kernel-3.10.0-957.12.1.el7

エラータID: AXSA:2019-3871:03

Release date: 
Friday, May 10, 2019 - 11:14
Subject: 
kernel-3.10.0-957.12.1.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974)

* Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer (CVE-2019-7221)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* rbd: avoid corruption on partially completed bios [rhel-7.6.z] (BZ#1672514)

* xfs_vm_writepages deadly embrace between kworker and user task. [rhel-7.6.z] (BZ#1673281)

* Offload Connections always get vlan priority 0 [rhel-7.6.z] (BZ#1673821)

* [NOKIA] RHEL sends flood of Neighbour Solicitations under specific conditions [rhel-7.6.z] (BZ#1677179)

* RHEL 7.6 - Host crash occurred on NVMe/IB system while running controller reset [rhel-7.6.z] (BZ#1678214)

* [rhel7] raid0 md workqueue deadlock with stacked md devices [rhel-7.6.z] (BZ#1678215)

* [PureStorage7.6]nvme disconnect following an unsuccessful Admin queue creation causes kernel panic [rhel-7.6.z] (BZ#1678216)

* RFC: Regression with -fstack-check in 'backport upstream large stack guard patch to RHEL6' patch [rhel-7.6.z] (BZ#1678221)

* [Hyper-V] [RHEL 7.6]hv_netvsc: Fix a network regression after ifdown/ifup [rhel-7.6.z] (BZ#1679997)

* rtc_cmos: probe of 00:01 failed with error -16 [rhel-7.6.z] (BZ#1683078)

* ACPI WDAT watchdog update [rhel-7.6.z] (BZ#1683079)

* high ovs-vswitchd CPU usage when VRRP over VXLAN tunnel causing qrouter fail-over [rhel-7.6.z] (BZ#1683093)

* Openshift node drops outgoing POD traffic due to NAT hashtable race in __ip_conntrack_confirm() [rhel-7.6.z] (BZ#1686766)

* [Backport] [v3,2/2] net: igmp: Allow user-space configuration of igmp unsolicited report interval [rhel-7.6.z] (BZ#1686771)

* [RHEL7.6]: Intermittently seen FIFO parity error on T6225-SO adapter [rhel-7.6.z] (BZ#1687487)

* The number of unsolict report about IGMP is incorrect [rhel-7.6.z] (BZ#1688225)

* RDT driver causing failure to boot on AMD Rome system with more than 255 CPUs [rhel-7.6.z] (BZ#1689120)

* mpt3sas_cm0: fault_state(0x2100)! [rhel-7.6.z] (BZ#1689379)

* rwsem in inconsistent state leading system to hung [rhel-7.6.z] (BZ#1690323)

Users of kernel are advised to upgrade to these updated packages, which fix these bugs.

CVE-2019-6974
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
CVE-2019-7221
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.

Solution: 

Update packages.

CVEs: 
CVE-2019-6974
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
CVE-2019-7221
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
Additional Info: 

N/A

Download: 

SRPMS
  1. kernel-3.10.0-957.12.1.el7.src.rpm
    MD5: 3a1a4aee7004b05989465dfca451aca9
    SHA-256: 3d872fe3144f3ff748a8f7b1213f92dc21282f386d42a9f504dfa58682a213d8
    Size: 96.38 MB

Asianux Server 7 for x86_64
  1. bpftool-3.10.0-957.12.1.el7.x86_64.rpm
    MD5: 09a8739e5cba1518b711516eca1f1875
    SHA-256: fe47275f2f802deca11b1bd0ab0d161dada37a22018e910df3aff15f9c744a32
    Size: 7.45 MB
  2. kernel-3.10.0-957.12.1.el7.x86_64.rpm
    MD5: 0b1909bd5d66cdbed77565624effb889
    SHA-256: 26ec787b28dec6417eea544c3e621293d97d0de6901d7f1e3b866ae2399ac7cc
    Size: 48.23 MB
  3. kernel-abi-whitelists-3.10.0-957.12.1.el7.noarch.rpm
    MD5: 70558644b37dd91b22de011a5d4e5205
    SHA-256: b015e975df76ccf074d4e668f4c23e5d18d878aded428828d17e183870210747
    Size: 7.02 MB
  4. kernel-debug-3.10.0-957.12.1.el7.x86_64.rpm
    MD5: 72791d4fedc8484c56c64e83fe49b565
    SHA-256: f14ffa0d5360d014418f05dc8a34d95a515a568c6b0241a96755326c960e931b
    Size: 50.30 MB
  5. kernel-debug-devel-3.10.0-957.12.1.el7.x86_64.rpm
    MD5: c873eec9975c4515eb2d36213a45a1b5
    SHA-256: d85dd9a7ac410b3c648009713ca2e51430cbac43504cbf6ee86e447368ec7639
    Size: 16.81 MB
  6. kernel-devel-3.10.0-957.12.1.el7.x86_64.rpm
    MD5: c48d4d4fa735b93cb24b0fafd3b58fd7
    SHA-256: 511ad6575328c99403ce2e7599f7000313c9b042064989978845d4cc6120e6ff
    Size: 16.74 MB
  7. kernel-doc-3.10.0-957.12.1.el7.noarch.rpm
    MD5: 58b457abed8018b0477757c48eb492d0
    SHA-256: 323e2b78c9e041e3ccc3f8d0869b1d8d91babfbde671440c3f31a7a1af30245b
    Size: 18.36 MB
  8. kernel-headers-3.10.0-957.12.1.el7.x86_64.rpm
    MD5: 20a2f2cc8250ed820d50815fdedf66b8
    SHA-256: 24d437e04e5a516a69a22f7dbc17c9abd45956faa0637dd62e088945c60585d8
    Size: 7.99 MB
  9. kernel-tools-3.10.0-957.12.1.el7.x86_64.rpm
    MD5: 0f99cf2e7e1ae816cb7f5584531a3570
    SHA-256: e2cc5ecbabf7a4ae5168fa71e72e20523cff9f73ba1b76234d49a66997c58178
    Size: 7.11 MB
  10. kernel-tools-libs-3.10.0-957.12.1.el7.x86_64.rpm
    MD5: 364a584f95efcdbaceb1a372516832c9
    SHA-256: 7f41634ccc59ef70bbfcd582f2fdc0dd421413aaee96e4055c8483feb5ce9765
    Size: 7.02 MB
  11. perf-3.10.0-957.12.1.el7.x86_64.rpm
    MD5: 484677f5afd5b12fc97df7d99c8d265d
    SHA-256: 973b36ea6e4a2a4bcb44153e71fcd83f30f6e170af05f1f1d3b57825e9078ce3
    Size: 8.52 MB
  12. python-perf-3.10.0-957.12.1.el7.x86_64.rpm
    MD5: 7ea60c6979ee329c0245d80df0c27ef8
    SHA-256: fcd2a08a6fcd37c55804472dd06d16f11204b414db50804806f0f176d5f26282
    Size: 7.11 MB