Security Vulnerabilities fixed in kpatch-patch-4_18_0 RHSA-2021:4122

description-logoDescription

This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): kernel: use-after-free in drivers/infiniband/core/ucma.c ctx use-after-free (CVE-2020-36385) kernel: out-of-bounds write due to a heap buffer overflow in __hidinput_change_resolution_multipliers() of hid-input.c (CVE-2021-0512) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. SolutionFor details on how to apply this update, which includes the changes described in this advisory, refer to:https://access.redhat.com/articles/11258

affected-products-logoAffected Applications

kpatch-patch-4_18_0

CVE References

CVE-2021-0512 CVE-2020-36385