Lucene search

K
redhatRedHatRHSA-2020:1984
HistoryApr 30, 2020 - 12:36 p.m.

(RHSA-2020:1984) Moderate: kernel security and bug fix update

2020-04-3012:36:29
access.redhat.com
113
linux kernel
spectre-rsb
mitigation
bug fix
usb controller
deadlock
cpu offline
graphics driver
memory leak
nmi
numa_nod
auditing
openshift node
cifs
dm-multipath

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

30.1%

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: powerpc: incomplete Spectre-RSB mitigation leads to information exposure (CVE-2019-18660)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • [Stratus 7.6 Bug] Deadlock on hcd->bandwidth_mutex when usb controller fails during initialization (BZ#1764528)

  • RHEL7.7 Snapshot5 - retry when cpu offline races with migration (BZ#1766094)

  • Slow console output with ast (Aspeed) graphics driver (BZ#1780147)

  • RHEL7.7 - qeth: add safeguards to RX data path (BZ#1792248)

  • ‘soft lockup’ events during unmount of container file system due to bloated dentry cache / memory cgroup slab cache reclaim not available in RHEL7 (BZ#1796358)

  • [GSS] Can’t access the mount point due to possible blocking of i/o on rbd (BZ#1796435)

  • [xfstests]: copy_file_range cause corruption on rhel-7 (BZ#1797967)

  • kernel: UAF in cdev_put() when a PTP device is removed while its chardev is open (BZ#1798395)

  • [HPE 7.8 Bug] RHEL7.8 kernel may ignore NMI from ilo (BZ#1798397)

  • [HPEMC RHEL 7.7 RHEL 7.8 REGRESSION] kernel not populating numa_nod in /sys/devices… for PMEM (BZ#1801697)

  • Unable to exclude files from auditing (BZ#1806429)

  • DNAT’d packet is not unmangled upon reply on openshift node (BZ#1806446)

  • port show-kabi to python3 (BZ#1806929)

  • top shows super high loads when tuned profile realtime-virtual-host is applied (BZ#1808029)

  • Backport CIFS stale ESTALE handling and dentry revalidation patches (BZ#1811053)

  • Observed a memory leak while using dm-multipath (BZ#1812936)

  • dm-multipath high load backport incorrect (BZ#1814536)

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

30.1%