Lucene search

K
redhatRedHatRHSA-2020:0204
HistoryJan 22, 2020 - 9:05 p.m.

(RHSA-2020:0204) Important: kernel security and bug fix update

2020-01-2221:05:58
access.redhat.com
67

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.966

Percentile

99.6%

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207)

  • hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)

  • kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)

  • hw: Intel GPU blitter manipulation can allow for arbitrary kernel memory write (CVE-2019-0155)

  • Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900)

  • Kernel: page cache side channel attacks (CVE-2019-5489)

  • hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506)

  • kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c (CVE-2019-10126)

  • kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)

  • Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)

  • kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901)

  • hw: Intel GPU Denial Of Service while accessing MMIO in lower power state (CVE-2019-0154)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Backport TCP follow-up for small buffers (BZ#1739184)

  • TCP performance regression after CVE-2019-11478 bug fix (BZ#1743170)

  • RHEL8.0 - bnx2x link down, caused by transmit timeouts during load test (Marvell/Cavium/QLogic) (L3:) (BZ#1743548)

  • block: blk-mq improvement (BZ#1780567)

  • RHEL8.0 - Regression to RHEL7.6 by changing force_latency found during RHEL8.0 validation for SAP HANA on POWER (BZ#1781111)

  • blk-mq: overwirte performance drops on real MQ device (BZ#1782183)

  • RHEL8: creating vport takes lot of memory i.e 2GB per vport which leads to drain out system memory quickly. (BZ#1782705)

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.966

Percentile

99.6%