Issued:

2020-04-16

Updated:

2020-04-16

RHSA-2020:1493 - Important: kernel-alt security and bug fix update

Synopsis

Important: kernel-alt security and bug fix update

Type/Severity

Security Advisory Important

Topic

An update for kernel-alt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-alt packages provide the Linux kernel version 4.x.

Security Fix(es):

• kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)

• kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901)

• kernel: triggering AP to send IAPP location updates for stations before the required authentication process has completed can lead to DoS (CVE-2019-5108)

• kernel: powerpc: local user can read vector registers of other users' processes via an interrupt (CVE-2019-15031)

• kernel: out-of-bounds array access in __xfrm_policy_unlink (CVE-2019-15666)

• kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash (CVE-2019-15099)

• kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound applications (CVE-2019-19922)

• kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c (CVE-2019-20054)

• kernel: memory leak in mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c (CVE-2019-20095)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• rhel-alt-76z bsd process accounting(acct(2)) does not work (BZ#1763618)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

Updated Packages

• kernel-debug-4.14.0-115.19.1.el7a.aarch64.rpm
• kernel-debug-debuginfo-4.14.0-115.19.1.el7a.ppc64le.rpm
• kernel-bootwrapper-4.14.0-115.19.1.el7a.ppc64le.rpm
• kernel-tools-libs-4.14.0-115.19.1.el7a.ppc64le.rpm
• kernel-debug-4.14.0-115.19.1.el7a.s390x.rpm
• kernel-debug-debuginfo-4.14.0-115.19.1.el7a.s390x.rpm
• kernel-debuginfo-4.14.0-115.19.1.el7a.s390x.rpm
• kernel-debuginfo-common-ppc64le-4.14.0-115.19.1.el7a.ppc64le.rpm
• kernel-4.14.0-115.19.1.el7a.aarch64.rpm
• kernel-tools-4.14.0-115.19.1.el7a.ppc64le.rpm
• perf-4.14.0-115.19.1.el7a.aarch64.rpm
• perf-debuginfo-4.14.0-115.19.1.el7a.ppc64le.rpm
• kernel-headers-4.14.0-115.19.1.el7a.aarch64.rpm
• perf-4.14.0-115.19.1.el7a.s390x.rpm
• perf-debuginfo-4.14.0-115.19.1.el7a.s390x.rpm
• python-perf-4.14.0-115.19.1.el7a.s390x.rpm
• python-perf-debuginfo-4.14.0-115.19.1.el7a.aarch64.rpm
• kernel-kdump-devel-4.14.0-115.19.1.el7a.s390x.rpm
• kernel-debuginfo-common-aarch64-4.14.0-115.19.1.el7a.aarch64.rpm
• kernel-debug-debuginfo-4.14.0-115.19.1.el7a.aarch64.rpm
• kernel-tools-libs-devel-4.14.0-115.19.1.el7a.ppc64le.rpm
• kernel-debug-4.14.0-115.19.1.el7a.ppc64le.rpm
• python-perf-debuginfo-4.14.0-115.19.1.el7a.s390x.rpm
• perf-debuginfo-4.14.0-115.19.1.el7a.aarch64.rpm
• python-perf-4.14.0-115.19.1.el7a.aarch64.rpm
• kernel-debuginfo-4.14.0-115.19.1.el7a.aarch64.rpm
• kernel-devel-4.14.0-115.19.1.el7a.s390x.rpm
• kernel-tools-debuginfo-4.14.0-115.19.1.el7a.ppc64le.rpm
• kernel-4.14.0-115.19.1.el7a.ppc64le.rpm
• kernel-debug-devel-4.14.0-115.19.1.el7a.ppc64le.rpm
• kernel-debuginfo-common-s390x-4.14.0-115.19.1.el7a.s390x.rpm
• kernel-kdump-4.14.0-115.19.1.el7a.s390x.rpm
• kernel-kdump-debuginfo-4.14.0-115.19.1.el7a.s390x.rpm
• kernel-tools-4.14.0-115.19.1.el7a.aarch64.rpm
• kernel-tools-debuginfo-4.14.0-115.19.1.el7a.aarch64.rpm
• kernel-debuginfo-4.14.0-115.19.1.el7a.ppc64le.rpm
• kernel-devel-4.14.0-115.19.1.el7a.ppc64le.rpm
• kernel-devel-4.14.0-115.19.1.el7a.aarch64.rpm
• perf-4.14.0-115.19.1.el7a.ppc64le.rpm
• python-perf-4.14.0-115.19.1.el7a.ppc64le.rpm
• kernel-tools-libs-4.14.0-115.19.1.el7a.aarch64.rpm
• kernel-tools-libs-devel-4.14.0-115.19.1.el7a.aarch64.rpm
• kernel-headers-4.14.0-115.19.1.el7a.s390x.rpm
• kernel-4.14.0-115.19.1.el7a.s390x.rpm
• kernel-abi-whitelists-4.14.0-115.19.1.el7a.noarch.rpm
• kernel-debug-devel-4.14.0-115.19.1.el7a.aarch64.rpm
• kernel-headers-4.14.0-115.19.1.el7a.ppc64le.rpm
• kernel-doc-4.14.0-115.19.1.el7a.noarch.rpm
• kernel-alt-4.14.0-115.19.1.el7a.src.rpm
• kernel-debug-devel-4.14.0-115.19.1.el7a.s390x.rpm
• python-perf-debuginfo-4.14.0-115.19.1.el7a.ppc64le.rpm

Fixes

• This content is not included.BZ - 1743560
• This content is not included.BZ - 1747334
• This content is not included.BZ - 1760063
• This content is not included.BZ - 1773519
• This content is not included.BZ - 1774870
• This content is not included.BZ - 1789927
• This content is not included.BZ - 1790063
• This content is not included.BZ - 1791954
• This content is not included.BZ - 1792512

CVEs

• CVE-2019-5108
• CVE-2019-14895
• CVE-2019-14901
• CVE-2019-15031
• CVE-2019-15099
• CVE-2019-15666
• CVE-2019-19922
• CVE-2019-20054
• CVE-2019-20095

References

• https://access.redhat.com/security/updates/classification/#important

Additional information

• The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
• Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.