Lucene search

K
redhatRedHatRHSA-2020:2831
HistoryJul 07, 2020 - 8:14 a.m.

(RHSA-2020:2831) Important: kernel security and bug fix update

2020-07-0708:14:43
access.redhat.com
72
kernel
linux
security fix
bug fix
cve-2020-12888
bz#1840674
dos
srbds

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

EPSS

0.001

Percentile

19.4%

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario (CVE-2020-12888)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • kernel: hw: provide reporting and microcode mitigation toggle for CVE-2020-0543 / Special Register Buffer Data Sampling (SRBDS) (BZ#1840674)

Affected configurations

Vulners
Node
redhatkernel-rtRange3.10.0-1127.13.1.rt56.1110.el7
OR
redhatkernelRange3.10.0-1127.13.1.el7
OR
redhatkernelRange4.14.0-115.26.1.el7a
OR
redhatkernelRange3.10.0-327.89.1.el7
OR
redhatkernelRange3.10.0-514.78.1.el7
OR
redhatkernelRange3.10.0-693.71.2.el7
OR
redhatkernelRange3.10.0-957.56.1.el7
OR
redhatkernelRange3.10.0-1062.30.1.el7
OR
redhatkernel-rtRange4.18.0-193.13.2.rt13.65.el8_2
OR
redhatkernelRange4.18.0-193.13.2.el8_2
OR
redhatkernelRange4.18.0-80.27.1.el8_0
OR
redhatkernelRange4.18.0-147.24.2.el8_1
OR
redhatkernelRange3.10.0-957.56.1.el7
OR
redhatmicrocode_ctlRange1.17-33.26.el6_10
OR
redhatmicrocode_ctl-2Range1.17-17.31.el6_5
OR
redhatmicrocode_ctl-2Range1.17-19.29.el6_6
OR
redhatmicrocode_ctlRange2.1-61.6.el7_8
OR
redhatmicrocode_ctlRange2.1-73.11.el7_9
OR
redhatmicrocode_ctl-2Range2.1-12.30.el7_2
OR
redhatmicrocode_ctl-2Range2.1-12.39.el7_2
OR
redhatmicrocode_ctl-2Range2.1-16.33.el7_3
OR
redhatmicrocode_ctl-2Range2.1-16.42.el7_3
OR
redhatmicrocode_ctl-2Range2.1-22.32.el7_4
OR
redhatmicrocode_ctl-2Range2.1-22.41.el7_4
OR
redhatmicrocode_ctl-2Range2.1-47.23.el7_6
OR
redhatmicrocode_ctl-2Range2.1-47.14.el7_6
OR
redhatmicrocode_ctl-2Range2.1-53.9.el7_7
OR
redhatmicrocode_ctl-2Range2.1-53.18.el7_7
OR
redhatmicrocode_ctlRange20191115-4.20200602.2.el8_2
OR
redhatmicrocode_ctlRange20210216-1.20210608.1.el8_4
OR
redhatmicrocode_ctl-4Range20180807a-2.20200609.1.el8_0
OR
redhatmicrocode_ctl-4Range20190618-1.20200609.1.el8_1
OR
redhatmicrocode_ctl-4Range20190618-1.20210608.1.el8_1
OR
redhatmicrocode_ctl-4Range20191115-4.20210608.1.el8_2
AND
redhatenterprise_linuxMatch7
OR
redhatenterprise_linuxMatchnfv
OR
redhatenterprise_linuxMatch8
OR
redhatenterprise_linuxMatchhypervisor
OR
redhatenterprise_linuxMatch6
VendorProductVersionCPE
redhatkernel-rt*cpe:2.3:o:redhat:kernel-rt:*:*:*:*:*:*:*:*
redhatkernel*cpe:2.3:a:redhat:kernel:*:*:*:*:*:*:*:*
redhatmicrocode_ctl*cpe:2.3:a:redhat:microcode_ctl:*:*:*:*:*:*:*:*
redhatmicrocode_ctl-2*cpe:2.3:a:redhat:microcode_ctl-2:*:*:*:*:*:*:*:*
redhatmicrocode_ctl-4*cpe:2.3:a:redhat:microcode_ctl-4:*:*:*:*:*:*:*:*
redhatenterprise_linux7cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*
redhatenterprise_linuxnfvcpe:2.3:o:redhat:enterprise_linux:nfv:*:*:*:*:*:*:*
redhatenterprise_linux8cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*
redhatenterprise_linuxhypervisorcpe:2.3:o:redhat:enterprise_linux:hypervisor:*:*:*:*:*:*:*
redhatenterprise_linux6cpe:2.3:o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

EPSS

0.001

Percentile

19.4%