8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
39.6%
CentOS Errata and Security Advisory CESA-2021:3801
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks (CVE-2021-22543)
kernel: powerpc: KVM guest OS users can cause host OS memory corruption (CVE-2021-37576)
kernel: SVM nested virtualization issue in KVM (AVIC support) (CVE-2021-3653)
kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE) (CVE-2021-3656)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
Kernel panic due to double fault with DLM reporting for socket error “sk_err=32/0” (BZ#1834878)
“MFW indication via attention” message getting logged frequently after every 5 minutes (BZ#1854544)
lpfc fails to discovery in pt2pt with “2754 PRLI failure DID:0000EF Status:x9/x91e00, data: x0” (BZ#1922479)
pcpu_get_vm_areas using most memory from VmallocUsed (BZ#1970618)
RHEL 7.9.z [qedf driver] Racing condition between qedf_cleanup_fcport and releasing command after timeout (BZ#1982702)
[Azure] RHEL 7.9 reports GPU/IB topology incorrectly on some Azure SKUs (BZ#1984128)
[stable guest ABI]Hot add CPU after migration cause guest hang (BZ#1991856)
i40e driver crash at RIP: i40e_config_vf_promiscuous_mode+0x165 (BZ#1993850)
[nfs] Performance issue since commit 5a4f6f11951e (BZ#1995649)
[kernel] Indefinite waiting for RCU callback while removing cgroup (BZ#2000973)
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2021-November/086189.html
Affected packages:
bpftool
kernel
kernel-abi-whitelists
kernel-debug
kernel-debug-devel
kernel-devel
kernel-doc
kernel-headers
kernel-tools
kernel-tools-libs
kernel-tools-libs-devel
perf
python-perf
Upstream details at:
https://access.redhat.com/errata/RHSA-2021:3801
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 7 | x86_64 | bpftool | < 3.10.0-1160.45.1.el7 | bpftool-3.10.0-1160.45.1.el7.x86_64.rpm |
CentOS | 7 | x86_64 | kernel | < 3.10.0-1160.45.1.el7 | kernel-3.10.0-1160.45.1.el7.x86_64.rpm |
CentOS | 7 | noarch | kernel-abi-whitelists | < 3.10.0-1160.45.1.el7 | kernel-abi-whitelists-3.10.0-1160.45.1.el7.noarch.rpm |
CentOS | 7 | x86_64 | kernel-debug | < 3.10.0-1160.45.1.el7 | kernel-debug-3.10.0-1160.45.1.el7.x86_64.rpm |
CentOS | 7 | x86_64 | kernel-debug-devel | < 3.10.0-1160.45.1.el7 | kernel-debug-devel-3.10.0-1160.45.1.el7.x86_64.rpm |
CentOS | 7 | x86_64 | kernel-devel | < 3.10.0-1160.45.1.el7 | kernel-devel-3.10.0-1160.45.1.el7.x86_64.rpm |
CentOS | 7 | noarch | kernel-doc | < 3.10.0-1160.45.1.el7 | kernel-doc-3.10.0-1160.45.1.el7.noarch.rpm |
CentOS | 7 | x86_64 | kernel-headers | < 3.10.0-1160.45.1.el7 | kernel-headers-3.10.0-1160.45.1.el7.x86_64.rpm |
CentOS | 7 | x86_64 | kernel-tools | < 3.10.0-1160.45.1.el7 | kernel-tools-3.10.0-1160.45.1.el7.x86_64.rpm |
CentOS | 7 | x86_64 | kernel-tools-libs | < 3.10.0-1160.45.1.el7 | kernel-tools-libs-3.10.0-1160.45.1.el7.x86_64.rpm |
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
39.6%