Oval Definition:oval:com.redhat.rhsa:def:20211739
Revision Date:2021-05-18Version:639
Title:RHSA-2021:1739: kernel-rt security and bug fix update (Important)
Description:The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)

  • kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver (CVE-2019-19523)

  • kernel: use-after-free bug caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver (CVE-2019-19528)

  • kernel: possible out of bounds write in kbd_keycode of keyboard.c (CVE-2020-0431)

  • kernel: DoS by corrupting mountpoint reference counter (CVE-2020-12114)

  • kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c (CVE-2020-12464)

  • kernel: buffer uses out of index in ext3/4 filesystem (CVE-2020-14314)

  • kernel: Use After Free vulnerability in cgroup BPF component (CVE-2020-14356)

  • kernel: NULL pointer dereference in serial8250_isa_init_ports function in drivers/tty/serial/8250/8250_core.c (CVE-2020-15437)

  • kernel: umask not applied on filesystem without ACL support (CVE-2020-24394)

  • kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212)

  • kernel: incomplete permission checking for access to rbd devices (CVE-2020-25284)

  • kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c (CVE-2020-25285)

  • kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow (CVE-2020-25643)

  • kernel: perf_event_parse_addr_filter memory (CVE-2020-25704)

  • kernel: use-after-free in kernel midi subsystem (CVE-2020-27786)

  • kernel: child process is able to access parent mm through hfi dev file handle (CVE-2020-27835)

  • kernel: slab-out-of-bounds read in fbcon (CVE-2020-28974)

  • kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent (CVE-2020-35508)

  • kernel: use after free in tun_get_user of tun.c could lead to local escalation of privilege (CVE-2021-0342)

  • kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c (CVE-2020-11608)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2019-19523
    CVE-2019-19528
    CVE-2020-0431
    CVE-2020-11608
    CVE-2020-12114
    CVE-2020-12362
    CVE-2020-12363
    CVE-2020-12364
    CVE-2020-12464
    CVE-2020-14314
    CVE-2020-14356
    CVE-2020-15437
    CVE-2020-24394
    CVE-2020-25212
    CVE-2020-25284
    CVE-2020-25285
    CVE-2020-25643
    CVE-2020-25704
    CVE-2020-27786
    CVE-2020-27835
    CVE-2020-28974
    CVE-2020-35508
    CVE-2021-0342
    CVE-2021-0605
    CVE-2023-1390
    RHSA-2021:1739
    Platform(s):Red Hat Enterprise Linux 8
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 8 is installed
  • OR Red Hat CoreOS 4 is installed
  • AND
  • kernel-rt earlier than 0:4.18.0-305.rt7.72.el8 is currently running
  • OR kernel-rt earlier than 0:4.18.0-305.rt7.72.el8 is set to boot up on next boot
  • AND
  • kernel-rt is earlier than 0:4.18.0-305.rt7.72.el8
  • AND kernel-rt is signed with Red Hat redhatrelease2 key
  • kernel-rt-core is earlier than 0:4.18.0-305.rt7.72.el8
  • AND kernel-rt-core is signed with Red Hat redhatrelease2 key
  • kernel-rt-debug is earlier than 0:4.18.0-305.rt7.72.el8
  • AND kernel-rt-debug is signed with Red Hat redhatrelease2 key
  • kernel-rt-debug-core is earlier than 0:4.18.0-305.rt7.72.el8
  • AND kernel-rt-debug-core is signed with Red Hat redhatrelease2 key
  • kernel-rt-debug-devel is earlier than 0:4.18.0-305.rt7.72.el8
  • AND kernel-rt-debug-devel is signed with Red Hat redhatrelease2 key
  • kernel-rt-debug-kvm is earlier than 0:4.18.0-305.rt7.72.el8
  • AND kernel-rt-debug-kvm is signed with Red Hat redhatrelease2 key
  • kernel-rt-debug-modules is earlier than 0:4.18.0-305.rt7.72.el8
  • AND kernel-rt-debug-modules is signed with Red Hat redhatrelease2 key
  • kernel-rt-debug-modules-extra is earlier than 0:4.18.0-305.rt7.72.el8
  • AND kernel-rt-debug-modules-extra is signed with Red Hat redhatrelease2 key
  • kernel-rt-devel is earlier than 0:4.18.0-305.rt7.72.el8
  • AND kernel-rt-devel is signed with Red Hat redhatrelease2 key
  • kernel-rt-kvm is earlier than 0:4.18.0-305.rt7.72.el8
  • AND kernel-rt-kvm is signed with Red Hat redhatrelease2 key
  • kernel-rt-modules is earlier than 0:4.18.0-305.rt7.72.el8
  • AND kernel-rt-modules is signed with Red Hat redhatrelease2 key
  • kernel-rt-modules-extra is earlier than 0:4.18.0-305.rt7.72.el8
  • AND kernel-rt-modules-extra is signed with Red Hat redhatrelease2 key
  • BACK