Lucene search

K
centosCentOS ProjectCESA-2020:3220
HistoryJul 30, 2020 - 12:08 a.m.

bpftool, kernel, perf, python security update

2020-07-3000:08:16
CentOS Project
lists.centos.org
363

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

56.0%

CentOS Errata and Security Advisory CESA-2020:3220

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: kernel: DAX hugepages not considered during mremap (CVE-2020-10757)

  • kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c (CVE-2020-12653)

  • kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c (CVE-2020-12654)

  • kernel: use-after-free caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver (CVE-2019-19527)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • RHEL7.7 - scsi: ibmvfc: Avoid loss of all paths during SVC node reboot (BZ#1830889)

  • [DELL EMC 7.8 BUG bnxt_en] Error messages related to hwrm observed for BCM 57504 under dmesg in RHEL 7.8 (BZ#1834190)

  • kernel: provide infrastructure to support dual-signing of the kernel (foundation to help address CVE-2020-10713) (BZ#1837429)

  • RHEL7.7 - Request: retrofit kernel commit f82b4b6 to RHEL 7.7/7.8 3.10 kernels. (BZ#1838602)

  • kipmi thread high CPU consumption when performing BMC firmware upgrade (BZ#1841825)

  • RHEL7.7 - virtio-blk: fix hw_queue stopped on arbitrary error (kvm) (BZ#1842994)

  • rhel 7 infinite blocked waiting on inode_dio_wait in nfs (BZ#1845520)

  • http request is taking more time for endpoint running on different host via nodeport service (BZ#1847333)

  • ext4: change LRU to round-robin in extent status tree shrinker (BZ#1847343)

  • libaio is returning duplicate events (BZ#1850055)

  • After upgrade to 3.9.89 pod containers with CPU limits fail to start due to cgroup error (BZ#1850500)

  • Fix dpdk regression introduced by bz1837297 (BZ#1852245)

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2020-July/085904.html

Affected packages:
bpftool
kernel
kernel-abi-whitelists
kernel-debug
kernel-debug-devel
kernel-devel
kernel-doc
kernel-headers
kernel-tools
kernel-tools-libs
kernel-tools-libs-devel
perf
python-perf

Upstream details at:
https://access.redhat.com/errata/RHSA-2020:3220

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

56.0%