Endpoint Vulnerability

RHSA-2020:4286: kernel security and bug fix update (Important)

Description

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: net: bluetooth: type confusion while processing AMP packets (CVE-2020-12351) * kernel: net: bluetooth: information leak when processing certain AMP packets (CVE-2020-12352) * kernel: metadata validator in XFS may cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt (CVE-2020-14385) * kernel: memory corruption in net/packet/af_packet.c leads to elevation of privilege (CVE-2020-14386) * kernel: kernel: buffer over write in vgacon_scroll (CVE-2020-14331) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [mlx5] stale ethtool steering rules remain after moving back to legacy mode (BZ#1857777) * 50% cpu in masked_flow_update with pop to pod TCP_RR (BZ#1859216) * take into account GSO and fragmented packets in execute_check_pkt_len action (BZ#1860169) * RHEL8.1 - scsi: ibmvfc: Avoid loss of all paths during SVC node reboot (BZ#1866371) * RHEL8.3 Pre-Beta - smc: SMC connections hang with later-level implementations (BZ#1866390) * Incorrect pinning of IRQ threads on isolated CPUs by drivers that use cpumask_local_spread() (BZ#1867174) * [RHEL8] Fixes for DEADLINE scheduler class (BZ#1867612) * RHEL8.1 - s390/pci: Fix unexpected write combine on resource (BZ#1869276) * dm multipath: fix spurious failures during IO completion [EIOP-8345] (BZ#1869386) * IO on virtio-scsi hangs when running cpu hotplug test (BZ#1869779) * store_rps_map doesn't accept an empty bitmask, which is required for disabling RPS on a queue (BZ#1870181) * Memory registration cache data corruption possible, fix requires backporting (BZ#1872424) * fix another case of wait list corruption for PSM/sdma (BZ#1872766) * [RHEL-8] Segmentation fault (core dumped) when fi_bw -e msg -v -T 1 -p 'verbs' (BZ#1872771) * fix mounting and inode number handling on s390x (BZ#1875787) * failure to enter nohz_full mode for non SCHED_FIFO tasks (BZ#1877417) * Secure boot key is not loaded with kernel-4.18.0-232.el8.x86_64 / shim-x64-15-15 (BZ#1877528) * [RHEL-8.3] Kdump failed to start when secure boot enabled: kexec_file_load failed: Required key not available (BZ#1877530) * [RHEL-8.3] Kdump/kexec kernel panicked on EFI boot: general protection fault: 0000 [#1] SMP PTI (BZ#1879988) * Sleeping or scheduling after sched_cpu_dying() led to 'scheduling while atomic' and BUG at kernel/cpu.c:907! (BZ#1880081) * [conntrack] udp packet reverse NAT occasionally fail when race condition request combination with the DNAT load balancing rules (BZ#1882095) * [Regression] RHEL8.3 Beta - Do not initiate shutdown for EPOW_SHUTDOWN_ON_UPS event (BZ#1882243)

Affected Products

kernel