- Issued:
- 2019-09-23
- Updated:
- 2019-09-23
RHSA-2019:2862 - Important: kernel-alt security update
Synopsis
Important: kernel-alt security update
Type/Severity
Security Advisory Important
Topic
An update for kernel-alt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-alt packages provide the Linux kernel version 4.x.
Security Fix(es):
- A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for Power 9 | 7 | ppc64le |
| Red Hat Enterprise Linux for IBM System z (Structure A) | 7 | s390x |
| Red Hat Enterprise Linux for ARM 64 | 7 | aarch64 |
Updated Packages
- kernel-debug-devel-4.14.0-115.13.1.el7a.aarch64.rpm
- kernel-debug-debuginfo-4.14.0-115.13.1.el7a.s390x.rpm
- kernel-headers-4.14.0-115.13.1.el7a.s390x.rpm
- kernel-bootwrapper-4.14.0-115.13.1.el7a.ppc64le.rpm
- kernel-tools-libs-4.14.0-115.13.1.el7a.aarch64.rpm
- kernel-debuginfo-common-s390x-4.14.0-115.13.1.el7a.s390x.rpm
- kernel-headers-4.14.0-115.13.1.el7a.ppc64le.rpm
- kernel-kdump-devel-4.14.0-115.13.1.el7a.s390x.rpm
- kernel-tools-debuginfo-4.14.0-115.13.1.el7a.ppc64le.rpm
- kernel-4.14.0-115.13.1.el7a.ppc64le.rpm
- perf-debuginfo-4.14.0-115.13.1.el7a.ppc64le.rpm
- kernel-debug-debuginfo-4.14.0-115.13.1.el7a.ppc64le.rpm
- kernel-debug-debuginfo-4.14.0-115.13.1.el7a.aarch64.rpm
- kernel-devel-4.14.0-115.13.1.el7a.s390x.rpm
- python-perf-4.14.0-115.13.1.el7a.aarch64.rpm
- python-perf-debuginfo-4.14.0-115.13.1.el7a.ppc64le.rpm
- python-perf-debuginfo-4.14.0-115.13.1.el7a.s390x.rpm
- kernel-debug-4.14.0-115.13.1.el7a.ppc64le.rpm
- kernel-doc-4.14.0-115.13.1.el7a.noarch.rpm
- kernel-tools-libs-devel-4.14.0-115.13.1.el7a.aarch64.rpm
- kernel-tools-libs-devel-4.14.0-115.13.1.el7a.ppc64le.rpm
- kernel-headers-4.14.0-115.13.1.el7a.aarch64.rpm
- python-perf-debuginfo-4.14.0-115.13.1.el7a.aarch64.rpm
- kernel-abi-whitelists-4.14.0-115.13.1.el7a.noarch.rpm
- kernel-tools-libs-4.14.0-115.13.1.el7a.ppc64le.rpm
- perf-4.14.0-115.13.1.el7a.aarch64.rpm
- perf-debuginfo-4.14.0-115.13.1.el7a.s390x.rpm
- kernel-debug-devel-4.14.0-115.13.1.el7a.s390x.rpm
- kernel-4.14.0-115.13.1.el7a.aarch64.rpm
- kernel-debuginfo-common-ppc64le-4.14.0-115.13.1.el7a.ppc64le.rpm
- kernel-alt-4.14.0-115.13.1.el7a.src.rpm
- kernel-kdump-4.14.0-115.13.1.el7a.s390x.rpm
- kernel-tools-debuginfo-4.14.0-115.13.1.el7a.aarch64.rpm
- perf-4.14.0-115.13.1.el7a.ppc64le.rpm
- python-perf-4.14.0-115.13.1.el7a.ppc64le.rpm
- kernel-debuginfo-4.14.0-115.13.1.el7a.s390x.rpm
- perf-4.14.0-115.13.1.el7a.s390x.rpm
- kernel-tools-4.14.0-115.13.1.el7a.aarch64.rpm
- kernel-debug-devel-4.14.0-115.13.1.el7a.ppc64le.rpm
- kernel-devel-4.14.0-115.13.1.el7a.aarch64.rpm
- kernel-debug-4.14.0-115.13.1.el7a.s390x.rpm
- kernel-debuginfo-4.14.0-115.13.1.el7a.aarch64.rpm
- kernel-debuginfo-common-aarch64-4.14.0-115.13.1.el7a.aarch64.rpm
- kernel-kdump-debuginfo-4.14.0-115.13.1.el7a.s390x.rpm
- kernel-4.14.0-115.13.1.el7a.s390x.rpm
- python-perf-4.14.0-115.13.1.el7a.s390x.rpm
- kernel-debug-4.14.0-115.13.1.el7a.aarch64.rpm
- kernel-tools-4.14.0-115.13.1.el7a.ppc64le.rpm
- kernel-devel-4.14.0-115.13.1.el7a.ppc64le.rpm
- perf-debuginfo-4.14.0-115.13.1.el7a.aarch64.rpm
- kernel-debuginfo-4.14.0-115.13.1.el7a.ppc64le.rpm
Fixes
CVEs
References
- https://access.redhat.com/security/updates/classification/#important
- This content is not included.This content is not included.https://access.redhat.com/security/vulnerabilities/kernel-vhost
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.