RHSA-2020:0339: Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system.Security Fix(es): kernel: heap overflow in mwifiexupdatevsie() function of Marvell WiFi driver (CVE-2019-14816) kernel: heap-based buffer overflow in mwifiexprocesscountryie() function in drivers/net/wireless/marvell/mwifiex/staioctl.c (CVE-2019-14895) kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901) kernel: rtlp2pnoaie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) kernel: heap overflow in mwifiexsetuaprates() function of Marvell Wifi Driver leading to DoS (CVE-2019-14814) kernel: heap-overflow in mwifiexsetwmmparams() function of Marvell WiFi driver leading to DoS (CVE-2019-14815) kernel: incomplete fix for race condition between mmgetnotzero()/gettaskmm() and core dumping in CVE-2019-11599 (CVE-2019-14898) Kernel: KVM: export MSRIA32TSXCTRL to guest - incomplete fix for TAA (CVE-2019-11135) (CVE-2019-19338) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Bug Fix(es): [Azure][8.1] Include patch "PCI: hv: Avoid use of hvpcidev->pcislot after freeing it" (BZ#1764635) block layer: update to v5.3 (BZ#1777766) backport xfs: fix missing ILOCK unlock when xfssetattrnonsize fails due to EDQUOT (BZ#1778692) Backport important bugfixes from upstream post 5.3 (BZ#1778693) LUN path recovery issue with Emulex LPe32002 HBA in RHEL 8.0 Server during storage side cable pull testing (BZ#1781108) cifs tasks enter D state and error out with "CIFS VFS: SMB signature verification returned error = -5" (BZ#1781110) Update CIFS to linux 5.3 (except RDMA and conflicts) (BZ#1781113) RHEL8.0 - Regression to RHEL7.6 by changing forcelatency found during RHEL8.0 validation for SAP HANA on POWER (BZ#1781114) blk-mq: overwirte performance drops on real MQ device (BZ#1782181)
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2020:0339?
The vulnerability RHSA-2020:0339 is classified as moderate severity.
How do I fix RHSA-2020:0339?
To fix RHSA-2020:0339, update the affected packages to version 4.18.0-147.5.1.el8_1 provided by Red Hat.
Which packages are affected by RHSA-2020:0339?
Affected packages include kernel, bpftool, kernel-core, and several related packages in Red Hat Enterprise Linux.
What type of vulnerability is described in RHSA-2020:0339?
RHSA-2020:0339 describes a heap overflow vulnerability in the mwifiex_update_vs_ie() function of the Marvell WiFi driver.
Is a reboot required after applying the fix for RHSA-2020:0339?
Yes, a reboot is required to fully apply the kernel updates and mitigate RHSA-2020:0339.