Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.0411 kernel-rt security and bug fix update 5 February 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: kernel-rt Publisher: Red Hat Operating System: Red Hat Enterprise Linux Server 7 Red Hat Enterprise Linux Server 8 Impact/Access: Root Compromise -- Remote/Unauthenticated Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Provide Misleading Information -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-19338 CVE-2019-17666 CVE-2019-14901 CVE-2019-14898 CVE-2019-14895 CVE-2019-14816 CVE-2019-14815 CVE-2019-14814 CVE-2019-11599 CVE-2019-11135 Reference: ESB-2020.0262 ESB-2020.0228 ESB-2020.0151 ESB-2020.0148 ESB-2019.4274 ESB-2019.4273 Original Bulletin: https://access.redhat.com/errata/RHSA-2020:0328 https://access.redhat.com/errata/RHSA-2020:0375 Comment: This bulletin contains two (2) Red Hat security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2020:0328-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0328 Issue date: 2020-02-04 CVE Names: CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14895 CVE-2019-14898 CVE-2019-14901 CVE-2019-17666 CVE-2019-19338 ===================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Real Time (v. 8) - x86_64 Red Hat Enterprise Linux Real Time for NFV (v. 8) - x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) * kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901) * kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) * kernel: heap overflow in mwifiex_set_uap_rates() function of Marvell Wifi Driver leading to DoS (CVE-2019-14814) * kernel: heap-overflow in mwifiex_set_wmm_params() function of Marvell WiFi driver leading to DoS (CVE-2019-14815) * kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898) * Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) (CVE-2019-19338) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the RHEL-8.1.z2 source tree (BZ#1780326) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1744130 - CVE-2019-14814 kernel: heap overflow in mwifiex_set_uap_rates() function of Marvell Wifi Driver leading to DoS 1744137 - CVE-2019-14815 kernel: heap-overflow in mwifiex_set_wmm_params() function of Marvell WiFi driver leading to DoS 1744149 - CVE-2019-14816 kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver 1763690 - CVE-2019-17666 kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/ rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow 1773519 - CVE-2019-14901 kernel: heap overflow in marvell/mwifiex/tdls.c 1774671 - CVE-2019-14898 kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599 1774870 - CVE-2019-14895 kernel: heap-based buffer overflow in mwifiex_process_ country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c 1781514 - CVE-2019-19338 Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) 6. Package List: Red Hat Enterprise Linux Real Time for NFV (v. 8): Source: kernel-rt-4.18.0-147.5.1.rt24.98.el8_1.src.rpm x86_64: kernel-rt-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm kernel-rt-core-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm kernel-rt-debug-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm kernel-rt-debug-core-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm kernel-rt-debug-devel-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm kernel-rt-debug-kvm-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm kernel-rt-debug-kvm-debuginfo-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm kernel-rt-debug-modules-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm kernel-rt-debuginfo-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm kernel-rt-devel-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm kernel-rt-kvm-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm kernel-rt-kvm-debuginfo-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm kernel-rt-modules-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm kernel-rt-modules-extra-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm Red Hat Enterprise Linux Real Time (v. 8): Source: kernel-rt-4.18.0-147.5.1.rt24.98.el8_1.src.rpm x86_64: kernel-rt-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm kernel-rt-core-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm kernel-rt-debug-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm kernel-rt-debug-core-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm kernel-rt-debug-devel-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm kernel-rt-debug-kvm-debuginfo-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm kernel-rt-debug-modules-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm kernel-rt-debuginfo-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm kernel-rt-devel-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm kernel-rt-kvm-debuginfo-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm kernel-rt-modules-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm kernel-rt-modules-extra-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-14814 https://access.redhat.com/security/cve/CVE-2019-14815 https://access.redhat.com/security/cve/CVE-2019-14816 https://access.redhat.com/security/cve/CVE-2019-14895 https://access.redhat.com/security/cve/CVE-2019-14898 https://access.redhat.com/security/cve/CVE-2019-14901 https://access.redhat.com/security/cve/CVE-2019-17666 https://access.redhat.com/security/cve/CVE-2019-19338 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXjkwt9zjgjWX9erEAQjsphAAiXO/oJO/pvfPUDw3x3NJhCj7GxabuPsK NI1asmmJCR9AO3dVyW+Oi2VEd3AuNGZNcyZPjUuOmW4zCCO3Yj29+Lz3Xz1Q7g/4 L4EUUKBvtxEVATwqh9UE5ix2eV4vyXJUiOAVwl/zPifumsFus6r+tv27RL30nT0Q /8iAw5FfqSkoSUgp9oyNV3D+Kgudok+QctSrsCy83qrDf7AJH4/VwNIwRPB7DNBn gW48goMz2mlL3LP4rD6oMCbSqOOTfsQTMMWS22zNKvUlV+CWxdQTRKV55gYxwsxD rJFWeDNC6CRapXVcqIUi9HEnGHQTnL9Arso8zO1tv0DrIHMolGvsR1+N82C3iwX9 fYjV5/UA9GAc94lIMoNRyGd1J0aKRpK2hIGyzOuAFbR4svcR9P6VccChf5jF7ZF6 pucA9jmloWZIEPIXXoz13Qzl58ZBGeteJeoYnHpGGq/pMQgWqbrfjF1ECaQLfdGg XnrRPCTuF0sJzvo7uIW/nAn9WJtEY9MDMOBYOJeH7DiKGq0sRgqktSy51RFTYotk i73xq17ZGlusP8yLf7ak2kBiVgvppwTKkvHhQiaXBPW8MBf4LBzv/E1/3dxmjymj WGzDfK+3volOgwNmNsddOvrts6X2yPp7gX8lGtvBAbJCI5Dn+3nJiJWf4NU2Xj+h L4//7TSA+Zo= =Gjey - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2020:0375-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0375 Issue date: 2020-02-04 CVE Names: CVE-2019-14816 CVE-2019-14895 CVE-2019-14898 CVE-2019-14901 CVE-2019-17133 ===================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Realtime (v. 7) - noarch, x86_64 Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) * kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901) * kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133) * kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * patchset for x86/atomic: Fix smp_mb__{before,after}_atomic() [kernel-rt] (BZ#1772522) * kernel-rt: update to the RHEL7.7.z batch#4 source tree (BZ#1780322) * kvm nx_huge_pages_recovery_ratio=0 is needed to meet KVM-RT low latency requirement (BZ#1781157) * kernel-rt: hard lockup panic in during execution of CFS bandwidth period timer (BZ#1788057) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1744149 - CVE-2019-14816 kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver 1771909 - CVE-2019-17133 kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c 1773519 - CVE-2019-14901 kernel: heap overflow in marvell/mwifiex/tdls.c 1774671 - CVE-2019-14898 kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599 1774870 - CVE-2019-14895 kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c 1781157 - kvm nx_huge_pages_recovery_ratio=0 is needed to meet KVM-RT low latency requirement [rhel-7.7.z] 6. Package List: Red Hat Enterprise Linux for Real Time for NFV (v. 7): Source: kernel-rt-3.10.0-1062.12.1.rt56.1042.el7.src.rpm noarch: kernel-rt-doc-3.10.0-1062.12.1.rt56.1042.el7.noarch.rpm x86_64: kernel-rt-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm kernel-rt-debug-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm kernel-rt-debug-devel-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm kernel-rt-debug-kvm-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm kernel-rt-debug-kvm-debuginfo-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm kernel-rt-debuginfo-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm kernel-rt-devel-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm kernel-rt-kvm-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm kernel-rt-kvm-debuginfo-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm kernel-rt-trace-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm kernel-rt-trace-devel-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm kernel-rt-trace-kvm-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm kernel-rt-trace-kvm-debuginfo-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm Red Hat Enterprise Linux Realtime (v. 7): Source: kernel-rt-3.10.0-1062.12.1.rt56.1042.el7.src.rpm noarch: kernel-rt-doc-3.10.0-1062.12.1.rt56.1042.el7.noarch.rpm x86_64: kernel-rt-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm kernel-rt-debug-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm kernel-rt-debug-devel-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm kernel-rt-debuginfo-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm kernel-rt-devel-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm kernel-rt-trace-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm kernel-rt-trace-devel-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-14816 https://access.redhat.com/security/cve/CVE-2019-14895 https://access.redhat.com/security/cve/CVE-2019-14898 https://access.redhat.com/security/cve/CVE-2019-14901 https://access.redhat.com/security/cve/CVE-2019-17133 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXjnHA9zjgjWX9erEAQhkuBAAiLbVNf97ctIazYtjG9pKuguyipfzNJG/ GswBgSmwCW5lrXWAFmHv7NKWjGggPRppsHhO5v6wqKqQ+3tPShkoYQMxQ4BcA2NO 8/VyKU5QyIgNS+zNZ+8lQt9ulKq/3YgxgLUEYag37AUDRQIAoy3zIiDycGo1sSCy b27fXAEiucxQ1U3g5zgekRvDANmbE9Vr3b0T1kY8vQ7wPmDCZve49H6vnkhnYU43 20x3VXhlI7IPNJvQeJBFYq164IsiG4rIZyM/CDiR7Si/xLs0ZbyM/fIwrGnpDaWF P+cMbVrhUCt5dfZ0oJ8w0psdkA18ydl9AjpzmR7is0OORcrFxkmudFiMzhhXHtcS quvmKT5pzE6cGlg9ceCnLtF9LO64UhD7cR2IM3bCEOwfq9IFUjXouBb9yivI9Ubf djkMyJgri5iy/K9AWD3Dbyc/kH7BCAvhgkqK59O4Uo2cjEioLPVRVjZmZdQkJhGO stlZ+tqo2yvx0C/JSgmZFbfqWXwBZgfJPSqwxlmE6pAc2Wy6IF03qYnl9bl3CeOz KuHMLBV0qTojCTbpqICu5VWbmkOAzrl/2rKpowVoJZHrt3MWvw1TwraC3XxaIQJU 7vj0VyeHiak+xAxzqSXk31Aa7XZJ9t4LcyZ3DXrFK0LwYVcQiXpM50oEKYP6zgyo gxtKP2kF2EY= =/T5f - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXjpS32aOgq3Tt24GAQhFJg/8DqRahSykOtkdYXF+V97HFh3zJAkokv4s ePxPa9HJ/hoyr3hN6ope8dYXgk5BsbCEfsybiU/3wZ84ntA/z/R2/RCrg9KqyVSv aqE3Ehor54BwubnT8Sqj+Wqqs5DukhXErH4jOSsX/d8ojESwS/dVJWRI4qGvH3N7 8p7SlgY3sQDAMETXeL+yIXgelY4p9+JEuwn88lfnIPBdSEZW1qVggO/fkDymclnX dHXgj/MTaozdLgZLe3lJRKmdC37vXzr0mQJOxMr+0YvImRjQ5Ws5LTwELCdIwrki 4x4gmdltCv0Dtz6xisKqQ0ARyPCOrpRLet4oaCC0Fow+aqCgpy1L8UBYSJAYGHdu Ey59s1UGbkPQehB8j9/Sr3vxcf8kxjCnUepHV1NTYSOsTJFyLWb3SSJJ2NkYc16i NzUJkzQTrbKjzrQcT+hvlQny2N908OEwgaNH/220XahoIzBJcNOHTuu2ScHU9CA7 GOBumTwika+8MlAvJjDMNZ6GF031lZ66hbvizC0ygyMl0nMXTR9/j2M7X/R5NZfd Dacq23ElIafUtz2PvE/ifg0+ApX2XWmQSgk2L7d5LHqQZkFZPOqjXV3hzagubqAI zevQfPHFSnLn4Qs2Cz2MIIgvbS8U/ZUu5fY01V3hNfllGcSlyl8apK8uFtdPbkAk YEpZmZaKl88= =mkFZ -----END PGP SIGNATURE-----