RHSA-2020:0740: Important: kernel-alt security and bug fix update
The kernel-alt packages provide the Linux kernel version 4.x.<br>Security Fix(es):<br><li> kernel: rtlp2pnoaie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666)</li> <li> kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871)</li> <li> kernel: Heap address information leak while using L2CAPGETCONFOPT (CVE-2019-3459)</li> <li> kernel: Heap address information leak while using L2CAPPARSECONFRSP (CVE-2019-3460)</li> <li> kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884)</li> <li> kernel: powerpc: local user can read vector registers of other users' processes via a Facility Unavailable exception (CVE-2019-15030)</li> <li> kernel: memory leak in registerqueuekobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916)</li> <li> kernel: integer overflow in tcpackupdatertt in net/ipv4/tcpinput.c (CVE-2019-18805)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>Bug Fix(es):<br><li> lpfc: NVMe/FC target test machine rhel-storage-62 crashes on boot when connected to FC switch (BZ#1623205)</li> <li> kernel BUG at fs/nfscommon/grace.c:107! (BZ#1637543)</li> <li> RHEL-Alt-7.6 - Need a fix for kernel bug capinodegetsecurity: use dfindanyalias() instead of dfindalias() (BZ#1711934)</li> <li> Backport "fs/dcache.c: add condresched() in shrinkdentrylist()" (32785c0539b7) [rhel-alt-7.6.z] (BZ#1758861)</li> <li> [RHEL-ALT-7.6.z][arm64] iommu/iova: Fix tracking of recently failed iova address (BZ#1780500)</li>
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2020:0740?
The severity of RHSA-2020:0740 is classified as important due to the potential buffer overflow vulnerability.
How do I fix RHSA-2020:0740?
To fix RHSA-2020:0740, you should upgrade to the kernel packages version 4.14.0-115.18.1.el7a or later.
What specific vulnerability is addressed in RHSA-2020:0740?
RHSA-2020:0740 addresses a buffer overflow vulnerability in the rtl_p2p_noa_ie function within the Linux kernel.
Which packages are affected by RHSA-2020:0740?
Affected packages include kernel-alt, kernel, kernel-debug, and others listed in the advisory.
Is it necessary to reboot after applying the fix for RHSA-2020:0740?
Yes, it is necessary to reboot the system after applying the fix for RHSA-2020:0740 to ensure the updated kernel is running.