Lucene search

K
redhatRedHatRHSA-2020:0740
HistoryMar 09, 2020 - 1:16 p.m.

(RHSA-2020:0740) Important: kernel-alt security and bug fix update

2020-03-0913:16:17
access.redhat.com
135

CVSS2

8.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.012

Percentile

84.9%

The kernel-alt packages provide the Linux kernel version 4.x.

Security Fix(es):

  • kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666)

  • kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871)

  • kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459)

  • kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460)

  • kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884)

  • kernel: powerpc: local user can read vector registers of other users’ processes via a Facility Unavailable exception (CVE-2019-15030)

  • kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916)

  • kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c (CVE-2019-18805)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • lpfc: NVMe/FC target test machine rhel-storage-62 crashes on boot when connected to FC switch (BZ#1623205)

  • kernel BUG at fs/nfs_common/grace.c:107! (BZ#1637543)

  • RHEL-Alt-7.6 - Need a fix for kernel bug cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias() (BZ#1711934)

  • Backport “fs/dcache.c: add cond_resched() in shrink_dentry_list()” (32785c0539b7) [rhel-alt-7.6.z] (BZ#1758861)

  • [RHEL-ALT-7.6.z][arm64] iommu/iova: Fix tracking of recently failed iova address (BZ#1780500)

CVSS2

8.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.012

Percentile

84.9%