6.8 - RHSA-2019:0818

Problem Description:

An update for kernel is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974)

* Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer (CVE-2019-7221)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* rbd: avoid corruption on partially completed bios [rhel-7.6.z] (BZ#1672514)

* xfs_vm_writepages deadly embrace between kworker and user task. [rhel-7.6.z] (BZ#1673281)

* Offload Connections always get vlan priority 0 [rhel-7.6.z] (BZ#1673821)

* [NOKIA] RHEL sends flood of Neighbour Solicitations under specific conditions [rhel-7.6.z] (BZ#1677179)

* RHEL 7.6 - Host crash occurred on NVMe/IB system while running controller reset [rhel-7.6.z] (BZ#1678214)

* [rhel7] raid0 md workqueue deadlock with stacked md devices [rhel-7.6.z] (BZ#1678215)

* [PureStorage7.6]nvme disconnect following an unsuccessful Admin queue creation causes kernel panic [rhel-7.6.z] (BZ#1678216)

* RFC: Regression with -fstack-check in 'backport upstream large stack guard patch to RHEL6' patch [rhel-7.6.z] (BZ#1678221)

* [Hyper-V] [RHEL 7.6]hv_netvsc: Fix a network regression after ifdown/ifup [rhel-7.6.z] (BZ#1679997)

* rtc_cmos: probe of 00:01 failed with error -16 [rhel-7.6.z] (BZ#1683078)

* ACPI WDAT watchdog update [rhel-7.6.z] (BZ#1683079)

* high ovs-vswitchd CPU usage when VRRP over VXLAN tunnel causing qrouter fail-over [rhel-7.6.z] (BZ#1683093)

* Openshift node drops outgoing POD traffic due to NAT hashtable race in __ip_conntrack_confirm() [rhel-7.6.z] (BZ#1686766)

* [Backport] [v3,2/2] net: igmp: Allow user-space configuration of igmp unsolicited report interval [rhel-7.6.z] (BZ#1686771)

* [RHEL7.6]: Intermittently seen FIFO parity error on T6225-SO adapter [rhel-7.6.z] (BZ#1687487)

* The number of unsolict report about IGMP is incorrect [rhel-7.6.z] (BZ#1688225)

* RDT driver causing failure to boot on AMD Rome system with more than 255 CPUs [rhel-7.6.z] (BZ#1689120)

* mpt3sas_cm0: fault_state(0x2100)! [rhel-7.6.z] (BZ#1689379)

* rwsem in inconsistent state leading system to hung [rhel-7.6.z] (BZ#1690323)

Users of kernel are advised to upgrade to these updated packages, which fix these bugs.

4. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1671904 - CVE-2019-7221 Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer 1671913 - CVE-2019-6974 Kernel: KVM: potential use-after-free via kvm_ioctl_create_device()