Lucene search

K
centosCentOS ProjectCESA-2021:2314
HistoryJun 14, 2021 - 6:52 p.m.

bpftool, kernel, perf, python security update

2021-06-1418:52:13
CentOS Project
lists.centos.org
134

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

32.7%

CentOS Errata and Security Advisory CESA-2021:2314

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: Integer overflow in Intel® Graphics Drivers (CVE-2020-12362)

  • kernel: Use after free via PI futex state (CVE-2021-3347)

  • kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)

  • kernel: Improper input validation in some Intel® Graphics Drivers (CVE-2020-12363)

  • kernel: Null pointer dereference in some Intel® Graphics Drivers (CVE-2020-12364)

  • kernel: Speculation on pointer arithmetic against bpf_context pointer (CVE-2020-27170)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • kernel crash when call the timer function (sctp_generate_proto_unreach_event) of sctp module (BZ#1707184)

  • SCSI error handling process on HP P440ar controller gets stuck indefinitely in device reset operation (BZ#1830268)

  • netfilter: reproducible deadlock on nft_log module autoload (BZ#1858329)

  • netfilter: NULL pointer dereference in nf_tables_set_lookup() (BZ#1873171)

  • [DELL EMC 7.9 Bug]: No acpi_pad threads on top command for “power cap policy equal to 0 watts” (BZ#1883174)

  • A race between i40e_ndo_set_vf_mac() and i40e_vsi_clear() in the i40e driver causes a use after free condition of the kmalloc-4096 slab cache. (BZ#1886003)

  • netxen driver performs poorly with RT kernel (BZ#1894274)

  • gendisk->disk_part_tbl->last_lookup retains pointer after partition deletion (BZ#1898596)

  • Kernel experiences panic in update_group_power() due to division error even with Bug 1701115 fix (BZ#1910763)

  • RHEL7.9 - zfcp: fix handling of FCP_RESID_OVER bit in fcp ingress path (BZ#1917839)

  • RHEL7.9 - mm/THP: do not access vma->vm_mm after calling handle_userfault (BZ#1917840)

  • raid: wrong raid io account (BZ#1927106)

  • qla2x00_status_cont_entry() missing upstream patch that prevents unnecessary ABRT/warnings (BZ#1933784)

  • RHEL 7.9.z - System hang caused by workqueue stall in qla2xxx driver (BZ#1937945)

  • selinux: setsebool can trigger a deadlock (BZ#1939091)

  • [Hyper-V][RHEL-7] Cannot boot kernel 3.10.0-1160.21.1.el7.x86_64 on Hyper-V (BZ#1941841)

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2021-June/086128.html

Affected packages:
bpftool
kernel
kernel-abi-whitelists
kernel-debug
kernel-debug-devel
kernel-devel
kernel-doc
kernel-headers
kernel-tools
kernel-tools-libs
kernel-tools-libs-devel
perf
python-perf

Upstream details at:
https://access.redhat.com/errata/RHSA-2021:2314

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

32.7%