kernel-3.10.0-1160.11.1.el7

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: metadata validator in XFS may cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt (CVE-2020-14385)

* kernel: The flow_dissector feature allows device tracking (CVE-2019-18282)

* kernel: Buffer over-read in crypto_authenc_extractkeys() when a payload longer than 4 bytes is not aligned. (CVE-2020-10769)

* kernel: buffer uses out of index in ext3/4 filesystem (CVE-2020-14314)

* kernel: umask not applied on filesystem without ACL support (CVE-2020-24394)

* kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212)

* kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow (CVE-2020-25643)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* WARNING in set_restore_sigmask at ./arch/x86/include/asm/thread_info.h:298 sigsuspend+0x6d/0x70

* [i40e] VFs see other VF's outgoing traffic

* [Hyper-V]Two fixes for kdump over network

* Loop in __run_timers() because base->timer_jiffies is very far behind causes a lockup condition.

* XFS transaction overrun when running docker on VMWARE (overlay fs)

* NVMe/IB - Host crash encountered during array upgrade

* False positive hard lockup detected while disabling the hard lockup detector via sysctl -w kernel.watchdog=0

* [Hyper-V] Only notify Hyper-V for die events that are oops

* Linux kernel crash due to openvswitch module

* 'nodfs' option not working when using SMB2+

* zstream - ESS - kernel panic triggered by freelist pointer corruption

* destroy_cfs_bandwidth() is called by free_fair_sched_group() without calling init_cfs_bandwidth()

* NULL pointer at nvme_rdma_setup_ctrl+0x1c2/0x8d0 [nvme_rdma] when discover E5700

* IB Infiniband RDMA mlx5_ib is freeing a kmalloc-512 cache that it does not own causing memory corruption.

* [Azure]Two Patches Needed To Enable Azure Host Time-syncing in VMs

* connect AF_UNSPEC on a connecting AF_INET6 socket returns an error

* Rebuilding the grub with the CPU flag 'avx' disabled (clearcpuid=156) triggers kernel panic in xor_avx_2()

* nf_conntrack_sctp.h is not usable due to a missing commit

* Starting pvmove on top of physical volumes on MD devices causes IO error on ongoing IO

CVE-2019-18282
The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code.
CVE-2020-10769
A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of service.
CVE-2020-14314
A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.
CVE-2020-14385
A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2020-24394
In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.
CVE-2020-25212
A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.
CVE-2020-25643
A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.