9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.3 High
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:C/I:C/A:C
0.012 Low
EPSS
Percentile
84.6%
The kernel-alt packages provide the Linux kernel version 4.x.
Security Fix(es):
kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666)
kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871)
kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459)
kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460)
kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884)
kernel: powerpc: local user can read vector registers of other users’ processes via a Facility Unavailable exception (CVE-2019-15030)
kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916)
kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c (CVE-2019-18805)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
lpfc: NVMe/FC target test machine rhel-storage-62 crashes on boot when connected to FC switch (BZ#1623205)
kernel BUG at fs/nfs_common/grace.c:107! (BZ#1637543)
RHEL-Alt-7.6 - Need a fix for kernel bug cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias() (BZ#1711934)
Backport “fs/dcache.c: add cond_resched() in shrink_dentry_list()” (32785c0539b7) [rhel-alt-7.6.z] (BZ#1758861)
[RHEL-ALT-7.6.z][arm64] iommu/iova: Fix tracking of recently failed iova address (BZ#1780500)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | aarch64 | kernel-debuginfo | < 4.14.0-115.18.1.el7a | kernel-debuginfo-4.14.0-115.18.1.el7a.aarch64.rpm |
RedHat | 7 | s390x | kernel-devel | < 4.14.0-115.18.1.el7a | kernel-devel-4.14.0-115.18.1.el7a.s390x.rpm |
RedHat | 7 | aarch64 | perf | < 4.14.0-115.18.1.el7a | perf-4.14.0-115.18.1.el7a.aarch64.rpm |
RedHat | 7 | aarch64 | kernel-tools-libs-devel | < 4.14.0-115.18.1.el7a | kernel-tools-libs-devel-4.14.0-115.18.1.el7a.aarch64.rpm |
RedHat | 7 | s390x | kernel-debuginfo | < 4.14.0-115.18.1.el7a | kernel-debuginfo-4.14.0-115.18.1.el7a.s390x.rpm |
RedHat | 7 | ppc64le | kernel-devel | < 4.14.0-115.18.1.el7a | kernel-devel-4.14.0-115.18.1.el7a.ppc64le.rpm |
RedHat | 7 | aarch64 | kernel-debug | < 4.14.0-115.18.1.el7a | kernel-debug-4.14.0-115.18.1.el7a.aarch64.rpm |
RedHat | 7 | s390x | kernel-headers | < 4.14.0-115.18.1.el7a | kernel-headers-4.14.0-115.18.1.el7a.s390x.rpm |
RedHat | 7 | ppc64le | perf | < 4.14.0-115.18.1.el7a | perf-4.14.0-115.18.1.el7a.ppc64le.rpm |
RedHat | 7 | ppc64le | kernel-tools-debuginfo | < 4.14.0-115.18.1.el7a | kernel-tools-debuginfo-4.14.0-115.18.1.el7a.ppc64le.rpm |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.3 High
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:C/I:C/A:C
0.012 Low
EPSS
Percentile
84.6%