rhsa-2021_1739
Vulnerability from csaf_redhat
Published
2021-05-18 16:07
Modified
2024-11-05 23:33
Summary
Red Hat Security Advisory: kernel-rt security and bug fix update
Notes
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)
* kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver (CVE-2019-19523)
* kernel: use-after-free bug caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver (CVE-2019-19528)
* kernel: possible out of bounds write in kbd_keycode of keyboard.c (CVE-2020-0431)
* kernel: DoS by corrupting mountpoint reference counter (CVE-2020-12114)
* kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c (CVE-2020-12464)
* kernel: buffer uses out of index in ext3/4 filesystem (CVE-2020-14314)
* kernel: Use After Free vulnerability in cgroup BPF component (CVE-2020-14356)
* kernel: NULL pointer dereference in serial8250_isa_init_ports function in drivers/tty/serial/8250/8250_core.c (CVE-2020-15437)
* kernel: umask not applied on filesystem without ACL support (CVE-2020-24394)
* kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212)
* kernel: incomplete permission checking for access to rbd devices (CVE-2020-25284)
* kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c (CVE-2020-25285)
* kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow (CVE-2020-25643)
* kernel: perf_event_parse_addr_filter memory (CVE-2020-25704)
* kernel: use-after-free in kernel midi subsystem (CVE-2020-27786)
* kernel: child process is able to access parent mm through hfi dev file handle (CVE-2020-27835)
* kernel: slab-out-of-bounds read in fbcon (CVE-2020-28974)
* kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent (CVE-2020-35508)
* kernel: use after free in tun_get_user of tun.c could lead to local escalation of privilege (CVE-2021-0342)
* kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c (CVE-2020-11608)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for kernel-rt is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n* kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver (CVE-2019-19523)\n\n* kernel: use-after-free bug caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver (CVE-2019-19528)\n\n* kernel: possible out of bounds write in kbd_keycode of keyboard.c (CVE-2020-0431)\n\n* kernel: DoS by corrupting mountpoint reference counter (CVE-2020-12114)\n\n* kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c (CVE-2020-12464)\n\n* kernel: buffer uses out of index in ext3/4 filesystem (CVE-2020-14314)\n\n* kernel: Use After Free vulnerability in cgroup BPF component (CVE-2020-14356)\n\n* kernel: NULL pointer dereference in serial8250_isa_init_ports function in drivers/tty/serial/8250/8250_core.c (CVE-2020-15437)\n\n* kernel: umask not applied on filesystem without ACL support (CVE-2020-24394)\n\n* kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212)\n\n* kernel: incomplete permission checking for access to rbd devices (CVE-2020-25284)\n\n* kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c (CVE-2020-25285)\n\n* kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow (CVE-2020-25643)\n\n* kernel: perf_event_parse_addr_filter memory (CVE-2020-25704)\n\n* kernel: use-after-free in kernel midi subsystem (CVE-2020-27786)\n\n* kernel: child process is able to access parent mm through hfi dev file handle (CVE-2020-27835)\n\n* kernel: slab-out-of-bounds read in fbcon (CVE-2020-28974)\n\n* kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting -\u003ereal_parent (CVE-2020-35508)\n\n* kernel: use after free in tun_get_user of tun.c could lead to local escalation of privilege (CVE-2021-0342)\n\n* kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c (CVE-2020-11608)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:1739", "url": "https://access.redhat.com/errata/RHSA-2021:1739" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/", "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/" }, { "category": "external", "summary": "1783434", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1783434" }, { "category": "external", "summary": "1783507", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1783507" }, { "category": "external", "summary": "1831726", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831726" }, { "category": "external", "summary": "1833445", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1833445" }, { "category": "external", "summary": "1848652", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848652" }, { "category": "external", "summary": "1853922", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853922" }, { "category": "external", "summary": "1868453", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868453" }, { "category": "external", "summary": "1869141", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869141" }, { "category": "external", "summary": "1877575", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1877575" }, { "category": "external", "summary": "1879981", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879981" }, { "category": "external", "summary": "1882591", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882591" }, { "category": "external", "summary": "1882594", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882594" }, { "category": "external", "summary": "1886109", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886109" }, { "category": "external", "summary": "1894793", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894793" }, { "category": "external", "summary": "1895961", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895961" }, { "category": "external", "summary": "1896842", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1896842" }, { "category": "external", "summary": "1897869", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1897869" }, { "category": "external", "summary": "1900933", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900933" }, { "category": "external", "summary": "1901161", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901161" }, { "category": "external", "summary": "1901709", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901709" }, { "category": "external", "summary": "1902724", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902724" }, { "category": "external", "summary": "1903126", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903126" }, { "category": "external", "summary": "1915799", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915799" }, { "category": "external", "summary": "1919889", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919889" }, { "category": "external", "summary": "1930246", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930246" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_1739.json" } ], "title": "Red Hat Security Advisory: kernel-rt security and bug fix update", "tracking": { "current_release_date": "2024-11-05T23:33:19+00:00", "generator": { "date": "2024-11-05T23:33:19+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2021:1739", "initial_release_date": "2021-05-18T16:07:21+00:00", "revision_history": [ { "date": "2021-05-18T16:07:21+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-05-18T16:07:21+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T23:33:19+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product": { "name": "Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.4.0.GA", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Real Time (v. 8)", "product": { "name": "Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.4.0.GA", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::realtime" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "kernel-rt-0:4.18.0-305.rt7.72.el8.src", "product": { "name": "kernel-rt-0:4.18.0-305.rt7.72.el8.src", "product_id": "kernel-rt-0:4.18.0-305.rt7.72.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt@4.18.0-305.rt7.72.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "product": { "name": "kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "product_id": "kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt@4.18.0-305.rt7.72.el8?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "product": { "name": "kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "product_id": "kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-core@4.18.0-305.rt7.72.el8?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "product": { "name": "kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "product_id": "kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug@4.18.0-305.rt7.72.el8?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "product": { "name": "kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "product_id": "kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-core@4.18.0-305.rt7.72.el8?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "product": { "name": "kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "product_id": "kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-devel@4.18.0-305.rt7.72.el8?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "product": { "name": "kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "product_id": "kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-kvm@4.18.0-305.rt7.72.el8?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "product": { "name": "kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "product_id": "kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-modules@4.18.0-305.rt7.72.el8?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "product": { "name": "kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "product_id": "kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-modules-extra@4.18.0-305.rt7.72.el8?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "product": { "name": "kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "product_id": "kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-devel@4.18.0-305.rt7.72.el8?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "product": { "name": "kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "product_id": "kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-kvm@4.18.0-305.rt7.72.el8?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "product": { "name": "kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "product_id": "kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-modules@4.18.0-305.rt7.72.el8?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "product": { "name": "kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "product_id": "kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-modules-extra@4.18.0-305.rt7.72.el8?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "product": { "name": "kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "product_id": "kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@4.18.0-305.rt7.72.el8?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "product": { "name": "kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "product_id": "kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debuginfo@4.18.0-305.rt7.72.el8?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "product": { "name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "product_id": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@4.18.0-305.rt7.72.el8?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:4.18.0-305.rt7.72.el8.src as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src" }, "product_reference": "kernel-rt-0:4.18.0-305.rt7.72.el8.src", "relates_to_product_reference": "NFV-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64" }, "product_reference": "kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "relates_to_product_reference": "NFV-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64" }, "product_reference": "kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "relates_to_product_reference": "NFV-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64" }, "product_reference": "kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "relates_to_product_reference": "NFV-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64" }, "product_reference": "kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "relates_to_product_reference": "NFV-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64" }, "product_reference": "kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "relates_to_product_reference": "NFV-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64" }, "product_reference": "kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "relates_to_product_reference": "NFV-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64" }, "product_reference": "kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "relates_to_product_reference": "NFV-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64" }, "product_reference": "kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "relates_to_product_reference": "NFV-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" }, "product_reference": "kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "relates_to_product_reference": "NFV-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64" }, "product_reference": "kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "relates_to_product_reference": "NFV-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64" }, "product_reference": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "relates_to_product_reference": "NFV-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64" }, "product_reference": "kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "relates_to_product_reference": "NFV-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64" }, "product_reference": "kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "relates_to_product_reference": "NFV-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64" }, "product_reference": "kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "relates_to_product_reference": "NFV-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" }, "product_reference": "kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "relates_to_product_reference": "NFV-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:4.18.0-305.rt7.72.el8.src as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src" }, "product_reference": "kernel-rt-0:4.18.0-305.rt7.72.el8.src", "relates_to_product_reference": "RT-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64" }, "product_reference": "kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "relates_to_product_reference": "RT-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64" }, "product_reference": "kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "relates_to_product_reference": "RT-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64" }, "product_reference": "kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "relates_to_product_reference": "RT-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64" }, "product_reference": "kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "relates_to_product_reference": "RT-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64" }, "product_reference": "kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "relates_to_product_reference": "RT-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64" }, "product_reference": "kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "relates_to_product_reference": "RT-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64" }, "product_reference": "kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "relates_to_product_reference": "RT-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64" }, "product_reference": "kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "relates_to_product_reference": "RT-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" }, "product_reference": "kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "relates_to_product_reference": "RT-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64" }, "product_reference": "kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "relates_to_product_reference": "RT-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64" }, "product_reference": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "relates_to_product_reference": "RT-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64" }, "product_reference": "kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "relates_to_product_reference": "RT-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64" }, "product_reference": "kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "relates_to_product_reference": "RT-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64" }, "product_reference": "kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "relates_to_product_reference": "RT-8.4.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" }, "product_reference": "kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "relates_to_product_reference": "RT-8.4.0.GA" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-19523", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2019-12-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1783434" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel\u2019s implementation for ADU devices from Ontrak Control Systems, where an attacker with administrative privileges and access to a local account could pre-groom the memory and physically disconnect or unload a module. The attacker must be able to access either of these two events to trigger the use-after-free, and then race the access to the use-after-free, to create a situation where key USB structs can be manipulated into corrupting memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-19523" }, { "category": "external", "summary": "RHBZ#1783434", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1783434" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19523", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19523" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19523", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19523" } ], "release_date": "2019-10-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-18T16:07:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1739" }, { "category": "workaround", "details": "As the system module will be auto-loaded when a device that uses the driver is attached (via USB), its use can be disabled by preventing the module from loading with the following instructions:\n\n# echo \"install adutux /bin/true\" \u003e\u003e /etc/modprobe.d/disable-adutux.conf\n \nThe system will need to be restarted if the adutux module are loaded. In most circumstances, the kernel modules will be unable to be unloaded while any hardware is in use.\n\nIf the system requires this module to work correctly, this mitigation may not be suitable.\n\nIf you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver" }, { "cve": "CVE-2019-19528", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2019-12-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1783507" } ], "notes": [ { "category": "description", "text": "A use-after-free flaw was found in iowarrior_disconnect in iowarrior USB driver module were a flag was simultaneously modified causing a race between a device open and disconnect. This flaw could allow a physical attacker to cause a denial of service (DoS) attack. This vulnerability could even lead to a kernel information leak problem.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: use-after-free bug caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-19528" }, { "category": "external", "summary": "RHBZ#1783507", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1783507" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19528", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19528" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19528", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19528" } ], "release_date": "2019-10-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-18T16:07:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1739" }, { "category": "workaround", "details": "This flaw can be mitigated by preventing the affected USB IO-Warrior driver (iowarrior) kernel module from loading during the boot time, ensure the module is added into the blacklist file.\n~~~\nRefer: \nHow do I blacklist a kernel module to prevent it from loading automatically? \nhttps://access.redhat.com/solutions/41278\n~~~", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: use-after-free bug caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver" }, { "cve": "CVE-2020-0431", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "discovery_date": "2021-01-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1919889" } ], "notes": [ { "category": "description", "text": "A flaw out of bounds write in the Linux kernel human interface devices subsystem was found in the way user calls find key code by index. A local user could use this flaw to crash the system or escalate privileges on the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: possible out of bounds write in kbd_keycode of keyboard.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is rated as having a Moderate impact because in the default configuration, the issue can only be triggered by a privileged local user.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-0431" }, { "category": "external", "summary": "RHBZ#1919889", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919889" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0431", "url": "https://www.cve.org/CVERecord?id=CVE-2020-0431" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0431", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0431" }, { "category": "external", "summary": "https://patchwork.kernel.org/project/linux-input/patch/20191207210518.GA181006@dtor-ws/", "url": "https://patchwork.kernel.org/project/linux-input/patch/20191207210518.GA181006@dtor-ws/" } ], "release_date": "2021-01-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-18T16:07:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1739" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: possible out of bounds write in kbd_keycode of keyboard.c" }, { "cve": "CVE-2020-11608", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2020-04-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1833445" } ], "notes": [ { "category": "description", "text": "A flaw was found in the way the ov519 driver in the Linux kernel handled certain types of USB descriptors. This flaw allows an attacker with the ability to induce the error conditions to crash the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue is rated as having Low impact because of the preconditions needed to trigger the issue (physical access).", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11608" }, { "category": "external", "summary": "RHBZ#1833445", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1833445" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11608", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11608" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11608", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11608" } ], "release_date": "2020-03-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-18T16:07:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1739" }, { "category": "workaround", "details": "In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module gspca_ov519. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c" }, { "cve": "CVE-2020-12114", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-05-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1848652" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel\u2019s implementation of the pivot_root syscall. This flaw allows a local privileged user (root outside or root inside a privileged container) to exploit a race condition to manipulate the reference count of the root filesystem. To be able to abuse this flaw, the process or user calling pivot_root must have advanced permissions. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: DoS by corrupting mountpoint reference counter", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-12114" }, { "category": "external", "summary": "RHBZ#1848652", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848652" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-12114", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12114" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-12114", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12114" } ], "release_date": "2020-05-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-18T16:07:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1739" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: DoS by corrupting mountpoint reference counter" }, { "cve": "CVE-2020-12362", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2021-02-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1930246" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel. An integer overflow in the firmware for some Intel(R) Graphics Drivers may allow a privileged user to potentially enable an escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Integer overflow in Intel(R) Graphics Drivers", "title": "Vulnerability summary" }, { "category": "other", "text": "Only users that specify i915.enable_guc=-1 or i915.enable_guc=1 or 2 are open to be exploited by this issue.\n\nDue to the full fix (combination of kernel and firmware updates) being invasive and GUC firmware loading is off by default, Red Hat Enterprise Linux kernel versions prior to the Linux kernel version shipped with Red Hat Enterprise Linux 8.4 GA (kernel-4.18.0-305.el8) print a warning in the kernel log (\"GUC firmware is insecure - CVE 2020-12362 - Please update to a newer release to get secure GUC\") and do not rely on the firmware fix. As a result, Red Hat Enterprise Linux versions prior Red Hat Enterprise Linux 8.4 GA (including Red Hat Enterprise Linux 6 and 7) do not include the updated firmware packages.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-12362" }, { "category": "external", "summary": "RHBZ#1930246", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930246" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-12362", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12362" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-12362", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12362" } ], "release_date": "2021-02-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-18T16:07:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1739" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "kernel: Integer overflow in Intel(R) Graphics Drivers" }, { "cve": "CVE-2020-12363", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-02-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1930249" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel. Improper input validation in some Intel(R) Graphics Drivers may allow a privileged user to potentially enable a denial of service via local access.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Improper input validation in some Intel(R) Graphics Drivers", "title": "Vulnerability summary" }, { "category": "other", "text": "To fix this issue a combination of linux-firmware and kernel update is required to be installed on the system.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-12363" }, { "category": "external", "summary": "RHBZ#1930249", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930249" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-12363", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12363" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-12363", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12363" }, { "category": "external", "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html" } ], "release_date": "2021-02-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-18T16:07:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1739" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: Improper input validation in some Intel(R) Graphics Drivers" }, { "cve": "CVE-2020-12364", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2021-02-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1930251" } ], "notes": [ { "category": "description", "text": "Null pointer reference in some Intel(R) Graphics Drivers for Microsoft Windows and the Linux kernel may allow a privileged user to potentially enable a denial of service via local access.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Null pointer dereference in some Intel(R) Graphics Drivers", "title": "Vulnerability summary" }, { "category": "other", "text": "To fix this issue a combination of linux-firmware and kernel update is required to be installed on the system.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-12364" }, { "category": "external", "summary": "RHBZ#1930251", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930251" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-12364", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12364" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-12364", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12364" }, { "category": "external", "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html" } ], "release_date": "2021-02-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-18T16:07:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1739" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: Null pointer dereference in some Intel(R) Graphics Drivers" }, { "cve": "CVE-2020-12464", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2020-04-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1831726" } ], "notes": [ { "category": "description", "text": "A use-after-free flaw was found in usb_sg_cancel in drivers/usb/core/message.c in the USB core subsystem. This flaw allows a local attacker with a special user or root privileges to crash the system due to a race problem in the scatter-gather cancellation and transfer completion in usb_sg_wait. This vulnerability can also lead to a leak of internal kernel information.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-12464" }, { "category": "external", "summary": "RHBZ#1831726", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831726" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-12464", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12464" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-12464", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12464" } ], "release_date": "2020-03-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-18T16:07:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1739" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c" }, { "acknowledgments": [ { "names": [ "Jay Shin" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-14314", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2020-06-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1853922" } ], "notes": [ { "category": "description", "text": "A memory out-of-bounds read flaw was found in the Linux kernel\u0027s ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: buffer uses out of index in ext3/4 filesystem", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14314" }, { "category": "external", "summary": "RHBZ#1853922", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853922" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14314", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14314" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14314", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14314" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5872331b3d91820e14716632ebb56b1399b34fe1", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5872331b3d91820e14716632ebb56b1399b34fe1" }, { "category": "external", "summary": "https://lore.kernel.org/linux-ext4/f53e246b-647c-64bb-16ec-135383c70ad7@redhat.com/T/#u", "url": "https://lore.kernel.org/linux-ext4/f53e246b-647c-64bb-16ec-135383c70ad7@redhat.com/T/#u" } ], "release_date": "2020-06-05T16:45:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-18T16:07:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1739" }, { "category": "workaround", "details": "If any directories of the partition (or image) broken, the command \"e2fsck -Df .../partition-name\" fixes it.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: buffer uses out of index in ext3/4 filesystem" }, { "acknowledgments": [ { "names": [ "Adam Zabrocki" ], "organization": "pi3.com.pl" } ], "cve": "CVE-2020-14356", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2020-07-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1868453" } ], "notes": [ { "category": "description", "text": "A use-after-free flaw was found in the Linux kernel\u2019s cgroupv2 subsystem when rebooting the system. This flaw allows a local user to crash the system or escalate their privileges. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Use After Free vulnerability in cgroup BPF component", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is rated as a having Moderate impact, because only local user can trigger it and no way to trigger it before reboot happens (until user have complete privileges for accessing cgroupv2).", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14356" }, { "category": "external", "summary": "RHBZ#1868453", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868453" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14356", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14356" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14356", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14356" } ], "release_date": "2020-05-31T12:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-18T16:07:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1739" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: Use After Free vulnerability in cgroup BPF component" }, { "acknowledgments": [ { "names": [ "Yang Yingliang" ] } ], "cve": "CVE-2020-15437", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2020-11-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1901161" } ], "notes": [ { "category": "description", "text": "A NULL pointer dereference flaw was found in the Linux kernel\u2019s UART 8250 functionality, in the way certain hardware architectures handled situations where default ports (0x2E8, 0x2F8, 0x3E8, 0x3F8) are not available. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: NULL pointer dereference in serial8250_isa_init_ports function in drivers/tty/serial/8250/8250_core.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is rated as having a Moderate impact because the issue can only be triggered by an authorized local user in the tty or in the dialout group.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-15437" }, { "category": "external", "summary": "RHBZ#1901161", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901161" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-15437", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15437" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15437", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15437" } ], "release_date": "2020-07-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-18T16:07:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1739" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: NULL pointer dereference in serial8250_isa_init_ports function in drivers/tty/serial/8250/8250_core.c" }, { "cve": "CVE-2020-24394", "cwe": { "id": "CWE-732", "name": "Incorrect Permission Assignment for Critical Resource" }, "discovery_date": "2020-06-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1869141" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in NFSv4.2 in the Linux kernel, where a server fails to correctly apply umask when creating a new object on filesystem without ACL support (for example, ext4 with the \"noacl\" mount option). This flaw allows a local attacker with a user privilege to cause a kernel information leak problem.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: umask not applied on filesystem without ACL support", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-24394" }, { "category": "external", "summary": "RHBZ#1869141", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869141" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24394", "url": "https://www.cve.org/CVERecord?id=CVE-2020-24394" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24394", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24394" } ], "release_date": "2020-06-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-18T16:07:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1739" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: umask not applied on filesystem without ACL support" }, { "cve": "CVE-2020-25212", "cwe": { "id": "CWE-367", "name": "Time-of-check Time-of-use (TOCTOU) Race Condition" }, "discovery_date": "2020-09-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1877575" } ], "notes": [ { "category": "description", "text": "A flaw was found in the NFSv4 implementation where when mounting a remote attacker controlled server it could return specially crafted response allow for local memory corruption and possibly privilege escalation.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: TOCTOU mismatch in the NFS client code", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25212" }, { "category": "external", "summary": "RHBZ#1877575", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1877575" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25212", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25212" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25212", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25212" } ], "release_date": "2020-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-18T16:07:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1739" }, { "category": "workaround", "details": "While there is no known mitigation to this flaw, configuring authentication and only mounting authenticated NFSv4 servers will significantly reduce the risk of this flaw being successfully exploited.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: TOCTOU mismatch in the NFS client code" }, { "cve": "CVE-2020-25284", "cwe": { "id": "CWE-732", "name": "Incorrect Permission Assignment for Critical Resource" }, "discovery_date": "2020-09-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1882594" } ], "notes": [ { "category": "description", "text": "A flaw was found in the capabilities check of the rados block device functionality in the Linux kernel. Incorrect capability checks could alllow a local user with root priviledges (but no capabilities) to add or remove Rados Block Devices from the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: incomplete permission checking for access to rbd devices", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25284" }, { "category": "external", "summary": "RHBZ#1882594", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882594" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25284", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25284" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25284", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25284" } ], "release_date": "2020-09-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-18T16:07:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1739" }, { "category": "workaround", "details": "As the rbd module can be loaded by a priviledged user or process, its use can be disabled by preventing the module from loading with the following instructions:\n\n# echo \"install rbd /bin/true\" \u003e\u003e /etc/modprobe.d/disable-rdb.conf \n \nThe system will need to be restarted if the modules isloaded. In most circumstances, the rbd kernel modules will be unable to be unloaded while in use.\n\nIf the system requires this module to work correctly, (Such as a CEPH node) this mitigation may not be suitable.\n\nIf you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: incomplete permission checking for access to rbd devices" }, { "cve": "CVE-2020-25285", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)" }, "discovery_date": "2020-09-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1882591" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernels sysctl handling code for hugepages management. When multiple root level processes would write to modify the /proc/sys/vm/nr_hugepages file it could create a race on internal variables leading to a system crash or memory corruption.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is rated as having Moderate impact as access to write to /proc/sys/vm/nr_hugepages is restricted to root and not available to regular users.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25285" }, { "category": "external", "summary": "RHBZ#1882591", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882591" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25285", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25285" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25285", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25285" } ], "release_date": "2020-09-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-18T16:07:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1739" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c" }, { "acknowledgments": [ { "names": [ "ChenNan Of Chaitin" ], "organization": "Security Research Lab" } ], "cve": "CVE-2020-25643", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-09-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1879981" } ], "notes": [ { "category": "description", "text": "A flaw was found in the HDLC_PPP module of the Linux kernel. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is rated as a having Moderate impact, because the bug can be triggered only if PPP protocol enabled.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25643" }, { "category": "external", "summary": "RHBZ#1879981", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879981" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25643", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25643" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25643", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25643" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=66d42ed8b25b64eb63111a2b8582c5afc8bf1105", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=66d42ed8b25b64eb63111a2b8582c5afc8bf1105" } ], "release_date": "2020-09-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-18T16:07:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1739" }, { "category": "workaround", "details": "To mitigate this issue, prevent modules hdlc_ppp, syncppp from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow" }, { "cve": "CVE-2020-25704", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2020-11-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1895961" } ], "notes": [ { "category": "description", "text": "A memory leak flaw was found in the Linux kernel\u2019s performance monitoring subsystem when using PERF_EVENT_IOC_SET_FILTER. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: perf_event_parse_addr_filter memory", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25704" }, { "category": "external", "summary": "RHBZ#1895961", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895961" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25704", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25704" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25704", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25704" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7bdb157cdebbf95a1cd94ed2e01b338714075d00", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7bdb157cdebbf95a1cd94ed2e01b338714075d00" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2020/11/09/1", "url": "https://www.openwall.com/lists/oss-security/2020/11/09/1" } ], "release_date": "2020-11-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-18T16:07:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1739" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: perf_event_parse_addr_filter memory" }, { "cve": "CVE-2020-27786", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2020-11-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1900933" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel\u2019s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: use-after-free in kernel midi subsystem", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-27786" }, { "category": "external", "summary": "RHBZ#1900933", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900933" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-27786", "url": "https://www.cve.org/CVERecord?id=CVE-2020-27786" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27786", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27786" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d" } ], "release_date": "2020-12-02T02:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-18T16:07:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1739" }, { "category": "workaround", "details": "As the midi module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:\n\n# echo \"install snd-rawmidi /bin/true\" \u003e\u003e /etc/modprobe.d/disable-snd-rawmidi.conf\n\nThe system will need to be restarted if the snd-rawmidi modules are loaded. In most circumstances, the CIFS kernel modules will be unable to be unloaded while any midi / sound devices are active and the protocol is in use.\n\nIf the system requires this module to work correctly, this mitigation may not be suitable.\n\nIf you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: use-after-free in kernel midi subsystem" }, { "cve": "CVE-2020-27835", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2020-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1901709" } ], "notes": [ { "category": "description", "text": "A flaw use after free in the Linux kernel infiniband hfi1 driver was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: child process is able to access parent mm through hfi dev file handle", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is rated as having a Moderate impact because the issue can only be triggered by an authorized local user with access to a system with specific hardware present.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-27835" }, { "category": "external", "summary": "RHBZ#1901709", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901709" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-27835", "url": "https://www.cve.org/CVERecord?id=CVE-2020-27835" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27835", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27835" } ], "release_date": "2020-11-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-18T16:07:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1739" }, { "category": "workaround", "details": "To mitigate this issue, prevent the module hfi1 from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to denylist a kernel module to prevent it from loading automatically.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: child process is able to access parent mm through hfi dev file handle" }, { "acknowledgments": [ { "names": [ "Yuan Ming \u003cyuanmingbuaa@gmail com\u003e" ], "organization": "Tsinghua University" } ], "cve": "CVE-2020-28974", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2020-11-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1903126" } ], "notes": [ { "category": "description", "text": "An out-of-bounds (OOB) SLAB memory access flaw was found in the Linux kernel\u0027s fbcon driver module. A bounds check failure allows a local attacker with special user privileges to gain access to out-of-bounds memory, leading to a system crash or leaking of internal kernel information. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: slab-out-of-bounds read in fbcon", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-28974" }, { "category": "external", "summary": "RHBZ#1903126", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903126" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28974", "url": "https://www.cve.org/CVERecord?id=CVE-2020-28974" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28974", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28974" } ], "release_date": "2020-11-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-18T16:07:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1739" }, { "category": "workaround", "details": "Add \u0027nomodeset\u0027 option as kernel boot parameter to disable frame buffering in /etc/default/grub, and run \u0027grub2-mkconfig -o /boot/grub2/grub.cfg\u0027 and reboot.\n~~~\n# cat /proc/cmdline \nBOOT_IMAGE=(hd0,msdos1)/vmlinuz-4.18.0-147.el8.x86_64 root=/dev/mapper/rhel_rhel8u2--1-root ro crashkernel=auto resume=/dev/mapper/rhel_rhel8u2--1-swap rd.lvm.lv=rhel_rhel8u2-1/root rd.lvm.lv=rhel_rhel8u2-1/swap nomodeset\n\n# ls -l /dev/fb*\nls: cannot access \u0027/dev/fb*\u0027: No such file or directory\n~~~\n\nThe above said mitigation does not so effect for rhel6 kernel , and is only applicable for rhel7/8.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: slab-out-of-bounds read in fbcon" }, { "acknowledgments": [ { "names": [ "Eddy Wu" ], "organization": "trendmicro.com" } ], "cve": "CVE-2020-35508", "cwe": { "id": "CWE-665", "name": "Improper Initialization" }, "discovery_date": "2020-11-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1902724" } ], "notes": [ { "category": "description", "text": "A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting -\u003ereal_parent", "title": "Vulnerability summary" }, { "category": "other", "text": "The incorrect initialization of the process id affects Red Hat Enterprise Linux only.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-35508" }, { "category": "external", "summary": "RHBZ#1902724", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902724" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-35508", "url": "https://www.cve.org/CVERecord?id=CVE-2020-35508" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-35508", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35508" } ], "release_date": "2020-12-09T10:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-18T16:07:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1739" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting -\u003ereal_parent" }, { "cve": "CVE-2020-36694", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2020-12-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2212140" } ], "notes": [ { "category": "description", "text": "A use-after-free flaw was found in the packet processing context in net/netfilter/x_tables.c in netfilter in the Linux Kernel. This issue occurs when the per-CPU sequence count is mishandled during concurrent iptables rules replacement and can be exploited with the CAP_NET_ADMIN capability in an unprivileged namespace.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: netfilter: use-after-free in the packet processing context", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36694" }, { "category": "external", "summary": "RHBZ#2212140", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2212140" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36694", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36694" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36694", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36694" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cc00bcaa589914096edef7fb87ca5cee4a166b5c", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cc00bcaa589914096edef7fb87ca5cee4a166b5c" } ], "release_date": "2023-05-22T06:30:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-18T16:07:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1739" }, { "category": "workaround", "details": "In order to trigger the issue, it requires the ability to create user/net namespaces.\n\nOn non-containerized deployments of Red Hat Enterprise Linux 8, you can disable user namespaces by setting user.max_user_namespaces to 0:\n\n# echo \"user.max_user_namespaces=0\" \u003e /etc/sysctl.d/userns.conf\n# sysctl -p /etc/sysctl.d/userns.conf\n\nOn containerized deployments such as Red Hat OpenShift Container Platform, do not use this mitigation as the functionality is needed to be enabled.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: netfilter: use-after-free in the packet processing context" }, { "cve": "CVE-2021-0342", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2021-01-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1915799" } ], "notes": [ { "category": "description", "text": "A flaw use after free in the Linux kernel TUN/TAP device driver functionality was found in the way user create and use tun/tap device. A local user could use this flaw to crash the system or possibly escalate their privileges on the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: use after free in tun_get_user of tun.c could lead to local escalation of privilege", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is rated as having Moderate impact because of the need to have elevated privileges and non-standard configuration of the networking device.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-0342" }, { "category": "external", "summary": "RHBZ#1915799", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915799" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-0342", "url": "https://www.cve.org/CVERecord?id=CVE-2021-0342" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-0342", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0342" }, { "category": "external", "summary": "https://lore.kernel.org/netdev/20200608230607.3361041-84-sashal@kernel.org/", "url": "https://lore.kernel.org/netdev/20200608230607.3361041-84-sashal@kernel.org/" } ], "release_date": "2021-01-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-18T16:07:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1739" }, { "category": "workaround", "details": "To mitigate this issue, prevent the module tun from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: use after free in tun_get_user of tun.c could lead to local escalation of privilege" }, { "cve": "CVE-2021-0605", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2021-06-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1974823" } ], "notes": [ { "category": "description", "text": "A flaw was found in the way the Linux kernel\u0027s pfkey_dump function trusted the provided filter size parameters. A local, sufficiently privileged user could use this flaw to leak information from the kernel.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: In pfkey_dump() dplen and splen can both be specified to access the xfrm_address_t structure out of bounds", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-0605" }, { "category": "external", "summary": "RHBZ#1974823", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1974823" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-0605", "url": "https://www.cve.org/CVERecord?id=CVE-2021-0605" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-0605", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0605" } ], "release_date": "2021-06-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-18T16:07:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1739" }, { "category": "workaround", "details": "If the CAP_NET_ADMIN capability is privileged by default (which is true for Red Hat Enterprise Linux 7), then only an otherwise privileged user can trigger this bug. \n\nOn Red Hat Enterprise Linux 8 CAP_NET_ADMIN capability can be also gained by exploiting unprivileged user namespaces. The mitigation is to disable unprivileged user namespaces by setting user.max_user_namespaces to 0:\n\n# echo \"user.max_user_namespaces=0\" \u003e /etc/sysctl.d/userns.conf\n# sysctl -p /etc/sysctl.d/userns.conf", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: In pfkey_dump() dplen and splen can both be specified to access the xfrm_address_t structure out of bounds" }, { "cve": "CVE-2021-3428", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2021-01-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1936786" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a system crash problem which can lead to an availability threat.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: integer overflow in ext4_es_cache_extent", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3428" }, { "category": "external", "summary": "RHBZ#1936786", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936786" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3428", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3428" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3428", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3428" } ], "release_date": "2021-01-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-18T16:07:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1739" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: integer overflow in ext4_es_cache_extent" }, { "acknowledgments": [ { "names": [ "Remy" ], "organization": "GreyNoiseIO" } ], "cve": "CVE-2023-1390", "cwe": { "id": "CWE-1050", "name": "Excessive Platform Resource Consumption within a Loop" }, "discovery_date": "2022-11-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2178212" } ], "notes": [ { "category": "description", "text": "A remote denial of service vulnerability was found in the Linux kernel\u2019s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization for the system to instantly spike to 100%, causing a denial of service condition.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: remote DoS in TIPC kernel module", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 6 and 7 are not affected by this issue as they did not include the affected code in `tipc_link_xmit`, introduced in upstream kernel version 4.3 (commit af9b028 \"tipc: make media xmit call outside node spinlock context\").", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-1390" }, { "category": "external", "summary": "RHBZ#2178212", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178212" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1390", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1390" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1390", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1390" }, { "category": "external", "summary": "https://gist.github.com/netspooky/bee2d07022f6350bb88eaa48e571d9b5", "url": "https://gist.github.com/netspooky/bee2d07022f6350bb88eaa48e571d9b5" }, { "category": "external", "summary": "https://infosec.exchange/@_mattata/109427999461122360", "url": "https://infosec.exchange/@_mattata/109427999461122360" } ], "release_date": "2021-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-18T16:07:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1739" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "NFV-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "NFV-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.src", "RT-8.4.0.GA:kernel-rt-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-core-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-devel-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-kvm-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-0:4.18.0-305.rt7.72.el8.x86_64", "RT-8.4.0.GA:kernel-rt-modules-extra-0:4.18.0-305.rt7.72.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "kernel: remote DoS in TIPC kernel module" } ] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.