Threat Encyclopedia

RHSA-2021:2168-Security Advisory

Description

The vulnerabilities in the following products could cause the system to become vulnerable to malicious security attack: kernel

Analysis

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: userspace applications can misuse the KVM API to cause a write of 16 bytes at an offset up to 32 GB from vcpu->run (CVE-2021-3501) kernel: nitro_enclaves stale file descriptors on failed usercopy (CVE-2021-3543) kernel: userspace applications can misuse the KVM API to cause a write of 16 bytes at an offset up to 32 GB from vcpu->run (CVE-2021-3501) kernel: nitro_enclaves stale file descriptors on failed usercopy (CVE-2021-3543) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): OVS mistakenly using local IP as tun_dst for VXLAN packets (?) (BZ#1944667) Selinux: The task calling security_set_bools() deadlocks with itself when it later calls selinux_audit_rule_match(). (BZ#1945123) [mlx5] tc flower mpls match options does not work (BZ#1952061) mlx5: missing patches for ct.rel (BZ#1952062) CT HWOL: with OVN/OVS, intermittently, load balancer hairpin TCP packets get dropped for seconds in a row (BZ#1952065) [Lenovo 8.3 bug] Blackscreen after clicking on 'Settings' icon from top-right corner. (BZ#1952900) RHEL 8.x missing uio upstream fix. (BZ#1952952) Turbostat doesn't show any measured data on AMD Milan (BZ#1952987) P620 no sound from front headset jack (BZ#1954545) RHEL kernel 8.2 and higher are affected by data corruption bug in raid1 arrays using bitmaps. (BZ#1955188) [net/sched] connection failed with DNAT + SNAT by tc action ct (BZ#1956458) OVS mistakenly using local IP as tun_dst for VXLAN packets (?) (BZ#1944667) Selinux: The task calling security_set_bools() deadlocks with itself when it later calls selinux_audit_rule_match(). (BZ#1945123) [mlx5] tc flower mpls match options does not work (BZ#1952061) mlx5: missing patches for ct.rel (BZ#1952062) CT HWOL: with OVN/OVS, intermittently, load balancer hairpin TCP packets get dropped for seconds in a row (BZ#1952065) [Lenovo 8.3 bug] Blackscreen after clicking on 'Settings' icon from top-right corner. (BZ#1952900) RHEL 8.x missing uio upstream fix. (BZ#1952952) Turbostat doesn't show any measured data on AMD Milan (BZ#1952987) P620 no sound from front headset jack (BZ#1954545) RHEL kernel 8.2 and higher are affected by data corruption bug in raid1 arrays using bitmaps. (BZ#1955188) [net/sched] connection failed with DNAT + SNAT by tc action ct (BZ#1956458) SolutionFor details on how to apply this update, which includes the changes described in this advisory, refer to:https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect.

Affected Products

kernel

CVE References

CVE-2021-3501 CVE-2021-3543