kernel-3.10.0-1160.36.2.el7

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909)
* kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034)
* kernel: use-after-free in show_numa_stats function (CVE-2019-20934)
* kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668)
* kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c (CVE-2021-33033)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* n_tty_open: "BUG: unable to handle kernel paging request"
* [ESXi] "qp_alloc_hypercall result = -20" / "Could not attach to queue pair with -20" with vSphere Fault Tolerance enabled
* [s390x][Regression] Sino Nomine swapgen IBM z/VM emulated DASD with DIAG driver returns EOPNOTSUPP
* False-positive hard lockup detected while processing the thread state information (SysRq-T)
* Asianux 7 zstream - s390x LPAR with NVMe SSD will panic when it has 32 or more IFL (pci)
* The NMI watchdog detected a hard lockup while printing RCU CPU stall warning messages to the serial console
* nvme hangs when trying to allocate reserved tag
* [REGRESSION] "call into AER handling regardless of severity" triggers do_recovery() unnecessarily on correctable PCIe errors
* Module nvme_core: A double free of the kmalloc-512 cache between nvme_trans_log_temperature() and nvme_get_log_page().
* sctp - SCTP_CMD_TIMER_START queues active timer kernel BUG at kernel/timer.c:1000!
* [Hyper-V] When CONFIG_NET_POLL_CONTROLLER is set, mainline commit 2a7f8c3b1d3fee is needed
* Kernel panic at cgroup_is_descendant
* [Hyper-V] Commits To Fix Kdump Failures
* IGMPv2 JOIN packets incorrectly routed to loopback
* [CKI kernel builds]: x86 binaries in non-x86 kernel rpms breaks systemtap [7.9.z]
* mlx4: Fix memory allocation in mlx4_buddy_init needed
* incorrect assertion on pi_state->pi_mutex.wait_lock from pi_state_update_owner()

CVE-2019-20934
An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.
CVE-2020-11668
In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.
CVE-2021-33033
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.
CVE-2021-33034
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
CVE-2021-33909
fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.