var-202012-1546
Vulnerability from variot
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2021:0856-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0856 Issue date: 2021-03-16 CVE Names: CVE-2019-19532 CVE-2020-0427 CVE-2020-7053 CVE-2020-14351 CVE-2020-25211 CVE-2020-25645 CVE-2020-25656 CVE-2020-25705 CVE-2020-28374 CVE-2020-29661 CVE-2021-20265 =====================================================================
- Summary:
An update for kernel is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
-
kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c (CVE-2020-25211)
-
kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374)
-
kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)
-
kernel: malicious USB devices can lead to multiple out-of-bounds write (CVE-2019-19532)
-
kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)
-
kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c (CVE-2020-7053)
-
kernel: performance counters race condition use-after-free (CVE-2020-14351)
-
kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints (CVE-2020-25645)
-
kernel: use-after-free in read in vt_do_kdgkb_ioctl (CVE-2020-25656)
-
kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)
-
kernel: increase slab leak leads to DoS (CVE-2021-20265)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
BUG: scheduling while atomic: memory allocation under spinlock in scsi_register_device_handler() (BZ#1619147)
-
WARNING in __iscsit_free_cmd during recovery Abort (BZ#1784540)
-
lpfc does not issue adisc to fcp-2 devices, does not respond to nvme targer that send an adisc. (BZ#1875961)
-
Panic in semctl_nolock.constprop.15+0x25b (BZ#1877264)
-
[RHEL 7.7][md]Crash due to invalid pool workqueue pointer, work queue race (BZ#1889372)
-
Guest crash on intel CPU with -cpu host,-spec-ctrl,+ibpb (BZ#1890669)
-
RHEL7.9 - kernel/uv: handle length extension properly (BZ#1899172)
-
Commit b144f013fc16a06d7a4b9a4be668a3583fafeda2 'i40e: don't report link up for a VF who hasn't enabled queues' introducing issues with VM using DPDK (BZ#1901064)
-
writing to /sys/devices/(...)/net/eno49/queues/tx-16/xps_cpus triggers kernel panic (BZ#1903819)
-
[Hyper-V][RHEL-7.9]video: hyperv_fb: Fix the cache type when mapping the VRAM Edit (BZ#1908896)
-
kvm-rhel7.9 [AMD] - system crash observed while powering on virtual machine with attached VF interfaces. (BZ#1909036)
-
kernel: nvme nvme7: Connect command failed, error wo/DNR bit: 2 (BZ#1910817)
-
dm-mirror crashes from assuming underlying storage will have a non-NULL merge_bvec_fn (BZ#1916407)
-
watchdog: use nmi registers snapshot in hardlockup handler (BZ#1916589)
-
[DELL EMC 7.9 BUG] - Intel E810 NIC interfaces are not functional in RHEL 7.9 on system with AMD Rome CPUs (BZ#1918273)
-
[DELL EMC BUG] RHEL system log shows AMD-Vi error when system connected with Gen 4 NVMe drives. (BZ#1921187)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1781821 - CVE-2019-19532 kernel: malicious USB devices can lead to multiple out-of-bounds write 1795624 - CVE-2020-7053 kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c 1862849 - CVE-2020-14351 kernel: performance counters race condition use-after-free 1877571 - CVE-2020-25211 kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c 1883988 - CVE-2020-25645 kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints 1888726 - CVE-2020-25656 kernel: use-after-free in read in vt_do_kdgkb_ioctl 1894579 - CVE-2020-25705 kernel: ICMP rate limiting can be used for DNS poisoning attack 1899804 - CVE-2020-28374 kernel: SCSI target (LIO) write to any block on ILO backstore 1901064 - Commit b144f013fc16a06d7a4b9a4be668a3583fafeda2 'i40e: don't report link up for a VF who hasn't enabled queues' introducing issues with VM using DPDK 1906525 - CVE-2020-29661 kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free 1908827 - CVE-2021-20265 kernel: increase slab leak leads to DoS 1916589 - watchdog: use nmi registers snapshot in hardlockup handler 1919893 - CVE-2020-0427 kernel: out-of-bounds reads in pinctrl subsystem.
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: kernel-3.10.0-1160.21.1.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-1160.21.1.el7.noarch.rpm kernel-doc-3.10.0-1160.21.1.el7.noarch.rpm
x86_64: bpftool-3.10.0-1160.21.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.21.1.el7.x86_64.rpm perf-3.10.0-1160.21.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: bpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.21.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: kernel-3.10.0-1160.21.1.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-1160.21.1.el7.noarch.rpm kernel-doc-3.10.0-1160.21.1.el7.noarch.rpm
x86_64: bpftool-3.10.0-1160.21.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.21.1.el7.x86_64.rpm perf-3.10.0-1160.21.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: bpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.21.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: kernel-3.10.0-1160.21.1.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-1160.21.1.el7.noarch.rpm kernel-doc-3.10.0-1160.21.1.el7.noarch.rpm
ppc64: bpftool-3.10.0-1160.21.1.el7.ppc64.rpm bpftool-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm kernel-3.10.0-1160.21.1.el7.ppc64.rpm kernel-bootwrapper-3.10.0-1160.21.1.el7.ppc64.rpm kernel-debug-3.10.0-1160.21.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm kernel-debug-devel-3.10.0-1160.21.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1160.21.1.el7.ppc64.rpm kernel-devel-3.10.0-1160.21.1.el7.ppc64.rpm kernel-headers-3.10.0-1160.21.1.el7.ppc64.rpm kernel-tools-3.10.0-1160.21.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm kernel-tools-libs-3.10.0-1160.21.1.el7.ppc64.rpm perf-3.10.0-1160.21.1.el7.ppc64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm python-perf-3.10.0-1160.21.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm
ppc64le: bpftool-3.10.0-1160.21.1.el7.ppc64le.rpm bpftool-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-debug-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-devel-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-headers-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-tools-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-1160.21.1.el7.ppc64le.rpm perf-3.10.0-1160.21.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm python-perf-3.10.0-1160.21.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm
s390x: bpftool-3.10.0-1160.21.1.el7.s390x.rpm bpftool-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm kernel-3.10.0-1160.21.1.el7.s390x.rpm kernel-debug-3.10.0-1160.21.1.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm kernel-debug-devel-3.10.0-1160.21.1.el7.s390x.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-1160.21.1.el7.s390x.rpm kernel-devel-3.10.0-1160.21.1.el7.s390x.rpm kernel-headers-3.10.0-1160.21.1.el7.s390x.rpm kernel-kdump-3.10.0-1160.21.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm kernel-kdump-devel-3.10.0-1160.21.1.el7.s390x.rpm perf-3.10.0-1160.21.1.el7.s390x.rpm perf-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm python-perf-3.10.0-1160.21.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm
x86_64: bpftool-3.10.0-1160.21.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.21.1.el7.x86_64.rpm perf-3.10.0-1160.21.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: bpftool-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1160.21.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-1160.21.1.el7.ppc64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm
ppc64le: bpftool-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-1160.21.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm
x86_64: bpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.21.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: kernel-3.10.0-1160.21.1.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-1160.21.1.el7.noarch.rpm kernel-doc-3.10.0-1160.21.1.el7.noarch.rpm
x86_64: bpftool-3.10.0-1160.21.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.21.1.el7.x86_64.rpm perf-3.10.0-1160.21.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: bpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.21.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-19532 https://access.redhat.com/security/cve/CVE-2020-0427 https://access.redhat.com/security/cve/CVE-2020-7053 https://access.redhat.com/security/cve/CVE-2020-14351 https://access.redhat.com/security/cve/CVE-2020-25211 https://access.redhat.com/security/cve/CVE-2020-25645 https://access.redhat.com/security/cve/CVE-2020-25656 https://access.redhat.com/security/cve/CVE-2020-25705 https://access.redhat.com/security/cve/CVE-2020-28374 https://access.redhat.com/security/cve/CVE-2020-29661 https://access.redhat.com/security/cve/CVE-2021-20265 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYFC579zjgjWX9erEAQirxQ/9FKZDGdDIPfGpiOwbkmMoqySgNxALO02Q mSTFgrFP/TM4sHCZxPhyuL1rbgPTVnrPKE8M/fTA2EzRQiMZud+vSy4Dvf/WwBXQ 1dStOQIJNmVohUXCRed043xJtfZxyLtteFoxhVjlVU2Eia1+f7d9t42vWQAXhtVB SuEDmitq+9dvv9S48bDJkZtSUkBvZTY9zCtjx6neqypg0j4KKwrYgr+Ui+VF3yJk xRtkw5SVhRiSFv8lBGKSkbIX9AqaoTi25HQPZ1rxB43Rjw0dxNZzlwC5LAs4LQUD mCRHZQcDaKCWmDC+bCy3g5sfETvblJfKiBF61mEOo0nTnPwyOalEciwG0bBcyrnu Bupt4OsM71s/KSK5IUA0jv6vVUy4fLL/5IfAz63XAdZD/ZMQq+hlPiB0e+8QmNDP o7rKWut+BEgqHrgtur7SNPzUIWCj7OVIZUO+7+dEMLKkIUlRQJKYudm3JUbF1M/c 9pc6DyR2pxjvbW+0pIAln+nawSt3OvCIEnwCewJuX0R/Pie09hRp/sh2xfItDcHj mYcpCz75VnMeV4tMm2JXn9HXQOqkAx/LPYtBh8ZNui6G+O3NRyTSOv4ouiT12e5r UfBBYb2KtK6VViAy83150q+qkws8nPykpeRkBukYZELtGQjpiMBwlaVTq809GShi 65tXPtffy4k= =OXZI -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 7.6) - ppc64, ppc64le, x86_64
Bug Fix(es):
-
Security patch for CVE-2020-25212 breaks directory listings via 'ls' on NFS V4.2 shares mounted with selinux enabled labels (BZ#1919144)
-
Enable CI and changelog for GitLab workflow (BZ#1930931)
Enhancement(s):
-
[Cavium 7.7 Feat] qla2xxx: Update to latest upstream. (BZ#1918534)
-
7.6) - ppc64le, x86_64
-
Description:
This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. 8) - aarch64, noarch, ppc64le, s390x, x86_64
Bug Fix(es):
-
Final fixes + drop alpha_support flag requirement for Tigerlake (BZ#1882620)
-
OVS complains Invalid Argument on TCP packets going into conntrack (BZ#1892744)
-
BUG: using smp_processor_id() in preemptible [00000000] code: handler106/3082 (BZ#1893281)
-
Icelake performance - add intel_idle: Customize IceLake server support to RHEL-8 (BZ#1897183)
-
[mlx5] IPV6 TOS rewrite flows are not getting offloaded in HW (BZ#1897688)
-
RHEL 8.3 SAS - multipathd fails to re-establish paths during controller random reset (BZ#1900112)
-
RHEL8.3 Beta - RHEL8.3 hangs on dbginfo.sh execution, crash dump generated (mm-) (BZ#1903019)
-
Win10 guest automatic reboot after migration in Win10 and WSL2 on AMD hosts (BZ#1905084)
-
block, dm: fix IO splitting for stacked devices (BZ#1905136)
-
Failed to hotplug scsi-hd disks (BZ#1905214)
-
PCI quirk needed to prevent GPU hang (BZ#1906516)
-
RHEL8.2 - various patches to stabilize the OPAL error log processing and the powernv dump processing (ESS) (BZ#1907301)
-
pmtu not working with tunnels as bridge ports and br_netfilter loaded (BZ#1907576)
-
[ThinkPad X13/T14/T14s AMD]: Kdump failed (BZ#1907775)
-
NFSv4 client improperly handles interrupted slots (BZ#1908312)
-
NFSv4.1 client ignores ERR_DELAY during LOCK recovery, could lead to data corruption (BZ#1908313)
-
[Regression] RHEL8.2 - [kernel 148.el8] cpu (sys) time regression in SAP HANA 2.0 benchmark benchInsertSubSelectPerformance (BZ#1908519)
-
RHEL8: kernel-rt: kernel BUG at kernel/sched/deadline.c:1462! (BZ#1908731)
-
SEV VM hang at efi_mokvar_sysfs_init+0xa9/0x19d during boot (BZ#1909243)
-
C6gn support requires "Ensure dirty bit is preserved across pte_wrprotect" patch (BZ#1909577)
-
[Lenovo 8.3 & 8.4 Bug] [Regression] No response from keyboard and mouse when boot from tboot kernel (BZ#1911555)
-
Kernel crash with krb5p (BZ#1912478)
-
[RHEL8] Need additional backports for FIPS 800-90A DRBG entropy seeding source (BZ#1912872)
-
[Hyper-V][RHEL-8] Request to included a commit that adds a timeout to vmbus_wait_for_unload (BZ#1913528)
-
Host becomes unresponsive during stress-ng --cyclic test rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: (BZ#1913964)
-
RHEL8.4: Backport upstream RCU patches up to v5.6 (BZ#1915638)
-
Missing mm backport to fix regression introduced by another mm backport (BZ#1915814)
-
[Hyper-V][RHEL-8]video: hyperv_fb: Fix the cache type when mapping the VRAM Edit (BZ#1917711)
-
ionic 0000:39:00.0 ens2: IONIC_CMD_Q_INIT (40) failed: IONIC_RC_ERROR (-5) (BZ#1918372)
-
[certification] mlx5_core depends on tls triggering TAINT_TECH_PREVIEW even if no ConnectX-6 card is present (BZ#1918743)
-
kvm-rhel8.3 [AMD] - system crash observed while powering on virtual machine with attached VF interfaces. (BZ#1919885)
Enhancement(s):
-
[Mellanox 8.4 FEAT] mlx5: Add messages when VF-LAG fails to start (BZ#1892344)
-
7) - aarch64, noarch, ppc64le
-
========================================================================= Ubuntu Security Notice USN-4750-1 February 25, 2021
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. A local attacker could use this to possibly cause a denial of service (system crash). (CVE-2020-27815)
Shisong Qin and Bodong Zhao discovered that Speakup screen reader driver in the Linux kernel did not correctly handle setting line discipline in some situations. A local attacker could use this to cause a denial of service (system crash). A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-28588)
Michael Kurth and Pawel Wieczorkiewicz discovered that the Xen event processing backend in the Linux kernel did not properly limit the number of events queued. An attacker in a guest VM could use this to cause a denial of service in the host OS. (CVE-2020-29568)
Olivier Benjamin and Pawel Wieczorkiewicz discovered a race condition the Xen paravirt block backend in the Linux kernel, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service in the host OS. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service. (CVE-2021-20177)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04 LTS: linux-image-5.4.0-1010-gkeop 5.4.0-1010.11 linux-image-5.4.0-1029-raspi 5.4.0-1029.32 linux-image-5.4.0-1033-kvm 5.4.0-1033.34 linux-image-5.4.0-1037-gcp 5.4.0-1037.40 linux-image-5.4.0-1038-aws 5.4.0-1038.40 linux-image-5.4.0-1038-oracle 5.4.0-1038.41 linux-image-5.4.0-1040-azure 5.4.0-1040.42 linux-image-5.4.0-66-generic 5.4.0-66.74 linux-image-5.4.0-66-generic-lpae 5.4.0-66.74 linux-image-5.4.0-66-lowlatency 5.4.0-66.74 linux-image-aws 5.4.0.1038.39 linux-image-azure 5.4.0.1040.38 linux-image-gcp 5.4.0.1037.46 linux-image-generic 5.4.0.66.69 linux-image-generic-lpae 5.4.0.66.69 linux-image-gkeop 5.4.0.1010.13 linux-image-gkeop-5.4 5.4.0.1010.13 linux-image-kvm 5.4.0.1033.31 linux-image-lowlatency 5.4.0.66.69 linux-image-oem 5.4.0.66.69 linux-image-oem-osp1 5.4.0.66.69 linux-image-oracle 5.4.0.1038.35 linux-image-raspi 5.4.0.1029.64 linux-image-raspi2 5.4.0.1029.64 linux-image-virtual 5.4.0.66.69
Ubuntu 18.04 LTS: linux-image-5.4.0-1010-gkeop 5.4.0-1010.11~18.04.1 linux-image-5.4.0-1029-raspi 5.4.0-1029.32~18.04.1 linux-image-5.4.0-1036-gke 5.4.0-1036.38~18.04.1 linux-image-5.4.0-1037-gcp 5.4.0-1037.40~18.04.1 linux-image-5.4.0-1038-aws 5.4.0-1038.40~18.04.1 linux-image-5.4.0-1038-oracle 5.4.0-1038.41~18.04.1 linux-image-5.4.0-1040-azure 5.4.0-1040.42~18.04.1 linux-image-5.4.0-66-generic 5.4.0-66.74~18.04.2 linux-image-5.4.0-66-generic-lpae 5.4.0-66.74~18.04.2 linux-image-5.4.0-66-lowlatency 5.4.0-66.74~18.04.2 linux-image-aws 5.4.0.1038.22 linux-image-azure 5.4.0.1040.20 linux-image-gcp 5.4.0.1037.24 linux-image-generic-hwe-18.04 5.4.0.66.74~18.04.61 linux-image-generic-lpae-hwe-18.04 5.4.0.66.74~18.04.61 linux-image-gke-5.4 5.4.0.1036.38~18.04.4 linux-image-gkeop-5.4 5.4.0.1010.11~18.04.11 linux-image-lowlatency-hwe-18.04 5.4.0.66.74~18.04.61 linux-image-oem 5.4.0.66.74~18.04.61 linux-image-oem-osp1 5.4.0.66.74~18.04.61 linux-image-oracle 5.4.0.1038.41~18.04.21 linux-image-raspi-hwe-18.04 5.4.0.1029.32 linux-image-snapdragon-hwe-18.04 5.4.0.66.74~18.04.61 linux-image-virtual-hwe-18.04 5.4.0.66.74~18.04.61
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. (BZ#1919886)
-
[CKI kernel builds]: x86 binaries in non-x86 kernel rpms breaks systemtap (BZ#1929909)
-
rpmbuild cannot build the userspace RPMs in the kernel package when the kernel itself is not built (BZ#1929911)
Enhancement(s):
-
[Mellanox 8.4 FEAT] mlx5: Add messages when VF-LAG fails to start (BZ#1892345)
-
Add kernel option to change cpumask for kernel threads (BZ#1915344)
4
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-1546",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.15"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "h410c",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "tekelec platform distribution",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.7.1"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.14.212"
},
{
"model": "8300",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "a400",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.20"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.9.248"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.5"
},
{
"model": "8700",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "5.4.83"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "2.6.26"
},
{
"model": "a700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "tekelec platform distribution",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.0"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.4.248"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "5.5"
},
{
"model": "fabric operating system",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": null
},
{
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.10"
},
{
"model": "solidfire baseboard management controller",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.19.163"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "5.9.14"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-29661"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "161826"
},
{
"db": "PACKETSTORM",
"id": "161837"
},
{
"db": "PACKETSTORM",
"id": "161868"
},
{
"db": "PACKETSTORM",
"id": "162028"
},
{
"db": "PACKETSTORM",
"id": "161434"
},
{
"db": "PACKETSTORM",
"id": "161250"
},
{
"db": "PACKETSTORM",
"id": "161720"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-778"
}
],
"trust": 1.3
},
"cve": "CVE-2020-29661",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-29661",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-29661",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-29661",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-778",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-29661",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-29661"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-778"
},
{
"db": "NVD",
"id": "CVE-2020-29661"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: kernel security and bug fix update\nAdvisory ID: RHSA-2021:0856-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:0856\nIssue date: 2021-03-16\nCVE Names: CVE-2019-19532 CVE-2020-0427 CVE-2020-7053 \n CVE-2020-14351 CVE-2020-25211 CVE-2020-25645 \n CVE-2020-25656 CVE-2020-25705 CVE-2020-28374 \n CVE-2020-29661 CVE-2021-20265 \n=====================================================================\n\n1. Summary:\n\nAn update for kernel is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system. \n\nSecurity Fix(es):\n\n* kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in\nnet/netfilter/nf_conntrack_netlink.c (CVE-2020-25211)\n\n* kernel: SCSI target (LIO) write to any block on ILO backstore\n(CVE-2020-28374)\n\n* kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an\nuse-after-free (CVE-2020-29661)\n\n* kernel: malicious USB devices can lead to multiple out-of-bounds write\n(CVE-2019-19532)\n\n* kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)\n\n* kernel: use-after-free in i915_ppgtt_close in\ndrivers/gpu/drm/i915/i915_gem_gtt.c (CVE-2020-7053)\n\n* kernel: performance counters race condition use-after-free\n(CVE-2020-14351)\n\n* kernel: Geneve/IPsec traffic may be unencrypted between two Geneve\nendpoints (CVE-2020-25645)\n\n* kernel: use-after-free in read in vt_do_kdgkb_ioctl (CVE-2020-25656)\n\n* kernel: ICMP rate limiting can be used for DNS poisoning attack\n(CVE-2020-25705)\n\n* kernel: increase slab leak leads to DoS (CVE-2021-20265)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* BUG: scheduling while atomic: memory allocation under spinlock in\nscsi_register_device_handler() (BZ#1619147)\n\n* WARNING in __iscsit_free_cmd during recovery Abort (BZ#1784540)\n\n* lpfc does not issue adisc to fcp-2 devices, does not respond to nvme\ntarger that send an adisc. (BZ#1875961)\n\n* Panic in semctl_nolock.constprop.15+0x25b (BZ#1877264)\n\n* [RHEL 7.7][md]Crash due to invalid pool workqueue pointer, work queue\nrace (BZ#1889372)\n\n* Guest crash on intel CPU with -cpu host,-spec-ctrl,+ibpb (BZ#1890669)\n\n* RHEL7.9 - kernel/uv: handle length extension properly (BZ#1899172)\n\n* Commit b144f013fc16a06d7a4b9a4be668a3583fafeda2 \u0027i40e: don\u0027t report link\nup for a VF who hasn\u0027t enabled queues\u0027 introducing issues with VM using\nDPDK (BZ#1901064)\n\n* writing to /sys/devices/(...)/net/eno49/queues/tx-16/xps_cpus triggers\nkernel panic (BZ#1903819)\n\n* [Hyper-V][RHEL-7.9]video: hyperv_fb: Fix the cache type when mapping the\nVRAM Edit (BZ#1908896)\n\n* kvm-rhel7.9 [AMD] - system crash observed while powering on virtual\nmachine with attached VF interfaces. (BZ#1909036)\n\n* kernel: nvme nvme7: Connect command failed, error wo/DNR bit: 2\n(BZ#1910817)\n\n* dm-mirror crashes from assuming underlying storage will have a non-NULL\nmerge_bvec_fn (BZ#1916407)\n\n* watchdog: use nmi registers snapshot in hardlockup handler (BZ#1916589)\n\n* [DELL EMC 7.9 BUG] - Intel E810 NIC interfaces are not functional in RHEL\n7.9 on system with AMD Rome CPUs (BZ#1918273)\n\n* [DELL EMC BUG] RHEL system log shows AMD-Vi error when system connected\nwith Gen 4 NVMe drives. (BZ#1921187)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1781821 - CVE-2019-19532 kernel: malicious USB devices can lead to multiple out-of-bounds write\n1795624 - CVE-2020-7053 kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c\n1862849 - CVE-2020-14351 kernel: performance counters race condition use-after-free\n1877571 - CVE-2020-25211 kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c\n1883988 - CVE-2020-25645 kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints\n1888726 - CVE-2020-25656 kernel: use-after-free in read in vt_do_kdgkb_ioctl\n1894579 - CVE-2020-25705 kernel: ICMP rate limiting can be used for DNS poisoning attack\n1899804 - CVE-2020-28374 kernel: SCSI target (LIO) write to any block on ILO backstore\n1901064 - Commit b144f013fc16a06d7a4b9a4be668a3583fafeda2 \u0027i40e: don\u0027t report link up for a VF who hasn\u0027t enabled queues\u0027 introducing issues with VM using DPDK\n1906525 - CVE-2020-29661 kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free\n1908827 - CVE-2021-20265 kernel: increase slab leak leads to DoS\n1916589 - watchdog: use nmi registers snapshot in hardlockup handler\n1919893 - CVE-2020-0427 kernel: out-of-bounds reads in pinctrl subsystem. \n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nkernel-3.10.0-1160.21.1.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-1160.21.1.el7.noarch.rpm\nkernel-doc-3.10.0-1160.21.1.el7.noarch.rpm\n\nx86_64:\nbpftool-3.10.0-1160.21.1.el7.x86_64.rpm\nbpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-devel-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-headers-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-1160.21.1.el7.x86_64.rpm\nperf-3.10.0-1160.21.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\npython-perf-3.10.0-1160.21.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nbpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-1160.21.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nkernel-3.10.0-1160.21.1.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-1160.21.1.el7.noarch.rpm\nkernel-doc-3.10.0-1160.21.1.el7.noarch.rpm\n\nx86_64:\nbpftool-3.10.0-1160.21.1.el7.x86_64.rpm\nbpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-devel-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-headers-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-1160.21.1.el7.x86_64.rpm\nperf-3.10.0-1160.21.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\npython-perf-3.10.0-1160.21.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nbpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-1160.21.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nkernel-3.10.0-1160.21.1.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-1160.21.1.el7.noarch.rpm\nkernel-doc-3.10.0-1160.21.1.el7.noarch.rpm\n\nppc64:\nbpftool-3.10.0-1160.21.1.el7.ppc64.rpm\nbpftool-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-bootwrapper-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-debug-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-debug-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-debug-devel-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-debuginfo-common-ppc64-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-devel-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-headers-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-tools-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-tools-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-tools-libs-3.10.0-1160.21.1.el7.ppc64.rpm\nperf-3.10.0-1160.21.1.el7.ppc64.rpm\nperf-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm\npython-perf-3.10.0-1160.21.1.el7.ppc64.rpm\npython-perf-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm\n\nppc64le:\nbpftool-3.10.0-1160.21.1.el7.ppc64le.rpm\nbpftool-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-bootwrapper-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-debug-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-debug-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-devel-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-headers-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-tools-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-tools-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-tools-libs-3.10.0-1160.21.1.el7.ppc64le.rpm\nperf-3.10.0-1160.21.1.el7.ppc64le.rpm\nperf-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm\npython-perf-3.10.0-1160.21.1.el7.ppc64le.rpm\npython-perf-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm\n\ns390x:\nbpftool-3.10.0-1160.21.1.el7.s390x.rpm\nbpftool-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm\nkernel-3.10.0-1160.21.1.el7.s390x.rpm\nkernel-debug-3.10.0-1160.21.1.el7.s390x.rpm\nkernel-debug-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm\nkernel-debug-devel-3.10.0-1160.21.1.el7.s390x.rpm\nkernel-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm\nkernel-debuginfo-common-s390x-3.10.0-1160.21.1.el7.s390x.rpm\nkernel-devel-3.10.0-1160.21.1.el7.s390x.rpm\nkernel-headers-3.10.0-1160.21.1.el7.s390x.rpm\nkernel-kdump-3.10.0-1160.21.1.el7.s390x.rpm\nkernel-kdump-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm\nkernel-kdump-devel-3.10.0-1160.21.1.el7.s390x.rpm\nperf-3.10.0-1160.21.1.el7.s390x.rpm\nperf-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm\npython-perf-3.10.0-1160.21.1.el7.s390x.rpm\npython-perf-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm\n\nx86_64:\nbpftool-3.10.0-1160.21.1.el7.x86_64.rpm\nbpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-devel-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-headers-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-1160.21.1.el7.x86_64.rpm\nperf-3.10.0-1160.21.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\npython-perf-3.10.0-1160.21.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nbpftool-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-debug-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-debuginfo-common-ppc64-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-tools-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-tools-libs-devel-3.10.0-1160.21.1.el7.ppc64.rpm\nperf-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm\npython-perf-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm\n\nppc64le:\nbpftool-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-debug-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-debug-devel-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-tools-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-tools-libs-devel-3.10.0-1160.21.1.el7.ppc64le.rpm\nperf-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm\npython-perf-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm\n\nx86_64:\nbpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-1160.21.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nkernel-3.10.0-1160.21.1.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-1160.21.1.el7.noarch.rpm\nkernel-doc-3.10.0-1160.21.1.el7.noarch.rpm\n\nx86_64:\nbpftool-3.10.0-1160.21.1.el7.x86_64.rpm\nbpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-devel-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-headers-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-1160.21.1.el7.x86_64.rpm\nperf-3.10.0-1160.21.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\npython-perf-3.10.0-1160.21.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nbpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-1160.21.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-19532\nhttps://access.redhat.com/security/cve/CVE-2020-0427\nhttps://access.redhat.com/security/cve/CVE-2020-7053\nhttps://access.redhat.com/security/cve/CVE-2020-14351\nhttps://access.redhat.com/security/cve/CVE-2020-25211\nhttps://access.redhat.com/security/cve/CVE-2020-25645\nhttps://access.redhat.com/security/cve/CVE-2020-25656\nhttps://access.redhat.com/security/cve/CVE-2020-25705\nhttps://access.redhat.com/security/cve/CVE-2020-28374\nhttps://access.redhat.com/security/cve/CVE-2020-29661\nhttps://access.redhat.com/security/cve/CVE-2021-20265\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYFC579zjgjWX9erEAQirxQ/9FKZDGdDIPfGpiOwbkmMoqySgNxALO02Q\nmSTFgrFP/TM4sHCZxPhyuL1rbgPTVnrPKE8M/fTA2EzRQiMZud+vSy4Dvf/WwBXQ\n1dStOQIJNmVohUXCRed043xJtfZxyLtteFoxhVjlVU2Eia1+f7d9t42vWQAXhtVB\nSuEDmitq+9dvv9S48bDJkZtSUkBvZTY9zCtjx6neqypg0j4KKwrYgr+Ui+VF3yJk\nxRtkw5SVhRiSFv8lBGKSkbIX9AqaoTi25HQPZ1rxB43Rjw0dxNZzlwC5LAs4LQUD\nmCRHZQcDaKCWmDC+bCy3g5sfETvblJfKiBF61mEOo0nTnPwyOalEciwG0bBcyrnu\nBupt4OsM71s/KSK5IUA0jv6vVUy4fLL/5IfAz63XAdZD/ZMQq+hlPiB0e+8QmNDP\no7rKWut+BEgqHrgtur7SNPzUIWCj7OVIZUO+7+dEMLKkIUlRQJKYudm3JUbF1M/c\n9pc6DyR2pxjvbW+0pIAln+nawSt3OvCIEnwCewJuX0R/Pie09hRp/sh2xfItDcHj\nmYcpCz75VnMeV4tMm2JXn9HXQOqkAx/LPYtBh8ZNui6G+O3NRyTSOv4ouiT12e5r\nUfBBYb2KtK6VViAy83150q+qkws8nPykpeRkBukYZELtGQjpiMBwlaVTq809GShi\n65tXPtffy4k=\n=OXZI\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 7.6) - ppc64, ppc64le, x86_64\n\n3. \n\nBug Fix(es):\n\n* Security patch for CVE-2020-25212 breaks directory listings via \u0027ls\u0027 on\nNFS V4.2 shares mounted with selinux enabled labels (BZ#1919144)\n\n* Enable CI and changelog for GitLab workflow (BZ#1930931)\n\nEnhancement(s):\n\n* [Cavium 7.7 Feat] qla2xxx: Update to latest upstream. (BZ#1918534)\n\n4. 7.6) - ppc64le, x86_64\n\n3. Description:\n\nThis is a kernel live patch module which is automatically loaded by the RPM\npost-install script to modify the code of a running kernel. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\nBug Fix(es):\n\n* Final fixes + drop alpha_support flag requirement for Tigerlake\n(BZ#1882620)\n\n* OVS complains Invalid Argument on TCP packets going into conntrack\n(BZ#1892744)\n\n* BUG: using smp_processor_id() in preemptible [00000000] code:\nhandler106/3082 (BZ#1893281)\n\n* Icelake performance - add intel_idle: Customize IceLake server support\nto RHEL-8 (BZ#1897183)\n\n* [mlx5] IPV6 TOS rewrite flows are not getting offloaded in HW\n(BZ#1897688)\n\n* RHEL 8.3 SAS - multipathd fails to re-establish paths during controller\nrandom reset (BZ#1900112)\n\n* RHEL8.3 Beta - RHEL8.3 hangs on dbginfo.sh execution, crash dump\ngenerated (mm-) (BZ#1903019)\n\n* Win10 guest automatic reboot after migration in Win10 and WSL2 on AMD\nhosts (BZ#1905084)\n\n* block, dm: fix IO splitting for stacked devices (BZ#1905136)\n\n* Failed to hotplug scsi-hd disks (BZ#1905214)\n\n* PCI quirk needed to prevent GPU hang (BZ#1906516)\n\n* RHEL8.2 - various patches to stabilize the OPAL error log processing and\nthe powernv dump processing (ESS) (BZ#1907301)\n\n* pmtu not working with tunnels as bridge ports and br_netfilter loaded\n(BZ#1907576)\n\n* [ThinkPad X13/T14/T14s AMD]: Kdump failed (BZ#1907775)\n\n* NFSv4 client improperly handles interrupted slots (BZ#1908312)\n\n* NFSv4.1 client ignores ERR_DELAY during LOCK recovery, could lead to data\ncorruption (BZ#1908313)\n\n* [Regression] RHEL8.2 - [kernel 148.el8] cpu (sys) time regression in SAP\nHANA 2.0 benchmark benchInsertSubSelectPerformance (BZ#1908519)\n\n* RHEL8: kernel-rt: kernel BUG at kernel/sched/deadline.c:1462!\n(BZ#1908731)\n\n* SEV VM hang at efi_mokvar_sysfs_init+0xa9/0x19d during boot (BZ#1909243)\n\n* C6gn support requires \"Ensure dirty bit is preserved across\npte_wrprotect\" patch (BZ#1909577)\n\n* [Lenovo 8.3 \u0026 8.4 Bug] [Regression] No response from keyboard and mouse\nwhen boot from tboot kernel (BZ#1911555)\n\n* Kernel crash with krb5p (BZ#1912478)\n\n* [RHEL8] Need additional backports for FIPS 800-90A DRBG entropy seeding\nsource (BZ#1912872)\n\n* [Hyper-V][RHEL-8] Request to included a commit that adds a timeout to\nvmbus_wait_for_unload (BZ#1913528)\n\n* Host becomes unresponsive during stress-ng --cyclic test rcu: INFO:\nrcu_preempt detected stalls on CPUs/tasks: (BZ#1913964)\n\n* RHEL8.4: Backport upstream RCU patches up to v5.6 (BZ#1915638)\n\n* Missing mm backport to fix regression introduced by another mm backport\n(BZ#1915814)\n\n* [Hyper-V][RHEL-8]video: hyperv_fb: Fix the cache type when mapping the\nVRAM Edit (BZ#1917711)\n\n* ionic 0000:39:00.0 ens2: IONIC_CMD_Q_INIT (40) failed: IONIC_RC_ERROR\n(-5) (BZ#1918372)\n\n* [certification] mlx5_core depends on tls triggering TAINT_TECH_PREVIEW\neven if no ConnectX-6 card is present (BZ#1918743)\n\n* kvm-rhel8.3 [AMD] - system crash observed while powering on virtual\nmachine with attached VF interfaces. (BZ#1919885)\n\nEnhancement(s):\n\n* [Mellanox 8.4 FEAT] mlx5: Add messages when VF-LAG fails to start\n(BZ#1892344)\n\n4. 7) - aarch64, noarch, ppc64le\n\n3. =========================================================================\nUbuntu Security Notice USN-4750-1\nFebruary 25, 2021\n\nlinux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp,\nlinux-gcp-5.4, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4,\nlinux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4\nvulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in the Linux kernel. A local attacker could use this to\ncause a denial of service or possibly execute arbitrary code. A local attacker\ncould use this to possibly cause a denial of service (system crash). \n(CVE-2020-27815)\n\nShisong Qin and Bodong Zhao discovered that Speakup screen reader driver in\nthe Linux kernel did not correctly handle setting line discipline in some\nsituations. A local attacker could use this to cause a denial of service\n(system crash). A local attacker\ncould use this to expose sensitive information (kernel memory). \n(CVE-2020-28588)\n\nMichael Kurth and Pawel Wieczorkiewicz discovered that the Xen event\nprocessing backend in the Linux kernel did not properly limit the number of\nevents queued. An attacker in a guest VM could use this to cause a denial\nof service in the host OS. (CVE-2020-29568)\n\nOlivier Benjamin and Pawel Wieczorkiewicz discovered a race condition the\nXen paravirt block backend in the Linux kernel, leading to a use-after-free\nvulnerability. An attacker in a guest VM could use this to cause a denial\nof service in the host OS. A local attacker could use this to cause a denial of service\n(system crash) or possibly expose sensitive information (kernel memory). A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code. A local attacker with the\nCAP_NET_ADMIN capability could use this to cause a denial of service. \n(CVE-2021-20177)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.04 LTS:\n linux-image-5.4.0-1010-gkeop 5.4.0-1010.11\n linux-image-5.4.0-1029-raspi 5.4.0-1029.32\n linux-image-5.4.0-1033-kvm 5.4.0-1033.34\n linux-image-5.4.0-1037-gcp 5.4.0-1037.40\n linux-image-5.4.0-1038-aws 5.4.0-1038.40\n linux-image-5.4.0-1038-oracle 5.4.0-1038.41\n linux-image-5.4.0-1040-azure 5.4.0-1040.42\n linux-image-5.4.0-66-generic 5.4.0-66.74\n linux-image-5.4.0-66-generic-lpae 5.4.0-66.74\n linux-image-5.4.0-66-lowlatency 5.4.0-66.74\n linux-image-aws 5.4.0.1038.39\n linux-image-azure 5.4.0.1040.38\n linux-image-gcp 5.4.0.1037.46\n linux-image-generic 5.4.0.66.69\n linux-image-generic-lpae 5.4.0.66.69\n linux-image-gkeop 5.4.0.1010.13\n linux-image-gkeop-5.4 5.4.0.1010.13\n linux-image-kvm 5.4.0.1033.31\n linux-image-lowlatency 5.4.0.66.69\n linux-image-oem 5.4.0.66.69\n linux-image-oem-osp1 5.4.0.66.69\n linux-image-oracle 5.4.0.1038.35\n linux-image-raspi 5.4.0.1029.64\n linux-image-raspi2 5.4.0.1029.64\n linux-image-virtual 5.4.0.66.69\n\nUbuntu 18.04 LTS:\n linux-image-5.4.0-1010-gkeop 5.4.0-1010.11~18.04.1\n linux-image-5.4.0-1029-raspi 5.4.0-1029.32~18.04.1\n linux-image-5.4.0-1036-gke 5.4.0-1036.38~18.04.1\n linux-image-5.4.0-1037-gcp 5.4.0-1037.40~18.04.1\n linux-image-5.4.0-1038-aws 5.4.0-1038.40~18.04.1\n linux-image-5.4.0-1038-oracle 5.4.0-1038.41~18.04.1\n linux-image-5.4.0-1040-azure 5.4.0-1040.42~18.04.1\n linux-image-5.4.0-66-generic 5.4.0-66.74~18.04.2\n linux-image-5.4.0-66-generic-lpae 5.4.0-66.74~18.04.2\n linux-image-5.4.0-66-lowlatency 5.4.0-66.74~18.04.2\n linux-image-aws 5.4.0.1038.22\n linux-image-azure 5.4.0.1040.20\n linux-image-gcp 5.4.0.1037.24\n linux-image-generic-hwe-18.04 5.4.0.66.74~18.04.61\n linux-image-generic-lpae-hwe-18.04 5.4.0.66.74~18.04.61\n linux-image-gke-5.4 5.4.0.1036.38~18.04.4\n linux-image-gkeop-5.4 5.4.0.1010.11~18.04.11\n linux-image-lowlatency-hwe-18.04 5.4.0.66.74~18.04.61\n linux-image-oem 5.4.0.66.74~18.04.61\n linux-image-oem-osp1 5.4.0.66.74~18.04.61\n linux-image-oracle 5.4.0.1038.41~18.04.21\n linux-image-raspi-hwe-18.04 5.4.0.1029.32\n linux-image-snapdragon-hwe-18.04 5.4.0.66.74~18.04.61\n linux-image-virtual-hwe-18.04 5.4.0.66.74~18.04.61\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. (BZ#1919886)\n\n* [CKI kernel builds]: x86 binaries in non-x86 kernel rpms breaks systemtap\n(BZ#1929909)\n\n* rpmbuild cannot build the userspace RPMs in the kernel package when the\nkernel itself is not built (BZ#1929911)\n\nEnhancement(s):\n\n* [Mellanox 8.4 FEAT] mlx5: Add messages when VF-LAG fails to start\n(BZ#1892345)\n\n* Add kernel option to change cpumask for kernel threads (BZ#1915344)\n\n4",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-29661"
},
{
"db": "VULMON",
"id": "CVE-2020-29661"
},
{
"db": "PACKETSTORM",
"id": "161826"
},
{
"db": "PACKETSTORM",
"id": "161552"
},
{
"db": "PACKETSTORM",
"id": "161837"
},
{
"db": "PACKETSTORM",
"id": "161868"
},
{
"db": "PACKETSTORM",
"id": "162028"
},
{
"db": "PACKETSTORM",
"id": "161434"
},
{
"db": "PACKETSTORM",
"id": "161250"
},
{
"db": "PACKETSTORM",
"id": "161553"
},
{
"db": "PACKETSTORM",
"id": "161720"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-29661",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "160681",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "164950",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2020/12/10/1",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "161868",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "161250",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.0189",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0348",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0377",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0166",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0964",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0791",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2781",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1193",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0837",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2604",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0717",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0589",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1339",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3871",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1093",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0864",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0768",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0924",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3743",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "162020",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "162878",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "161607",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "164812",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "161823",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "161710",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "162253",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "161656",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "161556",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042135",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021062111",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052006",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021092209",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202012-778",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-29661",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161826",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161552",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161837",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162028",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161434",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161553",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161720",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-29661"
},
{
"db": "PACKETSTORM",
"id": "161826"
},
{
"db": "PACKETSTORM",
"id": "161552"
},
{
"db": "PACKETSTORM",
"id": "161837"
},
{
"db": "PACKETSTORM",
"id": "161868"
},
{
"db": "PACKETSTORM",
"id": "162028"
},
{
"db": "PACKETSTORM",
"id": "161434"
},
{
"db": "PACKETSTORM",
"id": "161250"
},
{
"db": "PACKETSTORM",
"id": "161553"
},
{
"db": "PACKETSTORM",
"id": "161720"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-778"
},
{
"db": "NVD",
"id": "CVE-2020-29661"
}
]
},
"id": "VAR-202012-1546",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.625
},
"last_update_date": "2024-09-19T20:27:48.776000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Linux kernel Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=136912"
},
{
"title": "Red Hat: Important: kernel-rt security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210537 - Security Advisory"
},
{
"title": "Red Hat: Important: kernel-alt security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210354 - Security Advisory"
},
{
"title": "Red Hat: Important: kernel security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210558 - Security Advisory"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-29661 log"
},
{
"title": "Amazon Linux 2: ALAS2LIVEPATCH-2021-032",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2LIVEPATCH-2021-032"
},
{
"title": "Amazon Linux 2: ALAS2LIVEPATCH-2021-031",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2LIVEPATCH-2021-031"
},
{
"title": "Amazon Linux 2: ALAS2LIVEPATCH-2021-034",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2LIVEPATCH-2021-034"
},
{
"title": "Amazon Linux 2: ALAS2LIVEPATCH-2021-033",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2LIVEPATCH-2021-033"
},
{
"title": "IBM: Security Bulletin: There are multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=d39f316392b1adf4ca22f6ef041af00f"
},
{
"title": "Amazon Linux AMI: ALAS-2021-1477",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1477"
},
{
"title": "Amazon Linux 2: ALAS2KERNEL-5.4-2022-019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2KERNEL-5.4-2022-019"
},
{
"title": "Debian Security Advisories: DSA-4843-1 linux -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=b95030247235becf9e017bec31e9d503"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1588",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1588"
},
{
"title": "IBM: Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=e9d6f12dfd14652e2bb7e5c28ded162b"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
},
{
"title": "https://github.com/lcatro/cve_diff_checker",
"trust": 0.1,
"url": "https://github.com/lcatro/cve_diff_checker "
},
{
"title": "veracode-container-security-finding-parser",
"trust": 0.1,
"url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-29661"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-778"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-667",
"trust": 1.0
},
{
"problemtype": "CWE-416",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-29661"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/160681/linux-tiocspgrp-broken-locking.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/164950/kernel-live-patch-security-notice-lsn-0082-1.html"
},
{
"trust": 1.7,
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=54ffccbf053b5b6ca4f6e45094b942fab92a25fc"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2020/12/10/1"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20210122-0001/"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2021/dsa-4843"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29661"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/mz7oakaefaxqrgbzk4lyuwincd3d2xcl/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bob25su6xul4tnp7kb63wnzsytiyfdpp/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-29661"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/mz7oakaefaxqrgbzk4lyuwincd3d2xcl/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bob25su6xul4tnp7kb63wnzsytiyfdpp/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161710/red-hat-security-advisory-2021-0763-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0837"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0717"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-there-are-multiple-vulnerabilities-in-the-linux-kernel-used-in-ibm-elastic-storage-system-3/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/linux-kernel-use-after-free-via-tiocspgrp-34082"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161250/red-hat-security-advisory-2021-0354-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3871"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2781"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042135"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021092209"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0189/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0377/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161656/red-hat-security-advisory-2021-0719-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162878/red-hat-security-advisory-2021-2164-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1193"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1093"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162253/red-hat-security-advisory-2021-1288-01.html"
},
{
"trust": 0.6,
"url": "https://source.android.com/security/bulletin/2021-05-01"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-risk-manager-is-affected-by-multiple-vulnerabilities-4/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052006"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0589"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0864"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0964"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0348/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0924"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0768"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1339"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2604"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021062111"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0791"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164812/ubuntu-security-notice-usn-5130-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161823/red-hat-security-advisory-2021-0862-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0166/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161607/red-hat-security-advisory-2021-0689-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3743"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525030"
},
{
"trust": 0.6,
"url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-phones-202111-0000001218088197"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161556/ubuntu-security-notice-usn-4752-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161868/red-hat-security-advisory-2021-0940-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162020/red-hat-security-advisory-2021-1028-01.html"
},
{
"trust": 0.5,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14351"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-14351"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-25705"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25705"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-25211"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25211"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29660"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29568"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25669"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27815"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29569"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/667.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0537"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/lcatro/cve_diff_checker"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2/alaslivepatch-2021-032.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25645"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20265"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25656"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25656"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28374"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20265"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0427"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19532"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7053"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7053"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0856"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28374"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0427"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25645"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19532"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1093.106~16.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1085.87"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1108.120"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1065.73"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp-4.15/4.15.0-1093.106"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1079.84"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-dell300x/4.15.0-1012.16"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1096.105"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/4.15.0-136.140"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1094.101~16.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-136.140~16.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1065.73~16.04.1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4749-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29374"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1108.120~16.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1079.84"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1094.101"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24394"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25212"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25212"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0878"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24394"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0940"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1031"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0354"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1749"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15436"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15436"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1038.41"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28941"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20177"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1038.40"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gkeop-5.4/5.4.0-1010.11~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1040.42"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4750-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp-5.4/5.4.0-1037.40~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle-5.4/5.4.0-1038.41~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1037.40"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1033.34"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gke-5.4/5.4.0-1036.38~18.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28588"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi-5.4/5.4.0-1029.32~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/5.4.0-66.74"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-hwe-5.4/5.4.0-66.74~18.04.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure-5.4/5.4.0-1040.42~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1029.32"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws-5.4/5.4.0-1038.40~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1010.11"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0444"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0765"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0444"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-29661"
},
{
"db": "PACKETSTORM",
"id": "161826"
},
{
"db": "PACKETSTORM",
"id": "161552"
},
{
"db": "PACKETSTORM",
"id": "161837"
},
{
"db": "PACKETSTORM",
"id": "161868"
},
{
"db": "PACKETSTORM",
"id": "162028"
},
{
"db": "PACKETSTORM",
"id": "161434"
},
{
"db": "PACKETSTORM",
"id": "161250"
},
{
"db": "PACKETSTORM",
"id": "161553"
},
{
"db": "PACKETSTORM",
"id": "161720"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-778"
},
{
"db": "NVD",
"id": "CVE-2020-29661"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-29661"
},
{
"db": "PACKETSTORM",
"id": "161826"
},
{
"db": "PACKETSTORM",
"id": "161552"
},
{
"db": "PACKETSTORM",
"id": "161837"
},
{
"db": "PACKETSTORM",
"id": "161868"
},
{
"db": "PACKETSTORM",
"id": "162028"
},
{
"db": "PACKETSTORM",
"id": "161434"
},
{
"db": "PACKETSTORM",
"id": "161250"
},
{
"db": "PACKETSTORM",
"id": "161553"
},
{
"db": "PACKETSTORM",
"id": "161720"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-778"
},
{
"db": "NVD",
"id": "CVE-2020-29661"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-09T00:00:00",
"db": "VULMON",
"id": "CVE-2020-29661"
},
{
"date": "2021-03-17T14:14:38",
"db": "PACKETSTORM",
"id": "161826"
},
{
"date": "2021-02-25T15:30:40",
"db": "PACKETSTORM",
"id": "161552"
},
{
"date": "2021-03-17T14:26:23",
"db": "PACKETSTORM",
"id": "161837"
},
{
"date": "2021-03-19T15:39:56",
"db": "PACKETSTORM",
"id": "161868"
},
{
"date": "2021-03-30T14:30:08",
"db": "PACKETSTORM",
"id": "162028"
},
{
"date": "2021-02-16T15:45:59",
"db": "PACKETSTORM",
"id": "161434"
},
{
"date": "2021-02-02T16:11:22",
"db": "PACKETSTORM",
"id": "161250"
},
{
"date": "2021-02-25T15:30:47",
"db": "PACKETSTORM",
"id": "161553"
},
{
"date": "2021-03-09T16:10:13",
"db": "PACKETSTORM",
"id": "161720"
},
{
"date": "2020-12-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-778"
},
{
"date": "2020-12-09T17:15:31.807000",
"db": "NVD",
"id": "CVE-2020-29661"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-29661"
},
{
"date": "2023-01-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-778"
},
{
"date": "2023-11-07T03:21:33.210000",
"db": "NVD",
"id": "CVE-2020-29661"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "PACKETSTORM",
"id": "161552"
},
{
"db": "PACKETSTORM",
"id": "161553"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-778"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linux kernel Resource Management Error Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-778"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-778"
}
],
"trust": 0.6
}
}
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.