kernel-4.18.0-240.el8

エラータID: AXSA:2021-1489:04

Release date: 
Wednesday, February 17, 2021 - 05:50
Subject: 
kernel-4.18.0-240.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: use after free in the video driver leads to local privilege escalation (CVE-2019-9458)

* kernel: use-after-free in drivers/bluetooth/hci_ldisc.c (CVE-2019-15917)

* kernel: out-of-bounds access in function hclge_tm_schd_mode_vnet_base_cfg (CVE-2019-15925)

* kernel: memory leak in ccp_run_sha_cmd() (CVE-2019-18808)

* kernel: Denial Of Service in the __ipmi_bmc_register() (CVE-2019-19046)

* kernel: out-of-bounds write in ext4_xattr_set_entry (CVE-2019-19319)

* Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid (CVE-2019-19332)

* kernel: use-after-free in ext4_put_super (CVE-2019-19447)

* kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free (CVE-2019-19524)

* kernel: race condition caused by a malicious USB device in the USB character device driver layer (CVE-2019-19537)

* kernel: use-after-free in serial_ir_init_module() (CVE-2019-19543)

* kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry (CVE-2019-19767)

* kernel: use-after-free in debugfs_remove (CVE-2019-19770)

* kernel: out-of-bounds write via crafted keycode table (CVE-2019-20636)

* kernel: possible use-after-free due to a race condition in cdev_get (CVE-2020-0305)

* kernel: out-of-bounds read in in vc_do_resize function (CVE-2020-8647)

* kernel: use-after-free in n_tty_receive_buf_common function (CVE-2020-8648)

* kernel: invalid read location in vgacon_invert_region function (CVE-2020-8649)

* kernel: uninitialized kernel data leak in userspace coredumps (CVE-2020-10732)

* kernel: SELinux netlink permission check bypass (CVE-2020-10751)

* kernel: out-of-bounds write in mpol_parse_str (CVE-2020-11565)

* kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668)

* kernel: buffer overflow in mt76_add_fragment function (CVE-2020-12465)

* kernel: xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write which could result in crash and data coruption (CVE-2020-12659)

* kernel: sg_write function lacks an sg_remove_request call in a certain failure case (CVE-2020-12770)

* kernel: possible to send arbitrary signals to a privileged (suidroot) parent process (CVE-2020-12826)

* kernel: referencing inode of removed superblock in get_futex_key() causes UAF (CVE-2020-14381)

* kernel: soft-lockups in iov_iter_copy_from_user_atomic() could result in DoS (CVE-2020-25641)

* kernel: kernel pointer leak due to WARN_ON statement in video driver leads to local information disclosure (CVE-2019-9455)

* kernel: null pointer dereference in dlpar_parse_cc_property (CVE-2019-12614)

* kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c (CVE-2019-16231)

* kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c (CVE-2019-16233)

* kernel: memory leak in af9005_identify_state() function (CVE-2019-18809)

* kernel: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function (CVE-2019-19056)

* kernel: memory leak in the crypto_report() function (CVE-2019-19062)

* kernel: Two memory leaks in the rtl_usb_probe() function (CVE-2019-19063)

* kernel: A memory leak in the rtl8xxxu_submit_int_urb() function (CVE-2019-19068)

* kernel: A memory leak in the predicate_parse() function (CVE-2019-19072)

* kernel: information leak bug caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c (CVE-2019-19533)

* kernel: Null pointer dereference in drop_sysctl_table() (CVE-2019-20054)

* kernel: kernel stack information leak on s390/s390x (CVE-2020-10773)

* kernel: possibility of memory disclosure when reading the file /proc/sys/kernel/rh_features (CVE-2020-10774)

* kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field (CVE-2020-10942)

* kernel: sync of excessive duration via an XFS v5 image with crafted metadata (CVE-2020-12655)

CVE-2019-12614
An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).
CVE-2019-15917
An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c.
CVE-2019-15925
An issue was discovered in the Linux kernel before 5.2.3. An out of bounds access exists in the function hclge_tm_schd_mode_vnet_base_cfg in the file drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c.
CVE-2019-16231
drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
CVE-2019-16233
drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
CVE-2019-18808
A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.
CVE-2019-18809
A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559.
CVE-2019-19046
** DISPUTED ** A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control this failure at probe time.
CVE-2019-19056
A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-db8fd2cde932.
CVE-2019-19062
A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042.
CVE-2019-19063
Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113.
CVE-2019-19068
A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6.
CVE-2019-19072
A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-96c5c6e6a5b6.
CVE-2019-19319
In the Linux kernel 5.0.21, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call.
CVE-2019-19332
An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service.
CVE-2019-19447
In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.
CVE-2019-19524
In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9.
CVE-2019-19533
In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464.
CVE-2019-19537
In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c.
CVE-2019-19543
In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c.
CVE-2019-19767
The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163.
CVE-2019-19770
** DISPUTED ** In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of debugfs within blktrace.
CVE-2019-20054
In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e.
CVE-2019-20636
In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.
CVE-2019-9455
In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
CVE-2019-9458
In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2020-0305
In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153467744
CVE-2020-10732
A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.
CVE-2020-10751
A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.
CVE-2020-10773
A stack information leak flaw was found in s390/s390x in the Linux kernel’s memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data.
CVE-2020-10774
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-10942
In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.
CVE-2020-11565
** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue “is a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.”.
CVE-2020-11668
In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.
CVE-2020-12465
An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages.
CVE-2020-12655
An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767.
CVE-2020-12659
An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom validation.
CVE-2020-12770
An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.
CVE-2020-12826
A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat.
CVE-2020-14381
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-25641
A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2020-8647
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.
CVE-2020-8648
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.
CVE-2020-8649
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.

Solution: 

Update packages.

CVEs: 
CVE-2019-12614
An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).
CVE-2019-15917
An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c.
CVE-2019-15925
An issue was discovered in the Linux kernel before 5.2.3. An out of bounds access exists in the function hclge_tm_schd_mode_vnet_base_cfg in the file drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c.
CVE-2019-16231
drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
CVE-2019-16233
drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
CVE-2019-18808
A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.
CVE-2019-18809
A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559.
CVE-2019-19046
** DISPUTED ** A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control this failure at probe time.
CVE-2019-19056
A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-db8fd2cde932.
CVE-2019-19062
A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042.
CVE-2019-19063
Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113.
CVE-2019-19068
A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6.
CVE-2019-19072
A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-96c5c6e6a5b6.
CVE-2019-19319
In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30.
CVE-2019-19332
An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service.
CVE-2019-19447
In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.
CVE-2019-19524
In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9.
CVE-2019-19533
In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464.
CVE-2019-19537
In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c.
CVE-2019-19543
In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c.
CVE-2019-19767
The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163.
CVE-2019-19770
** DISPUTED ** In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of debugfs within blktrace.
CVE-2019-20054
In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e.
CVE-2019-20636
In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.
CVE-2019-9455
In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
CVE-2019-9458
In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2020-0305
In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153467744
CVE-2020-10732
A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.
CVE-2020-10751
A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.
CVE-2020-10773
A stack information leak flaw was found in s390/s390x in the Linux kernel’s memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data.
CVE-2020-10774
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-10942
In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.
CVE-2020-11565
** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue “is a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.”.
CVE-2020-11668
In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.
CVE-2020-12465
An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages.
CVE-2020-12655
An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767.
CVE-2020-12659
An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom validation.
CVE-2020-12770
An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.
CVE-2020-12826
A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat.
CVE-2020-14381
A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVE-2020-25641
A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2020-8647
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.
CVE-2020-8648
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.
CVE-2020-8649
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.
Additional Info: 

N/A

Download: 

SRPMS
  1. kernel-4.18.0-240.el8.src.rpm
    MD5: 8d032dafcab8c6c4fb0ec7b86fa29834
    SHA-256: 5a9649401261182edc8716a2c474912b8a7a554547f5019866bff83fa734e9d8
    Size: 113.03 MB

Asianux Server 8 for x86_64
  1. bpftool-4.18.0-240.el8.x86_64.rpm
    MD5: 4f328b635ca2049f623b8efbdc61ddd1
    SHA-256: 5aeba4e6f4416a6955cbe55c8b53b39532ce31ac55d7cb945538cd89ecbc2264
    Size: 4.98 MB
  2. kernel-4.18.0-240.el8.x86_64.rpm
    MD5: dbb59c32fe051a47980579a4e6ffe9f3
    SHA-256: d7204ec0c35a120b4cdf7381c5a686c740b69cb2e05e9e4aaeedc7325268bc54
    Size: 4.33 MB
  3. kernel-abi-whitelists-4.18.0-240.el8.noarch.rpm
    MD5: 04041824a8cda546f8ce0bc6a6f2d18a
    SHA-256: 84693839fc7a49bc873e529ef09e372dd1cdbbed6d3f3976a14b21780281f3e4
    Size: 4.33 MB
  4. kernel-core-4.18.0-240.el8.x86_64.rpm
    MD5: 2a37765ba3fa118ce284977e80b55039
    SHA-256: 51b39393843ee438bf5ba688f618191e31676738dedfd59128b3d4fa4209f1c5
    Size: 30.06 MB
  5. kernel-cross-headers-4.18.0-240.el8.x86_64.rpm
    MD5: 9cc2456c0ce866ae69cc03e0640539b5
    SHA-256: 03e2d82871bac5148ec43f6aeef5b366f8372786e60063abe20167afea5f6db4
    Size: 9.14 MB
  6. kernel-debug-4.18.0-240.el8.x86_64.rpm
    MD5: ea016476daf729d859fd6744c8408941
    SHA-256: c2ca2f7520d4b659de1adc8f7e5142a1a97984a78df41edb6abcf20e3a6ec8fb
    Size: 4.33 MB
  7. kernel-debug-core-4.18.0-240.el8.x86_64.rpm
    MD5: 1c5485c85bb121f23be08ae0fa431404
    SHA-256: e568a05b353a4607a4503815c3eed15cd32b80dfd1bbc601f07addd0772df884
    Size: 56.67 MB
  8. kernel-debug-devel-4.18.0-240.el8.x86_64.rpm
    MD5: 5f47ec7227965200d3713ccfd7d29a27
    SHA-256: 3afbfa66fae05200e6f180f0d2465e4c0fee021dceefa55545c0d36099367865
    Size: 16.76 MB
  9. kernel-debug-modules-4.18.0-240.el8.x86_64.rpm
    MD5: 26fa0f6df080154b1bf0c508322ebef0
    SHA-256: 5be8a2025b08815b596e9cd609d1346d5d1b0436a6fd73b5b2bd9355dcb60bd8
    Size: 49.79 MB
  10. kernel-debug-modules-extra-4.18.0-240.el8.x86_64.rpm
    MD5: 1ec405ded53e92e212945a639401cd75
    SHA-256: bee317e4361236fe4d301b6a748ab8f4c8faf8ba42392e7b65e3ad5cb1d10285
    Size: 5.64 MB
  11. kernel-devel-4.18.0-240.el8.x86_64.rpm
    MD5: 66efe38ea17d6865c7ed94d9b3d81101
    SHA-256: 43fe11583c2c21f3c4f1ac890a8ee863b2c448881e78fff55e4fa3a066f8102b
    Size: 16.60 MB
  12. kernel-doc-4.18.0-240.el8.noarch.rpm
    MD5: d0fa8fbb74bf00f3307a3a8cf3590ee0
    SHA-256: d8c8cba091a16e69f7280366d690e6b706f61817ba3dbdaef8b41cdb41a8ee27
    Size: 20.49 MB
  13. kernel-headers-4.18.0-240.el8.x86_64.rpm
    MD5: a9998f5df7c04da94a4637e7746e0551
    SHA-256: d871cfd1a1fc6dbe395baee94ba2e40503a3f0c3ca34921a9b5f6384aac5893d
    Size: 5.54 MB
  14. kernel-modules-4.18.0-240.el8.x86_64.rpm
    MD5: 180fb345eaba2966da3b35afd77acc04
    SHA-256: 0f0fa627f902e31d2347fe9383df0e27fe9479084ca9427c4b57344ea3720cda
    Size: 25.52 MB
  15. kernel-modules-extra-4.18.0-240.el8.x86_64.rpm
    MD5: b48be4649cf9459711d428dea1dfa7b4
    SHA-256: fed4a5b96ed071f686c071205f383391a9d6c1d3f1fe1e83c2a177eb9c9dd4a4
    Size: 4.97 MB
  16. kernel-tools-4.18.0-240.el8.x86_64.rpm
    MD5: 233b765d45ced3b5d925ba67ee4bc041
    SHA-256: 7990eccbe13720159c7e7adab11fc73b813eb56207c3949add5515526cbb0f6b
    Size: 4.52 MB
  17. kernel-tools-libs-4.18.0-240.el8.x86_64.rpm
    MD5: f66f5578fdd1eabab8786e1978d98602
    SHA-256: 77eb8472ff645e3a71712676651dfbb1fea492dfac666201530533413357929d
    Size: 4.33 MB
  18. perf-4.18.0-240.el8.x86_64.rpm
    MD5: 85f19f58ad9cbd81b8d749619820616e
    SHA-256: a8ace484e1ea25331691d7f32767cdfad40c0057af207e40fc45ec76c4805ba7
    Size: 6.39 MB
  19. python3-perf-4.18.0-240.el8.x86_64.rpm
    MD5: b2eaf12c731ccf3f92ff1475f89fc002
    SHA-256: 7e77dd0c020c5571a43d163af7b56abbbaf01bd9fe7f8bfb764957b4f1ad9071
    Size: 4.44 MB