alsa-2021:0558
Vulnerability from osv_almalinux
Published
2021-02-16 07:36
Modified
2023-09-15 13:41
Summary
Important: kernel security, bug fix, and enhancement update
Details

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)

  • kernel: performance counters race condition use-after-free (CVE-2020-14351)

  • kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Final fixes + drop alpha_support flag requirement for Tigerlake (BZ#1882620)

  • OVS complains Invalid Argument on TCP packets going into conntrack (BZ#1892744)

  • BUG: using smp_processor_id() in preemptible [00000000] code: handler106/3082 (BZ#1893281)

  • Icelake performance - add intel_idle: Customize IceLake server support to AlmaLinux-8 (BZ#1897183)

  • [mlx5] IPV6 TOS rewrite flows are not getting offloaded in HW (BZ#1897688)

  • AlmaLinux 8.3 SAS - multipathd fails to re-establish paths during controller random reset (BZ#1900112)

  • AlmaLinux8.3 Beta - AlmaLinux8.3 hangs on dbginfo.sh execution, crash dump generated (mm-) (BZ#1903019)

  • Win10 guest automatic reboot after migration in Win10 and WSL2 on AMD hosts (BZ#1905084)

  • block, dm: fix IO splitting for stacked devices (BZ#1905136)

  • Failed to hotplug scsi-hd disks (BZ#1905214)

  • PCI quirk needed to prevent GPU hang (BZ#1906516)

  • AlmaLinux8.2 - various patches to stabilize the OPAL error log processing and the powernv dump processing (ESS) (BZ#1907301)

  • pmtu not working with tunnels as bridge ports and br_netfilter loaded (BZ#1907576)

  • [ThinkPad X13/T14/T14s AMD]: Kdump failed (BZ#1907775)

  • NFSv4 client improperly handles interrupted slots (BZ#1908312)

  • NFSv4.1 client ignores ERR_DELAY during LOCK recovery, could lead to data corruption (BZ#1908313)

  • [Regression] AlmaLinux8.2 - [kernel 148.el8] cpu (sys) time regression in SAP HANA 2.0 benchmark benchInsertSubSelectPerformance (BZ#1908519)

  • AlmaLinux8: kernel-rt: kernel BUG at kernel/sched/deadline.c:1462! (BZ#1908731)

  • SEV VM hang at efi_mokvar_sysfs_init+0xa9/0x19d during boot (BZ#1909243)

  • C6gn support requires "Ensure dirty bit is preserved across pte_wrprotect" patch (BZ#1909577)

  • [Lenovo 8.3 & 8.4 Bug] [Regression] No response from keyboard and mouse when boot from tboot kernel (BZ#1911555)

  • Kernel crash with krb5p (BZ#1912478)

  • [AlmaLinux8] Need additional backports for FIPS 800-90A DRBG entropy seeding source (BZ#1912872)

  • [Hyper-V][AlmaLinux-8] Request to included a commit that adds a timeout to vmbus_wait_for_unload (BZ#1913528)

  • Host becomes unresponsive during stress-ng --cyclic test rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: (BZ#1913964)

  • AlmaLinux8.4: Backport upstream RCU patches up to v5.6 (BZ#1915638)

  • Missing mm backport to fix regression introduced by another mm backport (BZ#1915814)

  • [Hyper-V][AlmaLinux-8]video: hyperv_fb: Fix the cache type when mapping the VRAM Edit (BZ#1917711)

  • ionic 0000:39:00.0 ens2: IONIC_CMD_Q_INIT (40) failed: IONIC_RC_ERROR (-5) (BZ#1918372)

  • [certification] mlx5_core depends on tls triggering TAINT_TECH_PREVIEW even if no ConnectX-6 card is present (BZ#1918743)

  • kvm-almalinux8.3 [AMD] - system crash observed while powering on virtual machine with attached VF interfaces. (BZ#1919885)

Enhancement(s):

  • [Mellanox 8.4 FEAT] mlx5: Add messages when VF-LAG fails to start (BZ#1892344)
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-tools-libs-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-240.15.1.el8_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\n* kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n* kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Final fixes + drop alpha_support flag requirement for Tigerlake (BZ#1882620)\n\n* OVS complains Invalid Argument on TCP packets going into conntrack (BZ#1892744)\n\n* BUG: using smp_processor_id() in preemptible [00000000] code: handler106/3082 (BZ#1893281)\n\n* Icelake performance - add  intel_idle: Customize IceLake server support  to AlmaLinux-8 (BZ#1897183)\n\n* [mlx5] IPV6 TOS rewrite flows are not getting offloaded in HW (BZ#1897688)\n\n* AlmaLinux 8.3 SAS - multipathd fails to re-establish paths during controller random reset (BZ#1900112)\n\n* AlmaLinux8.3 Beta - AlmaLinux8.3 hangs on dbginfo.sh execution, crash dump generated (mm-) (BZ#1903019)\n\n* Win10 guest automatic reboot after migration in Win10 and WSL2 on AMD hosts (BZ#1905084)\n\n* block, dm: fix IO splitting for stacked devices (BZ#1905136)\n\n* Failed to hotplug scsi-hd disks (BZ#1905214)\n\n* PCI quirk needed to prevent GPU hang (BZ#1906516)\n\n* AlmaLinux8.2 - various patches to stabilize the OPAL error log processing and the powernv dump processing (ESS) (BZ#1907301)\n\n* pmtu not working with tunnels as bridge ports and br_netfilter loaded (BZ#1907576)\n\n* [ThinkPad X13/T14/T14s AMD]: Kdump failed (BZ#1907775)\n\n* NFSv4 client improperly handles interrupted slots (BZ#1908312)\n\n* NFSv4.1 client ignores ERR_DELAY during LOCK recovery, could lead to data corruption (BZ#1908313)\n\n* [Regression] AlmaLinux8.2 - [kernel 148.el8] cpu (sys) time regression in SAP HANA 2.0 benchmark benchInsertSubSelectPerformance (BZ#1908519)\n\n* AlmaLinux8: kernel-rt: kernel BUG at kernel/sched/deadline.c:1462! (BZ#1908731)\n\n* SEV VM hang at efi_mokvar_sysfs_init+0xa9/0x19d during boot (BZ#1909243)\n\n* C6gn support requires \"Ensure dirty bit is preserved across pte_wrprotect\" patch (BZ#1909577)\n\n* [Lenovo 8.3 \u0026 8.4 Bug] [Regression] No response from keyboard and mouse when boot from tboot kernel (BZ#1911555)\n\n* Kernel crash with krb5p (BZ#1912478)\n\n* [AlmaLinux8] Need additional backports for FIPS 800-90A DRBG entropy seeding source (BZ#1912872)\n\n* [Hyper-V][AlmaLinux-8] Request to included a commit that adds a timeout to vmbus_wait_for_unload (BZ#1913528)\n\n* Host becomes unresponsive during stress-ng --cyclic test rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: (BZ#1913964)\n\n* AlmaLinux8.4: Backport upstream RCU patches up to v5.6 (BZ#1915638)\n\n* Missing mm backport to fix regression introduced by another mm backport (BZ#1915814)\n\n* [Hyper-V][AlmaLinux-8]video: hyperv_fb: Fix the cache type when mapping the VRAM Edit (BZ#1917711)\n\n* ionic 0000:39:00.0 ens2: IONIC_CMD_Q_INIT (40) failed: IONIC_RC_ERROR (-5) (BZ#1918372)\n\n* [certification] mlx5_core depends on tls triggering TAINT_TECH_PREVIEW even if no ConnectX-6 card is present (BZ#1918743)\n\n* kvm-almalinux8.3 [AMD] - system crash observed while powering on virtual machine with attached VF interfaces. (BZ#1919885)\n\nEnhancement(s):\n\n* [Mellanox 8.4 FEAT] mlx5: Add messages when VF-LAG fails to start (BZ#1892344)",
  "id": "ALSA-2021:0558",
  "modified": "2023-09-15T13:41:48Z",
  "published": "2021-02-16T07:36:08Z",
  "references": [
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14351"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-25705"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-29661"
    }
  ],
  "related": [
    "CVE-2020-29661",
    "CVE-2020-14351",
    "CVE-2020-25705"
  ],
  "summary": "Important: kernel security, bug fix, and enhancement update"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.