6.1 - RHSA-2019:0831

Problem Description:

An update for kernel-alt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le

3. Description:

The kernel-alt packages provide the Linux kernel version 4.x.

Security Fix(es):

* kernel: lack of check for mmap minimum address in expand_downwards in mm/mmap.c leads to NULL pointer dereferences exploit on non-SMAP platforms (CVE-2019-9213)

* kernel: use-after-free in ucma_leave_multicast in drivers/infiniband/core/ucma.c (CVE-2018-14734)

* kernel: Unprivileged users able to inspect kernel stacks of arbitrary tasks (CVE-2018-17972)

* kernel: TLB flush happens too late on mremap (CVE-2018-18281)

* kernel: Type confusion in drivers/tty/n_tty.c allows for a denial of service (CVE-2018-18386)

* kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397)

* kernel: Integer overflow in the alarm_timer_nsleep function (CVE-2018-13053)

* kernel: NULL pointer dereference in xfs_da_shrink_inode function (CVE-2018-13094)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* Failed to boot with ftrace=function in kvm with 2vcpu (BZ#1501024)

* [ALT-7.5][x86_64] perf test 63 - inet_pton fails on x86_64 (BZ#1518836)

* BUG: potential out-of-bounds string access when forcing a SELinux label on a file (BZ#1595706)

* stack out-of-bounds in smb{2,3}_create_lease_buf() on SMB2/SMB3 mounts (BZ#1598757)

* [ALT-7.6][KVM][PANIC] ltp/lite proc01 - Unable to handle kernel paging request at virtual address ffff7fe000200018 (BZ#1623193)

* Kernel lock up due to read/write lock (BZ#1636261)

* [RHEL-ALT] Fix potential Spectre v1 in tty code (BZ#1639679)

* [Huawei AArch64 7.6 Bug] HNS3: Vlan on HNS3 NIC cannot communicate (BZ#1639713)

* [RHEL7.6-ALT][AWS] backport "nvme: update timeout module parameter type" (BZ#1654958)

* ignore STABLE_FLAG of rmap_item->address in rmap_walk_ksm (BZ#1663565)

* RHEL-Alt-7.6 - kernel: zcrypt: fix specification exception on z196 at ap probe (BZ#1670018)

* [Huawei AArch64 7.6 Bug] Flock over NFSv3 failed (BZ#1670650)

* [Huawei AArch64 7.6/7.6-z Bug] HNS3: if a single transmit packet(skb) has more than 8 frags, will cause the NIC to be unavailable (BZ#1677643)

* krb5{,i,p} doesn't work with older enctypes on aarch64 (BZ#1678922)

Users of kernel are advised to upgrade to these updated packages, which fix these bugs.

4. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1597747 - CVE-2018-13053 kernel: Integer overflow in the alarm_timer_nsleep function 1597771 - CVE-2018-13094 kernel: NULL pointer dereference in xfs_da_shrink_inode function 1611005 - CVE-2018-14734 kernel: use-after-free in ucma_leave_multicast in drivers/infiniband/core/ucma.c 1636349 - CVE-2018-17972 kernel: Unprivileged users able to inspect kernel stacks of arbitrary tasks 1640598 - CVE-2018-18386 kernel: Type confusion in drivers/tty/n_tty.c allows for a denial of service 1641548 - CVE-2018-18397 kernel: userfaultfd bypasses tmpfs file permissions 1645121 - CVE-2018-18281 kernel: TLB flush happens too late on mremap 1686136 - CVE-2019-9213 kernel: lack of check for mmap minimum address in expand_downwards in mm/mmap.c leads to NULL pointer dereferences exploit on non-SMAP platforms