RHSA-2020_5441
Vulnerability from csaf_redhat - Published: 2020-12-15 14:59 - Updated: 2024-11-15 08:40Summary
Red Hat Security Advisory: kernel-rt security and bug fix update
Severity
Important
Notes
Topic: An update for kernel-rt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: metadata validator in XFS may cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt (CVE-2020-14385)
* kernel: The flow_dissector feature allows device tracking (CVE-2019-18282)
* kernel: Buffer over-read in crypto_authenc_extractkeys() when a payload longer than 4 bytes is not aligned. (CVE-2020-10769)
* kernel: buffer uses out of index in ext3/4 filesystem (CVE-2020-14314)
* kernel: umask not applied on filesystem without ACL support (CVE-2020-24394)
* kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212)
* kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow (CVE-2020-25643)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* kernel-rt: update to the latest RHEL7.9.z2 source tree (BZ#1873318)
* deadlock between handle_mm_fault() and ptep_clear_flush() (BZ#1888872)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A device tracking vulnerability was found in the flow_dissector feature in the Linux kernel. This flaw occurs because the auto flowlabel of the UDP IPv6 packet relies on a 32-bit hashmd value as a secret, and jhash (instead of siphash) is used. The hashmd value remains the same starting from boot time and can be inferred by an attacker.
5.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2020:5441
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of service.
5.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2020:5441
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A memory out-of-bounds read flaw was found in the Linux kernel's ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.
5.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2020:5441
Workaround
If any directories of the partition (or image) broken, the command "e2fsck -Df .../partition-name" fixes it.
A flaw was found in the Linux kernel. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.
6.2 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2020:5441
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A vulnerability was found in NFSv4.2 in the Linux kernel, where a server fails to correctly apply umask when creating a new object on filesystem without ACL support (for example, ext4 with the "noacl" mount option). This flaw allows a local attacker with a user privilege to cause a kernel information leak problem.
7.1 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2020:5441
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in the NFSv4 implementation where when mounting a remote attacker controlled server it could return specially crafted response allow for local memory corruption and possibly privilege escalation.
7.0 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2020:5441
Workaround
While there is no known mitigation to this flaw, configuring authentication and only mounting authenticated NFSv4 servers will significantly reduce the risk of this flaw being successfully exploited.
A flaw was found in the HDLC_PPP module of the Linux kernel. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
7.2 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2020:5441
Workaround
To mitigate this issue, prevent modules hdlc_ppp, syncppp from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.
References
Acknowledgments
Red Hat
Jay Shin
redhat.com
Dr. David Alan Gilbert
Security Research Lab
ChenNan Of Chaitin
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for kernel-rt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: metadata validator in XFS may cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt (CVE-2020-14385)\n\n* kernel: The flow_dissector feature allows device tracking (CVE-2019-18282)\n\n* kernel: Buffer over-read in crypto_authenc_extractkeys() when a payload longer than 4 bytes is not aligned. (CVE-2020-10769)\n\n* kernel: buffer uses out of index in ext3/4 filesystem (CVE-2020-14314)\n\n* kernel: umask not applied on filesystem without ACL support (CVE-2020-24394)\n\n* kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212)\n\n* kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow (CVE-2020-25643)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* kernel-rt: update to the latest RHEL7.9.z2 source tree (BZ#1873318)\n\n* deadlock between handle_mm_fault() and ptep_clear_flush() (BZ#1888872)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:5441",
"url": "https://access.redhat.com/errata/RHSA-2020:5441"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1708775",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1708775"
},
{
"category": "external",
"summary": "1796360",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796360"
},
{
"category": "external",
"summary": "1853922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853922"
},
{
"category": "external",
"summary": "1869141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869141"
},
{
"category": "external",
"summary": "1874800",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1874800"
},
{
"category": "external",
"summary": "1877575",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1877575"
},
{
"category": "external",
"summary": "1879981",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879981"
},
{
"category": "external",
"summary": "1888872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1888872"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5441.json"
}
],
"title": "Red Hat Security Advisory: kernel-rt security and bug fix update",
"tracking": {
"current_release_date": "2024-11-15T08:40:54+00:00",
"generator": {
"date": "2024-11-15T08:40:54+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:5441",
"initial_release_date": "2020-12-15T14:59:20+00:00",
"revision_history": [
{
"date": "2020-12-15T14:59:20+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-12-15T14:59:20+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T08:40:54+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras_rt:7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux for Real Time (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux for Real Time (v. 7)",
"product_id": "7Server-RT-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras_rt:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product": {
"name": "kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product_id": "kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@3.10.0-1160.11.1.rt56.1145.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product": {
"name": "kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product_id": "kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug@3.10.0-1160.11.1.rt56.1145.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product": {
"name": "kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product_id": "kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-devel@3.10.0-1160.11.1.rt56.1145.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product": {
"name": "kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product_id": "kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-kvm@3.10.0-1160.11.1.rt56.1145.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product": {
"name": "kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product_id": "kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-devel@3.10.0-1160.11.1.rt56.1145.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product": {
"name": "kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product_id": "kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-kvm@3.10.0-1160.11.1.rt56.1145.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product": {
"name": "kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product_id": "kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-trace@3.10.0-1160.11.1.rt56.1145.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product": {
"name": "kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product_id": "kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-trace-devel@3.10.0-1160.11.1.rt56.1145.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product": {
"name": "kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product_id": "kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-trace-kvm@3.10.0-1160.11.1.rt56.1145.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product": {
"name": "kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product_id": "kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@3.10.0-1160.11.1.rt56.1145.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product": {
"name": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product_id": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-kvm-debuginfo@3.10.0-1160.11.1.rt56.1145.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product": {
"name": "kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product_id": "kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo@3.10.0-1160.11.1.rt56.1145.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product": {
"name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product_id": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@3.10.0-1160.11.1.rt56.1145.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product": {
"name": "kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product_id": "kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-kvm-debuginfo@3.10.0-1160.11.1.rt56.1145.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product": {
"name": "kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product_id": "kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-trace-debuginfo@3.10.0-1160.11.1.rt56.1145.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product": {
"name": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product_id": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-trace-kvm-debuginfo@3.10.0-1160.11.1.rt56.1145.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"product": {
"name": "kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"product_id": "kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@3.10.0-1160.11.1.rt56.1145.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"product": {
"name": "kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"product_id": "kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-doc@3.10.0-1160.11.1.rt56.1145.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src"
},
"product_reference": "kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"relates_to_product_reference": "7Server-NFV-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
},
"product_reference": "kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
},
"product_reference": "kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
},
"product_reference": "kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
},
"product_reference": "kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
},
"product_reference": "kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
},
"product_reference": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
},
"product_reference": "kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
},
"product_reference": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
},
"product_reference": "kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch"
},
"product_reference": "kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"relates_to_product_reference": "7Server-NFV-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
},
"product_reference": "kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
},
"product_reference": "kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
},
"product_reference": "kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
},
"product_reference": "kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
},
"product_reference": "kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
},
"product_reference": "kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time for NFV (v. 7)",
"product_id": "7Server-NFV-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
},
"product_reference": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"relates_to_product_reference": "7Server-NFV-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src as a component of Red Hat Enterprise Linux for Real Time (v. 7)",
"product_id": "7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src"
},
"product_reference": "kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"relates_to_product_reference": "7Server-RT-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)",
"product_id": "7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
},
"product_reference": "kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)",
"product_id": "7Server-RT-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
},
"product_reference": "kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)",
"product_id": "7Server-RT-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
},
"product_reference": "kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)",
"product_id": "7Server-RT-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
},
"product_reference": "kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)",
"product_id": "7Server-RT-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
},
"product_reference": "kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)",
"product_id": "7Server-RT-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
},
"product_reference": "kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)",
"product_id": "7Server-RT-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
},
"product_reference": "kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)",
"product_id": "7Server-RT-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
},
"product_reference": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)",
"product_id": "7Server-RT-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
},
"product_reference": "kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch as a component of Red Hat Enterprise Linux for Real Time (v. 7)",
"product_id": "7Server-RT-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch"
},
"product_reference": "kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"relates_to_product_reference": "7Server-RT-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)",
"product_id": "7Server-RT-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
},
"product_reference": "kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)",
"product_id": "7Server-RT-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
},
"product_reference": "kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)",
"product_id": "7Server-RT-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
},
"product_reference": "kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)",
"product_id": "7Server-RT-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
},
"product_reference": "kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)",
"product_id": "7Server-RT-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
},
"product_reference": "kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)",
"product_id": "7Server-RT-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
},
"product_reference": "kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7)",
"product_id": "7Server-RT-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
},
"product_reference": "kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"relates_to_product_reference": "7Server-RT-7.9.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-18282",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2020-01-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1796360"
}
],
"notes": [
{
"category": "description",
"text": "A device tracking vulnerability was found in the flow_dissector feature in the Linux kernel. This flaw occurs because the auto flowlabel of the UDP IPv6 packet relies on a 32-bit hashmd value as a secret, and jhash (instead of siphash) is used. The hashmd value remains the same starting from boot time and can be inferred by an attacker.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: The flow_dissector feature allows device tracking",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-NFV-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-RT-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-18282"
},
{
"category": "external",
"summary": "RHBZ#1796360",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796360"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-18282",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-18282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18282"
}
],
"release_date": "2019-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-12-15T14:59:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-NFV-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-RT-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5441"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-NFV-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-RT-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-NFV-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-RT-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: The flow_dissector feature allows device tracking"
},
{
"cve": "CVE-2020-10769",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2019-05-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1708775"
}
],
"notes": [
{
"category": "description",
"text": "A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm\u0027s module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Buffer over-read in crypto_authenc_extractkeys() when a payload longer than 4 bytes is not aligned.",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-NFV-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-RT-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10769"
},
{
"category": "external",
"summary": "RHBZ#1708775",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1708775"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10769",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10769"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10769",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10769"
}
],
"release_date": "2019-11-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-12-15T14:59:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-NFV-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-RT-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5441"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-NFV-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-RT-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-NFV-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-RT-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Buffer over-read in crypto_authenc_extractkeys() when a payload longer than 4 bytes is not aligned."
},
{
"acknowledgments": [
{
"names": [
"Jay Shin"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-14314",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2020-06-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1853922"
}
],
"notes": [
{
"category": "description",
"text": "A memory out-of-bounds read flaw was found in the Linux kernel\u0027s ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: buffer uses out of index in ext3/4 filesystem",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-NFV-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-RT-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14314"
},
{
"category": "external",
"summary": "RHBZ#1853922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853922"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14314",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14314",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14314"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5872331b3d91820e14716632ebb56b1399b34fe1",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5872331b3d91820e14716632ebb56b1399b34fe1"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-ext4/f53e246b-647c-64bb-16ec-135383c70ad7@redhat.com/T/#u",
"url": "https://lore.kernel.org/linux-ext4/f53e246b-647c-64bb-16ec-135383c70ad7@redhat.com/T/#u"
}
],
"release_date": "2020-06-05T16:45:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-12-15T14:59:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-NFV-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-RT-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5441"
},
{
"category": "workaround",
"details": "If any directories of the partition (or image) broken, the command \"e2fsck -Df .../partition-name\" fixes it.",
"product_ids": [
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-NFV-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-RT-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-NFV-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-RT-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: buffer uses out of index in ext3/4 filesystem"
},
{
"acknowledgments": [
{
"names": [
"Dr. David Alan Gilbert"
],
"organization": "redhat.com"
}
],
"cve": "CVE-2020-14385",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2020-08-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1874800"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: metadata validator in XFS may cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Only local users, including unprivileged users in a cointainer, can trigger this flaw. However, the impact could be high, especially on multi-tenant systems, because after the attack the system rendered inaccessible for some time (at least until reboot), so the impact has been increased to Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-NFV-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-RT-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14385"
},
{
"category": "external",
"summary": "RHBZ#1874800",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1874800"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14385"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14385",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14385"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f4020438fab05364018c91f7e02ebdd192085933",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f4020438fab05364018c91f7e02ebdd192085933"
}
],
"release_date": "2020-08-25T09:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-12-15T14:59:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-NFV-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-RT-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5441"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-NFV-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-RT-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-NFV-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-RT-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: metadata validator in XFS may cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt"
},
{
"cve": "CVE-2020-24394",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"discovery_date": "2020-06-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1869141"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in NFSv4.2 in the Linux kernel, where a server fails to correctly apply umask when creating a new object on filesystem without ACL support (for example, ext4 with the \"noacl\" mount option). This flaw allows a local attacker with a user privilege to cause a kernel information leak problem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: umask not applied on filesystem without ACL support",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-NFV-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-RT-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-24394"
},
{
"category": "external",
"summary": "RHBZ#1869141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869141"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-24394",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24394"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24394",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24394"
}
],
"release_date": "2020-06-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-12-15T14:59:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-NFV-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-RT-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5441"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-NFV-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-RT-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-NFV-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-RT-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: umask not applied on filesystem without ACL support"
},
{
"cve": "CVE-2020-25212",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2020-09-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1877575"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the NFSv4 implementation where when mounting a remote attacker controlled server it could return specially crafted response allow for local memory corruption and possibly privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: TOCTOU mismatch in the NFS client code",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-NFV-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-RT-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-25212"
},
{
"category": "external",
"summary": "RHBZ#1877575",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1877575"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-25212",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25212"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25212",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25212"
}
],
"release_date": "2020-09-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-12-15T14:59:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-NFV-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-RT-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5441"
},
{
"category": "workaround",
"details": "While there is no known mitigation to this flaw, configuring authentication and only mounting authenticated NFSv4 servers will significantly reduce the risk of this flaw being successfully exploited.",
"product_ids": [
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-NFV-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-RT-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-NFV-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-RT-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: TOCTOU mismatch in the NFS client code"
},
{
"acknowledgments": [
{
"names": [
"ChenNan Of Chaitin"
],
"organization": "Security Research Lab"
}
],
"cve": "CVE-2020-25643",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-09-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1879981"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the HDLC_PPP module of the Linux kernel. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is rated as a having Moderate impact, because the bug can be triggered only if PPP protocol enabled.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-NFV-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-RT-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-25643"
},
{
"category": "external",
"summary": "RHBZ#1879981",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879981"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-25643",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25643"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25643",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25643"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=66d42ed8b25b64eb63111a2b8582c5afc8bf1105",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=66d42ed8b25b64eb63111a2b8582c5afc8bf1105"
}
],
"release_date": "2020-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-12-15T14:59:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-NFV-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-RT-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5441"
},
{
"category": "workaround",
"details": "To mitigate this issue, prevent modules hdlc_ppp, syncppp from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.",
"product_ids": [
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-NFV-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-RT-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-NFV-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-NFV-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-NFV-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.src",
"7Server-RT-7.9.Z:kernel-rt-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-doc-0:3.10.0-1160.11.1.rt56.1145.el7.noarch",
"7Server-RT-7.9.Z:kernel-rt-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-devel-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64",
"7Server-RT-7.9.Z:kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.11.1.rt56.1145.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…