Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.3010 kernel security and bug fix update 8 September 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: kernel Publisher: Red Hat Operating System: Red Hat Impact/Access: Administrator Compromise -- Existing Account Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Existing Account Reduced Security -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-38201 CVE-2021-37576 CVE-2021-3715 CVE-2021-3609 CVE-2021-0512 Reference: ESB-2021.3009 ESB-2021.2911 ESB-2021.2792 Original Bulletin: https://access.redhat.com/errata/RHSA-2021:3438 https://access.redhat.com/errata/RHSA-2021:3444 https://access.redhat.com/errata/RHSA-2021:3446 https://access.redhat.com/errata/RHSA-2021:3447 Comment: This bulletin contains four (4) Red Hat security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security and bug fix update Advisory ID: RHSA-2021:3438-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3438 Issue date: 2021-09-07 CVE Names: CVE-2021-3715 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use-after-free in route4_change() in net/sched/cls_route.c (CVE-2021-3715) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [RHEL 7.8][s390x][DASD]Crash in __list_del_entry, alias_pav_group list corrupt when running dasd_alias_remove_device() (BZ#1889418) * EMBARGOED CVE-2021-3715 kernel: use-after-free in route4_change() in net/sched/cls_route.c (BZ#1992926) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1993988 - CVE-2021-3715 kernel: use-after-free in route4_change() in net/sched/cls_route.c 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-1160.42.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.42.2.el7.noarch.rpm kernel-doc-3.10.0-1160.42.2.el7.noarch.rpm x86_64: bpftool-3.10.0-1160.42.2.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm kernel-3.10.0-1160.42.2.el7.x86_64.rpm kernel-debug-3.10.0-1160.42.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.42.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.42.2.el7.x86_64.rpm kernel-devel-3.10.0-1160.42.2.el7.x86_64.rpm kernel-headers-3.10.0-1160.42.2.el7.x86_64.rpm kernel-tools-3.10.0-1160.42.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.42.2.el7.x86_64.rpm perf-3.10.0-1160.42.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm python-perf-3.10.0-1160.42.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.42.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.42.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-1160.42.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.42.2.el7.noarch.rpm kernel-doc-3.10.0-1160.42.2.el7.noarch.rpm x86_64: bpftool-3.10.0-1160.42.2.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm kernel-3.10.0-1160.42.2.el7.x86_64.rpm kernel-debug-3.10.0-1160.42.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.42.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.42.2.el7.x86_64.rpm kernel-devel-3.10.0-1160.42.2.el7.x86_64.rpm kernel-headers-3.10.0-1160.42.2.el7.x86_64.rpm kernel-tools-3.10.0-1160.42.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.42.2.el7.x86_64.rpm perf-3.10.0-1160.42.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm python-perf-3.10.0-1160.42.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.42.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.42.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-1160.42.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.42.2.el7.noarch.rpm kernel-doc-3.10.0-1160.42.2.el7.noarch.rpm ppc64: bpftool-3.10.0-1160.42.2.el7.ppc64.rpm bpftool-debuginfo-3.10.0-1160.42.2.el7.ppc64.rpm kernel-3.10.0-1160.42.2.el7.ppc64.rpm kernel-bootwrapper-3.10.0-1160.42.2.el7.ppc64.rpm kernel-debug-3.10.0-1160.42.2.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1160.42.2.el7.ppc64.rpm kernel-debug-devel-3.10.0-1160.42.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-1160.42.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1160.42.2.el7.ppc64.rpm kernel-devel-3.10.0-1160.42.2.el7.ppc64.rpm kernel-headers-3.10.0-1160.42.2.el7.ppc64.rpm kernel-tools-3.10.0-1160.42.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1160.42.2.el7.ppc64.rpm kernel-tools-libs-3.10.0-1160.42.2.el7.ppc64.rpm perf-3.10.0-1160.42.2.el7.ppc64.rpm perf-debuginfo-3.10.0-1160.42.2.el7.ppc64.rpm python-perf-3.10.0-1160.42.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1160.42.2.el7.ppc64.rpm ppc64le: bpftool-3.10.0-1160.42.2.el7.ppc64le.rpm bpftool-debuginfo-3.10.0-1160.42.2.el7.ppc64le.rpm kernel-3.10.0-1160.42.2.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-1160.42.2.el7.ppc64le.rpm kernel-debug-3.10.0-1160.42.2.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1160.42.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1160.42.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1160.42.2.el7.ppc64le.rpm kernel-devel-3.10.0-1160.42.2.el7.ppc64le.rpm kernel-headers-3.10.0-1160.42.2.el7.ppc64le.rpm kernel-tools-3.10.0-1160.42.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1160.42.2.el7.ppc64le.rpm kernel-tools-libs-3.10.0-1160.42.2.el7.ppc64le.rpm perf-3.10.0-1160.42.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-1160.42.2.el7.ppc64le.rpm python-perf-3.10.0-1160.42.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1160.42.2.el7.ppc64le.rpm s390x: bpftool-3.10.0-1160.42.2.el7.s390x.rpm bpftool-debuginfo-3.10.0-1160.42.2.el7.s390x.rpm kernel-3.10.0-1160.42.2.el7.s390x.rpm kernel-debug-3.10.0-1160.42.2.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-1160.42.2.el7.s390x.rpm kernel-debug-devel-3.10.0-1160.42.2.el7.s390x.rpm kernel-debuginfo-3.10.0-1160.42.2.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-1160.42.2.el7.s390x.rpm kernel-devel-3.10.0-1160.42.2.el7.s390x.rpm kernel-headers-3.10.0-1160.42.2.el7.s390x.rpm kernel-kdump-3.10.0-1160.42.2.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-1160.42.2.el7.s390x.rpm kernel-kdump-devel-3.10.0-1160.42.2.el7.s390x.rpm perf-3.10.0-1160.42.2.el7.s390x.rpm perf-debuginfo-3.10.0-1160.42.2.el7.s390x.rpm python-perf-3.10.0-1160.42.2.el7.s390x.rpm python-perf-debuginfo-3.10.0-1160.42.2.el7.s390x.rpm x86_64: bpftool-3.10.0-1160.42.2.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm kernel-3.10.0-1160.42.2.el7.x86_64.rpm kernel-debug-3.10.0-1160.42.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.42.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.42.2.el7.x86_64.rpm kernel-devel-3.10.0-1160.42.2.el7.x86_64.rpm kernel-headers-3.10.0-1160.42.2.el7.x86_64.rpm kernel-tools-3.10.0-1160.42.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.42.2.el7.x86_64.rpm perf-3.10.0-1160.42.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm python-perf-3.10.0-1160.42.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: bpftool-debuginfo-3.10.0-1160.42.2.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1160.42.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-1160.42.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1160.42.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1160.42.2.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-1160.42.2.el7.ppc64.rpm perf-debuginfo-3.10.0-1160.42.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1160.42.2.el7.ppc64.rpm ppc64le: bpftool-debuginfo-3.10.0-1160.42.2.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1160.42.2.el7.ppc64le.rpm kernel-debug-devel-3.10.0-1160.42.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1160.42.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1160.42.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1160.42.2.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-1160.42.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-1160.42.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1160.42.2.el7.ppc64le.rpm x86_64: bpftool-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.42.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.42.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-1160.42.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.42.2.el7.noarch.rpm kernel-doc-3.10.0-1160.42.2.el7.noarch.rpm x86_64: bpftool-3.10.0-1160.42.2.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm kernel-3.10.0-1160.42.2.el7.x86_64.rpm kernel-debug-3.10.0-1160.42.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.42.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.42.2.el7.x86_64.rpm kernel-devel-3.10.0-1160.42.2.el7.x86_64.rpm kernel-headers-3.10.0-1160.42.2.el7.x86_64.rpm kernel-tools-3.10.0-1160.42.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.42.2.el7.x86_64.rpm perf-3.10.0-1160.42.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm python-perf-3.10.0-1160.42.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.42.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.42.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.42.2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3715 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYTeFBNzjgjWX9erEAQjZDQ/+JLt4Sw0CJ3Lc+rJDOUFcBNVISWUr0dGX 0V8ADya+xnDYh+Gz6n8K0d/zRm00JgAqSF/bR7kLlBmDX0qqtc0kqVhO1RWYkIib ntedmOrqLXfEV3RdNvfj4IC3XG++AjpScAmsAS85HaC4XGdURe83i43QTrfJBJLE tKjojSFae97kuWv+tyWhRBPnF1w6bvHtXknMLHYmCBdt22kP+fPJ1U1VEZ3Yct58 KJO6k9euIHNOLQUXl3f78VPUxhkxrJzfq/nqI0Skk0TAbGmtoWha+JaQ0YFcbKtN 9XX1Z2vP2BQFI4GQ8siR6OjoSIfKDmw4U6TDyvYKvUZkDXrFjW5Ev/4iBShIIVZ7 KX5BZUBiOXSOXBmeRWoPsPe+um6wF/Rtw6q3XpWkCEj5VFipi2QPdEblWR6x2IeF v7efXnU/vGg1yyi6i/P5zoQ2/DR6LZcLeZy9CZUMYQeT5eftK3Z8O3jHH8xrIQE1 UwKseEeKaVo+m6uszurn8sTXzgvRlLrzItoXEHp02gYcPrC5iPdI4V2Y/IRuDPe1 8DehA5r5A9g0mTQGa79+HhCxtc2hpKmQirOJWAV0wE6HYKlJcHqDmfeWGtAfSE85 4PMCNOBvlEH3OPhQ0cXS4YKaUnamZbmbsmW6uKipz06CI3lDabFcIU/nZz4Sao6e h3Gt0oygse0= =GTbW - -----END PGP SIGNATURE----- - -------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2021:3444-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3444 Issue date: 2021-09-07 CVE Names: CVE-2021-3609 CVE-2021-3715 CVE-2021-37576 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder EUS (v. 8.1) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux BaseOS EUS (v. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: race condition in net/can/bcm.c leads to local privilege escalation (CVE-2021-3609) * kernel: use-after-free in route4_change() in net/sched/cls_route.c (CVE-2021-3715) * kernel: powerpc: KVM guest OS users can cause host OS memory corruption (CVE-2021-37576) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Guest kernel call trace when boot up with 4T memory and 2 vcpus (BZ#1993551) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1971651 - CVE-2021-3609 kernel: race condition in net/can/bcm.c leads to local privilege escalation 1986506 - CVE-2021-37576 kernel: powerpc: KVM guest OS users can cause host OS memory corruption 1993988 - CVE-2021-3715 kernel: use-after-free in route4_change() in net/sched/cls_route.c 6. Package List: Red Hat Enterprise Linux BaseOS EUS (v. 8.1): Source: kernel-4.18.0-147.54.2.el8_1.src.rpm aarch64: bpftool-4.18.0-147.54.2.el8_1.aarch64.rpm bpftool-debuginfo-4.18.0-147.54.2.el8_1.aarch64.rpm kernel-4.18.0-147.54.2.el8_1.aarch64.rpm kernel-core-4.18.0-147.54.2.el8_1.aarch64.rpm kernel-cross-headers-4.18.0-147.54.2.el8_1.aarch64.rpm kernel-debug-4.18.0-147.54.2.el8_1.aarch64.rpm kernel-debug-core-4.18.0-147.54.2.el8_1.aarch64.rpm kernel-debug-debuginfo-4.18.0-147.54.2.el8_1.aarch64.rpm kernel-debug-devel-4.18.0-147.54.2.el8_1.aarch64.rpm kernel-debug-modules-4.18.0-147.54.2.el8_1.aarch64.rpm kernel-debug-modules-extra-4.18.0-147.54.2.el8_1.aarch64.rpm kernel-debuginfo-4.18.0-147.54.2.el8_1.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-147.54.2.el8_1.aarch64.rpm kernel-devel-4.18.0-147.54.2.el8_1.aarch64.rpm kernel-headers-4.18.0-147.54.2.el8_1.aarch64.rpm kernel-modules-4.18.0-147.54.2.el8_1.aarch64.rpm kernel-modules-extra-4.18.0-147.54.2.el8_1.aarch64.rpm kernel-tools-4.18.0-147.54.2.el8_1.aarch64.rpm kernel-tools-debuginfo-4.18.0-147.54.2.el8_1.aarch64.rpm kernel-tools-libs-4.18.0-147.54.2.el8_1.aarch64.rpm perf-4.18.0-147.54.2.el8_1.aarch64.rpm perf-debuginfo-4.18.0-147.54.2.el8_1.aarch64.rpm python3-perf-4.18.0-147.54.2.el8_1.aarch64.rpm python3-perf-debuginfo-4.18.0-147.54.2.el8_1.aarch64.rpm noarch: kernel-abi-whitelists-4.18.0-147.54.2.el8_1.noarch.rpm kernel-doc-4.18.0-147.54.2.el8_1.noarch.rpm ppc64le: bpftool-4.18.0-147.54.2.el8_1.ppc64le.rpm bpftool-debuginfo-4.18.0-147.54.2.el8_1.ppc64le.rpm kernel-4.18.0-147.54.2.el8_1.ppc64le.rpm kernel-core-4.18.0-147.54.2.el8_1.ppc64le.rpm kernel-cross-headers-4.18.0-147.54.2.el8_1.ppc64le.rpm kernel-debug-4.18.0-147.54.2.el8_1.ppc64le.rpm kernel-debug-core-4.18.0-147.54.2.el8_1.ppc64le.rpm kernel-debug-debuginfo-4.18.0-147.54.2.el8_1.ppc64le.rpm kernel-debug-devel-4.18.0-147.54.2.el8_1.ppc64le.rpm kernel-debug-modules-4.18.0-147.54.2.el8_1.ppc64le.rpm kernel-debug-modules-extra-4.18.0-147.54.2.el8_1.ppc64le.rpm kernel-debuginfo-4.18.0-147.54.2.el8_1.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-147.54.2.el8_1.ppc64le.rpm kernel-devel-4.18.0-147.54.2.el8_1.ppc64le.rpm kernel-headers-4.18.0-147.54.2.el8_1.ppc64le.rpm kernel-modules-4.18.0-147.54.2.el8_1.ppc64le.rpm kernel-modules-extra-4.18.0-147.54.2.el8_1.ppc64le.rpm kernel-tools-4.18.0-147.54.2.el8_1.ppc64le.rpm kernel-tools-debuginfo-4.18.0-147.54.2.el8_1.ppc64le.rpm kernel-tools-libs-4.18.0-147.54.2.el8_1.ppc64le.rpm perf-4.18.0-147.54.2.el8_1.ppc64le.rpm perf-debuginfo-4.18.0-147.54.2.el8_1.ppc64le.rpm python3-perf-4.18.0-147.54.2.el8_1.ppc64le.rpm python3-perf-debuginfo-4.18.0-147.54.2.el8_1.ppc64le.rpm s390x: bpftool-4.18.0-147.54.2.el8_1.s390x.rpm bpftool-debuginfo-4.18.0-147.54.2.el8_1.s390x.rpm kernel-4.18.0-147.54.2.el8_1.s390x.rpm kernel-core-4.18.0-147.54.2.el8_1.s390x.rpm kernel-cross-headers-4.18.0-147.54.2.el8_1.s390x.rpm kernel-debug-4.18.0-147.54.2.el8_1.s390x.rpm kernel-debug-core-4.18.0-147.54.2.el8_1.s390x.rpm kernel-debug-debuginfo-4.18.0-147.54.2.el8_1.s390x.rpm kernel-debug-devel-4.18.0-147.54.2.el8_1.s390x.rpm kernel-debug-modules-4.18.0-147.54.2.el8_1.s390x.rpm kernel-debug-modules-extra-4.18.0-147.54.2.el8_1.s390x.rpm kernel-debuginfo-4.18.0-147.54.2.el8_1.s390x.rpm kernel-debuginfo-common-s390x-4.18.0-147.54.2.el8_1.s390x.rpm kernel-devel-4.18.0-147.54.2.el8_1.s390x.rpm kernel-headers-4.18.0-147.54.2.el8_1.s390x.rpm kernel-modules-4.18.0-147.54.2.el8_1.s390x.rpm kernel-modules-extra-4.18.0-147.54.2.el8_1.s390x.rpm kernel-tools-4.18.0-147.54.2.el8_1.s390x.rpm kernel-tools-debuginfo-4.18.0-147.54.2.el8_1.s390x.rpm kernel-zfcpdump-4.18.0-147.54.2.el8_1.s390x.rpm kernel-zfcpdump-core-4.18.0-147.54.2.el8_1.s390x.rpm kernel-zfcpdump-debuginfo-4.18.0-147.54.2.el8_1.s390x.rpm kernel-zfcpdump-devel-4.18.0-147.54.2.el8_1.s390x.rpm kernel-zfcpdump-modules-4.18.0-147.54.2.el8_1.s390x.rpm kernel-zfcpdump-modules-extra-4.18.0-147.54.2.el8_1.s390x.rpm perf-4.18.0-147.54.2.el8_1.s390x.rpm perf-debuginfo-4.18.0-147.54.2.el8_1.s390x.rpm python3-perf-4.18.0-147.54.2.el8_1.s390x.rpm python3-perf-debuginfo-4.18.0-147.54.2.el8_1.s390x.rpm x86_64: bpftool-4.18.0-147.54.2.el8_1.x86_64.rpm bpftool-debuginfo-4.18.0-147.54.2.el8_1.x86_64.rpm kernel-4.18.0-147.54.2.el8_1.x86_64.rpm kernel-core-4.18.0-147.54.2.el8_1.x86_64.rpm kernel-cross-headers-4.18.0-147.54.2.el8_1.x86_64.rpm kernel-debug-4.18.0-147.54.2.el8_1.x86_64.rpm kernel-debug-core-4.18.0-147.54.2.el8_1.x86_64.rpm kernel-debug-debuginfo-4.18.0-147.54.2.el8_1.x86_64.rpm kernel-debug-devel-4.18.0-147.54.2.el8_1.x86_64.rpm kernel-debug-modules-4.18.0-147.54.2.el8_1.x86_64.rpm kernel-debug-modules-extra-4.18.0-147.54.2.el8_1.x86_64.rpm kernel-debuginfo-4.18.0-147.54.2.el8_1.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-147.54.2.el8_1.x86_64.rpm kernel-devel-4.18.0-147.54.2.el8_1.x86_64.rpm kernel-headers-4.18.0-147.54.2.el8_1.x86_64.rpm kernel-modules-4.18.0-147.54.2.el8_1.x86_64.rpm kernel-modules-extra-4.18.0-147.54.2.el8_1.x86_64.rpm kernel-tools-4.18.0-147.54.2.el8_1.x86_64.rpm kernel-tools-debuginfo-4.18.0-147.54.2.el8_1.x86_64.rpm kernel-tools-libs-4.18.0-147.54.2.el8_1.x86_64.rpm perf-4.18.0-147.54.2.el8_1.x86_64.rpm perf-debuginfo-4.18.0-147.54.2.el8_1.x86_64.rpm python3-perf-4.18.0-147.54.2.el8_1.x86_64.rpm python3-perf-debuginfo-4.18.0-147.54.2.el8_1.x86_64.rpm Red Hat CodeReady Linux Builder EUS (v. 8.1): aarch64: bpftool-debuginfo-4.18.0-147.54.2.el8_1.aarch64.rpm kernel-debug-debuginfo-4.18.0-147.54.2.el8_1.aarch64.rpm kernel-debuginfo-4.18.0-147.54.2.el8_1.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-147.54.2.el8_1.aarch64.rpm kernel-tools-debuginfo-4.18.0-147.54.2.el8_1.aarch64.rpm kernel-tools-libs-devel-4.18.0-147.54.2.el8_1.aarch64.rpm perf-debuginfo-4.18.0-147.54.2.el8_1.aarch64.rpm python3-perf-debuginfo-4.18.0-147.54.2.el8_1.aarch64.rpm ppc64le: bpftool-debuginfo-4.18.0-147.54.2.el8_1.ppc64le.rpm kernel-debug-debuginfo-4.18.0-147.54.2.el8_1.ppc64le.rpm kernel-debuginfo-4.18.0-147.54.2.el8_1.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-147.54.2.el8_1.ppc64le.rpm kernel-tools-debuginfo-4.18.0-147.54.2.el8_1.ppc64le.rpm kernel-tools-libs-devel-4.18.0-147.54.2.el8_1.ppc64le.rpm perf-debuginfo-4.18.0-147.54.2.el8_1.ppc64le.rpm python3-perf-debuginfo-4.18.0-147.54.2.el8_1.ppc64le.rpm x86_64: bpftool-debuginfo-4.18.0-147.54.2.el8_1.x86_64.rpm kernel-debug-debuginfo-4.18.0-147.54.2.el8_1.x86_64.rpm kernel-debuginfo-4.18.0-147.54.2.el8_1.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-147.54.2.el8_1.x86_64.rpm kernel-tools-debuginfo-4.18.0-147.54.2.el8_1.x86_64.rpm kernel-tools-libs-devel-4.18.0-147.54.2.el8_1.x86_64.rpm perf-debuginfo-4.18.0-147.54.2.el8_1.x86_64.rpm python3-perf-debuginfo-4.18.0-147.54.2.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3609 https://access.redhat.com/security/cve/CVE-2021-3715 https://access.redhat.com/security/cve/CVE-2021-37576 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYTeDnNzjgjWX9erEAQgVpBAAjGy4v5oHxHMfrafrvMGRQDKO6tZcP8LP xRJUFJoLzXCYLo7P4lEKE1FtGvCuuks5/3ET5j16ZeLNXsU10TXmn8MKCJwcAoe3 ENWsfx8cw6sA0zS5fSAmXbPsH53+FAhqx36QPaeAjRDIUsvwIWO7L2Qv5ECfS1gt VdsD8N+PYFEmUgzNv0aWdk7XL+6SCs3fktonYf/yq8sPA7t8JJN4WZhx4IkVUXqN +epy0m6y+N7xBFm9MNMQ9t/3PBwPGSrPH0jQUPIktgtrXLeGJWJasnhQwiS6OTvS 0D8VJlqA+r8OjM5XX8uJrxO1K0w1/N1Rn/riF/YYUJIVppI18iDqHzAGrGwQdzJg 5Iz4GTe/pLMwcFFtOFyinJcnsgEDbi8of3ksrDN3Ph3RfSozaxQuayxlglonMvav F1NHWAMR3ZWMueueU1WizORI6sCeBnDbEw84D4P1wCFrf1vR9mpBNHWPfLzVmO2Q 5nUCMXELwqtXLRHv6G1bSR8qNu/SB0SJK8mJUaPTsNw8S0hrpajCsewm4x24Vmha QUHszbStKxaSxA5my3cfT3WdzUO89GKuBALIctMWimPFc0GiqH9I1S7NR3pTqt9o 0GYmP7gfDX6XVl5yiUFbJW9pkXy1+7p1mpZVMIW4cFhFTRu5/8hBdI7COnVoGnCh tQOFXtxM9SA= =U7/D - -----END PGP SIGNATURE----- - -------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2021:3446-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3446 Issue date: 2021-09-07 CVE Names: CVE-2021-0512 CVE-2021-3715 CVE-2021-37576 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder EUS (v. 8.2) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: out-of-bounds write due to a heap buffer overflow in __hidinput_change_resolution_multipliers() of hid-input.c (CVE-2021-0512) * kernel: use-after-free in route4_change() in net/sched/cls_route.c (CVE-2021-3715) * kernel: powerpc: KVM guest OS users can cause host OS memory corruption (CVE-2021-37576) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Guest kernel call trace when boot up with 4T memory and 2 vcpus (BZ#1993552) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1974491 - CVE-2021-0512 kernel: out-of-bounds write due to a heap buffer overflow in __hidinput_change_resolution_multipliers() of hid-input.c 1986506 - CVE-2021-37576 kernel: powerpc: KVM guest OS users can cause host OS memory corruption 1993988 - CVE-2021-3715 kernel: use-after-free in route4_change() in net/sched/cls_route.c 6. Package List: Red Hat Enterprise Linux BaseOS EUS (v. 8.2): Source: kernel-4.18.0-193.65.2.el8_2.src.rpm aarch64: bpftool-4.18.0-193.65.2.el8_2.aarch64.rpm bpftool-debuginfo-4.18.0-193.65.2.el8_2.aarch64.rpm kernel-4.18.0-193.65.2.el8_2.aarch64.rpm kernel-core-4.18.0-193.65.2.el8_2.aarch64.rpm kernel-cross-headers-4.18.0-193.65.2.el8_2.aarch64.rpm kernel-debug-4.18.0-193.65.2.el8_2.aarch64.rpm kernel-debug-core-4.18.0-193.65.2.el8_2.aarch64.rpm kernel-debug-debuginfo-4.18.0-193.65.2.el8_2.aarch64.rpm kernel-debug-devel-4.18.0-193.65.2.el8_2.aarch64.rpm kernel-debug-modules-4.18.0-193.65.2.el8_2.aarch64.rpm kernel-debug-modules-extra-4.18.0-193.65.2.el8_2.aarch64.rpm kernel-debuginfo-4.18.0-193.65.2.el8_2.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-193.65.2.el8_2.aarch64.rpm kernel-devel-4.18.0-193.65.2.el8_2.aarch64.rpm kernel-headers-4.18.0-193.65.2.el8_2.aarch64.rpm kernel-modules-4.18.0-193.65.2.el8_2.aarch64.rpm kernel-modules-extra-4.18.0-193.65.2.el8_2.aarch64.rpm kernel-tools-4.18.0-193.65.2.el8_2.aarch64.rpm kernel-tools-debuginfo-4.18.0-193.65.2.el8_2.aarch64.rpm kernel-tools-libs-4.18.0-193.65.2.el8_2.aarch64.rpm perf-4.18.0-193.65.2.el8_2.aarch64.rpm perf-debuginfo-4.18.0-193.65.2.el8_2.aarch64.rpm python3-perf-4.18.0-193.65.2.el8_2.aarch64.rpm python3-perf-debuginfo-4.18.0-193.65.2.el8_2.aarch64.rpm noarch: kernel-abi-whitelists-4.18.0-193.65.2.el8_2.noarch.rpm kernel-doc-4.18.0-193.65.2.el8_2.noarch.rpm ppc64le: bpftool-4.18.0-193.65.2.el8_2.ppc64le.rpm bpftool-debuginfo-4.18.0-193.65.2.el8_2.ppc64le.rpm kernel-4.18.0-193.65.2.el8_2.ppc64le.rpm kernel-core-4.18.0-193.65.2.el8_2.ppc64le.rpm kernel-cross-headers-4.18.0-193.65.2.el8_2.ppc64le.rpm kernel-debug-4.18.0-193.65.2.el8_2.ppc64le.rpm kernel-debug-core-4.18.0-193.65.2.el8_2.ppc64le.rpm kernel-debug-debuginfo-4.18.0-193.65.2.el8_2.ppc64le.rpm kernel-debug-devel-4.18.0-193.65.2.el8_2.ppc64le.rpm kernel-debug-modules-4.18.0-193.65.2.el8_2.ppc64le.rpm kernel-debug-modules-extra-4.18.0-193.65.2.el8_2.ppc64le.rpm kernel-debuginfo-4.18.0-193.65.2.el8_2.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-193.65.2.el8_2.ppc64le.rpm kernel-devel-4.18.0-193.65.2.el8_2.ppc64le.rpm kernel-headers-4.18.0-193.65.2.el8_2.ppc64le.rpm kernel-modules-4.18.0-193.65.2.el8_2.ppc64le.rpm kernel-modules-extra-4.18.0-193.65.2.el8_2.ppc64le.rpm kernel-tools-4.18.0-193.65.2.el8_2.ppc64le.rpm kernel-tools-debuginfo-4.18.0-193.65.2.el8_2.ppc64le.rpm kernel-tools-libs-4.18.0-193.65.2.el8_2.ppc64le.rpm perf-4.18.0-193.65.2.el8_2.ppc64le.rpm perf-debuginfo-4.18.0-193.65.2.el8_2.ppc64le.rpm python3-perf-4.18.0-193.65.2.el8_2.ppc64le.rpm python3-perf-debuginfo-4.18.0-193.65.2.el8_2.ppc64le.rpm s390x: bpftool-4.18.0-193.65.2.el8_2.s390x.rpm bpftool-debuginfo-4.18.0-193.65.2.el8_2.s390x.rpm kernel-4.18.0-193.65.2.el8_2.s390x.rpm kernel-core-4.18.0-193.65.2.el8_2.s390x.rpm kernel-cross-headers-4.18.0-193.65.2.el8_2.s390x.rpm kernel-debug-4.18.0-193.65.2.el8_2.s390x.rpm kernel-debug-core-4.18.0-193.65.2.el8_2.s390x.rpm kernel-debug-debuginfo-4.18.0-193.65.2.el8_2.s390x.rpm kernel-debug-devel-4.18.0-193.65.2.el8_2.s390x.rpm kernel-debug-modules-4.18.0-193.65.2.el8_2.s390x.rpm kernel-debug-modules-extra-4.18.0-193.65.2.el8_2.s390x.rpm kernel-debuginfo-4.18.0-193.65.2.el8_2.s390x.rpm kernel-debuginfo-common-s390x-4.18.0-193.65.2.el8_2.s390x.rpm kernel-devel-4.18.0-193.65.2.el8_2.s390x.rpm kernel-headers-4.18.0-193.65.2.el8_2.s390x.rpm kernel-modules-4.18.0-193.65.2.el8_2.s390x.rpm kernel-modules-extra-4.18.0-193.65.2.el8_2.s390x.rpm kernel-tools-4.18.0-193.65.2.el8_2.s390x.rpm kernel-tools-debuginfo-4.18.0-193.65.2.el8_2.s390x.rpm kernel-zfcpdump-4.18.0-193.65.2.el8_2.s390x.rpm kernel-zfcpdump-core-4.18.0-193.65.2.el8_2.s390x.rpm kernel-zfcpdump-debuginfo-4.18.0-193.65.2.el8_2.s390x.rpm kernel-zfcpdump-devel-4.18.0-193.65.2.el8_2.s390x.rpm kernel-zfcpdump-modules-4.18.0-193.65.2.el8_2.s390x.rpm kernel-zfcpdump-modules-extra-4.18.0-193.65.2.el8_2.s390x.rpm perf-4.18.0-193.65.2.el8_2.s390x.rpm perf-debuginfo-4.18.0-193.65.2.el8_2.s390x.rpm python3-perf-4.18.0-193.65.2.el8_2.s390x.rpm python3-perf-debuginfo-4.18.0-193.65.2.el8_2.s390x.rpm x86_64: bpftool-4.18.0-193.65.2.el8_2.x86_64.rpm bpftool-debuginfo-4.18.0-193.65.2.el8_2.x86_64.rpm kernel-4.18.0-193.65.2.el8_2.x86_64.rpm kernel-core-4.18.0-193.65.2.el8_2.x86_64.rpm kernel-cross-headers-4.18.0-193.65.2.el8_2.x86_64.rpm kernel-debug-4.18.0-193.65.2.el8_2.x86_64.rpm kernel-debug-core-4.18.0-193.65.2.el8_2.x86_64.rpm kernel-debug-debuginfo-4.18.0-193.65.2.el8_2.x86_64.rpm kernel-debug-devel-4.18.0-193.65.2.el8_2.x86_64.rpm kernel-debug-modules-4.18.0-193.65.2.el8_2.x86_64.rpm kernel-debug-modules-extra-4.18.0-193.65.2.el8_2.x86_64.rpm kernel-debuginfo-4.18.0-193.65.2.el8_2.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-193.65.2.el8_2.x86_64.rpm kernel-devel-4.18.0-193.65.2.el8_2.x86_64.rpm kernel-headers-4.18.0-193.65.2.el8_2.x86_64.rpm kernel-modules-4.18.0-193.65.2.el8_2.x86_64.rpm kernel-modules-extra-4.18.0-193.65.2.el8_2.x86_64.rpm kernel-tools-4.18.0-193.65.2.el8_2.x86_64.rpm kernel-tools-debuginfo-4.18.0-193.65.2.el8_2.x86_64.rpm kernel-tools-libs-4.18.0-193.65.2.el8_2.x86_64.rpm perf-4.18.0-193.65.2.el8_2.x86_64.rpm perf-debuginfo-4.18.0-193.65.2.el8_2.x86_64.rpm python3-perf-4.18.0-193.65.2.el8_2.x86_64.rpm python3-perf-debuginfo-4.18.0-193.65.2.el8_2.x86_64.rpm Red Hat CodeReady Linux Builder EUS (v. 8.2): aarch64: bpftool-debuginfo-4.18.0-193.65.2.el8_2.aarch64.rpm kernel-debug-debuginfo-4.18.0-193.65.2.el8_2.aarch64.rpm kernel-debuginfo-4.18.0-193.65.2.el8_2.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-193.65.2.el8_2.aarch64.rpm kernel-tools-debuginfo-4.18.0-193.65.2.el8_2.aarch64.rpm kernel-tools-libs-devel-4.18.0-193.65.2.el8_2.aarch64.rpm perf-debuginfo-4.18.0-193.65.2.el8_2.aarch64.rpm python3-perf-debuginfo-4.18.0-193.65.2.el8_2.aarch64.rpm ppc64le: bpftool-debuginfo-4.18.0-193.65.2.el8_2.ppc64le.rpm kernel-debug-debuginfo-4.18.0-193.65.2.el8_2.ppc64le.rpm kernel-debuginfo-4.18.0-193.65.2.el8_2.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-193.65.2.el8_2.ppc64le.rpm kernel-tools-debuginfo-4.18.0-193.65.2.el8_2.ppc64le.rpm kernel-tools-libs-devel-4.18.0-193.65.2.el8_2.ppc64le.rpm perf-debuginfo-4.18.0-193.65.2.el8_2.ppc64le.rpm python3-perf-debuginfo-4.18.0-193.65.2.el8_2.ppc64le.rpm x86_64: bpftool-debuginfo-4.18.0-193.65.2.el8_2.x86_64.rpm kernel-debug-debuginfo-4.18.0-193.65.2.el8_2.x86_64.rpm kernel-debuginfo-4.18.0-193.65.2.el8_2.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-193.65.2.el8_2.x86_64.rpm kernel-tools-debuginfo-4.18.0-193.65.2.el8_2.x86_64.rpm kernel-tools-libs-devel-4.18.0-193.65.2.el8_2.x86_64.rpm perf-debuginfo-4.18.0-193.65.2.el8_2.x86_64.rpm python3-perf-debuginfo-4.18.0-193.65.2.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-0512 https://access.redhat.com/security/cve/CVE-2021-3715 https://access.redhat.com/security/cve/CVE-2021-37576 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYTeXxNzjgjWX9erEAQgF0Q//bmsmkGcRhUiSJmN3WagYSj6D9fHYH3e4 10veNq8nMCs41mTU5B49qiw6Pj5DHS/AZfyyz9nAkdipA3pEAPJd/V12DGWm2mf3 tfEWxkuA1XqlpxgsMjd5STz9XTpj7ibodOWA+g3yEupRtiYlNL5biSITzEYJbP+l bygr7F4e0TqhS3afq7PedYkR0RChK1ZJx7MRNek0qVw5gHdFC00XSfonuu6zAdf8 rpJi+ox7b+5A/FdUbewAcqoe71R5IfQt/AX+OztWu6wZqT3JksH8r0SzliyqcZp1 DkDZvRcT8sLco40NI4/Ko7pAeJg86eaQNh8Oj/FTOCf3ahAPAjnGFqAk/6qqP79h aqgrB/Ei/7wVPjES7z5RLwVOtVACT9EB+UblUbBzjTHkdvE+ZtPlJ2dtwleIcoa3 qceo09aR7Z48+Q6VMsLkH6wROvztIX4zfQIcbiAO/+Oil/Gpif4RY30SxDeT0lFK qksDFYiifQ4uwY8WVoHceNOc8mEj+jBSuFWhMS/ieyAPB1vOah4hHOUXLSAqybE8 7hR0hKaszImKMx5uFjkmnrPZQWKHrtduuA/moUNFLh3r4jzjIbMxsrw64CistEW3 cXbPfkUauBxjZuXBUVTOfvFwl+nibyLy1oX/d6dgj5pSI9xgZM2KlwOp36Ud5GMw 0m7c7ccYqTY= =+mNM - -----END PGP SIGNATURE----- - -------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2021:3447-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3447 Issue date: 2021-09-07 CVE Names: CVE-2021-37576 CVE-2021-38201 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: powerpc: KVM guest OS users can cause host OS memory corruption (CVE-2021-37576) * kernel: slab-out-of-bounds access in xdr_set_page_base() in net/sunrpc/xdr.c (CVE-2021-38201) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Update Broadcom Emulex lpfc driver for RHEL8.5 with bug fixes (BZ#1948608) * cyclictest shows >50us latency when guest enters idle (RT guest with 18 RT vCPUs) (BZ#1981336) * xfrm: backports from upstream (BZ#1981840) * A task is stuck waiting for the completion of the vmci_resouce releasing upon the balloon reset. (BZ#1982042) * [mlx5] backport driver bits of net: zero-initialize tc skb extension on allocation (BZ#1982220) * Kernel cannot kill a process doing compaction for hugepage allocation (BZ#1984085) * RHEL8.4 Nightly[0108] - [P10] [Regression] Kdump failed on RHEL8.4 on SAN disk via flavafish adapter (qla2xxx/HPT/Radix) (BZ#1986156) * [RHEL8.5] scheduler updates and fixes (BZ#1987296) * RHEL 8.3 using FCOE via a FastLinQ QL45000 card will not manually scan in LUN from Target_id's over 8 (BZ#1989097) * fixes for oopses in security mitigation runtime code patching (BZ#1989174) * act mirred doesn't scrub packets when sending them to ingress (BZ#1992226) * HPE: Cannot install 8.4 using the DVD presented to the iLO (BZ#1993894) * NFS client hangs on share listing when server side readdir verifiers are implemented (BZ#1993895) * SNO: The load is extremely high (~870) when pao is added and a profile is applied. (BZ#1994879) * timeout value of conntrack entry with TCP ESTABLISHED status is too short (BZ#1995554) * Increase the default value for flowtable offload timeouts (BZ#1995555) * ice/iavf driver stop responding (BZ#1997534) * [FJ8.4 Bug]: [REG] Some files in /proc/sys/user show wrong data (BZ#1998002) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1986506 - CVE-2021-37576 kernel: powerpc: KVM guest OS users can cause host OS memory corruption 1992731 - CVE-2021-38201 kernel: slab-out-of-bounds access in xdr_set_page_base() in net/sunrpc/xdr.c 6. Package List: Red Hat Enterprise Linux BaseOS (v. 8): Source: kernel-4.18.0-305.17.1.el8_4.src.rpm aarch64: bpftool-4.18.0-305.17.1.el8_4.aarch64.rpm bpftool-debuginfo-4.18.0-305.17.1.el8_4.aarch64.rpm kernel-4.18.0-305.17.1.el8_4.aarch64.rpm kernel-core-4.18.0-305.17.1.el8_4.aarch64.rpm kernel-cross-headers-4.18.0-305.17.1.el8_4.aarch64.rpm kernel-debug-4.18.0-305.17.1.el8_4.aarch64.rpm kernel-debug-core-4.18.0-305.17.1.el8_4.aarch64.rpm kernel-debug-debuginfo-4.18.0-305.17.1.el8_4.aarch64.rpm kernel-debug-devel-4.18.0-305.17.1.el8_4.aarch64.rpm kernel-debug-modules-4.18.0-305.17.1.el8_4.aarch64.rpm kernel-debug-modules-extra-4.18.0-305.17.1.el8_4.aarch64.rpm kernel-debuginfo-4.18.0-305.17.1.el8_4.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-305.17.1.el8_4.aarch64.rpm kernel-devel-4.18.0-305.17.1.el8_4.aarch64.rpm kernel-headers-4.18.0-305.17.1.el8_4.aarch64.rpm kernel-modules-4.18.0-305.17.1.el8_4.aarch64.rpm kernel-modules-extra-4.18.0-305.17.1.el8_4.aarch64.rpm kernel-tools-4.18.0-305.17.1.el8_4.aarch64.rpm kernel-tools-debuginfo-4.18.0-305.17.1.el8_4.aarch64.rpm kernel-tools-libs-4.18.0-305.17.1.el8_4.aarch64.rpm perf-4.18.0-305.17.1.el8_4.aarch64.rpm perf-debuginfo-4.18.0-305.17.1.el8_4.aarch64.rpm python3-perf-4.18.0-305.17.1.el8_4.aarch64.rpm python3-perf-debuginfo-4.18.0-305.17.1.el8_4.aarch64.rpm noarch: kernel-abi-stablelists-4.18.0-305.17.1.el8_4.noarch.rpm kernel-doc-4.18.0-305.17.1.el8_4.noarch.rpm ppc64le: bpftool-4.18.0-305.17.1.el8_4.ppc64le.rpm bpftool-debuginfo-4.18.0-305.17.1.el8_4.ppc64le.rpm kernel-4.18.0-305.17.1.el8_4.ppc64le.rpm kernel-core-4.18.0-305.17.1.el8_4.ppc64le.rpm kernel-cross-headers-4.18.0-305.17.1.el8_4.ppc64le.rpm kernel-debug-4.18.0-305.17.1.el8_4.ppc64le.rpm kernel-debug-core-4.18.0-305.17.1.el8_4.ppc64le.rpm kernel-debug-debuginfo-4.18.0-305.17.1.el8_4.ppc64le.rpm kernel-debug-devel-4.18.0-305.17.1.el8_4.ppc64le.rpm kernel-debug-modules-4.18.0-305.17.1.el8_4.ppc64le.rpm kernel-debug-modules-extra-4.18.0-305.17.1.el8_4.ppc64le.rpm kernel-debuginfo-4.18.0-305.17.1.el8_4.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-305.17.1.el8_4.ppc64le.rpm kernel-devel-4.18.0-305.17.1.el8_4.ppc64le.rpm kernel-headers-4.18.0-305.17.1.el8_4.ppc64le.rpm kernel-modules-4.18.0-305.17.1.el8_4.ppc64le.rpm kernel-modules-extra-4.18.0-305.17.1.el8_4.ppc64le.rpm kernel-tools-4.18.0-305.17.1.el8_4.ppc64le.rpm kernel-tools-debuginfo-4.18.0-305.17.1.el8_4.ppc64le.rpm kernel-tools-libs-4.18.0-305.17.1.el8_4.ppc64le.rpm perf-4.18.0-305.17.1.el8_4.ppc64le.rpm perf-debuginfo-4.18.0-305.17.1.el8_4.ppc64le.rpm python3-perf-4.18.0-305.17.1.el8_4.ppc64le.rpm python3-perf-debuginfo-4.18.0-305.17.1.el8_4.ppc64le.rpm s390x: bpftool-4.18.0-305.17.1.el8_4.s390x.rpm bpftool-debuginfo-4.18.0-305.17.1.el8_4.s390x.rpm kernel-4.18.0-305.17.1.el8_4.s390x.rpm kernel-core-4.18.0-305.17.1.el8_4.s390x.rpm kernel-cross-headers-4.18.0-305.17.1.el8_4.s390x.rpm kernel-debug-4.18.0-305.17.1.el8_4.s390x.rpm kernel-debug-core-4.18.0-305.17.1.el8_4.s390x.rpm kernel-debug-debuginfo-4.18.0-305.17.1.el8_4.s390x.rpm kernel-debug-devel-4.18.0-305.17.1.el8_4.s390x.rpm kernel-debug-modules-4.18.0-305.17.1.el8_4.s390x.rpm kernel-debug-modules-extra-4.18.0-305.17.1.el8_4.s390x.rpm kernel-debuginfo-4.18.0-305.17.1.el8_4.s390x.rpm kernel-debuginfo-common-s390x-4.18.0-305.17.1.el8_4.s390x.rpm kernel-devel-4.18.0-305.17.1.el8_4.s390x.rpm kernel-headers-4.18.0-305.17.1.el8_4.s390x.rpm kernel-modules-4.18.0-305.17.1.el8_4.s390x.rpm kernel-modules-extra-4.18.0-305.17.1.el8_4.s390x.rpm kernel-tools-4.18.0-305.17.1.el8_4.s390x.rpm kernel-tools-debuginfo-4.18.0-305.17.1.el8_4.s390x.rpm kernel-zfcpdump-4.18.0-305.17.1.el8_4.s390x.rpm kernel-zfcpdump-core-4.18.0-305.17.1.el8_4.s390x.rpm kernel-zfcpdump-debuginfo-4.18.0-305.17.1.el8_4.s390x.rpm kernel-zfcpdump-devel-4.18.0-305.17.1.el8_4.s390x.rpm kernel-zfcpdump-modules-4.18.0-305.17.1.el8_4.s390x.rpm kernel-zfcpdump-modules-extra-4.18.0-305.17.1.el8_4.s390x.rpm perf-4.18.0-305.17.1.el8_4.s390x.rpm perf-debuginfo-4.18.0-305.17.1.el8_4.s390x.rpm python3-perf-4.18.0-305.17.1.el8_4.s390x.rpm python3-perf-debuginfo-4.18.0-305.17.1.el8_4.s390x.rpm x86_64: bpftool-4.18.0-305.17.1.el8_4.x86_64.rpm bpftool-debuginfo-4.18.0-305.17.1.el8_4.x86_64.rpm kernel-4.18.0-305.17.1.el8_4.x86_64.rpm kernel-core-4.18.0-305.17.1.el8_4.x86_64.rpm kernel-cross-headers-4.18.0-305.17.1.el8_4.x86_64.rpm kernel-debug-4.18.0-305.17.1.el8_4.x86_64.rpm kernel-debug-core-4.18.0-305.17.1.el8_4.x86_64.rpm kernel-debug-debuginfo-4.18.0-305.17.1.el8_4.x86_64.rpm kernel-debug-devel-4.18.0-305.17.1.el8_4.x86_64.rpm kernel-debug-modules-4.18.0-305.17.1.el8_4.x86_64.rpm kernel-debug-modules-extra-4.18.0-305.17.1.el8_4.x86_64.rpm kernel-debuginfo-4.18.0-305.17.1.el8_4.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-305.17.1.el8_4.x86_64.rpm kernel-devel-4.18.0-305.17.1.el8_4.x86_64.rpm kernel-headers-4.18.0-305.17.1.el8_4.x86_64.rpm kernel-modules-4.18.0-305.17.1.el8_4.x86_64.rpm kernel-modules-extra-4.18.0-305.17.1.el8_4.x86_64.rpm kernel-tools-4.18.0-305.17.1.el8_4.x86_64.rpm kernel-tools-debuginfo-4.18.0-305.17.1.el8_4.x86_64.rpm kernel-tools-libs-4.18.0-305.17.1.el8_4.x86_64.rpm perf-4.18.0-305.17.1.el8_4.x86_64.rpm perf-debuginfo-4.18.0-305.17.1.el8_4.x86_64.rpm python3-perf-4.18.0-305.17.1.el8_4.x86_64.rpm python3-perf-debuginfo-4.18.0-305.17.1.el8_4.x86_64.rpm Red Hat CodeReady Linux Builder (v. 8): aarch64: bpftool-debuginfo-4.18.0-305.17.1.el8_4.aarch64.rpm kernel-debug-debuginfo-4.18.0-305.17.1.el8_4.aarch64.rpm kernel-debuginfo-4.18.0-305.17.1.el8_4.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-305.17.1.el8_4.aarch64.rpm kernel-tools-debuginfo-4.18.0-305.17.1.el8_4.aarch64.rpm kernel-tools-libs-devel-4.18.0-305.17.1.el8_4.aarch64.rpm perf-debuginfo-4.18.0-305.17.1.el8_4.aarch64.rpm python3-perf-debuginfo-4.18.0-305.17.1.el8_4.aarch64.rpm ppc64le: bpftool-debuginfo-4.18.0-305.17.1.el8_4.ppc64le.rpm kernel-debug-debuginfo-4.18.0-305.17.1.el8_4.ppc64le.rpm kernel-debuginfo-4.18.0-305.17.1.el8_4.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-305.17.1.el8_4.ppc64le.rpm kernel-tools-debuginfo-4.18.0-305.17.1.el8_4.ppc64le.rpm kernel-tools-libs-devel-4.18.0-305.17.1.el8_4.ppc64le.rpm perf-debuginfo-4.18.0-305.17.1.el8_4.ppc64le.rpm python3-perf-debuginfo-4.18.0-305.17.1.el8_4.ppc64le.rpm x86_64: bpftool-debuginfo-4.18.0-305.17.1.el8_4.x86_64.rpm kernel-debug-debuginfo-4.18.0-305.17.1.el8_4.x86_64.rpm kernel-debuginfo-4.18.0-305.17.1.el8_4.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-305.17.1.el8_4.x86_64.rpm kernel-tools-debuginfo-4.18.0-305.17.1.el8_4.x86_64.rpm kernel-tools-libs-devel-4.18.0-305.17.1.el8_4.x86_64.rpm perf-debuginfo-4.18.0-305.17.1.el8_4.x86_64.rpm python3-perf-debuginfo-4.18.0-305.17.1.el8_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-37576 https://access.redhat.com/security/cve/CVE-2021-38201 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYTeo39zjgjWX9erEAQiQJg//WC8Lo366QM07Hf6JqLFH8hpTIEz14AMN eKAlX+lBh6nP7HM/Q8YHAqgRk4vHlasireWUa4Yjjq3UQbCd5naMyiZ23YrwcL9t gMPSeaKx5MGT3N0+PAXKNvWrllAtlCyx8rY4mV4P7cR3FhtsACQ/Ig2BNLY9L2NY QNA4D5+vUJASDuTuEvQrsTMlc/h2GeXhhjMco+JE1G+NhCca9srRSitc01t1VXIk jEP5ET1JfL/cSSvz7i1VJ0tEFX+5wV0qY/t1FlfyATZ8NuxhNN/Zad9aiw7+ouay erTTBAl8OpfT5xwqB6yXl/SbYRiVVy52sulaak/uijcCAd3JSX4Fdd+gQbDsh5H/ G6uKxkVaycOzkhrNZIJQB+9xxU9PzqcmD5sK06ODt/3qUpvdnRgKsGlGei2FtpL7 GQ440Y/tc772QpLilvjkdO/rJ3WJ7vjXWaDglnrR+YLf4S5KJTR5tON1bLd2ImxY WQ4NSzJBr/kDT9ARP2QvYUyxHRt/7l+qjQZSGWWkMdmeYP94bX+oelnxsVz0UJJ1 E0GykqwcF22XfFTYw4cYGH9xmYZNn8L0ejrc/VYDDPgO9GScKUgc5ncpmKEhzOWt niZ5cZ0UmKpCL6lATnGW2eOz9+za5Ep371guxerxxeDUkbFpx5tjjzAKBK+I2xGC TjjKLsNVflc= =ckyS - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYTgJDuNLKJtyKPYoAQi8EhAAk4qV49XvFAgcYq2CiJ9E4KizMe6hna70 VKjXK76P0KXGHqf4yr/TeXOCowmq82s7n9FIN95w1vo18qyjODGdVM31dBbt+tD5 cK/PVSqiMFp5LqpvbcY39dxmcbUlcpac1NzjBIC0nwVqSzMq2wZhERElOgkmp3LJ T3nTPY0fsDzoTouyd1/rgKhK0fV7oNsgLzdy0tN0t1gS5lT6Yfewk4kyP3ZhkLy8 nWIXVppmqE9vZxAKevz42lZI79YWRBz2mXPC0arAPIUuaLs/hSPTjpOnEm4d7PFm 7xTUrB+iTBcussX3lmsUcQzEnw/q39E+Fu1XnALFAGOpiTGM3TEzc+aOhvA6nL52 sdZTfdBXW6i4LPIT/JLY2NrC/WYOSgv1l4SqJyvhy3CkNi+tWpcAktYGSSWX0Fou AYTjtlp3JBWkQLWtgPt+eyO299GK42aDO16HXjAh8UTnxbPuXVQsdLiUzS4qk39Z kAQcN+nCI+4IWDwte7as1brTSrPJadQpstJCcrtSSWfqjITE8nbCDpJxkRLwlpev UniqPhIKGdAeoTxn1a4wBuNaZ/muLYV8S7ZpUaERhp1v+IAD8NeCAs5VDG48Qc/5 gOtfQJTnxd+ynlXV69PQTaMnTf9XI6zb+eZ7Qo63WTFJPwUIYaR2l2g9c6ICX7gQ EgU5fxPVD8U= =ynUQ -----END PGP SIGNATURE-----