kernel-3.10.0-1160.21.1.el7

The kernel packages contain the Linux kernel, the core of any Linux operating
system.

Security Fix(es):

* kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in
net/netfilter/nf_conntrack_netlink.c (CVE-2020-25211)
* kernel: SCSI target (LIO) write to any block on ILO backstore
(CVE-2020-28374)
* kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an
use-after-free (CVE-2020-29661)
* kernel: malicious USB devices can lead to multiple out-of-bounds write
(CVE-2019-19532)
* kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)
* kernel: use-after-free in i915_ppgtt_close in
drivers/gpu/drm/i915/i915_gem_gtt.c (CVE-2020-7053)
* kernel: performance counters race condition use-after-free (CVE-2020-14351)
* kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints
(CVE-2020-25645)
* kernel: use-after-free in read in vt_do_kdgkb_ioctl (CVE-2020-25656)
* kernel: ICMP rate limiting can be used for DNS poisoning attack
(CVE-2020-25705)
* kernel: increase slab leak leads to DoS (CVE-2021-20265)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

Bug Fix(es):

* BUG: scheduling while atomic: memory allocation under spinlock in
scsi_register_device_handler()
* WARNING in __iscsit_free_cmd during recovery Abort
* lpfc does not issue adisc to fcp-2 devices, does not respond to nvme targer
that send an adisc.
* Panic in semctl_nolock.constprop.15+0x25b
* [md]Crash due to invalid pool workqueue pointer, work queue race
* Guest crash on intel CPU with -cpu host,-spec-ctrl,+ibpb
* kernel/uv: handle length extension properly
* Commit b144f013fc16a06d7a4b9a4be668a3583fafeda2 'i40e: don't report link up
for a VF who hasn't enabled queues' introducing issues with VM using DPDK
* writing to /sys/devices/(...)/net/eno49/queues/tx-16/xps_cpus triggers
kernel panic
* [Hyper-V]video: hyperv_fb: Fix the cache type when mapping the
VRAM Edit
* kvm-rhel7.9 [AMD] - system crash observed while powering on virtual machine
with attached VF interfaces.
* kernel: nvme nvme7: Connect command failed, error wo/DNR bit: 2
* dm-mirror crashes from assuming underlying storage will have a non-NULL
merge_bvec_fn
* watchdog: use nmi registers snapshot in hardlockup handler
* [DELL EMC 7.9 BUG] - Intel E810 NIC interfaces are not functional on system with AMD Rome CPUs
* [DELL EMC BUG]system log shows AMD-Vi error when system connected with
Gen 4 NVMe drives.

CVE-2019-19532
In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs
that can be caused by a malicious USB device in the Linux kernel HID drivers,
aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c,
drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c,
drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c,
drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c,
drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-tmff.c, and
drivers/hid/hid-zpff.c.
CVE-2020-0427
In create_pinctrl of core.c, there is a possible out of bounds read due to a use
after free. This could lead to local information disclosure with no additional
execution privileges needed. User interaction is not needed for
exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171
CVE-2020-7053
In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through
4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the
i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka
CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in
drivers/gpu/drm/i915/i915_gem_context.c.
CVE-2020-14351
A flaw was found in the Linux kernel. A use-after-free memory flaw was found in
the perf subsystem allowing a local attacker with permission to monitor perf
events to corrupt memory and possibly escalate privileges. The highest threat
from this vulnerability is to data confidentiality and integrity as well as
system availability.
CVE-2020-25211
In the Linux kernel through 5.8.7, local attackers able to inject conntrack
netlink configuration could overflow a local buffer, causing crashes or
triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in
net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.
CVE-2020-25645
A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between
two Geneve endpoints may be unencrypted when IPsec is configured to encrypt
traffic for the specific UDP port used by the GENEVE tunnel allowing anyone
between the two endpoints to read the traffic unencrypted. The main threat from
this vulnerability is to data confidentiality.
CVE-2020-25656
A flaw was found in the Linux kernel. A use-after-free was found in the way the
console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could
use this flaw to get read memory access out of bounds. The highest threat from
this vulnerability is to data confidentiality.
CVE-2020-25705
A flaw in the way reply ICMP packets are limited in the Linux kernel
functionality was found that allows to quickly scan open UDP ports. This flaw
allows an off-path remote user to effectively bypassing source port UDP
randomization. The highest threat from this vulnerability is to confidentiality
and possibly integrity, because software that relies on UDP source port
randomization are indirectly affected as well. Kernel versions before 5.10 may
be vulnerable to this issue.
CVE-2020-28374
In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7,
insufficient identifier checking in the LIO SCSI target code can be used by
remote attackers to read or write files via directory traversal in an XCOPY
request, aka CID-2896c93811e3. For example, an attack can occur over a network
if the attacker has access to one iSCSI LUN. The attacker gains control over
file access because I/O operations are proxied via an attacker-selected
backstore.
CVE-2020-29661
A locking issue was discovered in the tty subsystem of the Linux kernel through
5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against
TIOCSPGRP, aka CID-54ffccbf053b.
CVE-2021-20265
A flaw was found in the way memory resources were freed in the
unix_stream_recvmsg function in the Linux kernel when a signal was pending. This
flaw allows an unprivileged local user to crash the system by exhausting
available memory. The highest threat from this vulnerability is to system
availability.