Endpoint Vulnerability

RHSA-2020:4289: kernel-rt security and bug fix update (Important)

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: net: bluetooth: type confusion while processing AMP packets (CVE-2020-12351) * kernel: net: bluetooth: information leak when processing certain AMP packets (CVE-2020-12352) * kernel: metadata validator in XFS may cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt (CVE-2020-14385) * kernel: memory corruption in net/packet/af_packet.c leads to elevation of privilege (CVE-2020-14386) * kernel: kernel: buffer over write in vgacon_scroll (CVE-2020-14331) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the RHEL-8.2.z Batch#4 source tree (BZ#1877921)

Affected Products

kernel