ID

VAR-201909-0695

CVE

CVE-2019-14835

TITLE

Linux Kernel Vulnerable to classic buffer overflow

DESCRIPTION

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. Linux Kernel Contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. 6.5) - x86_64 3. (CVE-2019-14835) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The following packages have been upgraded to a later upstream version: redhat-release-virtualization-host (4.3.5), redhat-virtualization-host (4.3.5). ========================================================================== Kernel Live Patch Security Notice 0058-1 October 22, 2019 linux vulnerability ========================================================================== A security issue affects these releases of Ubuntu: | Series | Base kernel | Arch | flavors | |------------------+--------------+----------+------------------| | Ubuntu 18.04 LTS | 4.15.0 | amd64 | aws | | Ubuntu 18.04 LTS | 4.15.0 | amd64 | generic | | Ubuntu 18.04 LTS | 4.15.0 | amd64 | lowlatency | | Ubuntu 18.04 LTS | 4.15.0 | amd64 | oem | | Ubuntu 18.04 LTS | 5.0.0 | amd64 | azure | | Ubuntu 14.04 LTS | 4.4.0 | amd64 | generic | | Ubuntu 14.04 LTS | 4.4.0 | amd64 | lowlatency | | Ubuntu 16.04 LTS | 4.4.0 | amd64 | aws | | Ubuntu 16.04 LTS | 4.4.0 | amd64 | generic | | Ubuntu 16.04 LTS | 4.4.0 | amd64 | lowlatency | | Ubuntu 16.04 LTS | 4.15.0 | amd64 | azure | | Ubuntu 16.04 LTS | 4.15.0 | amd64 | generic | | Ubuntu 16.04 LTS | 4.15.0 | amd64 | lowlatency | Summary: Several security issues were fixed in the kernel. Software Description: - linux: Linux kernel Details: It was discovered that a race condition existed in the GFS2 file system in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2016-10905) It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-20856) It was discovered that the USB gadget Midi driver in the Linux kernel contained a double-free vulnerability when handling certain error conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-20961) It was discovered that the XFS file system in the Linux kernel did not properly handle mount failures in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2018-20976) It was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not did not handle detach operations correctly, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-21008) It was discovered that the Intel Wi-Fi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (Wi-Fi disconnect). (CVE-2019-0136) It was discovered that the Linux kernel on ARM processors allowed a tracing process to modify a syscall after a seccomp decision had been made on that syscall. A local attacker could possibly use this to bypass seccomp restrictions. (CVE-2019-2054) It was discovered that an integer overflow existed in the Binder implementation of the Linux kernel, leading to a buffer overflow. A local attacker could use this to escalate privileges. (CVE-2019-2181) It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846) It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126) It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207) Jonathan Looney discovered that an integer overflow existed in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service (system crash). (CVE-2019-11477) Jonathan Looney discovered that the TCP retransmission queue implementation in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (CVE-2019-11478) It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833) It was discovered that the PowerPC dlpar implementation in the Linux kernel did not properly check for allocation errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12614) It was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14283) It was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14284) Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14814) Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14815) Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14816) Matt Delco discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform bounds checking when handling coalesced MMIO write operations. A local attacker with write access to /dev/kvm could use this to cause a denial of service (system crash). (CVE-2019-14821) Peter Pi discovered a buffer overflow in the virtio network backend (vhost_net) implementation in the Linux kernel. (CVE-2019-14835) Update instructions: The problem can be corrected by updating your livepatches to the following versions: | Kernel | Version | flavors | |--------------------------+----------+--------------------------| | 4.4.0-148.174 | 58.1 | lowlatency, generic | | 4.4.0-148.174~14.04.1 | 58.1 | lowlatency, generic | | 4.4.0-150.176 | 58.1 | generic, lowlatency | | 4.4.0-150.176~14.04.1 | 58.1 | lowlatency, generic | | 4.4.0-151.178 | 58.1 | lowlatency, generic | | 4.4.0-151.178~14.04.1 | 58.1 | generic, lowlatency | | 4.4.0-154.181 | 58.1 | lowlatency, generic | | 4.4.0-154.181~14.04.1 | 58.1 | generic, lowlatency | | 4.4.0-157.185 | 58.1 | lowlatency, generic | | 4.4.0-157.185~14.04.1 | 58.1 | generic, lowlatency | | 4.4.0-159.187 | 58.1 | lowlatency, generic | | 4.4.0-159.187~14.04.1 | 58.1 | generic, lowlatency | | 4.4.0-161.189 | 58.1 | lowlatency, generic | | 4.4.0-161.189~14.04.1 | 58.1 | lowlatency, generic | | 4.4.0-164.192 | 58.1 | lowlatency, generic | | 4.4.0-164.192~14.04.1 | 58.1 | lowlatency, generic | | 4.4.0-165.193 | 58.1 | generic, lowlatency | | 4.4.0-1083.93 | 58.1 | aws | | 4.4.0-1084.94 | 58.1 | aws | | 4.4.0-1085.96 | 58.1 | aws | | 4.4.0-1087.98 | 58.1 | aws | | 4.4.0-1088.99 | 58.1 | aws | | 4.4.0-1090.101 | 58.1 | aws | | 4.4.0-1092.103 | 58.1 | aws | | 4.4.0-1094.105 | 58.1 | aws | | 4.15.0-50.54 | 58.1 | generic, lowlatency | | 4.15.0-50.54~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-51.55 | 58.1 | generic, lowlatency | | 4.15.0-51.55~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-52.56 | 58.1 | lowlatency, generic | | 4.15.0-52.56~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-54.58 | 58.1 | generic, lowlatency | | 4.15.0-54.58~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-55.60 | 58.1 | generic, lowlatency | | 4.15.0-58.64 | 58.1 | generic, lowlatency | | 4.15.0-58.64~16.04.1 | 58.1 | lowlatency, generic | | 4.15.0-60.67 | 58.1 | lowlatency, generic | | 4.15.0-60.67~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-62.69 | 58.1 | generic, lowlatency | | 4.15.0-62.69~16.04.1 | 58.1 | lowlatency, generic | | 4.15.0-64.73 | 58.1 | generic, lowlatency | | 4.15.0-64.73~16.04.1 | 58.1 | lowlatency, generic | | 4.15.0-65.74 | 58.1 | lowlatency, generic | | 4.15.0-1038.43 | 58.1 | oem | | 4.15.0-1039.41 | 58.1 | aws | | 4.15.0-1039.44 | 58.1 | oem | | 4.15.0-1040.42 | 58.1 | aws | | 4.15.0-1041.43 | 58.1 | aws | | 4.15.0-1043.45 | 58.1 | aws | | 4.15.0-1043.48 | 58.1 | oem | | 4.15.0-1044.46 | 58.1 | aws | | 4.15.0-1045.47 | 58.1 | aws | | 4.15.0-1045.50 | 58.1 | oem | | 4.15.0-1047.49 | 58.1 | aws | | 4.15.0-1047.51 | 58.1 | azure | | 4.15.0-1048.50 | 58.1 | aws | | 4.15.0-1049.54 | 58.1 | azure | | 4.15.0-1050.52 | 58.1 | aws | | 4.15.0-1050.55 | 58.1 | azure | | 4.15.0-1050.57 | 58.1 | oem | | 4.15.0-1051.53 | 58.1 | aws | | 4.15.0-1051.56 | 58.1 | azure | | 4.15.0-1052.57 | 58.1 | azure | | 4.15.0-1055.60 | 58.1 | azure | | 4.15.0-1056.61 | 58.1 | azure | | 4.15.0-1056.65 | 58.1 | oem | | 4.15.0-1057.62 | 58.1 | azure | | 4.15.0-1057.66 | 58.1 | oem | | 4.15.0-1059.64 | 58.1 | azure | | 5.0.0-1014.14~18.04.1 | 58.1 | azure | | 5.0.0-1016.17~18.04.1 | 58.1 | azure | | 5.0.0-1018.19~18.04.1 | 58.1 | azure | | 5.0.0-1020.21~18.04.1 | 58.1 | azure | Support Information: Kernels older than the levels listed below do not receive livepatch updates. Please upgrade your kernel as soon as possible. | Series | Version | Flavors | |------------------+------------------+--------------------------| | Ubuntu 18.04 LTS | 4.15.0-1039 | aws | | Ubuntu 16.04 LTS | 4.4.0-1083 | aws | | Ubuntu 18.04 LTS | 5.0.0-1000 | azure | | Ubuntu 16.04 LTS | 4.15.0-1047 | azure | | Ubuntu 18.04 LTS | 4.15.0-50 | generic lowlatency | | Ubuntu 16.04 LTS | 4.15.0-50 | generic lowlatency | | Ubuntu 14.04 LTS | 4.4.0-148 | generic lowlatency | | Ubuntu 18.04 LTS | 4.15.0-1038 | oem | | Ubuntu 16.04 LTS | 4.4.0-148 | generic lowlatency | References: CVE-2016-10905, CVE-2018-20856, CVE-2018-20961, CVE-2018-20976, CVE-2018-21008, CVE-2019-0136, CVE-2019-2054, CVE-2019-2181, CVE-2019-3846, CVE-2019-10126, CVE-2019-10207, CVE-2019-11477, CVE-2019-11478, CVE-2019-11833, CVE-2019-12614, CVE-2019-14283, CVE-2019-14284, CVE-2019-14814, CVE-2019-14815, CVE-2019-14816, CVE-2019-14821, CVE-2019-14835 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce . CVE-2019-14821 Matt Delco reported a race condition in KVM's coalesced MMIO facility, which could lead to out-of-bounds access in the kernel. CVE-2019-14835 Peter Pi of Tencent Blade Team discovered a missing bounds check in vhost_net, the network back-end driver for KVM hosts, leading to a buffer overflow when the host begins live migration of a VM. CVE-2019-15117 Hui Peng and Mathias Payer reported a missing bounds check in the usb-audio driver's descriptor parsing code, leading to a buffer over-read. CVE-2019-15118 Hui Peng and Mathias Payer reported unbounded recursion in the usb-audio driver's descriptor parsing code, leading to a stack overflow. On the amd64 architecture, and on the arm64 architecture in buster, this is mitigated by a guard page on the kernel stack, so that it is only possible to cause a crash. CVE-2019-15902 Brad Spengler reported that a backporting error reintroduced a spectre-v1 vulnerability in the ptrace subsystem in the ptrace_get_debugreg() function. For the oldstable distribution (stretch), these problems have been fixed in version 4.9.189-3+deb9u1. For the stable distribution (buster), these problems have been fixed in version 4.19.67-2+deb10u1. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl2K5xlfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Sj8xAAnBGWzlmy5RyQe8VCE3kkMpwmH/00I5IFpjTbAVvyHzKVYl96YbY1YuAP ID++cBxBElWCQriwCESc5Um/BGpOMmTa3VlkXIVy6uHgwt1Hn+ZW/syFaGt0/brW eKIecVQLyZaV7OOx4Q+J9H5WN1FNKoV3BCsfUFlRqNCUtYQ46X7pN+gyytW4KbZo AEbPkEdUhv2Z6ndq8Z/OJ5cyYms+OonEt08e2qcN0Ig+qRY9l3fgSn/X3tKQiuJj jGKPkd0VYrFzfDKekcboIBZyegahReRe4k+V8I+o/acuQJGR1cV/qCGxboFFI2+s WeSUhaVixP+7HLXyRljFBdvXlAnx/IajEPG+RAVt6zZs1yK+8bVIhai5TarcwbF3 DWQZvpAeLaKgIN4x7s7xDHNJzO9Ea9fhXm/9T1AoaO3wdN2zjOYHLG3YO4TF0PpF rYY9t17uNdAuCxPeQWCciDOiNQVbEmr3+al/78m2VZcBYEI2s1E9fgQJV21rRlv+ fEavwX9OJg6GKcW9v6cyegyf4gfTvjyzIP/rcmn55hiQ9vjVNykkoNUES5Do6sTb /pSSRuUpJtEE+6LnnqbdD0E6l8SC6zgA/+Pu/7BrACxlk9bhYFmVaAwbPPEuRgrz 3d87MB8FEHu4RDGSgomb849wuAXnEVDwM034VtURUSEAXVFQ0dY=Wqdv -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2019:2864-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2864 Issue date: 2019-09-23 CVE Names: CVE-2019-14835 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.6) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.6) - ppc64, ppc64le, x86_64 3. (CVE-2019-14835) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1750727 - CVE-2019-14835 kernel: vhost-net: guest to host kernel escape during migration 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.6): Source: kernel-3.10.0-957.35.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-957.35.2.el7.noarch.rpm kernel-doc-3.10.0-957.35.2.el7.noarch.rpm x86_64: bpftool-3.10.0-957.35.2.el7.x86_64.rpm kernel-3.10.0-957.35.2.el7.x86_64.rpm kernel-debug-3.10.0-957.35.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-957.35.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.35.2.el7.x86_64.rpm kernel-devel-3.10.0-957.35.2.el7.x86_64.rpm kernel-headers-3.10.0-957.35.2.el7.x86_64.rpm kernel-tools-3.10.0-957.35.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-957.35.2.el7.x86_64.rpm perf-3.10.0-957.35.2.el7.x86_64.rpm perf-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm python-perf-3.10.0-957.35.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6): x86_64: kernel-debug-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.35.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-957.35.2.el7.x86_64.rpm perf-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.6): Source: kernel-3.10.0-957.35.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-957.35.2.el7.noarch.rpm kernel-doc-3.10.0-957.35.2.el7.noarch.rpm ppc64: kernel-3.10.0-957.35.2.el7.ppc64.rpm kernel-bootwrapper-3.10.0-957.35.2.el7.ppc64.rpm kernel-debug-3.10.0-957.35.2.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-957.35.2.el7.ppc64.rpm kernel-debug-devel-3.10.0-957.35.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-957.35.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-957.35.2.el7.ppc64.rpm kernel-devel-3.10.0-957.35.2.el7.ppc64.rpm kernel-headers-3.10.0-957.35.2.el7.ppc64.rpm kernel-tools-3.10.0-957.35.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-957.35.2.el7.ppc64.rpm kernel-tools-libs-3.10.0-957.35.2.el7.ppc64.rpm perf-3.10.0-957.35.2.el7.ppc64.rpm perf-debuginfo-3.10.0-957.35.2.el7.ppc64.rpm python-perf-3.10.0-957.35.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-957.35.2.el7.ppc64.rpm ppc64le: kernel-3.10.0-957.35.2.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-957.35.2.el7.ppc64le.rpm kernel-debug-3.10.0-957.35.2.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-957.35.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-957.35.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-957.35.2.el7.ppc64le.rpm kernel-devel-3.10.0-957.35.2.el7.ppc64le.rpm kernel-headers-3.10.0-957.35.2.el7.ppc64le.rpm kernel-tools-3.10.0-957.35.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-957.35.2.el7.ppc64le.rpm kernel-tools-libs-3.10.0-957.35.2.el7.ppc64le.rpm perf-3.10.0-957.35.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-957.35.2.el7.ppc64le.rpm python-perf-3.10.0-957.35.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-957.35.2.el7.ppc64le.rpm s390x: kernel-3.10.0-957.35.2.el7.s390x.rpm kernel-debug-3.10.0-957.35.2.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-957.35.2.el7.s390x.rpm kernel-debug-devel-3.10.0-957.35.2.el7.s390x.rpm kernel-debuginfo-3.10.0-957.35.2.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-957.35.2.el7.s390x.rpm kernel-devel-3.10.0-957.35.2.el7.s390x.rpm kernel-headers-3.10.0-957.35.2.el7.s390x.rpm kernel-kdump-3.10.0-957.35.2.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-957.35.2.el7.s390x.rpm kernel-kdump-devel-3.10.0-957.35.2.el7.s390x.rpm perf-3.10.0-957.35.2.el7.s390x.rpm perf-debuginfo-3.10.0-957.35.2.el7.s390x.rpm python-perf-3.10.0-957.35.2.el7.s390x.rpm python-perf-debuginfo-3.10.0-957.35.2.el7.s390x.rpm x86_64: bpftool-3.10.0-957.35.2.el7.x86_64.rpm kernel-3.10.0-957.35.2.el7.x86_64.rpm kernel-debug-3.10.0-957.35.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-957.35.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.35.2.el7.x86_64.rpm kernel-devel-3.10.0-957.35.2.el7.x86_64.rpm kernel-headers-3.10.0-957.35.2.el7.x86_64.rpm kernel-tools-3.10.0-957.35.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-957.35.2.el7.x86_64.rpm perf-3.10.0-957.35.2.el7.x86_64.rpm perf-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm python-perf-3.10.0-957.35.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.6): ppc64: kernel-debug-debuginfo-3.10.0-957.35.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-957.35.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-957.35.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-957.35.2.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-957.35.2.el7.ppc64.rpm perf-debuginfo-3.10.0-957.35.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-957.35.2.el7.ppc64.rpm ppc64le: kernel-debug-debuginfo-3.10.0-957.35.2.el7.ppc64le.rpm kernel-debug-devel-3.10.0-957.35.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-957.35.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-957.35.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-957.35.2.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-957.35.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-957.35.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-957.35.2.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.35.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-957.35.2.el7.x86_64.rpm perf-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-14835 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/kernel-vhost 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXYivj9zjgjWX9erEAQg9iw/6AiSBlimEJBilI4YaU4OMnj6QLpkgPcZv pcXpXjUNS1ckzq5N0ndvDSB1VofK+gCrQscTdOr3Ab+O5fLL+NGgKSC3PDdfnMjM wCQSZkT8j5ZdA0Yl9h0/iqX4i23vbVtjsiTfOdYl591XccoA1MUXDnEHJ+7w5sd3 Ui1tMcfqqGHIHN3S17wfMsnT6gKX1pRvva3E6dB6aGwGWM+ahkQAM27RUzXjM3Yp ZC8Jy+T6jsEFGwQbb/33GHAgWJ9w8eu1DywxyuSmHTCnLv8pX6rRSWDGxwXEcskv eENBocsedY78oEUsF+9IiFrdq3R8Af7A4xVIqbqkRPTQqB4y8peIhbJJUkXQBjNV XNplz+RGFYrVJH7tZZHEzGKebYbFUomXbq3N7wc2V7WDz9kW8CStgd+KjRUa730s TY38a+ff3N1DP+wRRL9Bu4Dv89qLL+dHUvdv6WNBSULM6uuADe4BLjr25F8CL57w qzWCyYwo5VbJwDW0RFAWj828bqrQics1ICuY5SAmaX9AIQpYzwiUnCK+tZvBnJBJ NaeD12H5imuvUZSA7D7olVVojakCuxnM5v+kypaL0jYenYne0Gm9ZecxtSFzo+JW 8LxtVJaTv9urSqfD0ongfJ7YCWchddpk2ldsvd1CnJotHLGsR2J0p3j4JwRSbHWP FkbnNxvOHHI=YEYB -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

overflow

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2025-05-17T22:15:10.676000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE