Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.2614
kernel-rt security and bug fix update
31 July 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: kernel-rt
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux Server 7
Red Hat Enterprise Linux WS/Desktop 7
Red Hat Enterprise Linux Server 8
Red Hat Enterprise Linux WS/Desktop 8
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Increased Privileges -- Existing Account
Denial of Service -- Remote with User Interaction
Access Confidential Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-15780 CVE-2020-12654 CVE-2020-12653
CVE-2020-10757 CVE-2020-10713 CVE-2019-20908
CVE-2019-19527
Reference: ASB-2020.0136
ESB-2020.2593
ESB-2020.2499
ESB-2020.1250
ESB-2020.0766
Original Bulletin:
https://access.redhat.com/errata/RHSA-2020:3219
https://access.redhat.com/errata/RHSA-2020:3221
Comment: This bulletin contains two (2) Red Hat security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: kernel-rt security and bug fix update
Advisory ID: RHSA-2020:3219-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3219
Issue date: 2020-07-29
CVE Names: CVE-2019-20908 CVE-2020-15780
=====================================================================
1. Summary:
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Real Time (v. 8) - x86_64
Red Hat Enterprise Linux Real Time for NFV (v. 8) - x86_64
3. Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: lockdown: bypass through ACPI write via efivar_ssdt
(CVE-2019-20908)
* kernel: lockdown: bypass through ACPI write via acpi_configfs
(CVE-2020-15780)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* kernel-rt: provide infrastructure to support dual-signing of the kernel
(foundation to help address CVE-2020-10713) (BZ#1837441)
* kernel-rt: update RT source tree to the RHEL-8.2.z3 source tree
(BZ#1856816)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1852942 - CVE-2019-20908 kernel: lockdown: bypass through ACPI write via efivar_ssdt
1852962 - CVE-2020-15780 kernel: lockdown: bypass through ACPI write via acpi_configfs
6. Package List:
Red Hat Enterprise Linux Real Time for NFV (v. 8):
Source:
kernel-rt-4.18.0-193.14.3.rt13.67.el8_2.src.rpm
x86_64:
kernel-rt-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm
kernel-rt-core-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm
kernel-rt-debug-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm
kernel-rt-debug-core-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm
kernel-rt-debug-debuginfo-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm
kernel-rt-debug-devel-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm
kernel-rt-debug-kvm-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm
kernel-rt-debug-modules-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm
kernel-rt-debug-modules-extra-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm
kernel-rt-debuginfo-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm
kernel-rt-devel-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm
kernel-rt-kvm-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm
kernel-rt-modules-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm
kernel-rt-modules-extra-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm
Red Hat Enterprise Linux Real Time (v. 8):
Source:
kernel-rt-4.18.0-193.14.3.rt13.67.el8_2.src.rpm
x86_64:
kernel-rt-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm
kernel-rt-core-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm
kernel-rt-debug-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm
kernel-rt-debug-core-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm
kernel-rt-debug-debuginfo-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm
kernel-rt-debug-devel-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm
kernel-rt-debug-modules-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm
kernel-rt-debug-modules-extra-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm
kernel-rt-debuginfo-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm
kernel-rt-devel-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm
kernel-rt-modules-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm
kernel-rt-modules-extra-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-20908
https://access.redhat.com/security/cve/CVE-2020-15780
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/security/vulnerabilities/grub2bootloader
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXyHAs9zjgjWX9erEAQhT6w/+Jy9376Tp0DsXyXTqHmJTp3KPjwZg7ub3
9xbfBZKbNPAFIFpIhSNLqnAyotZW7o4QRU/8ponoUPSmkG/HmiKwtGD4x6oc0YiM
ouTkJPwxtyDjEl5x4RLueyxmmpzHkC5YYy/5nS0j1MKBKveqMxAMSdrD0X2HBq0T
nXKgO+bQf2bpeA9HnU2BIOTBOLEhVSYyODSk9+mcMJ88HYyjE3YCnhS0M7+EaBwx
tAEqzAbt0X47MjQKJMoIOEI/QASj+JqF9hkfJola8C4govJOew/n/JLoxaJtrJz2
KyqRnoPKxi5LneRKjdWUGrvG62jCJzI/1kEeyufkEmnAFwiIr+/vcRSGg2iGpTOv
YUacEaOo8YE5JhTkaJm0tcTFD5o3GUI2QVG7FR8L6DRwy4CJeKLuis/7Wf399Ysj
X0Efa/POfewlwjwPHin4nYPSSv72717618enBVgnVacr1qhh6xTOuY6MwtQQdeoF
Tpx+NryCyTDKamExj7mW18nHD0OUmzOe3YAvAJNQxOra0qJcJkqJ4Cxgg7NrqxPf
SWeCIA9zeGZWWN5rjgf7DsoL8po3sWYJ2rwYX2aTWdGycNu+d1AxUuX+myOgOqcU
b20fn0Q03NRMuW0myQGmmslgh4v5Gj/gNbbKrjW043dKpP9oxhLBCO0T8oWeSWGM
FCkONUlc7Qc=
=/WlA
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel-rt security and bug fix update
Advisory ID: RHSA-2020:3221-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3221
Issue date: 2020-07-29
CVE Names: CVE-2019-19527 CVE-2020-10757 CVE-2020-12653
CVE-2020-12654
=====================================================================
1. Summary:
An update for kernel-rt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Realtime (v. 7) - noarch, x86_64
Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64
3. Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: kernel: DAX hugepages not considered during mremap
(CVE-2020-10757)
* kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in
drivers/net/wireless/marvell/mwifiex/scan.c (CVE-2020-12653)
* kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function
in drivers/net/wireless/marvell/mwifiex/wmm.c (CVE-2020-12654)
* kernel: use-after-free caused by a malicious USB device in the
drivers/hid/usbhid/hiddev.c driver (CVE-2019-19527)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* kernel-rt: provide infrastructure to support dual-signing of the kernel
(foundation to help address CVE-2020-10713) (BZ#1837438)
* kernel-rt: update to the latest RHEL7.8.z3 source tree (BZ#1848017)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1783498 - CVE-2019-19527 kernel: use-after-free caused by a malicious USB device
in the drivers/hid/usbhid/hiddev.c driver
1831868 - CVE-2020-12653 kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv
function in drivers/net/wireless/marvell/mwifiex/scan.c
1832530 - CVE-2020-12654 kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status
function in drivers/net/wireless/marvell/mwifiex/wmm.c
1842525 - CVE-2020-10757 kernel: kernel: DAX hugepages not considered during mremap
6. Package List:
Red Hat Enterprise Linux for Real Time for NFV (v. 7):
Source:
kernel-rt-3.10.0-1127.18.2.rt56.1116.el7.src.rpm
noarch:
kernel-rt-doc-3.10.0-1127.18.2.rt56.1116.el7.noarch.rpm
x86_64:
kernel-rt-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm
kernel-rt-debug-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm
kernel-rt-debug-debuginfo-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm
kernel-rt-debug-devel-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm
kernel-rt-debug-kvm-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm
kernel-rt-debug-kvm-debuginfo-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm
kernel-rt-debuginfo-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm
kernel-rt-devel-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm
kernel-rt-kvm-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm
kernel-rt-kvm-debuginfo-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm
kernel-rt-trace-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm
kernel-rt-trace-debuginfo-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm
kernel-rt-trace-devel-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm
kernel-rt-trace-kvm-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm
kernel-rt-trace-kvm-debuginfo-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm
Red Hat Enterprise Linux Realtime (v. 7):
Source:
kernel-rt-3.10.0-1127.18.2.rt56.1116.el7.src.rpm
noarch:
kernel-rt-doc-3.10.0-1127.18.2.rt56.1116.el7.noarch.rpm
x86_64:
kernel-rt-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm
kernel-rt-debug-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm
kernel-rt-debug-debuginfo-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm
kernel-rt-debug-devel-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm
kernel-rt-debug-kvm-debuginfo-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm
kernel-rt-debuginfo-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm
kernel-rt-devel-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm
kernel-rt-kvm-debuginfo-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm
kernel-rt-trace-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm
kernel-rt-trace-debuginfo-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm
kernel-rt-trace-devel-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm
kernel-rt-trace-kvm-debuginfo-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-19527
https://access.redhat.com/security/cve/CVE-2020-10757
https://access.redhat.com/security/cve/CVE-2020-12653
https://access.redhat.com/security/cve/CVE-2020-12654
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/grub2bootloader
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXyG9/NzjgjWX9erEAQhbcQ//cB0zDB22Eti9qh5Vl2NCy1XdyntNGD+b
qd66nd8uhTVf1WF7lDNujHSxt/Tmme69TylAlsNup0CApW47Mq32EMupLiSusxg7
KbFtyU8xBfgIZ7S9SWhu4eUipEOjh9FwtNLNb6rXSEhQQ0AuY7hMAdyJpKspzWle
B8BGndRo+ZzD4c++GLUrfruXutnYRLLl6bC16xUK9fAAYWO/JxvimyYKU2mclO3c
mJY23E1LO85QycSQtZ/nhwlMVQ8Zm13CMtK3SLJ/h9WOFimKeppeXB2SiOuvqF6l
iKE/seQkNGEmQ7qL4AesWB0/e174TsRs0VArJaUHhyhyj7qF6bt2N7Xm7Y+j2wNz
3wrUW/bVLgDG4jgUvE1EQyDdalLchLNf5CgVC+5OlucwI/tI4vOlDsTvqfWcyl3k
pgbQMV0kNL/eIb0hKlGtC0gRD7OOfz9KOD7+RUpyjmCF0MN8rAzQ6xnU4p7bEv5x
t+KhIXANoROla12P5lLGc7xY5D+MsjPQX2+o/GpXtAT15AP/cTN2jIztYRG8vW5w
yldXMW87fI5/D7LrbFGU8u+X5yAdXV5EOglcOD1YRhkaIAGTcbgj5U0n6zgRSeZu
inSTjUyoTFeUWJllyrW+lWX+/hQm0JD1vNAvmufgajbfXYPks8WzvUAmMvyJs76M
uUek55sHSOs=
=FmWv
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXyOTKeNLKJtyKPYoAQjX8w//YrkZlz9Ga6NEG9KbbXweH9EBLzWySurV
zlamD8epsG+S/zIc4ex4xxJeIlLV4cLM05AnQccAUqlGp5+4+A6tJJu3xCnmNUbA
Bon4Gp4lmZf8RG6MWaxx2645oWGmtA00P9dMflfAJ1H54tbvMbUiYo18y7BG8ECM
eAOuKkk0Dq/+ZMpFlGzE/ezdEpdT1I7LtYg51Nhc5kAajmbgxsT4J5dTI3WF0j+5
0Y2pad0DzuvHT8USxjdMFRq9JW8sNZd9V3XiJvA9FN3seEeTLkJfj+CslTiu/v6K
gLohkfjerT/yMxIUZ6GCX1t5ccgT+KFUv12yj3UIyp+zkS85yHHbIlGRpOJ8Xavi
nfNrSWvtcdbmMnGc2ZJ14kMxqkJIpv3JrRsm0ITTW1NnUhYpXwrBMVuj/J7V/2nz
kVqJNSY1dRrxxvrRldPCoq1gqesSclcPlTj16NtEHygkPjvpjpPkElAgVvDMmrYn
bARXGiGsnP2JEq2Gli3le3/Hm4KMEAB555rd5gIyoYBxSC5Hjxp7Dr+3X7WFbahA
Fn0jeGX2X8GlW0soUQKtPsO+K00adPan9z98p2MkPH5Srl64NXgUVVXNIZVRBqwW
ja2MNu/niqrPhfC7lSR/y4Xpj/r5RKMIRi2mDOyFUdh81oaZJ7ZiegDgphnZDxex
hi0OaP+7OlE=
=wK23
-----END PGP SIGNATURE-----