ID

VAR-202107-1361

CVE

CVE-2021-33909

TITLE

Linux Kernel  Classic buffer overflow vulnerability in

DESCRIPTION

fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. Linux Kernel Exists in a classic buffer overflow vulnerability. Vendor exploits this vulnerability CID-8cae8cd89f05 It is published as.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Linux kernel vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary Several security issues were fixed in the kernel. A local attacker could use this to possibly execute arbitrary code. (CVE-2021-3600) It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-33909) Update instructions The problem can be corrected by updating your kernel livepatch to the following versions: Ubuntu 20.04 LTS gcp - 79.1 generic - 79.1 gke - 79.1 gkeop - 79.1 lowlatency - 79.1 Ubuntu 18.04 LTS generic - 79.1 gke - 79.1 gkeop - 79.1 lowlatency - 79.1 oem - 79.1 Ubuntu 16.04 ESM generic - 79.1 lowlatency - 79.1 Ubuntu 14.04 ESM generic - 79.1 lowlatency - 79.1 Support Information Kernels older than the levels listed below do not receive livepatch updates. If you are running a kernel version earlier than the one listed below, please upgrade your kernel as soon as possible. Ubuntu 20.04 LTS linux-aws - 5.4.0-1009 linux-azure - 5.4.0-1010 linux-gcp - 5.4.0-1009 linux-gke - 5.4.0-1033 linux-gkeop - 5.4.0-1009 linux-oem - 5.4.0-26 linux - 5.4.0-26 Ubuntu 18.04 LTS linux-aws - 4.15.0-1054 linux-gke-4.15 - 4.15.0-1076 linux-gke-5.4 - 5.4.0-1009 linux-gkeop-5.4 - 5.4.0-1007 linux-hwe-5.4 - 5.4.0-26 linux-oem - 4.15.0-1063 linux - 4.15.0-69 Ubuntu 16.04 ESM linux-aws - 4.4.0-1098 linux-azure - 4.15.0-1063 linux-azure - 4.15.0-1078 linux-hwe - 4.15.0-69 linux - 4.4.0-168 Ubuntu 14.04 ESM linux-lts-xenial - 4.4.0-168 References - CVE-2021-3600 - CVE-2021-33909 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce . 7.4) - noarch, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Bug Fix(es): * kernel-rt: update RT source tree to the latest RHEL-8.2.z10 Batch source tree (BZ#1968022) 4. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Bug Fix(es): * pinctrl_emmitsburg: improper configuration (BZ#1963984) * [Ampere] locking/qrwlock: Fix ordering in queued_write_lock_slowpath (BZ#1964419) * RHEL8.4 - [P10] [NPIV Multi queue Test kernel- 4.18.0-283.el8.ibmvfc_11022021.ppc64le] DLPAR operation fails for ibmvfc on Denali (ibmvfc/dlpar/RHEL8.4) (BZ#1964697) * Every server is displaying the same power levels for all of our i40e 25G interfaces. 10G interfaces seem to be correct. Ethtool version is 5.0 (BZ#1967099) * backport fixes for Connection Tracking offload (BZ#1968679) * fm10k: removal of MODULE_VERSION deemed improper for y-stream release (BZ#1969910) * ixgbevf: removal of MODULE_VERSION deemed improper for y-stream release (BZ#1969911) * ena: removal of MODULE_VERSION deemed improper for y-stream release (BZ#1969913) * b44, bnx2, bnx2x, bnxt, tg3: removal of MODULE_VERSION deemed improper for y-stream release (BZ#1969914) * e1000, e1000e: removal of MODULE_VERSION deemed improper for y-stream release (BZ#1969915) * ice: removal of MODULE_VERSION deemed improper for y-stream release (BZ#1969917) * igb: removal of MODULE_VERSION deemed improper for y-stream release (BZ#1969919) * igbvf: removal of MODULE_VERSION deemed improper for y-stream release (BZ#1969920) * igc: removal of MODULE_VERSION deemed improper for y-stream release (BZ#1969921) * ixgbe: removal of MODULE_VERSION deemed improper for y-stream release (BZ#1969922) * i40e: removal of MODULE_VERSION deemed improper for y-stream release (BZ#1969923) * iavf: removal of MODULE_VERSION deemed improper for y-stream release (BZ#1969925) * Backport netlink extack tracepoint (BZ#1972938) * [RHEL8.4] kernel panic when create NPIV port on qedf driver (BZ#1974968) 4. 7.6) - ppc64le, x86_64 3. Description: This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. 7.7) - ppc64, ppc64le, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2021:2725-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2725 Issue date: 2021-07-20 CVE Names: CVE-2019-20934 CVE-2020-11668 CVE-2021-33033 CVE-2021-33034 CVE-2021-33909 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909) * kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034) * kernel: use-after-free in show_numa_stats function (CVE-2019-20934) * kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668) * kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c (CVE-2021-33033) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [RHEL7.9.z] n_tty_open: "BUG: unable to handle kernel paging request" (BZ#1872778) * [ESXi][RHEL7.8]"qp_alloc_hypercall result = -20" / "Could not attach to queue pair with -20" with vSphere Fault Tolerance enabled (BZ#1892237) * [RHEL7.9][s390x][Regression] Sino Nomine swapgen IBM z/VM emulated DASD with DIAG driver returns EOPNOTSUPP (BZ#1910395) * False-positive hard lockup detected while processing the thread state information (SysRq-T) (BZ#1912221) * RHEL7.9 zstream - s390x LPAR with NVMe SSD will panic when it has 32 or more IFL (pci) (BZ#1917943) * The NMI watchdog detected a hard lockup while printing RCU CPU stall warning messages to the serial console (BZ#1924688) * nvme hangs when trying to allocate reserved tag (BZ#1926825) * [REGRESSION] "call into AER handling regardless of severity" triggers do_recovery() unnecessarily on correctable PCIe errors (BZ#1933663) * Module nvme_core: A double free of the kmalloc-512 cache between nvme_trans_log_temperature() and nvme_get_log_page(). (BZ#1946793) * sctp - SCTP_CMD_TIMER_START queues active timer kernel BUG at kernel/timer.c:1000! (BZ#1953052) * [Hyper-V][RHEL-7]When CONFIG_NET_POLL_CONTROLLER is set, mainline commit 2a7f8c3b1d3fee is needed (BZ#1953075) * Kernel panic at cgroup_is_descendant (BZ#1957719) * [Hyper-V][RHEL-7]Commits To Fix Kdump Failures (BZ#1957803) * IGMPv2 JOIN packets incorrectly routed to loopback (BZ#1958339) * [CKI kernel builds]: x86 binaries in non-x86 kernel rpms breaks systemtap [7.9.z] (BZ#1960193) * mlx4: Fix memory allocation in mlx4_buddy_init needed (BZ#1962406) * incorrect assertion on pi_state->pi_mutex.wait_lock from pi_state_update_owner() (BZ#1965495) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1824792 - CVE-2020-11668 kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c 1902788 - CVE-2019-20934 kernel: use-after-free in show_numa_stats function 1961300 - CVE-2021-33033 kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c 1961305 - CVE-2021-33034 kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan 1970273 - CVE-2021-33909 kernel: size_t-to-int conversion vulnerability in the filesystem layer 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-1160.36.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.36.2.el7.noarch.rpm kernel-doc-3.10.0-1160.36.2.el7.noarch.rpm x86_64: bpftool-3.10.0-1160.36.2.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.36.2.el7.x86_64.rpm kernel-devel-3.10.0-1160.36.2.el7.x86_64.rpm kernel-headers-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.36.2.el7.x86_64.rpm perf-3.10.0-1160.36.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm python-perf-3.10.0-1160.36.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.36.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-1160.36.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.36.2.el7.noarch.rpm kernel-doc-3.10.0-1160.36.2.el7.noarch.rpm x86_64: bpftool-3.10.0-1160.36.2.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.36.2.el7.x86_64.rpm kernel-devel-3.10.0-1160.36.2.el7.x86_64.rpm kernel-headers-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.36.2.el7.x86_64.rpm perf-3.10.0-1160.36.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm python-perf-3.10.0-1160.36.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.36.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-1160.36.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.36.2.el7.noarch.rpm kernel-doc-3.10.0-1160.36.2.el7.noarch.rpm ppc64: bpftool-3.10.0-1160.36.2.el7.ppc64.rpm bpftool-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm kernel-3.10.0-1160.36.2.el7.ppc64.rpm kernel-bootwrapper-3.10.0-1160.36.2.el7.ppc64.rpm kernel-debug-3.10.0-1160.36.2.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm kernel-debug-devel-3.10.0-1160.36.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1160.36.2.el7.ppc64.rpm kernel-devel-3.10.0-1160.36.2.el7.ppc64.rpm kernel-headers-3.10.0-1160.36.2.el7.ppc64.rpm kernel-tools-3.10.0-1160.36.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm kernel-tools-libs-3.10.0-1160.36.2.el7.ppc64.rpm perf-3.10.0-1160.36.2.el7.ppc64.rpm perf-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm python-perf-3.10.0-1160.36.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm ppc64le: bpftool-3.10.0-1160.36.2.el7.ppc64le.rpm bpftool-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-debug-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-devel-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-headers-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-tools-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-tools-libs-3.10.0-1160.36.2.el7.ppc64le.rpm perf-3.10.0-1160.36.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm python-perf-3.10.0-1160.36.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm s390x: bpftool-3.10.0-1160.36.2.el7.s390x.rpm bpftool-debuginfo-3.10.0-1160.36.2.el7.s390x.rpm kernel-3.10.0-1160.36.2.el7.s390x.rpm kernel-debug-3.10.0-1160.36.2.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-1160.36.2.el7.s390x.rpm kernel-debug-devel-3.10.0-1160.36.2.el7.s390x.rpm kernel-debuginfo-3.10.0-1160.36.2.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-1160.36.2.el7.s390x.rpm kernel-devel-3.10.0-1160.36.2.el7.s390x.rpm kernel-headers-3.10.0-1160.36.2.el7.s390x.rpm kernel-kdump-3.10.0-1160.36.2.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-1160.36.2.el7.s390x.rpm kernel-kdump-devel-3.10.0-1160.36.2.el7.s390x.rpm perf-3.10.0-1160.36.2.el7.s390x.rpm perf-debuginfo-3.10.0-1160.36.2.el7.s390x.rpm python-perf-3.10.0-1160.36.2.el7.s390x.rpm python-perf-debuginfo-3.10.0-1160.36.2.el7.s390x.rpm x86_64: bpftool-3.10.0-1160.36.2.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.36.2.el7.x86_64.rpm kernel-devel-3.10.0-1160.36.2.el7.x86_64.rpm kernel-headers-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.36.2.el7.x86_64.rpm perf-3.10.0-1160.36.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm python-perf-3.10.0-1160.36.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: bpftool-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1160.36.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-1160.36.2.el7.ppc64.rpm perf-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm ppc64le: bpftool-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-debug-devel-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-1160.36.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm x86_64: bpftool-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.36.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-1160.36.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.36.2.el7.noarch.rpm kernel-doc-3.10.0-1160.36.2.el7.noarch.rpm x86_64: bpftool-3.10.0-1160.36.2.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.36.2.el7.x86_64.rpm kernel-devel-3.10.0-1160.36.2.el7.x86_64.rpm kernel-headers-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.36.2.el7.x86_64.rpm perf-3.10.0-1160.36.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm python-perf-3.10.0-1160.36.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.36.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-20934 https://access.redhat.com/security/cve/CVE-2020-11668 https://access.redhat.com/security/cve/CVE-2021-33033 https://access.redhat.com/security/cve/CVE-2021-33034 https://access.redhat.com/security/cve/CVE-2021-33909 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2021-006 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYPd0rdzjgjWX9erEAQgSLQ/9FYCaqS1w2FD8A64mwloIz/fRGh5eGMwl 6RgXKj6wOJPaSPYl3Gk4r7hEDx1aO8jwxz5uZ8PRz1K4LFArAGLi3BBc2pCk1QA1 SHPfNuKO8UefwGrqv7Xd6wThwwt+7D8LN2Lg+H2vUYve/NRrxQZOqH7MnQPKsVve ufvaDQjrySGSXkiQHSSDSvlDQB3eaVRCqh10cBwWzsU/lG/JcdvbIo4Oat27S8WU c4VijwACg7Wn7iTYkMMR4xk0iP991QeoYkqusJByGO5K9naZsSU8LxT4i84/mbZB RWJULDHKPHZtfpR+Gz6AOIl7aa8vE8V90263OUWPJG/c0O6u3sWzK5YyGr0Ob82l gbl1BnI+W0BanwMHeiBJq7HmgFU1jYO7vu5w4mnaf9gkDgm1GOBrHaBOHg/qEXWs WR4UDOpnJcZAxMpVJEyk8EolSv7AlcDKTr+J9xu9vKhdbmok0VbtGhjUDXEZI7tT 5FlrM1qfpa9S4EtiUv7hIYGFg78gVoLrXlPMxEyw9zXhYczCypNwbzWyH+O6utTG saiHuayf6WTw582qITDfgI9nenIu9a6rqEu1pg5EuwoqD5ipRVAsmaFBPWdi+exa +I2KV777KAXM2k4XqVbmVcZ1MnvTqCoEwFLy349A3r3Y9JwDJxCu73HU5nifg4LP AMB5i8YI9o8=gDcx -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Bug Fix(es): * The redhat-release-virtualization-host package no longer requires vdsm-hooks. In this release, the installation of vdsm-hooks is not mandatory for the Red Hat Virtualization Host. (BZ#1976095) * Previously, rhsmcertd was not enabled by default on the Red Hat Virtualization Host. As a result, the systems did not regularly report to RHSM while the subscription-manager reported no obvious issues and repositories were properly enabled. In this release, rhsmcertd is enabled by default in RHVH, and as a result, RHSM now receives reports regularly. For more information, see the RHEL release notes. (BZ#1957242) * Red Hat Virtualization Host now includes an updated scap-security-guide-rhv which allows you to apply a PCI DSS security profile to the system during installation, (BZ#1883793) 4. Bugs fixed (https://bugzilla.redhat.com/): 1883793 - [RFE] RHV installation with PCI DSS compliance 1939349 - CVE-2021-3447 ansible: multiple modules expose secured values 1955415 - RHVH 4.4: There are AVC denied errors in audit.log after upgrade 1957242 - Rebase RHV-H 4.4.7 on RHEL 8.4.0.1 1958145 - [RHVH 4.4.5] Need to enable rhsmcertd service on the host by default 1961305 - CVE-2021-33034 kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan 1970273 - CVE-2021-33909 kernel: size_t-to-int conversion vulnerability in the filesystem layer 1970887 - CVE-2021-33910 systemd: uncontrolled allocation on the stack in function unit_name_path_escape leads to crash 1970970 - Rebase RHVH 4.4.6 host image with kernel fix for fnic issue 1976005 - No swap on RHVH 4.4.6 1976095 - redhat-release-virtualization-host-content shouldn't have hard dependency on vdsm hooks 1976118 - Failed to enable unit: Unit file rdma.service does not exist in %post execution 1976146 - Include fcoe-utils package into CDN: rhvh-4-for-rhel-8-x86_64-rpms 1976148 - Include vhostmd package into CDN: rhvh-4-for-rhel-8-x86_64-rpms 6

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

arbitrary

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2025-06-19T20:17:41.084000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE