RHSA-2021:3987: Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system.Security Fix(es): kernel: use-after-free in drivers/infiniband/core/ucma.c ctx use-after-free (CVE-2020-36385) kernel: Improper handling of VMIO|VMPFNMAP vmas in KVM can bypass RO checks (CVE-2021-22543) kernel: powerpc: KVM guest OS users can cause host OS memory corruption (CVE-2021-37576) kernel: use-after-free in shownumastats function (CVE-2019-20934) kernel: SVM nested virtualization issue in KVM (AVIC support) (CVE-2021-3653) kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE) (CVE-2021-3656) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Bug Fix(es): A race between i40endosetvfmac() and i40evsiclear() in the i40e driver causes a use after free condition of the kmalloc-4096 slab cache. (BZ#1980333)
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2021:3987?
RHSA-2021:3987 is categorized as a critical vulnerability due to potential exploitation risks related to use-after-free issues.
How do I fix RHSA-2021:3987?
To address RHSA-2021:3987, update your affected packages to version 3.10.0-1062.59.1.el7 or later.
What are the key vulnerabilities addressed in RHSA-2021:3987?
RHSA-2021:3987 mitigates a use-after-free vulnerability in ucma.c and improper handling of VM_IO|VM_PFNMAP vmas in KVM.
Which software packages are affected by RHSA-2021:3987?
Affected packages include kernel, bpftool, kernel-debug, and various related kernel tools in Red Hat Enterprise Linux 7.
How can RHSA-2021:3987 impact system security?
If unpatched, RHSA-2021:3987 may allow attackers to exploit memory vulnerabilities, potentially leading to system compromise.