RHSA-2020:1016: Moderate: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system.Security Fix(es): kernel: out of bound read in DVB connexant driver. (CVE-2015-9289) kernel: Missing permissions check for requestkey() destination allows local attackers to add keys to keyring without Write permission (CVE-2017-17807) kernel: denial of service via ioctl call in network tun handling (CVE-2018-7191) kernel: usb: missing size check in the usbgetextradescriptor() leading to DoS (CVE-2018-20169) kernel: perfeventopen() and execve() race in setuid programs allows a data leak (CVE-2019-3901) kernel: brcmfmac frame validation bypass (CVE-2019-9503) kernel: null-pointer dereference in hciuartsetflowcontrol (CVE-2019-10207) kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884) kernel: unchecked kstrdup of fwstr in drmloadedidfirmware leads to denial of service (CVE-2019-12382) kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233) kernel: denial of service in arch/powerpc/kernel/signal32.c and arch/powerpc/kernel/signal64.c via sigreturn() system call (CVE-2019-13648) kernel: integer overflow and OOB read in drivers/block/floppy.c (CVE-2019-14283) kernel: memory leak in registerqueuekobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916) kernel: buffer-overflow hardening in WiFi beacon validation code. (CVE-2019-16746) kernel: (powerpc) incomplete Spectre-RSB mitigation leads to information exposure (CVE-2019-18660) kernel: oob memory read in hsoprobe in drivers/net/usb/hso.c (CVE-2018-19985) Kernel: net: weak IP ID generation leads to remote device tracking (CVE-2019-10638) Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR (CVE-2019-10639) kernel: ASLR bypass for setuid binaries due to late installexeccreds() (CVE-2019-11190) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2020:1016?
The severity of RHSA-2020:1016 is high due to critical vulnerabilities in the Linux kernel.
How do I fix RHSA-2020:1016?
To fix RHSA-2020:1016, update your system to the kernel package version 3.10.0-1127.el7 or later.
What vulnerabilities are addressed in RHSA-2020:1016?
RHSA-2020:1016 addresses out of bound reads and missing permissions in the Linux kernel.
Which systems are affected by RHSA-2020:1016?
RHSA-2020:1016 affects systems running the Red Hat Enterprise Linux 7 kernel prior to version 3.10.0-1127.el7.
Is there a workaround for RHSA-2020:1016?
There are no known workarounds for RHSA-2020:1016; applying updates is the recommended course of action.