rhsa-2021_4140
Vulnerability from csaf_redhat
Published
2021-11-09 17:26
Modified
2024-11-06 00:03
Summary
Red Hat Security Advisory: kernel-rt security and bug fix update
Notes
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)
* kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24502)
* kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24503)
* kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24504)
* kernel: Fragmentation cache not cleared on reconnection (CVE-2020-24586)
* kernel: Reassembling fragments encrypted under different keys (CVE-2020-24587)
* kernel: wifi frame payload being parsed incorrectly as an L2 frame (CVE-2020-24588)
* kernel: Forwarding EAPOL from unauthenticated wifi client (CVE-2020-26139)
* kernel: accepting plaintext data frames in protected networks (CVE-2020-26140)
* kernel: not verifying TKIP MIC of fragmented frames (CVE-2020-26141)
* kernel: accepting fragmented plaintext frames in protected networks (CVE-2020-26143)
* kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header (CVE-2020-26144)
* kernel: accepting plaintext broadcast fragments as full frames (CVE-2020-26145)
* kernel: locking inconsistency in tty_io.c and tty_jobctrl.c can lead to a read-after-free (CVE-2020-29660)
* kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function via a long SSID value (CVE-2020-36158)
* kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() (CVE-2020-36386)
* kernel: Improper access control in BlueZ may allow information disclosure vulnerability. (CVE-2021-0129)
* kernel: Use-after-free in ndb_queue_rq() (CVE-2021-3348)
* kernel: Linux kernel eBPF RINGBUF map oversized allocation (CVE-2021-3489)
* kernel: double free in bluetooth subsystem when the HCI device initialization fails (CVE-2021-3564)
* kernel: use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573)
* kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600)
* kernel: DoS in rb_per_cpu_empty() (CVE-2021-3679)
* kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files (CVE-2021-3732)
* kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt() (CVE-2021-20194)
* kernel: Race condition in sctp_destroy_sock list_del (CVE-2021-23133)
* kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode (CVE-2021-28950)
* kernel: System crash in intel_pmu_drain_pebs_nhm (CVE-2021-28971)
* kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory (CVE-2021-29155)
* kernel: improper input validation in tipc_nl_retrieve_key function (CVE-2021-29646)
* kernel: lack a full memory barrier upon the assignment of a new table value in x_tables.h may lead to DoS (CVE-2021-29650)
* kernel: local escalation of privileges in handling of eBPF programs (CVE-2021-31440)
* kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory (CVE-2021-31829)
* kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier (CVE-2021-33200)
* kernel: reassembling encrypted fragments with non-consecutive packet numbers (CVE-2020-26146)
* kernel: reassembling mixed encrypted/plaintext fragments (CVE-2020-26147)
* kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check (CVE-2020-29368)
* kernel: flowtable list del corruption with kernel BUG (CVE-2021-3635)
* kernel: NULL pointer dereference in llsec_key_alloc() (CVE-2021-3659)
* kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure (CVE-2021-20239)
* kernel: out of bounds array access in drivers/md/dm-ioctl.c (CVE-2021-31916)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for kernel-rt is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n* kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)\n* kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24502)\n* kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24503)\n* kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24504)\n* kernel: Fragmentation cache not cleared on reconnection (CVE-2020-24586)\n* kernel: Reassembling fragments encrypted under different keys (CVE-2020-24587)\n* kernel: wifi frame payload being parsed incorrectly as an L2 frame (CVE-2020-24588)\n* kernel: Forwarding EAPOL from unauthenticated wifi client (CVE-2020-26139)\n* kernel: accepting plaintext data frames in protected networks (CVE-2020-26140)\n* kernel: not verifying TKIP MIC of fragmented frames (CVE-2020-26141)\n* kernel: accepting fragmented plaintext frames in protected networks (CVE-2020-26143)\n* kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header (CVE-2020-26144)\n* kernel: accepting plaintext broadcast fragments as full frames (CVE-2020-26145)\n* kernel: locking inconsistency in tty_io.c and tty_jobctrl.c can lead to a read-after-free (CVE-2020-29660)\n* kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function via a long SSID value (CVE-2020-36158)\n* kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() (CVE-2020-36386)\n* kernel: Improper access control in BlueZ may allow information disclosure vulnerability. (CVE-2021-0129)\n* kernel: Use-after-free in ndb_queue_rq() (CVE-2021-3348)\n* kernel: Linux kernel eBPF RINGBUF map oversized allocation (CVE-2021-3489)\n* kernel: double free in bluetooth subsystem when the HCI device initialization fails (CVE-2021-3564)\n* kernel: use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573)\n* kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600)\n* kernel: DoS in rb_per_cpu_empty() (CVE-2021-3679)\n* kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files (CVE-2021-3732)\n* kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt() (CVE-2021-20194)\n* kernel: Race condition in sctp_destroy_sock list_del (CVE-2021-23133)\n* kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode (CVE-2021-28950)\n* kernel: System crash in intel_pmu_drain_pebs_nhm (CVE-2021-28971)\n* kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory (CVE-2021-29155)\n* kernel: improper input validation in tipc_nl_retrieve_key function (CVE-2021-29646)\n* kernel: lack a full memory barrier upon the assignment of a new table value in x_tables.h may lead to DoS (CVE-2021-29650)\n* kernel: local escalation of privileges in handling of eBPF programs (CVE-2021-31440)\n* kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory (CVE-2021-31829)\n* kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier (CVE-2021-33200)\n* kernel: reassembling encrypted fragments with non-consecutive packet numbers (CVE-2020-26146)\n* kernel: reassembling mixed encrypted/plaintext fragments (CVE-2020-26147)\n* kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check (CVE-2020-29368)\n* kernel: flowtable list del corruption with kernel BUG (CVE-2021-3635)\n* kernel: NULL pointer dereference in llsec_key_alloc() (CVE-2021-3659)\n* kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure (CVE-2021-20239)\n* kernel: out of bounds array access in drivers/md/dm-ioctl.c (CVE-2021-31916)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:4140", "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/", "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/" }, { "category": "external", "summary": "1875275", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1875275" }, { "category": "external", "summary": "1902412", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902412" }, { "category": "external", "summary": "1903244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903244" }, { "category": "external", "summary": "1905747", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905747" }, { "category": "external", "summary": "1906522", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1906522" }, { "category": "external", "summary": "1912683", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912683" }, { "category": "external", "summary": "1913348", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913348" }, { "category": "external", "summary": "1919893", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919893" }, { "category": "external", "summary": "1921958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921958" }, { "category": "external", "summary": "1923636", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923636" }, { "category": "external", "summary": "1930376", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930376" }, { "category": "external", "summary": "1930379", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930379" }, { "category": "external", "summary": "1930381", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930381" }, { "category": "external", "summary": "1941762", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941762" }, { "category": "external", "summary": "1941784", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941784" }, { "category": "external", "summary": "1945345", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945345" }, { "category": "external", "summary": "1945388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945388" }, { "category": "external", "summary": "1946965", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946965" }, { "category": "external", "summary": "1948772", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948772" }, { "category": "external", "summary": "1951595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1951595" }, { "category": "external", "summary": "1957788", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957788" }, { "category": "external", "summary": "1959559", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959559" }, { "category": "external", "summary": "1959642", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959642" }, { "category": "external", "summary": "1959654", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959654" }, { "category": "external", "summary": "1959657", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959657" }, { "category": "external", "summary": "1959663", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959663" }, { "category": "external", "summary": "1960490", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1960490" }, { "category": "external", "summary": "1960492", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1960492" }, { "category": "external", "summary": "1960496", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1960496" }, { "category": "external", "summary": "1960498", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1960498" }, { "category": "external", "summary": "1960500", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1960500" }, { "category": "external", "summary": "1960502", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1960502" }, { "category": "external", "summary": "1960504", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1960504" }, { "category": "external", "summary": "1964028", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964028" }, { "category": "external", "summary": "1964139", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964139" }, { "category": "external", "summary": "1965038", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965038" }, { "category": "external", "summary": "1965458", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965458" }, { "category": "external", "summary": "1966578", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966578" }, { "category": "external", "summary": "1969489", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1969489" }, { "category": "external", "summary": "1975949", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975949" }, { "category": "external", "summary": "1976946", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1976946" }, { "category": "external", "summary": "1981954", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981954" }, { "category": "external", "summary": "1989165", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989165" }, { "category": "external", "summary": "1995249", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995249" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4140.json" } ], "title": "Red Hat Security Advisory: kernel-rt security and bug fix update", "tracking": { "current_release_date": "2024-11-06T00:03:39+00:00", "generator": { "date": "2024-11-06T00:03:39+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2021:4140", "initial_release_date": "2021-11-09T17:26:23+00:00", "revision_history": [ { "date": "2021-11-09T17:26:23+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-11-09T17:26:23+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T00:03:39+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product": { "name": "Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.5.0.GA", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Real Time (v. 8)", "product": { "name": "Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.5.0.GA", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::realtime" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "kernel-rt-0:4.18.0-348.rt7.130.el8.src", "product": { "name": "kernel-rt-0:4.18.0-348.rt7.130.el8.src", "product_id": "kernel-rt-0:4.18.0-348.rt7.130.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt@4.18.0-348.rt7.130.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "product": { "name": "kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "product_id": "kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt@4.18.0-348.rt7.130.el8?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "product": { "name": "kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "product_id": "kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-core@4.18.0-348.rt7.130.el8?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "product": { "name": "kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "product_id": "kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug@4.18.0-348.rt7.130.el8?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "product": { "name": "kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "product_id": "kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-core@4.18.0-348.rt7.130.el8?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "product": { "name": "kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "product_id": "kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-devel@4.18.0-348.rt7.130.el8?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "product": { "name": "kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "product_id": "kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-kvm@4.18.0-348.rt7.130.el8?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "product": { "name": "kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "product_id": "kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-modules@4.18.0-348.rt7.130.el8?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "product": { "name": "kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "product_id": "kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-modules-extra@4.18.0-348.rt7.130.el8?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "product": { "name": "kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "product_id": "kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-devel@4.18.0-348.rt7.130.el8?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "product": { "name": "kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "product_id": "kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-kvm@4.18.0-348.rt7.130.el8?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "product": { "name": "kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "product_id": "kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-modules@4.18.0-348.rt7.130.el8?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "product": { "name": "kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "product_id": "kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-modules-extra@4.18.0-348.rt7.130.el8?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "product": { "name": "kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "product_id": "kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@4.18.0-348.rt7.130.el8?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "product": { "name": "kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "product_id": "kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debuginfo@4.18.0-348.rt7.130.el8?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "product": { "name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "product_id": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@4.18.0-348.rt7.130.el8?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:4.18.0-348.rt7.130.el8.src as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src" }, "product_reference": "kernel-rt-0:4.18.0-348.rt7.130.el8.src", "relates_to_product_reference": "NFV-8.5.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64" }, "product_reference": "kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "relates_to_product_reference": "NFV-8.5.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64" }, "product_reference": "kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "relates_to_product_reference": "NFV-8.5.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64" }, "product_reference": "kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "relates_to_product_reference": "NFV-8.5.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64" }, "product_reference": "kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "relates_to_product_reference": "NFV-8.5.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64" }, "product_reference": "kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "relates_to_product_reference": "NFV-8.5.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64" }, "product_reference": "kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "relates_to_product_reference": "NFV-8.5.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64" }, "product_reference": "kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "relates_to_product_reference": "NFV-8.5.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64" }, "product_reference": "kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "relates_to_product_reference": "NFV-8.5.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" }, "product_reference": "kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "relates_to_product_reference": "NFV-8.5.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64" }, "product_reference": "kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "relates_to_product_reference": "NFV-8.5.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64" }, "product_reference": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "relates_to_product_reference": "NFV-8.5.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64" }, "product_reference": "kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "relates_to_product_reference": "NFV-8.5.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64" }, "product_reference": "kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "relates_to_product_reference": "NFV-8.5.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64" }, "product_reference": "kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "relates_to_product_reference": "NFV-8.5.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" }, "product_reference": "kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "relates_to_product_reference": "NFV-8.5.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:4.18.0-348.rt7.130.el8.src as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src" }, "product_reference": "kernel-rt-0:4.18.0-348.rt7.130.el8.src", "relates_to_product_reference": "RT-8.5.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64" }, "product_reference": "kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "relates_to_product_reference": "RT-8.5.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64" }, "product_reference": "kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "relates_to_product_reference": "RT-8.5.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64" }, "product_reference": "kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "relates_to_product_reference": "RT-8.5.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64" }, "product_reference": "kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "relates_to_product_reference": "RT-8.5.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64" }, "product_reference": "kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "relates_to_product_reference": "RT-8.5.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64" }, "product_reference": "kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "relates_to_product_reference": "RT-8.5.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64" }, "product_reference": "kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "relates_to_product_reference": "RT-8.5.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64" }, "product_reference": "kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "relates_to_product_reference": "RT-8.5.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" }, "product_reference": "kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "relates_to_product_reference": "RT-8.5.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64" }, "product_reference": "kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "relates_to_product_reference": "RT-8.5.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64" }, "product_reference": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "relates_to_product_reference": "RT-8.5.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64" }, "product_reference": "kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "relates_to_product_reference": "RT-8.5.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64" }, "product_reference": "kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "relates_to_product_reference": "RT-8.5.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64" }, "product_reference": "kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "relates_to_product_reference": "RT-8.5.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" }, "product_reference": "kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "relates_to_product_reference": "RT-8.5.0.GA" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-14615", "cwe": { "id": "CWE-212", "name": "Improper Removal of Sensitive Information Before Storage or Transfer" }, "discovery_date": "2020-01-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1789209" } ], "notes": [ { "category": "description", "text": "An information disclosure flaw was found in the Linux kernel. The i915 graphics driver lacks control of flow for data structures which may allow a local, authenticated user to disclose information when using ioctl commands with an attached i915 device. The highest threat from this vulnerability is to data confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Intel graphics card information leak.", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7, 8 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6, 7, and 8 may address this issue.\n\nThis has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of Red Hat Enterprise MRG 2.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14615" }, { "category": "external", "summary": "RHBZ#1789209", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789209" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14615", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14615" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14615", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14615" } ], "release_date": "2020-01-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "Preventing loading of the i915 kernel module will prevent attackers from using this exploit against the system; however, the power management functionality of the card will be disabled and the system may draw additional power. See the kcs \u201cHow do I blacklist a kernel module to prevent it from loading automatically?\u201c (https://access.redhat.com/solutions/41278) for instructions on how to disable a kernel module from autoloading. Graphical displays may also be at low resolution or not work correctly.\n\nThis mitigation may not be suitable if the graphical login functionality is required.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: Intel graphics card information leak." }, { "cve": "CVE-2020-0427", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2021-01-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1919893" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux pinctrl system. It is possible to trigger an of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: out-of-bounds reads in pinctrl subsystem.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-0427" }, { "category": "external", "summary": "RHBZ#1919893", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919893" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0427", "url": "https://www.cve.org/CVERecord?id=CVE-2020-0427" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0427", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0427" } ], "release_date": "2020-11-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: out-of-bounds reads in pinctrl subsystem." }, { "cve": "CVE-2020-24502", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-02-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1930379" } ], "notes": [ { "category": "description", "text": "Improper input validation in some Intel(R) Ethernet E810 Adapter drivers for Linux may allow an authenticated user to potentially enable a denial of service via local access.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-24502" }, { "category": "external", "summary": "RHBZ#1930379", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930379" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24502", "url": "https://www.cve.org/CVERecord?id=CVE-2020-24502" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24502", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24502" } ], "release_date": "2021-02-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers" }, { "cve": "CVE-2020-24503", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "discovery_date": "2021-02-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1930381" } ], "notes": [ { "category": "description", "text": "Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers for Linux may allow an authenticated user to potentially enable information disclosure via local access.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-24503" }, { "category": "external", "summary": "RHBZ#1930381", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930381" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24503", "url": "https://www.cve.org/CVERecord?id=CVE-2020-24503" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24503", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24503" } ], "release_date": "2021-02-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers" }, { "cve": "CVE-2020-24504", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-02-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1930376" } ], "notes": [ { "category": "description", "text": "An uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers for Linux may allow an authenticated user to potentially cause a denial of service via local access.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-24504" }, { "category": "external", "summary": "RHBZ#1930376", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930376" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24504", "url": "https://www.cve.org/CVERecord?id=CVE-2020-24504" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24504", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24504" }, { "category": "external", "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00462.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00462.html" } ], "release_date": "2021-02-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers" }, { "cve": "CVE-2020-24586", "cwe": { "id": "CWE-212", "name": "Improper Removal of Sensitive Information Before Storage or Transfer" }, "discovery_date": "2021-05-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1959642" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernels implementation of wifi fragmentation handling. An attacker with the ability to transmit within the wireless transmission range of an access point can abuse a flaw where previous contents of wifi fragments can be unintentionally transmitted to another device.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Fragmentation cache not cleared on reconnection", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-24586" }, { "category": "external", "summary": "RHBZ#1959642", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959642" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24586", "url": "https://www.cve.org/CVERecord?id=CVE-2020-24586" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24586", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24586" }, { "category": "external", "summary": "https://lore.kernel.org/linux-wireless/20210511200110.3f8290e59823.I622a67769ed39257327a362cfc09c812320eb979@changeid/", "url": "https://lore.kernel.org/linux-wireless/20210511200110.3f8290e59823.I622a67769ed39257327a362cfc09c812320eb979@changeid/" } ], "release_date": "2021-05-12T01:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: Fragmentation cache not cleared on reconnection" }, { "cve": "CVE-2020-24587", "cwe": { "id": "CWE-345", "name": "Insufficient Verification of Data Authenticity" }, "discovery_date": "2021-05-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1959654" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel\u0027s WiFi implementation. An attacker within the wireless range can abuse a logic flaw in the WiFi implementation by reassembling packets from multiple fragments under different keys, treating them as valid. This flaw allows an attacker to send a fragment under an incorrect key, treating them as a valid fragment under the new key. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Reassembling fragments encrypted under different keys", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-24587" }, { "category": "external", "summary": "RHBZ#1959654", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959654" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24587", "url": "https://www.cve.org/CVERecord?id=CVE-2020-24587" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24587", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24587" }, { "category": "external", "summary": "https://lore.kernel.org/linux-wireless/20210511200110.3f8290e59823.I622a67769ed39257327a362cfc09c812320eb979@changeid/", "url": "https://lore.kernel.org/linux-wireless/20210511200110.3f8290e59823.I622a67769ed39257327a362cfc09c812320eb979@changeid/" } ], "release_date": "2021-05-11T14:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: Reassembling fragments encrypted under different keys" }, { "cve": "CVE-2020-24588", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-05-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1959657" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernels wifi implementation. An attacker within wireless broadcast range can inject custom data into the wireless communication circumventing checks on the data. This can cause the frame to pass checks and be considered a valid frame of a different type.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: wifi frame payload being parsed incorrectly as an L2 frame", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-24588" }, { "category": "external", "summary": "RHBZ#1959657", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959657" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24588", "url": "https://www.cve.org/CVERecord?id=CVE-2020-24588" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24588", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24588" }, { "category": "external", "summary": "https://lore.kernel.org/linux-wireless/20210511200110.25d93176ddaf.I9e265b597f2cd23eb44573f35b625947b386a9de@changeid/", "url": "https://lore.kernel.org/linux-wireless/20210511200110.25d93176ddaf.I9e265b597f2cd23eb44573f35b625947b386a9de@changeid/" } ], "release_date": "2021-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: wifi frame payload being parsed incorrectly as an L2 frame" }, { "cve": "CVE-2020-26139", "cwe": { "id": "CWE-829", "name": "Inclusion of Functionality from Untrusted Control Sphere" }, "discovery_date": "2021-05-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1959663" } ], "notes": [ { "category": "description", "text": "Frames used for authentication and key management between the AP and connected clients. Some clients may take these redirected frames masquerading as control mechanisms from the AP.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Forwarding EAPOL from unauthenticated wifi client", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-26139" }, { "category": "external", "summary": "RHBZ#1959663", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959663" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-26139", "url": "https://www.cve.org/CVERecord?id=CVE-2020-26139" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26139", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26139" }, { "category": "external", "summary": "https://lore.kernel.org/linux-wireless/20210511200110.cb327ed0cabe.Ib7dcffa2a31f0913d660de65ba3c8aca75b1d10f@changeid/", "url": "https://lore.kernel.org/linux-wireless/20210511200110.cb327ed0cabe.Ib7dcffa2a31f0913d660de65ba3c8aca75b1d10f@changeid/" } ], "release_date": "2021-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: Forwarding EAPOL from unauthenticated wifi client" }, { "cve": "CVE-2020-26140", "cwe": { "id": "CWE-346", "name": "Origin Validation Error" }, "discovery_date": "2021-05-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1960490" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Linux kernel. Where the WiFi implementations accept plaintext frames in a protected WiFi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: accepting plaintext data frames in protected networks", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-26140" }, { "category": "external", "summary": "RHBZ#1960490", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1960490" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-26140", "url": "https://www.cve.org/CVERecord?id=CVE-2020-26140" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26140", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26140" } ], "release_date": "2021-05-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: accepting plaintext data frames in protected networks" }, { "cve": "CVE-2020-26141", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "discovery_date": "2021-05-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1960492" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Linux kernel\u0027s WiFi implementation. An attacker within wireless range can inject a control packet fragment where the kernel does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: not verifying TKIP MIC of fragmented frames", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-26141" }, { "category": "external", "summary": "RHBZ#1960492", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1960492" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-26141", "url": "https://www.cve.org/CVERecord?id=CVE-2020-26141" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26141", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26141" }, { "category": "external", "summary": "https://lore.kernel.org/linux-wireless/20210511200110.c3f1d42c6746.I795593fcaae941c471425b8c7d5f7bb185d29142@changeid/", "url": "https://lore.kernel.org/linux-wireless/20210511200110.c3f1d42c6746.I795593fcaae941c471425b8c7d5f7bb185d29142@changeid/" } ], "release_date": "2021-05-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: not verifying TKIP MIC of fragmented frames" }, { "cve": "CVE-2020-26143", "cwe": { "id": "CWE-346", "name": "Origin Validation Error" }, "discovery_date": "2021-05-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1960496" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Linux kernel, where the WiFi implementations assemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: accepting fragmented plaintext frames in protected networks", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-26143" }, { "category": "external", "summary": "RHBZ#1960496", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1960496" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-26143", "url": "https://www.cve.org/CVERecord?id=CVE-2020-26143" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26143", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26143" } ], "release_date": "2021-05-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: accepting fragmented plaintext frames in protected networks" }, { "cve": "CVE-2020-26144", "cwe": { "id": "CWE-290", "name": "Authentication Bypass by Spoofing" }, "discovery_date": "2021-05-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1960498" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel, where the WiFi implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (ex., LLC/SNAP) header for EAPOL. The highest threat from this vulnerability is to integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-26144" }, { "category": "external", "summary": "RHBZ#1960498", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1960498" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-26144", "url": "https://www.cve.org/CVERecord?id=CVE-2020-26144" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26144", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26144" } ], "release_date": "2021-05-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header" }, { "cve": "CVE-2020-26145", "cwe": { "id": "CWE-307", "name": "Improper Restriction of Excessive Authentication Attempts" }, "discovery_date": "2021-05-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1960500" } ], "notes": [ { "category": "description", "text": "A flaw was found in ath10k_htt_rx_proc_rx_frag_ind_hl in drivers/net/wireless/ath/ath10k/htt_rx.c in the Linux kernel WiFi implementations, where it accepts a second (or subsequent) broadcast fragments even when sent in plaintext and then process them as full unfragmented frames. The highest threat from this vulnerability is to integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: accepting plaintext broadcast fragments as full frames", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-26145" }, { "category": "external", "summary": "RHBZ#1960500", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1960500" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-26145", "url": "https://www.cve.org/CVERecord?id=CVE-2020-26145" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26145", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26145" }, { "category": "external", "summary": "https://lore.kernel.org/linux-wireless/20210511200110.9ca6ca7945a9.I1e18b514590af17c155bda86699bc3a971a8dcf4@changeid/", "url": "https://lore.kernel.org/linux-wireless/20210511200110.9ca6ca7945a9.I1e18b514590af17c155bda86699bc3a971a8dcf4@changeid/" } ], "release_date": "2021-05-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: accepting plaintext broadcast fragments as full frames" }, { "cve": "CVE-2020-26146", "cwe": { "id": "CWE-307", "name": "Improper Restriction of Excessive Authentication Attempts" }, "discovery_date": "2021-05-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1960502" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Linux kernel, where the WiFi implementation reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by design.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: reassembling encrypted fragments with non-consecutive packet numbers", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-26146" }, { "category": "external", "summary": "RHBZ#1960502", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1960502" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-26146", "url": "https://www.cve.org/CVERecord?id=CVE-2020-26146" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26146", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26146" } ], "release_date": "2021-05-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: reassembling encrypted fragments with non-consecutive packet numbers" }, { "cve": "CVE-2020-26147", "cwe": { "id": "CWE-307", "name": "Improper Restriction of Excessive Authentication Attempts" }, "discovery_date": "2021-05-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1960504" } ], "notes": [ { "category": "description", "text": "A flaw was found in ieee80211_rx_h_defragment in net/mac80211/rx.c in the Linux Kernel\u0027s WiFi implementation. This vulnerability can be abused to inject packets or exfiltrate selected fragments when another device sends fragmented frames, and the WEP, CCMP, or GCMP data-confidentiality protocol is used. The highest threat from this vulnerability is to integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: reassembling mixed encrypted/plaintext fragments", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-26147" }, { "category": "external", "summary": "RHBZ#1960504", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1960504" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-26147", "url": "https://www.cve.org/CVERecord?id=CVE-2020-26147" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26147", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26147" }, { "category": "external", "summary": "https://lore.kernel.org/linux-wireless/20210511200110.30c4394bb835.I5acfdb552cc1d20c339c262315950b3eac491397@changeid/", "url": "https://lore.kernel.org/linux-wireless/20210511200110.30c4394bb835.I5acfdb552cc1d20c339c262315950b3eac491397@changeid/" } ], "release_date": "2021-05-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: reassembling mixed encrypted/plaintext fragments" }, { "cve": "CVE-2020-29368", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)" }, "discovery_date": "2020-12-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1903244" } ], "notes": [ { "category": "description", "text": "An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw has been rated as having Moderateimpact because, based on Red Hat\u0027s assessment, this issue is hard to exploit in practice because the race window is too small for it to be reliable.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-29368" }, { "category": "external", "summary": "RHBZ#1903244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903244" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-29368", "url": "https://www.cve.org/CVERecord?id=CVE-2020-29368" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-29368", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29368" } ], "release_date": "2020-06-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check" }, { "cve": "CVE-2020-29660", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2020-12-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1906522" } ], "notes": [ { "category": "description", "text": "A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel. A local user could use this flaw to read numerical value from memory after free.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: locking inconsistency in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c can lead to a read-after-free", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is rated as having Low impact (Red Hat Enterprise Linux 7) because of the need to have CAP_SYS_TTY_CONFIG privileges.\n\nThis flaw is rated as having Moderate (Red Hat Enterprise Linux 8) impact because of the need to have CAP_SYS_TTY_CONFIG privileges. Red Hat Enterprise Linux 8 enabled unprivileged user/network namespaces by default which can be used to exercise this vulnerability.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-29660" }, { "category": "external", "summary": "RHBZ#1906522", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1906522" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-29660", "url": "https://www.cve.org/CVERecord?id=CVE-2020-29660" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-29660", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29660" } ], "release_date": "2020-12-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: locking inconsistency in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c can lead to a read-after-free" }, { "cve": "CVE-2020-36158", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "discovery_date": "2021-01-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1913348" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel. The marvell wifi driver could allow a local attacker to execute arbitrary code via a long SSID value in mwifiex_cmd_802_11_ad_hoc_start function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function in drivers/net/wireless/marvell/mwifiex/join.c via a long SSID value", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue is rated as having Moderate impact because the attacker needs to be local and privileged enough to be able to initiate ad-hoc WIFI network creation.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36158" }, { "category": "external", "summary": "RHBZ#1913348", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913348" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36158", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36158" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36158", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36158" } ], "release_date": "2020-12-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "To mitigate this issue, prevent the module mwifiex from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function in drivers/net/wireless/marvell/mwifiex/join.c via a long SSID value" }, { "cve": "CVE-2020-36312", "cwe": { "id": "CWE-772", "name": "Missing Release of Resource after Effective Lifetime" }, "discovery_date": "2021-04-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1947991" } ], "notes": [ { "category": "description", "text": "A flaw was found in the KVM hypervisor of the Linux kernel. A memory leak could occur in kvm_io_bus_unregister_dev() upon a kmalloc failure. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: memory leak upon a kmalloc failure in kvm_io_bus_unregister_dev function in virt/kvm/kvm_main.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36312" }, { "category": "external", "summary": "RHBZ#1947991", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1947991" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36312", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36312" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36312", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36312" } ], "release_date": "2020-09-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: memory leak upon a kmalloc failure in kvm_io_bus_unregister_dev function in virt/kvm/kvm_main.c" }, { "cve": "CVE-2020-36386", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2021-06-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1969489" } ], "notes": [ { "category": "description", "text": "A flaw out of bounds memory access in the Linux kernel bluetooth subsystem was found in the way when some data being read about the bluetooth device with the hci_extended_inquiry_result_evt call. A local user could use this flaw to crash the system or read some data out of memory bounds that can lead to data confidentiality threat.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() in net/bluetooth/hci_event.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is rated as having a Moderate impact because even the data being read out of memory bounds is written to some cache, it was known before that this data from non-safe source and as result no any sensitive dependencies on this data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36386" }, { "category": "external", "summary": "RHBZ#1969489", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1969489" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36386", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36386" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36386", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36386" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51c19bf3d5cfaa66571e4b88ba2a6f6295311101", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51c19bf3d5cfaa66571e4b88ba2a6f6295311101" } ], "release_date": "2020-07-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "To mitigate this issue, prevent the module bluetooth from being loaded (if Bluetooth not required for the system). Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() in net/bluetooth/hci_event.c" }, { "cve": "CVE-2021-0129", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2021-05-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1965038" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel. Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Improper access control in BlueZ may allow information disclosure vulnerability.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-0129" }, { "category": "external", "summary": "RHBZ#1965038", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965038" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-0129", "url": "https://www.cve.org/CVERecord?id=CVE-2021-0129" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-0129", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0129" } ], "release_date": "2021-06-08T03:30:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: Improper access control in BlueZ may allow information disclosure vulnerability." }, { "cve": "CVE-2021-3348", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2021-01-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1921958" } ], "notes": [ { "category": "description", "text": "A use after free flaw in the Linux kernel network block device (NBD) subsystem was found in the way user calls an ioctl NBD_SET_SOCK at a certain point during device setup.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is rated as having a Moderate impact because in the default configuration, the issue can only be triggered by a privileged local user (with access to the nbd device).", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3348" }, { "category": "external", "summary": "RHBZ#1921958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3348", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3348" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3348", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3348" }, { "category": "external", "summary": "https://lore.kernel.org/linux-block/24dff677353e2e30a71d8b66c4dffdbdf77c4dbd.1611595239.git.josef@toxicpanda.com/", "url": "https://lore.kernel.org/linux-block/24dff677353e2e30a71d8b66c4dffdbdf77c4dbd.1611595239.git.josef@toxicpanda.com/" } ], "release_date": "2021-01-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "To mitigate this issue, prevent the module nbd from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c" }, { "acknowledgments": [ { "names": [ "Ryota Shiga" ] } ], "cve": "CVE-2021-3489", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2021-05-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1959559" } ], "notes": [ { "category": "description", "text": "A flaw out of bound memory write in the Linux kernel BPF subsystem was found in the way user writes to BPF ring buffer too fast, so larger buffer than available memory could be allocated. A local user could use this flaw to crash the system or possibly escalate their privileges on the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Linux kernel eBPF RINGBUF map oversized allocation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3489" }, { "category": "external", "summary": "RHBZ#1959559", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959559" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3489", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3489" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3489", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3489" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=4b81ccebaeee885ab1aa1438133f2991e3a2b6ea", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=4b81ccebaeee885ab1aa1438133f2991e3a2b6ea" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2021/05/11/10", "url": "https://www.openwall.com/lists/oss-security/2021/05/11/10" } ], "release_date": "2021-05-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "The default Red Hat Enterprise Linux kernel prevents unprivileged users from being able to use eBPF by the kernel.unprivileged_bpf_disabled sysctl. This would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its attack space.\n\nFor the Red Hat Enterprise Linux 7 the eBPF for unprivileged users is always disabled.\nFor the Red Hat Enterprise Linux 8 to confirm the current state, inspect the sysctl with the command:\n\n# cat /proc/sys/kernel/unprivileged_bpf_disabled\n\nThe setting of 1 would mean that unprivileged users can not use eBPF, mitigating the flaw.\n\nA kernel update will be required to mitigate the flaw for the root or users with CAP_SYS_ADMIN capabilities.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: Linux kernel eBPF RINGBUF map oversized allocation" }, { "acknowledgments": [ { "names": [ "HaoXiong, LinMa" ], "organization": "ckSec" } ], "cve": "CVE-2021-3564", "cwe": { "id": "CWE-415", "name": "Double Free" }, "discovery_date": "2021-05-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1964139" } ], "notes": [ { "category": "description", "text": "A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: double free in bluetooth subsystem when the HCI device initialization fails", "title": "Vulnerability summary" }, { "category": "other", "text": "The impact is Moderate, because the double free happens during flush procedure, and no use of incorrect data during flush finishing even if double free could happen without kernel crash.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3564" }, { "category": "external", "summary": "RHBZ#1964139", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964139" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3564", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3564" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3564", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3564" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2021/05/25/1", "url": "https://www.openwall.com/lists/oss-security/2021/05/25/1" } ], "release_date": "2021-05-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: double free in bluetooth subsystem when the HCI device initialization fails" }, { "cve": "CVE-2021-3573", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2021-05-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1966578" } ], "notes": [ { "category": "description", "text": "A flaw use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: use-after-free in function hci_sock_bound_ioctl()", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue is rated as having a Moderate impact because of the privileges (CAP_NET_ADMIN in initial namespace) required for exploiting the issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3573" }, { "category": "external", "summary": "RHBZ#1966578", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966578" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3573", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3573" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3573", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3573" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth.git/commit/?id=e305509e678b3a4af2b3cfd410f409f7cdaabb52", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth.git/commit/?id=e305509e678b3a4af2b3cfd410f409f7cdaabb52" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2021/06/08/2", "url": "https://www.openwall.com/lists/oss-security/2021/06/08/2" } ], "release_date": "2021-06-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising easThe required privileges is CAP_NET_ADMIN capabilities. This would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its attack space.e of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: use-after-free in function hci_sock_bound_ioctl()" }, { "cve": "CVE-2021-3600", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2021-06-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1981954" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel\u2019s eBPF verification code, where the eBPF 32-bit div/mod source register truncation could lead to out-of-bounds reads and writes. By default, accessing the eBPF verifier is only possible to privileged users with CAP_SYS_ADMIN. This flaw allows a local user who can run eBPF instructions to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: eBPF 32-bit source register truncation on div/mod", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3600" }, { "category": "external", "summary": "RHBZ#1981954", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981954" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3600", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3600" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3600", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3600" }, { "category": "external", "summary": "https://lore.kernel.org/patchwork/patch/1379497/", "url": "https://lore.kernel.org/patchwork/patch/1379497/" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2021/06/23/1", "url": "https://www.openwall.com/lists/oss-security/2021/06/23/1" } ], "release_date": "2021-06-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "The default Red Hat Enterprise Linux kernel prevents unprivileged users from being able to use eBPF by the kernel.unprivileged_bpf_disabled sysctl. This would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its attack space.\n\nFor the Red Hat Enterprise Linux 7 the eBPF for unprivileged users is always disabled.\nFor the Red Hat Enterprise Linux 8 to confirm the current state, inspect the sysctl with the command:\n\n# cat /proc/sys/kernel/unprivileged_bpf_disabled\n\nThe setting of 1 would mean that unprivileged users can not use eBPF, mitigating the flaw.\n\nA kernel update will be required to mitigate the flaw for the root or users with CAP_SYS_ADMIN capabilities.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: eBPF 32-bit source register truncation on div/mod" }, { "cve": "CVE-2021-3635", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2021-06-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1976946" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel netfilter implementation. A user with root (CAP_SYS_ADMIN) access is able to panic the system when issuing netfilter netflow commands", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3635" }, { "category": "external", "summary": "RHBZ#1976946", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1976946" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3635", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3635" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3635", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3635" } ], "release_date": "2021-08-06T04:47:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50" }, { "cve": "CVE-2021-3659", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "discovery_date": "2021-05-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1975949" } ], "notes": [ { "category": "description", "text": "A NULL pointer dereference flaw was found in the Linux kernel\u2019s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3659" }, { "category": "external", "summary": "RHBZ#1975949", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975949" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3659", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3659" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3659", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3659" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1165affd484889d4986cf3b724318935a0b120d8", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1165affd484889d4986cf3b724318935a0b120d8" } ], "release_date": "2021-04-06T19:22:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "To mitigate this issue, prevent the module mac802154 from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c" }, { "acknowledgments": [ { "names": [ "Haoran Luo" ], "organization": "Chaitin Tech" } ], "cve": "CVE-2021-3679", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-07-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1989165" } ], "notes": [ { "category": "description", "text": "A lack of CPU resources in the Linux kernel tracing module functionality was found in the way users use the trace ring buffer in specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: DoS in rb_per_cpu_empty()", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3679" }, { "category": "external", "summary": "RHBZ#1989165", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989165" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3679", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3679" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3679", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3679" }, { "category": "external", "summary": "https://lore.kernel.org/lkml/20210723125527.767d1c18@oasis.local.home/", "url": "https://lore.kernel.org/lkml/20210723125527.767d1c18@oasis.local.home/" } ], "release_date": "2021-07-20T09:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: DoS in rb_per_cpu_empty()" }, { "acknowledgments": [ { "names": [ "Miklos Szeredi" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2021-3732", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2021-08-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1995249" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel\u2019s OverlayFS subsystem in the way the user mounts the TmpFS filesystem with OverlayFS. This flaw allows a local user to gain access to hidden files that should not be accessible.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3732" }, { "category": "external", "summary": "RHBZ#1995249", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995249" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3732", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3732" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3732", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3732" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=427215d85e8d", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=427215d85e8d" } ], "release_date": "2021-08-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files" }, { "acknowledgments": [ { "names": [ "Loris Reiff" ] } ], "cve": "CVE-2021-20194", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-12-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1912683" } ], "notes": [ { "category": "description", "text": "A flaw buffer overflow in the Linux kernel BPF subsystem was found in the way user running BPF script calling getsockopt. A local user could use this flaw to crash the system or possibly escalate their privileges on the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt()", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is rated as having Moderate impact because of the need to have elevated privileges or non-standard configuration for running BPF script.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-20194" }, { "category": "external", "summary": "RHBZ#1912683", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912683" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-20194", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20194" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20194", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20194" } ], "release_date": "2021-01-22T10:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "The default Red Hat Enterprise Linux kernel prevents unprivileged users from being able to use eBPF by the kernel.unprivileged_bpf_disabled sysctl. This would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its attack space.\n\nFor the Red Hat Enterprise Linux 7 the eBPF for unprivileged users is always disabled.\n\nFor the Red Hat Enterprise Linux 8 to confirm the current state, inspect the sysctl with the command:\n\n# cat /proc/sys/kernel/unprivileged_bpf_disabled\n\nThe setting of 1 would mean that unprivileged users can not use eBPF.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt()" }, { "cve": "CVE-2021-20239", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2021-02-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1923636" } ], "notes": [ { "category": "description", "text": "A flaw was found in the BPF protocol. This flaw allows an attacker with a local account to leak information about kernel internal addresses. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-20239" }, { "category": "external", "summary": "RHBZ#1923636", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923636" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-20239", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20239" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20239", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20239" } ], "release_date": "2021-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "Loading a filter is a privileged (CAP_SYS_ADMIN or root) operation. Once any filter is used, this attack is capable of being used by an unprivileged user. There is no known mitigation that product security finds suitable for this flaw.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure" }, { "acknowledgments": [ { "names": [ "Or Cohen" ], "organization": "Palo Alto Networks" } ], "cve": "CVE-2021-23133", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)" }, "discovery_date": "2021-04-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1948772" } ], "notes": [ { "category": "description", "text": "A use-after-free flaw was found in the Linux kernel\u0027s SCTP socket functionality that triggers a race condition. This flaw allows a local user to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Race condition in sctp_destroy_sock list_del", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue is rated as having a Moderate impact because of the privileges required for running the known reproducer. The required privileges are CAP_BPF and CAP_NET_ADMIN capabilities that are disabled by default in Red Hat Enterprise Linux 7. For Red Hat Enterprise Linux 8, the SCTP protocol itself is disabled by default and cannot be used by a user without enablement by an administrator.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-23133" }, { "category": "external", "summary": "RHBZ#1948772", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948772" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23133", "url": "https://www.cve.org/CVERecord?id=CVE-2021-23133" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23133", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23133" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b166a20b07382b8bc1dcee2a448715c9c2c81b5b", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b166a20b07382b8bc1dcee2a448715c9c2c81b5b" } ], "release_date": "2021-04-18T09:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "To mitigate this issue, prevent the module sctp from being loaded (and this is so by default for Red Hat Enterprise Linux 8). Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: Race condition in sctp_destroy_sock list_del" }, { "cve": "CVE-2021-28950", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2021-03-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1941762" } ], "notes": [ { "category": "description", "text": "A denial of service in the kernel side of the FUSE functionality can allow a local system to create a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-28950" }, { "category": "external", "summary": "RHBZ#1941762", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941762" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-28950", "url": "https://www.cve.org/CVERecord?id=CVE-2021-28950" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-28950", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28950" } ], "release_date": "2021-03-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "As the FUSE module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:\n\n# echo \"install fuse /bin/true\" \u003e\u003e /etc/modprobe.d/disable-fuse.conf\n\nThe system will need to be restarted if the FUSE modules are loaded. In most circumstances, the CIFS kernel modules will be unable to be unloaded while the FUSE filesystems are in use.\n\nIf the system requires this module to work correctly, this mitigation may not be suitable.\n\nIf you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode" }, { "cve": "CVE-2021-28971", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2021-03-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1941784" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel. On some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-28971" }, { "category": "external", "summary": "RHBZ#1941784", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941784" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-28971", "url": "https://www.cve.org/CVERecord?id=CVE-2021-28971" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-28971", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28971" } ], "release_date": "2021-03-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c" }, { "cve": "CVE-2021-29155", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2021-04-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1951595" } ], "notes": [ { "category": "description", "text": "A vulnerability was discovered in retrieve_ptr_limit in kernel/bpf/verifier.c in the Linux kernel mechanism to mitigate speculatively out-of-bounds loads (Spectre mitigation). In this flaw a local, special user privileged (CAP_SYS_ADMIN) BPF program running on affected systems may bypass the protection, and execute speculatively out-of-bounds loads from the kernel memory. This can be abused to extract contents of kernel memory via side-channel.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-29155" }, { "category": "external", "summary": "RHBZ#1951595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1951595" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-29155", "url": "https://www.cve.org/CVERecord?id=CVE-2021-29155" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29155", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29155" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2021/04/18/4", "url": "https://www.openwall.com/lists/oss-security/2021/04/18/4" } ], "release_date": "2021-04-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "The default Red Hat Enterprise Linux kernel prevents unprivileged users from being able to use eBPF by the kernel.unprivileged_bpf_disabled sysctl. This would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its attack space.\n\nFor the Red Hat Enterprise Linux 7 the eBPF for unprivileged users is always disabled.\nFor the Red Hat Enterprise Linux 8 to confirm the current state, inspect the sysctl with the command:\n\n# cat /proc/sys/kernel/unprivileged_bpf_disabled\n\nThe setting of 1 would mean that unprivileged users can not use eBPF, mitigating the flaw.\n\nA kernel update will be required to mitigate the flaw for the root or users with CAP_SYS_ADMIN capabilities.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory" }, { "cve": "CVE-2021-29646", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1945345" } ], "notes": [ { "category": "description", "text": "A flaw buffer overflow in the Linux kernel TIPC protocol functionality was found in the way user uses protocol with encryption enabled. A local user could use this flaw to crash the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-29646" }, { "category": "external", "summary": "RHBZ#1945345", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945345" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-29646", "url": "https://www.cve.org/CVERecord?id=CVE-2021-29646" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29646", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29646" } ], "release_date": "2021-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c" }, { "cve": "CVE-2021-29650", "cwe": { "id": "CWE-662", "name": "Improper Synchronization" }, "discovery_date": "2021-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1945388" } ], "notes": [ { "category": "description", "text": "A denial-of-service (DoS) flaw was identified in the Linux kernel due to an incorrect memory barrier in xt_replace_table in net/netfilter/x_tables.c in the netfilter subsystem.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-29650" }, { "category": "external", "summary": "RHBZ#1945388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945388" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-29650", "url": "https://www.cve.org/CVERecord?id=CVE-2021-29650" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29650", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29650" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=175e476b8cdf2a4de7432583b49c871345e4f8a1", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=175e476b8cdf2a4de7432583b49c871345e4f8a1" } ], "release_date": "2021-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS" }, { "acknowledgments": [ { "names": [ "Manfred Paul" ], "organization": "RedRocket CTF team" } ], "cve": "CVE-2021-31440", "cwe": { "id": "CWE-682", "name": "Incorrect Calculation" }, "discovery_date": "2021-05-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1964028" } ], "notes": [ { "category": "description", "text": "An out-of-bounds access flaw was found in the Linux kernel\u2019s implementation of the eBPF code verifier, where an incorrect register bounds calculation while checking unsigned 32-bit instructions in an eBPF program occurs.. By default accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN. The issue results from the lack of proper validation of user-supplied eBPF programs prior to executing them. A local user could use this flaw to crash the system or possibly escalate their privileges on the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: local escalation of privileges in handling of eBPF programs", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-31440" }, { "category": "external", "summary": "RHBZ#1964028", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964028" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-31440", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31440" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31440", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31440" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=10bf4e83167cc68595b85fd73bb91e8f2c086e36", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=10bf4e83167cc68595b85fd73bb91e8f2c086e36" }, { "category": "external", "summary": "https://www.zerodayinitiative.com/blog/2021/5/26/cve-2021-31440-an-incorrect-bounds-calculation-in-the-linux-kernel-ebpf-verifier", "url": "https://www.zerodayinitiative.com/blog/2021/5/26/cve-2021-31440-an-incorrect-bounds-calculation-in-the-linux-kernel-ebpf-verifier" } ], "release_date": "2021-05-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "The default Red Hat Enterprise Linux kernel prevents unprivileged users from being able to use eBPF by the kernel.unprivileged_bpf_disabled sysctl. This would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its attack space.\n\nFor the Red Hat Enterprise Linux 7 the eBPF for unprivileged users is always disabled.\nFor the Red Hat Enterprise Linux 8 to confirm the current state, inspect the sysctl with the command:\n\n# cat /proc/sys/kernel/unprivileged_bpf_disabled\n\nThe setting of 1 would mean that unprivileged users can not use eBPF, mitigating the flaw.\n\nA kernel update will be required to mitigate the flaw for the root or users with CAP_SYS_ADMIN capabilities.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: local escalation of privileges in handling of eBPF programs" }, { "cve": "CVE-2021-31829", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2021-05-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1957788" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel\u0027s eBPF verification code. By default, accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN. This flaw allows a local user who can insert eBPF instructions, to use the eBPF verifier to abuse a spectre-like flaw and infer all system memory. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-31829" }, { "category": "external", "summary": "RHBZ#1957788", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957788" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-31829", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31829" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31829", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31829" } ], "release_date": "2021-04-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "The default Red Hat Enterprise Linux kernel prevents unprivileged users from being able to use eBPF by the kernel.unprivileged_bpf_disabled sysctl. This would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its attack space.\n\nFor the Red Hat Enterprise Linux 7 and 8 kernel to confirm the current state, inspect the sysctl with the command:\n\n# cat /proc/sys/kernel/unprivileged_bpf_disabled\n\nThe setting of 1 would mean that unprivileged users can not use eBPF, mitigating the flaw.\n\nA kernel update will be required to mitigate the flaw for the root or users with CAP_SYS_ADMIN capabilities.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory" }, { "cve": "CVE-2021-31916", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2021-03-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1946965" } ], "notes": [ { "category": "description", "text": "An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash, a leak of internal kernel information, or a privilege escalation problem.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: out of bounds array access in drivers/md/dm-ioctl.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is rated a Low impact because in the default configuration, the issue can only be triggered by a privileged local user.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-31916" }, { "category": "external", "summary": "RHBZ#1946965", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946965" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-31916", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31916" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31916", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31916" }, { "category": "external", "summary": "https://github.com/torvalds/linux/commit/4edbe1d7bcffcd6269f3b5eb63f710393ff2ec7a", "url": "https://github.com/torvalds/linux/commit/4edbe1d7bcffcd6269f3b5eb63f710393ff2ec7a" }, { "category": "external", "summary": "https://seclists.org/oss-sec/2021/q1/268", "url": "https://seclists.org/oss-sec/2021/q1/268" } ], "release_date": "2021-03-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: out of bounds array access in drivers/md/dm-ioctl.c" }, { "cve": "CVE-2021-33033", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2021-05-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1961300" } ], "notes": [ { "category": "description", "text": "A flaw use-after-free in the Linux kernel CIPSO network packet labeling protocol functionality was found in the way user open local network connection with the usage of the security labeling that is IP option number 134. A local user could use this flaw to crash the system or possibly escalate their privileges on the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c", "title": "Vulnerability summary" }, { "category": "other", "text": "Considered to be Moderate rate, because by default CIPSO non-enabled and both no known way to reproduce the attack remotely and both it looks complex if even possible to use the attack in any way apart from crashing the system. For the usage of the inbound CIPSO connections, the administrator have to enable it with netlabelctl utility first. The vulnerability is considered to be for local user, because it can happen only when a local user opens a socket for sending packets, but not during receiving packets.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33033" }, { "category": "external", "summary": "RHBZ#1961300", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961300" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33033", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33033" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33033", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33033" } ], "release_date": "2021-03-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "The mitigation would be not allowing CIPSO labeling for the inbound network connections. For the most of the default configurations both for network routers and for the Linux servers itself it is disabled by default.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c" }, { "cve": "CVE-2021-33200", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2021-05-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1965458" } ], "notes": [ { "category": "description", "text": "A flaw was found in kernel/bpf/verifier.c in BPF in the Linux kernel. An incorrect limit is enforced for pointer arithmetic operations which can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33200" }, { "category": "external", "summary": "RHBZ#1965458", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965458" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33200", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33200" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33200", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33200" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/patch/?id=3d0220f6861d713213b015b582e9f21e5b28d2e0", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/patch/?id=3d0220f6861d713213b015b582e9f21e5b28d2e0" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/patch/?id=a7036191277f9fa68d92f2071ddc38c09b1e5ee5", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/patch/?id=a7036191277f9fa68d92f2071ddc38c09b1e5ee5" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/patch/?id=bb01a1bba579b4b1c5566af24d95f1767859771e", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/patch/?id=bb01a1bba579b4b1c5566af24d95f1767859771e" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2021/05/27/1", "url": "https://www.openwall.com/lists/oss-security/2021/05/27/1" } ], "release_date": "2021-05-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "The default Red Hat Enterprise Linux kernel prevents unprivileged users from being able to use eBPF by the kernel.unprivileged_bpf_disabled sysctl. This would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its attack space.\n\nFor the Red Hat Enterprise Linux 7 the eBPF for unprivileged users is always disabled.\nFor the Red Hat Enterprise Linux 8 to confirm the current state, inspect the sysctl with the command:\n\n# cat /proc/sys/kernel/unprivileged_bpf_disabled\n\nThe setting of 1 would mean that unprivileged users can not use eBPF, mitigating the flaw.\n\nA kernel update will be required to mitigate the flaw for the root or users with CAP_SYS_ADMIN capabilities.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier" }, { "cve": "CVE-2021-46905", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2024-02-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2266253" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the Linux kernel. This flaw occurs due to an unconditional NULL-pointer dereference on every disconnect in the Linux kernel.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: NULL-deref on disconnect regression", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-46905" }, { "category": "external", "summary": "RHBZ#2266253", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266253" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-46905", "url": "https://www.cve.org/CVERecord?id=CVE-2021-46905" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-46905", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46905" }, { "category": "external", "summary": "https://lore.kernel.org/linux-cve-announce/2024022557-CVE-2021-46905-6507@gregkh/T", "url": "https://lore.kernel.org/linux-cve-announce/2024022557-CVE-2021-46905-6507@gregkh/T" } ], "release_date": "2024-02-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: NULL-deref on disconnect regression" }, { "cve": "CVE-2022-20166", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-08-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2122089" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel\u2019s sysfs layer. This flaw allows a local user who can read files under the /sysfs mount point to corrupt memory or possibly crash the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: possible buffer overflow in sysfs reading", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-20166" }, { "category": "external", "summary": "RHBZ#2122089", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122089" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-20166", "url": "https://www.cve.org/CVERecord?id=CVE-2022-20166" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-20166", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20166" } ], "release_date": "2022-08-15T14:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-09T17:26:23+00:00", "details": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4140" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "NFV-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "NFV-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.src", "RT-8.5.0.GA:kernel-rt-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-core-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-devel-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-kvm-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-0:4.18.0-348.rt7.130.el8.x86_64", "RT-8.5.0.GA:kernel-rt-modules-extra-0:4.18.0-348.rt7.130.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: possible buffer overflow in sysfs reading" } ] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.