[ALSA-2021:1578] Important: kernel security, bug fix, and enhancement update
Type:
security
Severity:
important
Release date:
2021-05-18
Description:
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362) * kernel: memory leak in sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c (CVE-2019-18811) * kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver (CVE-2019-19523) * kernel: use-after-free bug caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver (CVE-2019-19528) * kernel: possible out of bounds write in kbd_keycode of keyboard.c (CVE-2020-0431) * kernel: DoS by corrupting mountpoint reference counter (CVE-2020-12114) * kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c (CVE-2020-12464) * kernel: buffer uses out of index in ext3/4 filesystem (CVE-2020-14314) * kernel: Use After Free vulnerability in cgroup BPF component (CVE-2020-14356) * kernel: NULL pointer dereference in serial8250_isa_init_ports function in drivers/tty/serial/8250/8250_core.c (CVE-2020-15437) * kernel: umask not applied on filesystem without ACL support (CVE-2020-24394) * kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212) * kernel: incomplete permission checking for access to rbd devices (CVE-2020-25284) * kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c (CVE-2020-25285) * kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow (CVE-2020-25643) * kernel: perf_event_parse_addr_filter memory (CVE-2020-25704) * kernel: use-after-free in kernel midi subsystem (CVE-2020-27786) * kernel: child process is able to access parent mm through hfi dev file handle (CVE-2020-27835) * kernel: slab-out-of-bounds read in fbcon (CVE-2020-28974) * kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent (CVE-2020-35508) * kernel: fuse: fuse_do_getattr() calls make_bad_inode() in inappropriate situations (CVE-2020-36322) * kernel: use after free in tun_get_user of tun.c could lead to local escalation of privilege (CVE-2021-0342) * kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c (CVE-2020-11608) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages:
  • bpftool-4.18.0-305.el8.x86_64.rpm
  • kernel-4.18.0-305.el8.x86_64.rpm
  • kernel-abi-stablelists-4.18.0-305.el8.noarch.rpm
  • kernel-core-4.18.0-305.el8.x86_64.rpm
  • kernel-cross-headers-4.18.0-305.el8.x86_64.rpm
  • kernel-debug-4.18.0-305.el8.x86_64.rpm
  • kernel-debug-core-4.18.0-305.el8.x86_64.rpm
  • kernel-debug-devel-4.18.0-305.el8.x86_64.rpm
  • kernel-debug-modules-4.18.0-305.el8.x86_64.rpm
  • kernel-debug-modules-extra-4.18.0-305.el8.x86_64.rpm
  • kernel-devel-4.18.0-305.el8.x86_64.rpm
  • kernel-doc-4.18.0-305.el8.noarch.rpm
  • kernel-headers-4.18.0-305.el8.x86_64.rpm
  • kernel-modules-4.18.0-305.el8.x86_64.rpm
  • kernel-modules-extra-4.18.0-305.el8.x86_64.rpm
  • kernel-tools-4.18.0-305.el8.x86_64.rpm
  • kernel-tools-libs-4.18.0-305.el8.x86_64.rpm
  • kernel-tools-libs-devel-4.18.0-305.el8.x86_64.rpm
  • perf-4.18.0-305.el8.x86_64.rpm
  • python3-perf-4.18.0-305.el8.x86_64.rpm
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.