" }, { "category": "external", "summary": "1802563", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802563" }, { "category": "external", "summary": "1805135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805135" }, { "category": "external", "summary": "1809833", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1809833" }, { "category": "external", "summary": "1810685", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1810685" }, { "category": "external", "summary": "1817141", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817141" }, { "category": "external", "summary": "1817718", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817718" }, { "category": "external", "summary": "1818818", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1818818" }, { "category": "external", "summary": "1819377", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819377" }, { "category": "external", "summary": "1822077", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1822077" }, { "category": "external", "summary": "1824059", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824059" }, { "category": "external", "summary": "1824918", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824918" }, { "category": "external", "summary": "1831399", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831399" }, { "category": "external", "summary": "1834845", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834845" }, { "category": "external", "summary": "1835127", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1835127" }, { "category": "external", "summary": "1839634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1839634" }, { "category": "external", "summary": "1850716", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850716" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4062.json" } ], "title": "Red Hat Security Advisory: kernel-rt security and bug fix update", "tracking": { "current_release_date": "2024-11-05T22:46:55+00:00", "generator": { "date": "2024-11-05T22:46:55+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2020:4062", "initial_release_date": "2020-09-29T19:00:01+00:00", "revision_history": [ { "date": "2020-09-29T19:00:01+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-09-29T19:00:01+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T22:46:55+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product": { "name": "Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV-7.9", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras_rt:7" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux for Real Time (v. 7)", "product": { "name": "Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT-7.9", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras_rt:7" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "product": { "name": "kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "product_id": "kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt@3.10.0-1160.rt56.1131.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "product": { "name": "kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "product_id": "kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug@3.10.0-1160.rt56.1131.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "product": { "name": "kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "product_id": "kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-devel@3.10.0-1160.rt56.1131.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "product": { "name": "kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "product_id": "kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-kvm@3.10.0-1160.rt56.1131.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "product": { "name": "kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "product_id": "kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-devel@3.10.0-1160.rt56.1131.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "product": { "name": "kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "product_id": "kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-kvm@3.10.0-1160.rt56.1131.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "product": { "name": "kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "product_id": "kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-trace@3.10.0-1160.rt56.1131.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "product": { "name": "kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "product_id": "kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-trace-devel@3.10.0-1160.rt56.1131.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "product": { "name": "kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "product_id": "kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-trace-kvm@3.10.0-1160.rt56.1131.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "product": { "name": "kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "product_id": "kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@3.10.0-1160.rt56.1131.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "product": { "name": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "product_id": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-kvm-debuginfo@3.10.0-1160.rt56.1131.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "product": { "name": "kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "product_id": "kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debuginfo@3.10.0-1160.rt56.1131.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "product": { "name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "product_id": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@3.10.0-1160.rt56.1131.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "product": { "name": "kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "product_id": "kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-kvm-debuginfo@3.10.0-1160.rt56.1131.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "product": { "name": "kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "product_id": "kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-trace-debuginfo@3.10.0-1160.rt56.1131.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "product": { "name": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "product_id": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-trace-kvm-debuginfo@3.10.0-1160.rt56.1131.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "product": { "name": "kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "product_id": "kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt@3.10.0-1160.rt56.1131.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "product": { "name": "kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "product_id": "kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-doc@3.10.0-1160.rt56.1131.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:3.10.0-1160.rt56.1131.el7.src as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src" }, "product_reference": "kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "relates_to_product_reference": "7Server-NFV-7.9" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64" }, "product_reference": "kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "relates_to_product_reference": "7Server-NFV-7.9" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64" }, "product_reference": "kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "relates_to_product_reference": "7Server-NFV-7.9" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" }, "product_reference": "kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "relates_to_product_reference": "7Server-NFV-7.9" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64" }, "product_reference": "kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "relates_to_product_reference": "7Server-NFV-7.9" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64" }, "product_reference": "kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "relates_to_product_reference": "7Server-NFV-7.9" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" }, "product_reference": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "relates_to_product_reference": "7Server-NFV-7.9" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" }, "product_reference": "kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "relates_to_product_reference": "7Server-NFV-7.9" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64" }, "product_reference": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "relates_to_product_reference": "7Server-NFV-7.9" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64" }, "product_reference": "kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "relates_to_product_reference": "7Server-NFV-7.9" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch" }, "product_reference": "kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "relates_to_product_reference": "7Server-NFV-7.9" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64" }, "product_reference": "kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "relates_to_product_reference": "7Server-NFV-7.9" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" }, "product_reference": "kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "relates_to_product_reference": "7Server-NFV-7.9" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64" }, "product_reference": "kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "relates_to_product_reference": "7Server-NFV-7.9" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" }, "product_reference": "kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "relates_to_product_reference": "7Server-NFV-7.9" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64" }, "product_reference": "kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "relates_to_product_reference": "7Server-NFV-7.9" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64" }, "product_reference": "kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "relates_to_product_reference": "7Server-NFV-7.9" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)", "product_id": "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" }, "product_reference": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "relates_to_product_reference": "7Server-NFV-7.9" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:3.10.0-1160.rt56.1131.el7.src as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src" }, "product_reference": "kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "relates_to_product_reference": "7Server-RT-7.9" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64" }, "product_reference": "kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "relates_to_product_reference": "7Server-RT-7.9" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64" }, "product_reference": "kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "relates_to_product_reference": "7Server-RT-7.9" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" }, "product_reference": "kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "relates_to_product_reference": "7Server-RT-7.9" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64" }, "product_reference": "kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "relates_to_product_reference": "7Server-RT-7.9" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64" }, "product_reference": "kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "relates_to_product_reference": "7Server-RT-7.9" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" }, "product_reference": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "relates_to_product_reference": "7Server-RT-7.9" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" }, "product_reference": "kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "relates_to_product_reference": "7Server-RT-7.9" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64" }, "product_reference": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "relates_to_product_reference": "7Server-RT-7.9" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64" }, "product_reference": "kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "relates_to_product_reference": "7Server-RT-7.9" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch" }, "product_reference": "kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "relates_to_product_reference": "7Server-RT-7.9" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64" }, "product_reference": "kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "relates_to_product_reference": "7Server-RT-7.9" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" }, "product_reference": "kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "relates_to_product_reference": "7Server-RT-7.9" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64" }, "product_reference": "kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "relates_to_product_reference": "7Server-RT-7.9" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" }, "product_reference": "kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "relates_to_product_reference": "7Server-RT-7.9" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64" }, "product_reference": "kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "relates_to_product_reference": "7Server-RT-7.9" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64" }, "product_reference": "kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "relates_to_product_reference": "7Server-RT-7.9" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)", "product_id": "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" }, "product_reference": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "relates_to_product_reference": "7Server-RT-7.9" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-18551", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2019-08-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1757368" } ], "notes": [ { "category": "description", "text": "An out of bounds (OOB) memory access flaw was found in i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c in I2C subsystem. A read request for length (data-\u003eblock[0]) greater than \u0027I2C_SMBUS_BLOCK_MAX + 1\u0027 may cause underlying I2C driver write out of array\u0027s boundary. This could allow a local attacker with special user privilege (or root) to crash the system or leak kernel internal information.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-18551" }, { "category": "external", "summary": "RHBZ#1757368", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1757368" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-18551", "url": "https://www.cve.org/CVERecord?id=CVE-2017-18551" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-18551", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18551" } ], "release_date": "2019-08-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c" }, { "cve": "CVE-2018-20836", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2019-05-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1707796" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel\u2019s implementation of the SAS expander subsystem, where a race condition exists in the smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c. An attacker could abuse this flaw to corrupt memory and escalate privileges.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c leads to use-after-free", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-20836" }, { "category": "external", "summary": "RHBZ#1707796", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1707796" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-20836", "url": "https://www.cve.org/CVERecord?id=CVE-2018-20836" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-20836", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20836" } ], "release_date": "2018-09-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c leads to use-after-free" }, { "cve": "CVE-2019-9454", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2019-09-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1818818" } ], "notes": [ { "category": "description", "text": "An out-of-bounds write flaw was found in the i2c driver in the Linux kernel. This flaw allows an attacker to escalate privileges with system execution privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: out of bounds write in i2c driver leads to local escalation of privilege", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-9454" }, { "category": "external", "summary": "RHBZ#1818818", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1818818" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9454", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9454" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9454", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9454" } ], "release_date": "2019-09-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: out of bounds write in i2c driver leads to local escalation of privilege" }, { "cve": "CVE-2019-9458", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2019-09-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1819377" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel\u0027s video driver. A race condition, leading to a use-after-free, could lead to a local privilege escalation. User interaction is not needed for exploitation.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: use after free due to race condition in the video driver leads to local privilege escalation", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue is rated as having Moderate impact, because of the need of additional privileges (usually local console user) to access the video device driver.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-9458" }, { "category": "external", "summary": "RHBZ#1819377", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819377" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9458", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9458" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9458", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9458" } ], "release_date": "2019-09-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" }, { "category": "workaround", "details": "To mitigate this issue, prevent modules v4l2-common, v4l2-dv-timings from being loaded if not being used for primary display. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: use after free due to race condition in the video driver leads to local privilege escalation" }, { "cve": "CVE-2019-15217", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2019-08-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1745528" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the Linux kernel. The Zr364xx USB device driver is susceptible to malicious USB devices. An attacker able to add a specific USB device could cause a crash leading to a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: null pointer dereference in drivers/media/usb/zr364xx/zr364xx.c driver", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-15217" }, { "category": "external", "summary": "RHBZ#1745528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1745528" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-15217", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15217" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15217", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15217" } ], "release_date": "2019-08-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" }, { "category": "workaround", "details": "To mitigate this issue, prevent module zr364xx from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: null pointer dereference in drivers/media/usb/zr364xx/zr364xx.c driver" }, { "cve": "CVE-2019-15807", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-08-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1747216" } ], "notes": [ { "category": "description", "text": "A memory leak flaw was found in the Linux kernel. An error in the resource cleanup of the sas_ex_discover_expander function can allow an attacker to induce error conditions that could crash the system. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Memory leak in drivers/scsi/libsas/sas_expander.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue is rated as having Low impact because of the preconditions needed to trigger the error/resource cleanup code path (system-wide out-of-memory condition, high privileges or physical access).", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-15807" }, { "category": "external", "summary": "RHBZ#1747216", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1747216" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-15807", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15807" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15807", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15807" } ], "release_date": "2019-08-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: Memory leak in drivers/scsi/libsas/sas_expander.c" }, { "cve": "CVE-2019-15917", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2019-10-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1760100" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel\u0027s implementation of the HCI UART driver. A local attacker with access permissions to the Bluetooth device can issue an ioctl, which triggers the hci_uart_set_proto() function in drivers/bluetooth/hci_ldisc.c. The flaw in this function can cause memory corruption or a denial of service because of a use-after-free issue when the hci_uart_register_dev() fails.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: use-after-free in drivers/bluetooth/hci_ldisc.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is rated as a Moderate as it requires the local attacker to have permissions to issue ioctl commands to the bluetooth device and bluetooth hardware to be present.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-15917" }, { "category": "external", "summary": "RHBZ#1760100", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760100" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-15917", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15917" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15917", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15917" } ], "release_date": "2019-09-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" }, { "category": "workaround", "details": "To mitigate this issue, prevent module hci_uart from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: use-after-free in drivers/bluetooth/hci_ldisc.c" }, { "cve": "CVE-2019-16231", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2019-10-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1760310" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel. A NULL pointer dereference flaw was found in the FUJITSU Extended Socket Network driver. A call to the alloc_workqueue return was not validated and causes a denial of service at the time of failure. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16231" }, { "category": "external", "summary": "RHBZ#1760310", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760310" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16231", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16231" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16231", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16231" }, { "category": "external", "summary": "https://lkml.org/lkml/2019/9/9/487", "url": "https://lkml.org/lkml/2019/9/9/487" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20191004-0001/", "url": "https://security.netapp.com/advisory/ntap-20191004-0001/" } ], "release_date": "2019-09-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c" }, { "cve": "CVE-2019-16233", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2019-10-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1760420" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel. A NULL pointer dereference flaw was found in the QLOGIC drivers for HBA. A call to alloc_workqueue return was not validated and can cause a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16233" }, { "category": "external", "summary": "RHBZ#1760420", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760420" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16233", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16233" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16233", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16233" }, { "category": "external", "summary": "https://lkml.org/lkml/2019/9/9/487", "url": "https://lkml.org/lkml/2019/9/9/487" } ], "release_date": "2019-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c" }, { "cve": "CVE-2019-16994", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-09-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1759681" } ], "notes": [ { "category": "description", "text": "A flaw was found in the way the sit_init_net function in the Linux kernel handled resource cleanup on errors. This flaw allows an attacker to use the error conditions to crash the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Memory leak in sit_init_net() in net/ipv6/sit.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue is rated as having Low impact because of the preconditions needed to trigger the error/resource cleanup code path (system-wide out-of-memory condition, high privileges or physical access).", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16994" }, { "category": "external", "summary": "RHBZ#1759681", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1759681" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16994", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16994" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16994", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16994" } ], "release_date": "2019-09-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: Memory leak in sit_init_net() in net/ipv6/sit.c" }, { "cve": "CVE-2019-17053", "cwe": { "id": "CWE-250", "name": "Execution with Unnecessary Privileges" }, "discovery_date": "2019-10-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1758242" } ], "notes": [ { "category": "description", "text": "A vulnerability was discovered in the Linux kernel\u0027s AF_IEEE802154 networking module where permissions checks are not enforced. This can allow an unprivileged user to create raw sockets for this protocol leading to the potential for data leaks or system unavailability.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is rated as moderate; there are no known exploits using this mechanism as an attack surface against the system affected by this bug.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-17053" }, { "category": "external", "summary": "RHBZ#1758242", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758242" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-17053", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17053" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17053", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17053" } ], "release_date": "2019-09-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.0" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol" }, { "cve": "CVE-2019-17055", "cwe": { "id": "CWE-250", "name": "Execution with Unnecessary Privileges" }, "discovery_date": "2019-10-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1758248" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the Linux kernel\u2019s implementation of the AF_ISDN protocol, which does not enforce the CAP_NET_RAW capability. This flaw can allow unprivileged users to create a raw socket for this protocol. This could further allow the user to control the availability of an existing ISDN circuit.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-17055" }, { "category": "external", "summary": "RHBZ#1758248", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758248" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-17055", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17055" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17055", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17055" } ], "release_date": "2019-09-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" }, { "category": "workaround", "details": "At this time the only known way to \u0027mitigate\u0027 this flaw is to blacklist the kernel module from being loaded. Creating raw sockets with this protocol is a method of communicating with ISDN hardware, a technology that is becoming less and less common.\n\nCheck https://access.redhat.com/solutions/41278 for instructions on how to disable the mISDN_core.ko module.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol" }, { "cve": "CVE-2019-18808", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-11-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1777418" } ], "notes": [ { "category": "description", "text": "A flaw was found in the AMD Cryptographic Co-processor driver in the Linux kernel. An attacker, able to send invalid SHA type commands, could cause the system to crash. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue is rated as having Moderate impact because it affects only specific hardware enabled systems.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-18808" }, { "category": "external", "summary": "RHBZ#1777418", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1777418" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-18808", "url": "https://www.cve.org/CVERecord?id=CVE-2019-18808" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-18808", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18808" } ], "release_date": "2019-11-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" }, { "category": "workaround", "details": "In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module ccp. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c" }, { "cve": "CVE-2019-19046", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-11-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1774988" } ], "notes": [ { "category": "description", "text": "A memory leak problem was found in __ipmi_bmc_register in drivers/char/ipmi/ipmi_msghandler.c in Intelligent Platform Management Interface (IPMI) which is used for incoming and outgoing message routing purpose. This flaw may allow an attacker with minimal privilege to cause a denial of service by triggering ida_simple_get() failure.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-19046" }, { "category": "external", "summary": "RHBZ#1774988", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1774988" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19046", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19046" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19046", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19046" } ], "release_date": "2019-11-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c" }, { "cve": "CVE-2019-19055", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-11-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1775074" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel. The Wireless configuration API functionality mishandles resource cleanup in nl80211_get_ftm_responder_stats function. An attacker able to trigger the resource cleanup code path could use this flaw to crash the system. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c allows DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue is rated as having Moderate impact because of the preconditions needed to trigger the resource cleanup code path.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-19055" }, { "category": "external", "summary": "RHBZ#1775074", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775074" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19055", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19055" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19055", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19055" } ], "release_date": "2019-10-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" }, { "category": "workaround", "details": "In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module cfg80211. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c allows DoS" }, { "cve": "CVE-2019-19058", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-11-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1775047" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel. The Intel Wireless WiFi MVM Firmware driver mishandles resource cleanup during device coredump. An attacker able to trigger the device coredump and system-wide out of memory conditions at the same time could use this flaw to crash the system. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c allows for a DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue is rated as having Low impact because of the preconditions needed to trigger the resource cleanup code path (system-wide out-of-memory condition).", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-19058" }, { "category": "external", "summary": "RHBZ#1775047", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775047" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19058", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19058" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19058", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19058" } ], "release_date": "2019-11-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" }, { "category": "workaround", "details": "In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module iwlmvm. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c allows for a DoS" }, { "cve": "CVE-2019-19059", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-11-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1775042" } ], "notes": [ { "category": "description", "text": "A flaw was found in the way the Intel Wireless driver in the Linux kernel handled resource cleanup during Gen 3 device initialization. This flaw allows an attacker with the ability to restrict access to DMA coherent memory on device initialization, to crash the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c allows for a DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue is rated as having Low impact because of the preconditions needed to trigger the resource cleanup code path (ability to restrict access to dma coherent memory on device initialization).", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-19059" }, { "category": "external", "summary": "RHBZ#1775042", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775042" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19059", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19059" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19059", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19059" } ], "release_date": "2019-11-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" }, { "category": "workaround", "details": "In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module iwlwifi. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c allows for a DoS" }, { "cve": "CVE-2019-19062", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-11-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1775021" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel. The crypto_report function mishandles resource cleanup on error. A local attacker able to induce the error conditions could use this flaw to crash the system. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue is rated as having Low impact because of the preconditions needed to trigger the error cleanup code path.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-19062" }, { "category": "external", "summary": "RHBZ#1775021", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775021" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19062", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19062" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19062", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19062" } ], "release_date": "2019-11-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" }, { "category": "workaround", "details": "In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module crypto_user. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS" }, { "cve": "CVE-2019-19063", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-11-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1775015" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel. The rtl_usb_probe function mishandles resource cleanup on error. An attacker able to induce the error conditions could use this flaw to crash the system. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c allow for a DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue is rated as having Low impact because of the preconditions needed to trigger the resource cleanup code path (physical access).", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-19063" }, { "category": "external", "summary": "RHBZ#1775015", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775015" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19063", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19063" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19063", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19063" } ], "release_date": "2019-11-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" }, { "category": "workaround", "details": "In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module rtl8192cu. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c allow for a DoS" }, { "cve": "CVE-2019-19332", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2019-12-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1779594" } ], "notes": [ { "category": "description", "text": "An out-of-bounds memory write issue was found in the way the Linux kernel\u0027s KVM hypervisor handled the \u0027KVM_GET_EMULATED_CPUID\u0027 ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the \u0027/dev/kvm\u0027 device could use this flaw to crash the system, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2.\n\nThis issue affects the version of the kernel package as shipped with Red Hat Enterprise Linux 7 and 8. Future kernel updates for Red Hat Enterprise Linux 7 and 8 may address this issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-19332" }, { "category": "external", "summary": "RHBZ#1779594", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1779594" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19332", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19332" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19332", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19332" }, { "category": "external", "summary": "https://lore.kernel.org/kvm/000000000000ea5ec20598d90e50@google.com/", "url": "https://lore.kernel.org/kvm/000000000000ea5ec20598d90e50@google.com/" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2019/12/16/1", "url": "https://www.openwall.com/lists/oss-security/2019/12/16/1" } ], "release_date": "2019-12-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.0" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid" }, { "cve": "CVE-2019-19447", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781679" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel\u0027s ext4_unlink function. An attacker could corrupt memory or escalate privileges when deleting a file from a recently unmounted specially crafted ext4 filesystem, including local, USB, and iSCSI.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-19447" }, { "category": "external", "summary": "RHBZ#1781679", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781679" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19447", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19447" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19447", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19447" }, { "category": "external", "summary": "https://bugzilla.kernel.org/show_bug.cgi?id=205433", "url": "https://bugzilla.kernel.org/show_bug.cgi?id=205433" }, { "category": "external", "summary": "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19447", "url": "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19447" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" }, { "category": "workaround", "details": "Ext4 filesytems are built into the kernel so it is not possible to prevent the kernel module from loading. However, this flaw can be prevented by disallowing mounting of untrusted filesystems.\n\nAs mounting is a privileged operation, (except for device hotplug) removing the ability for mounting and unmounting will prevent this flaw from being exploited.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c" }, { "cve": "CVE-2019-19523", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2019-12-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1783434" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel\u2019s implementation for ADU devices from Ontrak Control Systems, where an attacker with administrative privileges and access to a local account could pre-groom the memory and physically disconnect or unload a module. The attacker must be able to access either of these two events to trigger the use-after-free, and then race the access to the use-after-free, to create a situation where key USB structs can be manipulated into corrupting memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-19523" }, { "category": "external", "summary": "RHBZ#1783434", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1783434" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19523", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19523" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19523", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19523" } ], "release_date": "2019-10-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" }, { "category": "workaround", "details": "As the system module will be auto-loaded when a device that uses the driver is attached (via USB), its use can be disabled by preventing the module from loading with the following instructions:\n\n# echo \"install adutux /bin/true\" \u003e\u003e /etc/modprobe.d/disable-adutux.conf\n \nThe system will need to be restarted if the adutux module are loaded. In most circumstances, the kernel modules will be unable to be unloaded while any hardware is in use.\n\nIf the system requires this module to work correctly, this mitigation may not be suitable.\n\nIf you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver" }, { "cve": "CVE-2019-19524", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2019-12-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1783459" } ], "notes": [ { "category": "description", "text": "A use-after-free flaw was found in the Linux kernel\u2019s input device driver functionality when unplugging a device. A user with physical access could use this flaw to crash the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-19524" }, { "category": "external", "summary": "RHBZ#1783459", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1783459" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19524", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19524" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19524", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19524" } ], "release_date": "2019-11-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" }, { "category": "workaround", "details": "To mitigate this issue for the Red Hat Enterprise Linux 7 or higher version, prevent module ff-memless from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free" }, { "cve": "CVE-2019-19530", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2019-12-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1783518" } ], "notes": [ { "category": "description", "text": "A use-after-free flaw was found in the acm_probe USB subsystem in the Linux kernel. A race condition occurs when a destroy() procedure is initiated allowing the refcount to decrement on the interface so early that it is never under counted. A malicious USB device is required for exploit. System availability is the largest threat from the vulnerability, however data integrity and confidentiality are also threatened.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: use-after-free caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-19530" }, { "category": "external", "summary": "RHBZ#1783518", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1783518" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19530", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19530" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19530", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19530" }, { "category": "external", "summary": "http://seclists.org/oss-sec/2019/q4/115", "url": "http://seclists.org/oss-sec/2019/q4/115" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2019/12/03/4", "url": "http://www.openwall.com/lists/oss-security/2019/12/03/4" }, { "category": "external", "summary": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.10", "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.10" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c52873e5a1ef72f845526d9f6a50704433f9c625", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c52873e5a1ef72f845526d9f6a50704433f9c625" } ], "release_date": "2019-08-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: use-after-free caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver" }, { "cve": "CVE-2019-19534", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2019-12-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1783540" } ], "notes": [ { "category": "description", "text": "An information-leak flaw was found in the Linux kernel\u0027s pcan USB driver. When a device using this driver connects to the system, the stack information is leaked to the CAN bus, a controller area network for automobiles. The highest threat with this vulnerability is breach of data confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-19534" }, { "category": "external", "summary": "RHBZ#1783540", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1783540" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19534", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19534" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19534", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19534" } ], "release_date": "2019-11-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" }, { "category": "workaround", "details": "As the devices module will be auto-loaded when the USB CAN bus adapter is connected, its can be disabled by preventing the module from loading with the following instructions:\n\n# echo \"install peak_usb /bin/true\" \u003e\u003e /etc/modprobe.d/disable-peak-usb-canbus.conf \n \nThe system will need to be restarted if the peak_usb module is already loaded. In most circumstances, the kernel modules will be unable to be unloaded while any CAN bus interfaces are active and the protocol is in use. If the system requires this module to work correctly, this mitigation may not be suitable. If you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver" }, { "cve": "CVE-2019-19537", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)" }, "discovery_date": "2019-12-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1783561" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel, where there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer. An attacker who can hotplug at least two devices of this class can cause a use-after-free situation.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: race condition caused by a malicious USB device in the USB character device driver layer", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-19537" }, { "category": "external", "summary": "RHBZ#1783561", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1783561" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19537", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19537" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19537", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19537" } ], "release_date": "2019-08-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" }, { "category": "workaround", "details": "Many Character devices can trigger this flaw as they leverage the lower levels of the USB subsystem.\n\nThe safest method that I have found would be to disable USB ports that are able to be attacked\nusing this method, disable them first by disallowing them from waking up from low-power states \nwith the command (Replace X with the port number available).\n\necho disabled \u003e\u003e /sys/bus/usb/devices/usbX/power/wakeup \n\nThe system must also disable the specific ports power after with the command:\n\necho suspend | sudo tee /sys/bus/usb/devices/usbX/power/level\n\nThis change not persist through system reboots and must be applied at each reboot to be effective.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: race condition caused by a malicious USB device in the USB character device driver layer" }, { "cve": "CVE-2019-19767", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2019-12-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1786160" } ], "notes": [ { "category": "description", "text": "A use-after-free flaw was found in the Linux kernel\u2019s ext4 file system functionality when the user mount ext4 partition, with the usage of an additional debug parameter is defining an extra inode size. If this parameter has a non zero value, this flaw allows a local user to crash the system when inode expansion happens.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-19767" }, { "category": "external", "summary": "RHBZ#1786160", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1786160" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19767", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19767" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19767", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19767" } ], "release_date": "2019-11-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" }, { "category": "workaround", "details": "The mitigation is not to use debug_want_extra_isize parameter when mounting ext4 FS.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c" }, { "cve": "CVE-2019-19807", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2019-12-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1786078" } ], "notes": [ { "category": "description", "text": "A memory flaw was found in the ALSA subsystem of the Linux kernel. The struct snd_timer_instance function fails the timer-\u003emax_instances check leading to an invalid address. This could lead to a use-after-free vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: use-after-free in sound/core/timer.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affected Linux kernel versions as shipped with Red Hat Enterprise Linux 8 starting with RHEL-8.1.0, that is Red Hat Enterprise Linux 8.1 GA kernel version.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-19807" }, { "category": "external", "summary": "RHBZ#1786078", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1786078" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19807", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19807" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19807", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19807" } ], "release_date": "2019-11-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "kernel: use-after-free in sound/core/timer.c" }, { "cve": "CVE-2019-20054", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2019-12-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1790063" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel\u2019s implementation of dropping sysctl entries. A local attacker who has access to load modules on the system can trigger a condition during module load failure and panic the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-20054" }, { "category": "external", "summary": "RHBZ#1790063", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790063" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-20054", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20054" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20054", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20054" } ], "release_date": "2019-12-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c" }, { "cve": "CVE-2019-20095", "cwe": { "id": "CWE-772", "name": "Missing Release of Resource after Effective Lifetime" }, "discovery_date": "2020-01-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1791954" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel\u0027s mwifiex driver implementation when connecting to other WiFi devices in \"Test Mode.\" A kernel memory leak can occur if an error condition is met during the parameter negotiation. This issue can lead to a denial of service if multiple error conditions meeting the repeated connection attempts are attempted.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: memory leak in mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-20095" }, { "category": "external", "summary": "RHBZ#1791954", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791954" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-20095", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20095" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20095", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20095" } ], "release_date": "2019-12-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" }, { "category": "workaround", "details": "As connecting to a wireless device is not automatic and initiated by a user, not connecting to rogue access points would prevent this flaw from being abused.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: memory leak in mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c" }, { "cve": "CVE-2019-20636", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2020-04-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1824059" } ], "notes": [ { "category": "description", "text": "An out-of-bounds write flaw was found in the Linux kernel. A crafted keycode table could be used by drivers/input/input.c to perform the out-of-bounds write. A local user with root access can insert garbage to this keycode table that can lead to out-of-bounds memory access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: out-of-bounds write via crafted keycode table", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue was rated as having Moderate impact because of the need of physical access or administrator privileges to trigger it.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-20636" }, { "category": "external", "summary": "RHBZ#1824059", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824059" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-20636", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20636" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20636", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20636" } ], "release_date": "2020-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: out-of-bounds write via crafted keycode table" }, { "acknowledgments": [ { "names": [ "Xiumei Mu" ], "organization": "Red Hat QE Engineering", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-1749", "cwe": { "id": "CWE-319", "name": "Cleartext Transmission of Sensitive Information" }, "discovery_date": "2020-03-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1809833" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel\u0027s implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn\u0027t correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: some ipv6 protocols not encrypted over ipsec tunnel", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1749" }, { "category": "external", "summary": "RHBZ#1809833", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1809833" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1749", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1749" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1749", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1749" } ], "release_date": "2020-03-04T01:29:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" }, { "category": "workaround", "details": "Disabling the IPV6 protocol may be a suitable workaround for systems that do not require the protocol to function correctly, however, if IPV6 is not in use this flaw will not be triggered.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: some ipv6 protocols not encrypted over ipsec tunnel" }, { "acknowledgments": [ { "names": [ "Paolo Bonzini" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-2732", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2020-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1805135" } ], "notes": [ { "category": "description", "text": "A flaw was found in the way KVM hypervisor handled instruction emulation for the L2 guest when nested(=1) virtualization is enabled. In the instruction emulation, the L2 guest could trick the L0 hypervisor into accessing sensitive bits of the L1 hypervisor. An L2 guest could use this flaw to potentially access information of the L1 hypervisor.", "title": "Vulnerability description" }, { "category": "summary", "text": "Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-2732" }, { "category": "external", "summary": "RHBZ#1805135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805135" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-2732", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2732" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2732", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2732" } ], "release_date": "2020-02-24T18:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources" }, { "cve": "CVE-2020-8647", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2020-02-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1802563" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel\u2019s virtual console resize functionality. An attacker with local access to virtual consoles can use the virtual console resizing code to gather kernel internal data structures.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is rated as having Moderate impact because the information leak is limited.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-8647" }, { "category": "external", "summary": "RHBZ#1802563", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802563" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8647", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8647" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8647", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8647" } ], "release_date": "2020-01-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" }, { "category": "workaround", "details": "The attack vector can be significantly reduced by preventing users from being able to log into the local virtual console.\n\nSee the instructions on disabling local login here: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/managing_smart_cards/pam_configuration_files , See the section on \"pam_console\" to deny users logging into the console. This mechanism should work from el6 forward to current versions of Red Hat Enterprise Linux.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c" }, { "cve": "CVE-2020-8649", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2020-02-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1802555" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel\u2019s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console. An out-of-bounds read can occur, leaking information to the console.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is rated as a having Moderate impact, it is an infoleak that is written to the screen.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-8649" }, { "category": "external", "summary": "RHBZ#1802555", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802555" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8649", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8649" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8649", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8649" } ], "release_date": "2020-01-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c" }, { "cve": "CVE-2020-9383", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2020-02-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1810685" } ], "notes": [ { "category": "description", "text": "An out-of-bounds (OOB) memory access flaw was found in the floppy driver module in the Linux kernel. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: out-of-bounds read in set_fdc in drivers/block/floppy.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9383" }, { "category": "external", "summary": "RHBZ#1810685", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1810685" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9383", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9383" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9383", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9383" } ], "release_date": "2020-02-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" }, { "category": "workaround", "details": "Mitigation for this issue is to skip loading the affected floppy driver module onto the system till we have a fix available, this can be done by a blacklist mechanism, this will ensure the driver is not loaded at the boot time.\n~~~\nHow do I blacklist a kernel module to prevent it from loading automatically?\nhttps://access.redhat.com/solutions/41278 \n~~~", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: out-of-bounds read in set_fdc in drivers/block/floppy.c" }, { "cve": "CVE-2020-10690", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2019-11-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1817141" } ], "notes": [ { "category": "description", "text": "There is a use-after-free problem seen due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: use-after-free in cdev_put() when a PTP device is removed while it\u0027s chardev is open", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue is rated as having Low impact as there is a need for high privilege access to trigger this problem. This will need an access to /dev/ptpX which is privileged operation, also removing the module is needed (again, privileged operation).", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10690" }, { "category": "external", "summary": "RHBZ#1817141", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817141" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10690", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10690" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10690", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10690" } ], "release_date": "2019-11-25T12:53:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: use-after-free in cdev_put() when a PTP device is removed while it\u0027s chardev is open" }, { "cve": "CVE-2020-10732", "cwe": { "id": "CWE-908", "name": "Use of Uninitialized Resource" }, "discovery_date": "2020-05-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1831399" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel\u2019s implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: uninitialized kernel data leak in userspace coredumps", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10732" }, { "category": "external", "summary": "RHBZ#1831399", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831399" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10732", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10732" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10732", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10732" } ], "release_date": "2020-05-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" }, { "category": "workaround", "details": "Possible mitigation would be to disable core dumps system-wide by setting:\n\n* hard core 0\n\nIn the /etc/security/limits.conf file and restarting applications/services/processes which users may have access to or simply reboot the system. This disables core dumps which may not be a suitable workaround in your environment.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: uninitialized kernel data leak in userspace coredumps" }, { "acknowledgments": [ { "names": [ "Jay Shin" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-10742", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2020-04-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1835127" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause a kernel panic. The highest threat from this vulnerability is to data confidentiality and system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: NFS client crash due to index buffer overflow during Direct IO write causing kernel panic", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10742" }, { "category": "external", "summary": "RHBZ#1835127", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1835127" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10742", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10742" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10742", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10742" } ], "release_date": "2020-05-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: NFS client crash due to index buffer overflow during Direct IO write causing kernel panic" }, { "cve": "CVE-2020-10751", "cwe": { "id": "CWE-349", "name": "Acceptance of Extraneous Untrusted Data With Trusted Data" }, "discovery_date": "2020-05-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1839634" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel\u2019s SELinux LSM hook implementation, where it anticipated the skb would only contain a single Netlink message. The hook incorrectly validated the first Netlink message in the skb only, to allow or deny the rest of the messages within the skb with the granted permissions and without further processing. At this time, there is no known ability for an attacker to abuse this flaw.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: SELinux netlink permission check bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10751" }, { "category": "external", "summary": "RHBZ#1839634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1839634" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10751", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10751" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10751", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10751" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb73974172ffaaf57a7c42f35424d9aece1a5af6", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb73974172ffaaf57a7c42f35424d9aece1a5af6" }, { "category": "external", "summary": "https://lore.kernel.org/selinux/CACT4Y+b8HiV6KFuAPysZD=5hmyO4QisgxCKi4DHU3CfMPSP=yg@mail.gmail.com/", "url": "https://lore.kernel.org/selinux/CACT4Y+b8HiV6KFuAPysZD=5hmyO4QisgxCKi4DHU3CfMPSP=yg@mail.gmail.com/" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2020/04/30/5", "url": "https://www.openwall.com/lists/oss-security/2020/04/30/5" } ], "release_date": "2020-04-27T14:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: SELinux netlink permission check bypass" }, { "cve": "CVE-2020-10942", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2020-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1817718" } ], "notes": [ { "category": "description", "text": "A stack buffer overflow issue was found in the get_raw_socket() routine of the Host kernel accelerator for virtio net (vhost-net) driver. It could occur while doing an ictol(VHOST_NET_SET_BACKEND) call, and retrieving socket name in a kernel stack variable via get_raw_socket(). A user able to perform ioctl(2) calls on the \u0027/dev/vhost-net\u0027 device may use this flaw to crash the kernel resulting in DoS issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue does not affect the kernel package as shipped with the Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2.\nThis issue affects the kernel package as shipped with the Red Hat Enterprise Linux 6, 7 and 8. Future kernel updates for Red Hat Enterprise Linux 6, 7 and 8 may address this issue.\n\nIt is rated to have Low impact because it is quite difficult/unlikely to be triggered by a guest (or even host) user. In case it does happen, like in the upstream report, the stack overflow shall hit the stack canaries, resulting in DoS by crashing the kernel.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10942" }, { "category": "external", "summary": "RHBZ#1817718", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817718" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10942", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10942" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10942", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10942" } ], "release_date": "2020-03-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field" }, { "cve": "CVE-2020-11565", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2020-04-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1824918" } ], "notes": [ { "category": "description", "text": "An out-of-bounds write flaw was found in the Linux kernel. An empty nodelist in mempolicy.c is mishandled durig mount option parsing leading to a stack-based out-of-bounds write. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11565" }, { "category": "external", "summary": "RHBZ#1824918", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824918" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11565", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11565" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11565", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11565" } ], "release_date": "2020-04-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c" }, { "cve": "CVE-2020-12770", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2020-05-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1834845" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in sg_write in drivers/scsi/sg.c in the SCSI generic (sg) driver subsystem. This flaw allows an attacker with local access and special user or root privileges to cause a denial of service if the allocated list is not cleaned with an invalid (Sg_fd * sfp) pointer at the time of failure, also possibly causing a kernel internal information leak problem.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: sg_write function lacks an sg_remove_request call in a certain failure case", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-12770" }, { "category": "external", "summary": "RHBZ#1834845", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834845" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-12770", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12770" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-12770", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12770" } ], "release_date": "2020-04-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: sg_write function lacks an sg_remove_request call in a certain failure case" }, { "acknowledgments": [ { "names": [ "Adam Zabrocki" ] } ], "cve": "CVE-2020-12826", "cwe": { "id": "CWE-94", "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)" }, "discovery_date": "2020-03-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1822077" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel loose validation of child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: possible to send arbitrary signals to a privileged (suidroot) parent process", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-12826" }, { "category": "external", "summary": "RHBZ#1822077", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1822077" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-12826", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12826" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-12826", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12826" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d1e7fd6462ca9fc76650fbe6ca800e35b24267da", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d1e7fd6462ca9fc76650fbe6ca800e35b24267da" }, { "category": "external", "summary": "https://lists.openwall.net/linux-kernel/2020/03/24/1803", "url": "https://lists.openwall.net/linux-kernel/2020/03/24/1803" }, { "category": "external", "summary": "https://www.openwall.com/lists/kernel-hardening/2020/03/25/1", "url": "https://www.openwall.com/lists/kernel-hardening/2020/03/25/1" } ], "release_date": "2020-05-12T05:40:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: possible to send arbitrary signals to a privileged (suidroot) parent process" }, { "acknowledgments": [ { "names": [ "Vasily Averin" ], "organization": "Virtuozzo" } ], "cve": "CVE-2020-14305", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2020-06-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1850716" } ], "notes": [ { "category": "description", "text": "An out-of-bounds memory write flaw was found in how the Linux kernel\u2019s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: memory corruption in Voice over IP nf_conntrack_h323 module", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue is rated as having Moderate impact because of being limited to only IPV6 port 1720 being used and if with particular module (nf_conntrack_h323) for Voice Over IP H.323.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14305" }, { "category": "external", "summary": "RHBZ#1850716", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850716" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14305", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14305" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14305", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14305" }, { "category": "external", "summary": "https://bugs.openvz.org/browse/OVZ-7188", "url": "https://bugs.openvz.org/browse/OVZ-7188" }, { "category": "external", "summary": "https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e10-a0ef62897502@virtuozzo.com/", "url": "https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e10-a0ef62897502@virtuozzo.com/" } ], "release_date": "2020-06-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-29T19:00:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4062" }, { "category": "workaround", "details": "A mitigation to this flaw would be to no longer use IPV6 on affected hardware until the kernel has been updated or to disable Voice Over IP H.323 module. Existing systems that have h323-conntrack-nat kernel module loaded will need to unload the \"nf_conntrack_h323\" kernel module and blacklist it ( See https://access.redhat.com/solutions/41278 for a guide on how to blacklist modules).", "product_ids": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-NFV-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-NFV-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-NFV-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.src", "7Server-RT-7.9:kernel-rt-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7.noarch", "7Server-RT-7.9:kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7.x86_64", "7Server-RT-7.9:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: memory corruption in Voice over IP nf_conntrack_h323 module" } ] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.