ID

VAR-202012-1546

CVE

CVE-2020-29661

TITLE

Linux kernel Resource Management Error Vulnerability

DESCRIPTION

A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. Bug fix: * RHACM 2.0.8 images (BZ #1915461) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1915461 - RHACM 2.0.8 images 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2021:0686-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0686 Issue date: 2021-03-02 CVE Names: CVE-2020-0444 CVE-2020-14351 CVE-2020-25705 CVE-2020-29661 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder EUS (v. 8.1) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux BaseOS EUS (v. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: bad kfree in auditfilter.c may lead to escalation of privilege (CVE-2020-0444) * kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661) * kernel: performance counters race condition use-after-free (CVE-2020-14351) * kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [Hyper-V][RHEL-8] Request to included a commit that adds a timeout to vmbus_wait_for_unload (BZ#1913530) * [CKI kernel builds]: x86 binaries in non-x86 kernel rpms breaks systemtap (BZ#1929908) * rpmbuild cannot build the userspace RPMs in the kernel package when the kernel itself is not built (BZ#1929912) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1862849 - CVE-2020-14351 kernel: performance counters race condition use-after-free 1894579 - CVE-2020-25705 kernel: ICMP rate limiting can be used for DNS poisoning attack 1906525 - CVE-2020-29661 kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free 1920474 - CVE-2020-0444 kernel: bad kfree in auditfilter.c may lead to escalation of privilege 6. Package List: Red Hat Enterprise Linux BaseOS EUS (v. 8.1): Source: kernel-4.18.0-147.43.1.el8_1.src.rpm aarch64: bpftool-4.18.0-147.43.1.el8_1.aarch64.rpm bpftool-debuginfo-4.18.0-147.43.1.el8_1.aarch64.rpm kernel-4.18.0-147.43.1.el8_1.aarch64.rpm kernel-core-4.18.0-147.43.1.el8_1.aarch64.rpm kernel-cross-headers-4.18.0-147.43.1.el8_1.aarch64.rpm kernel-debug-4.18.0-147.43.1.el8_1.aarch64.rpm kernel-debug-core-4.18.0-147.43.1.el8_1.aarch64.rpm kernel-debug-debuginfo-4.18.0-147.43.1.el8_1.aarch64.rpm kernel-debug-devel-4.18.0-147.43.1.el8_1.aarch64.rpm kernel-debug-modules-4.18.0-147.43.1.el8_1.aarch64.rpm kernel-debug-modules-extra-4.18.0-147.43.1.el8_1.aarch64.rpm kernel-debuginfo-4.18.0-147.43.1.el8_1.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-147.43.1.el8_1.aarch64.rpm kernel-devel-4.18.0-147.43.1.el8_1.aarch64.rpm kernel-headers-4.18.0-147.43.1.el8_1.aarch64.rpm kernel-modules-4.18.0-147.43.1.el8_1.aarch64.rpm kernel-modules-extra-4.18.0-147.43.1.el8_1.aarch64.rpm kernel-tools-4.18.0-147.43.1.el8_1.aarch64.rpm kernel-tools-debuginfo-4.18.0-147.43.1.el8_1.aarch64.rpm kernel-tools-libs-4.18.0-147.43.1.el8_1.aarch64.rpm perf-4.18.0-147.43.1.el8_1.aarch64.rpm perf-debuginfo-4.18.0-147.43.1.el8_1.aarch64.rpm python3-perf-4.18.0-147.43.1.el8_1.aarch64.rpm python3-perf-debuginfo-4.18.0-147.43.1.el8_1.aarch64.rpm noarch: kernel-abi-whitelists-4.18.0-147.43.1.el8_1.noarch.rpm kernel-doc-4.18.0-147.43.1.el8_1.noarch.rpm ppc64le: bpftool-4.18.0-147.43.1.el8_1.ppc64le.rpm bpftool-debuginfo-4.18.0-147.43.1.el8_1.ppc64le.rpm kernel-4.18.0-147.43.1.el8_1.ppc64le.rpm kernel-core-4.18.0-147.43.1.el8_1.ppc64le.rpm kernel-cross-headers-4.18.0-147.43.1.el8_1.ppc64le.rpm kernel-debug-4.18.0-147.43.1.el8_1.ppc64le.rpm kernel-debug-core-4.18.0-147.43.1.el8_1.ppc64le.rpm kernel-debug-debuginfo-4.18.0-147.43.1.el8_1.ppc64le.rpm kernel-debug-devel-4.18.0-147.43.1.el8_1.ppc64le.rpm kernel-debug-modules-4.18.0-147.43.1.el8_1.ppc64le.rpm kernel-debug-modules-extra-4.18.0-147.43.1.el8_1.ppc64le.rpm kernel-debuginfo-4.18.0-147.43.1.el8_1.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-147.43.1.el8_1.ppc64le.rpm kernel-devel-4.18.0-147.43.1.el8_1.ppc64le.rpm kernel-headers-4.18.0-147.43.1.el8_1.ppc64le.rpm kernel-modules-4.18.0-147.43.1.el8_1.ppc64le.rpm kernel-modules-extra-4.18.0-147.43.1.el8_1.ppc64le.rpm kernel-tools-4.18.0-147.43.1.el8_1.ppc64le.rpm kernel-tools-debuginfo-4.18.0-147.43.1.el8_1.ppc64le.rpm kernel-tools-libs-4.18.0-147.43.1.el8_1.ppc64le.rpm perf-4.18.0-147.43.1.el8_1.ppc64le.rpm perf-debuginfo-4.18.0-147.43.1.el8_1.ppc64le.rpm python3-perf-4.18.0-147.43.1.el8_1.ppc64le.rpm python3-perf-debuginfo-4.18.0-147.43.1.el8_1.ppc64le.rpm s390x: bpftool-4.18.0-147.43.1.el8_1.s390x.rpm bpftool-debuginfo-4.18.0-147.43.1.el8_1.s390x.rpm kernel-4.18.0-147.43.1.el8_1.s390x.rpm kernel-core-4.18.0-147.43.1.el8_1.s390x.rpm kernel-cross-headers-4.18.0-147.43.1.el8_1.s390x.rpm kernel-debug-4.18.0-147.43.1.el8_1.s390x.rpm kernel-debug-core-4.18.0-147.43.1.el8_1.s390x.rpm kernel-debug-debuginfo-4.18.0-147.43.1.el8_1.s390x.rpm kernel-debug-devel-4.18.0-147.43.1.el8_1.s390x.rpm kernel-debug-modules-4.18.0-147.43.1.el8_1.s390x.rpm kernel-debug-modules-extra-4.18.0-147.43.1.el8_1.s390x.rpm kernel-debuginfo-4.18.0-147.43.1.el8_1.s390x.rpm kernel-debuginfo-common-s390x-4.18.0-147.43.1.el8_1.s390x.rpm kernel-devel-4.18.0-147.43.1.el8_1.s390x.rpm kernel-headers-4.18.0-147.43.1.el8_1.s390x.rpm kernel-modules-4.18.0-147.43.1.el8_1.s390x.rpm kernel-modules-extra-4.18.0-147.43.1.el8_1.s390x.rpm kernel-tools-4.18.0-147.43.1.el8_1.s390x.rpm kernel-tools-debuginfo-4.18.0-147.43.1.el8_1.s390x.rpm kernel-zfcpdump-4.18.0-147.43.1.el8_1.s390x.rpm kernel-zfcpdump-core-4.18.0-147.43.1.el8_1.s390x.rpm kernel-zfcpdump-debuginfo-4.18.0-147.43.1.el8_1.s390x.rpm kernel-zfcpdump-devel-4.18.0-147.43.1.el8_1.s390x.rpm kernel-zfcpdump-modules-4.18.0-147.43.1.el8_1.s390x.rpm kernel-zfcpdump-modules-extra-4.18.0-147.43.1.el8_1.s390x.rpm perf-4.18.0-147.43.1.el8_1.s390x.rpm perf-debuginfo-4.18.0-147.43.1.el8_1.s390x.rpm python3-perf-4.18.0-147.43.1.el8_1.s390x.rpm python3-perf-debuginfo-4.18.0-147.43.1.el8_1.s390x.rpm x86_64: bpftool-4.18.0-147.43.1.el8_1.x86_64.rpm bpftool-debuginfo-4.18.0-147.43.1.el8_1.x86_64.rpm kernel-4.18.0-147.43.1.el8_1.x86_64.rpm kernel-core-4.18.0-147.43.1.el8_1.x86_64.rpm kernel-cross-headers-4.18.0-147.43.1.el8_1.x86_64.rpm kernel-debug-4.18.0-147.43.1.el8_1.x86_64.rpm kernel-debug-core-4.18.0-147.43.1.el8_1.x86_64.rpm kernel-debug-debuginfo-4.18.0-147.43.1.el8_1.x86_64.rpm kernel-debug-devel-4.18.0-147.43.1.el8_1.x86_64.rpm kernel-debug-modules-4.18.0-147.43.1.el8_1.x86_64.rpm kernel-debug-modules-extra-4.18.0-147.43.1.el8_1.x86_64.rpm kernel-debuginfo-4.18.0-147.43.1.el8_1.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-147.43.1.el8_1.x86_64.rpm kernel-devel-4.18.0-147.43.1.el8_1.x86_64.rpm kernel-headers-4.18.0-147.43.1.el8_1.x86_64.rpm kernel-modules-4.18.0-147.43.1.el8_1.x86_64.rpm kernel-modules-extra-4.18.0-147.43.1.el8_1.x86_64.rpm kernel-tools-4.18.0-147.43.1.el8_1.x86_64.rpm kernel-tools-debuginfo-4.18.0-147.43.1.el8_1.x86_64.rpm kernel-tools-libs-4.18.0-147.43.1.el8_1.x86_64.rpm perf-4.18.0-147.43.1.el8_1.x86_64.rpm perf-debuginfo-4.18.0-147.43.1.el8_1.x86_64.rpm python3-perf-4.18.0-147.43.1.el8_1.x86_64.rpm python3-perf-debuginfo-4.18.0-147.43.1.el8_1.x86_64.rpm Red Hat CodeReady Linux Builder EUS (v. 8.1): aarch64: bpftool-debuginfo-4.18.0-147.43.1.el8_1.aarch64.rpm kernel-debug-debuginfo-4.18.0-147.43.1.el8_1.aarch64.rpm kernel-debuginfo-4.18.0-147.43.1.el8_1.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-147.43.1.el8_1.aarch64.rpm kernel-tools-debuginfo-4.18.0-147.43.1.el8_1.aarch64.rpm kernel-tools-libs-devel-4.18.0-147.43.1.el8_1.aarch64.rpm perf-debuginfo-4.18.0-147.43.1.el8_1.aarch64.rpm python3-perf-debuginfo-4.18.0-147.43.1.el8_1.aarch64.rpm ppc64le: bpftool-debuginfo-4.18.0-147.43.1.el8_1.ppc64le.rpm kernel-debug-debuginfo-4.18.0-147.43.1.el8_1.ppc64le.rpm kernel-debuginfo-4.18.0-147.43.1.el8_1.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-147.43.1.el8_1.ppc64le.rpm kernel-tools-debuginfo-4.18.0-147.43.1.el8_1.ppc64le.rpm kernel-tools-libs-devel-4.18.0-147.43.1.el8_1.ppc64le.rpm perf-debuginfo-4.18.0-147.43.1.el8_1.ppc64le.rpm python3-perf-debuginfo-4.18.0-147.43.1.el8_1.ppc64le.rpm x86_64: bpftool-debuginfo-4.18.0-147.43.1.el8_1.x86_64.rpm kernel-debug-debuginfo-4.18.0-147.43.1.el8_1.x86_64.rpm kernel-debuginfo-4.18.0-147.43.1.el8_1.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-147.43.1.el8_1.x86_64.rpm kernel-tools-debuginfo-4.18.0-147.43.1.el8_1.x86_64.rpm kernel-tools-libs-devel-4.18.0-147.43.1.el8_1.x86_64.rpm perf-debuginfo-4.18.0-147.43.1.el8_1.x86_64.rpm python3-perf-debuginfo-4.18.0-147.43.1.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-0444 https://access.redhat.com/security/cve/CVE-2020-14351 https://access.redhat.com/security/cve/CVE-2020-25705 https://access.redhat.com/security/cve/CVE-2020-29661 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYD4XlNzjgjWX9erEAQgOyg//eyNXlptdAUDusKgF5I/aHd2xPjMn89Kw FSwuLaJ21Lpz1JJkQ6MIGRLCAsNj2docwt0i4jUqF0ya1Wj+dxyXtDJVEDRFjAj+ TTns9di2BuIEcEXwH5OxgKWtSZwwOlcud4rmDiMd6xL1bELXnOlKvRsQ5PWgmH2w r/nozP5kpS2IOxORjn3KXXf4OE9IQbufLeUCu7Akv5pTXHjEu+YczWp7crawlNMf 4MhwHSzwIksKfYQJE/wo2UxUY1+HsiIX03qT3LvZpJqmrh05DFlHzaxwXonL08mS sYsHItXGKNVZy25YLC/DZQm9/ZlwOL4whQIVN7cEcxMJUPrn793tdmL+oU3I9lPG HgMYqSgXAmScQoXEslkuAfAhFqQ8ptVBRETxAm8Ppbule2+TN5PeCL+EjPFdkhZD 4kkA0Geq9NwkzEp9u53L+EX/ddbTx6NIT2V3Oexv/B+z079Hw4G2CKyfjrNbRlaB sYWyhiBBSxLQOAIlnkeUz+F21erBym8K6O5IrMeTrrH18bKB2289lbB2n20m2nBP /e4vFc9KZ8XUooTTuM01O8Af3XVAOKveK/MKjg87p3AzsdWTocOC4CxljGSqxLGc BFp7OZadh8BVObfHpf7cCqY0/ZMtIhBGTi16d5NF17smpQifIqXFQelaKyaw+QiU xEvgI0/yhmY= =o9Ol -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 6 ELS) - i386, s390x, x86_64 3. Bug Fix(es): * Enable CI and changelog for GitLab workflow (BZ#1930523) 4. This advisory contains the following OpenShift Virtualization 2.6.0 images: RHEL-8-CNV-2.6 =============kubevirt-cpu-node-labeller-container-v2.6.0-5 kubevirt-cpu-model-nfd-plugin-container-v2.6.0-5 node-maintenance-operator-container-v2.6.0-13 kubevirt-vmware-container-v2.6.0-5 virtio-win-container-v2.6.0-5 kubevirt-kvm-info-nfd-plugin-container-v2.6.0-5 bridge-marker-container-v2.6.0-9 kubevirt-template-validator-container-v2.6.0-9 kubevirt-v2v-conversion-container-v2.6.0-6 kubemacpool-container-v2.6.0-13 kubevirt-ssp-operator-container-v2.6.0-40 hyperconverged-cluster-webhook-container-v2.6.0-73 hyperconverged-cluster-operator-container-v2.6.0-73 ovs-cni-plugin-container-v2.6.0-10 cnv-containernetworking-plugins-container-v2.6.0-10 ovs-cni-marker-container-v2.6.0-10 cluster-network-addons-operator-container-v2.6.0-16 hostpath-provisioner-container-v2.6.0-11 hostpath-provisioner-operator-container-v2.6.0-14 vm-import-virtv2v-container-v2.6.0-21 kubernetes-nmstate-handler-container-v2.6.0-19 vm-import-controller-container-v2.6.0-21 vm-import-operator-container-v2.6.0-21 virt-api-container-v2.6.0-111 virt-controller-container-v2.6.0-111 virt-handler-container-v2.6.0-111 virt-operator-container-v2.6.0-111 virt-launcher-container-v2.6.0-111 cnv-must-gather-container-v2.6.0-54 virt-cdi-importer-container-v2.6.0-24 virt-cdi-cloner-container-v2.6.0-24 virt-cdi-controller-container-v2.6.0-24 virt-cdi-uploadserver-container-v2.6.0-24 virt-cdi-apiserver-container-v2.6.0-24 virt-cdi-uploadproxy-container-v2.6.0-24 virt-cdi-operator-container-v2.6.0-24 hco-bundle-registry-container-v2.6.0-582 Security Fix(es): * golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283) * golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652) * gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121) * golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040) * golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586) * golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845) * jwt-go: access restriction bypass vulnerability (CVE-2020-26160) * golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813) * golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362) * containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 1732329 - Virtual Machine is missing documentation of its properties in yaml editor 1783192 - Guest kernel panic when start RHEL6.10 guest with q35 machine type and virtio disk in cnv 1791753 - [RFE] [SSP] Template validator should check validations in template's parent template 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1848954 - KMP missing CA extensions in cabundle of mutatingwebhookconfiguration 1848956 - KMP requires downtime for CA stabilization during certificate rotation 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1853911 - VM with dot in network name fails to start with unclear message 1854098 - NodeNetworkState on workers doesn't have "status" key due to nmstate-handler pod failure to run "nmstatectl show" 1856347 - SR-IOV : Missing network name for sriov during vm setup 1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS 1859235 - Common Templates - after upgrade there are 2 common templates per each os-workload-flavor combination 1860714 - No API information from `oc explain` 1860992 - CNV upgrade - users are not removed from privileged SecurityContextConstraints 1864577 - [v2v][RHV to CNV non migratable source VM fails to import to Ceph-rbd / File system due to overhead required for Filesystem 1866593 - CDI is not handling vm disk clone 1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs 1868817 - Container-native Virtualization 2.6.0 Images 1873771 - Improve the VMCreationFailed error message caused by VM low memory 1874812 - SR-IOV: Guest Agent expose link-local ipv6 address for sometime and then remove it 1878499 - DV import doesn't recover from scratch space PVC deletion 1879108 - Inconsistent naming of "oc virt" command in help text 1881874 - openshift-cnv namespace is getting stuck if the user tries to delete it while CNV is running 1883232 - Webscale: kubevirt/CNV datavolume importer pod inability to disable sidecar injection if namespace has sidecar injection enabled but VM Template does NOT 1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability 1885153 - [v2v][RHV to CNv VM import] Wrong Network mapping do not show a relevant error message 1885418 - [openshift-cnv] issues with memory overhead calculation when limits are used 1887398 - [openshift-cnv][CNV] nodes need to exist and be labeled first, *before* the NodeNetworkConfigurationPolicy is applied 1889295 - [v2v][VMware to CNV VM import API] diskMappings: volumeMode Block is not passed on to PVC request. 1891285 - Common templates and kubevirt-config cm - update machine-type 1891440 - [v2v][VMware to CNV VM import API]Source VM with no network interface fail with unclear error 1892227 - [SSP] cluster scoped resources are not being reconciled 1893278 - openshift-virtualization-os-images namespace not seen by user 1893646 - [HCO] Pod placement configuration - dry run is not performed for all the configuration stanza 1894428 - Message for VMI not migratable is not clear enough 1894824 - [v2v][VM import] Pick the smallest template for the imported VM, and not always Medium 1894897 - [v2v][VMIO] VMimport CR is not reported as failed when target VM is deleted during the import 1895414 - Virt-operator is accepting updates to the placement of its workload components even with running VMs 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1898072 - Add Fedora33 to Fedora common templates 1898840 - [v2v] VM import VMWare to CNV Import 63 chars vm name should not fail 1899558 - CNV 2.6 - nmstate fails to set state 1901480 - VM disk io can't worked if namespace have label kubemacpool 1902046 - Not possible to edit CDIConfig (through CDI CR / CDIConfig) 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 1903014 - hco-webhook pod in CreateContainerError 1903585 - [v2v] Windows 2012 VM imported from RHV goes into Windows repair mode 1904797 - [VMIO][vmware] A migrated RHEL/Windows VM starts in emergency mode/safe mode when target storage is NFS and target namespace is NOT "default" 1906199 - [CNV-2.5] CNV Tries to Install on Windows Workers 1907151 - kubevirt version is not reported correctly via virtctl 1907352 - VM/VMI link changes to `kubevirt.io~v1~VirtualMachineInstance` on CNV 2.6 1907691 - [CNV] Configuring NodeNetworkConfigurationPolicy caused "Internal error occurred" for creating datavolume 1907988 - VM loses dynamic IP address of its default interface after migration 1908363 - Applying NodeNetworkConfigurationPolicy for different NIC than default disables br-ex bridge and nodes lose connectivity 1908421 - [v2v] [VM import RHV to CNV] Windows imported VM boot failed: INACCESSIBLE BOOT DEVICE error 1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference 1909458 - [V2V][VMware to CNV VM import via api using VMIO] VM import to Ceph RBD/BLOCK fails on "qemu-img: /data/disk.img" error 1910857 - Provide a mechanism to enable the HotplugVolumes feature gate via HCO 1911118 - Windows VMI LiveMigration / shutdown fails on 'XML error: non unique alias detected: ua-') 1911396 - Set networkInterfaceMultiqueue false in rhel 6 template for e1000e interface 1911662 - el6 guests don't work properly if virtio bus is specified on various devices 1912908 - Allow using "scsi" bus for disks in template validation 1913248 - Creating vlan interface on top of a bond device via NodeNetworkConfigurationPolicy fails 1913320 - Informative message needed with virtctl image-upload, that additional step is needed from the user 1913717 - Users should have read permitions for golden images data volumes 1913756 - Migrating to Ceph-RBD + Block fails when skipping zeroes 1914177 - CNV does not preallocate blank file data volumes 1914608 - Obsolete CPU models (kubevirt-cpu-plugin-configmap) are set on worker nodes 1914947 - HPP golden images - DV shoudld not be created with WaitForFirstConsumer 1917908 - [VMIO] vmimport pod fail to create when using ceph-rbd/block 1917963 - [CNV 2.6] Unable to install CNV disconnected - requires kvm-info-nfd-plugin which is not mirrored 1919391 - CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration 1920576 - HCO can report ready=true when it failed to create a CR for a component operator 1920610 - e2e-aws-4.7-cnv consistently failing on Hyperconverged Cluster Operator 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923979 - kubernetes-nmstate: nmstate-handler pod crashes when configuring bridge device using ip tool 1927373 - NoExecute taint violates pdb; VMIs are not live migrated 1931376 - VMs disconnected from nmstate-defined bridge after CNV-2.5.4->CNV-2.6.0 upgrade 5. 8.2) - ppc64le, x86_64 3. Description: This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. ========================================================================= Ubuntu Security Notice USN-4748-1 February 25, 2021 linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 ESM Summary: Several security issues were fixed in the Linux kernel. A local attacker could possibly use this to gain unintended write access to read-only memory pages. (CVE-2020-29374) Michael Kurth and Pawel Wieczorkiewicz discovered that the Xen event processing backend in the Linux kernel did not properly limit the number of events queued. An attacker in a guest VM could use this to cause a denial of service in the host OS. (CVE-2020-29661) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: linux-image-4.4.0-1088-kvm 4.4.0-1088.97 linux-image-4.4.0-1122-aws 4.4.0-1122.136 linux-image-4.4.0-1146-raspi2 4.4.0-1146.156 linux-image-4.4.0-1150-snapdragon 4.4.0-1150.160 linux-image-4.4.0-203-generic 4.4.0-203.235 linux-image-4.4.0-203-generic-lpae 4.4.0-203.235 linux-image-4.4.0-203-lowlatency 4.4.0-203.235 linux-image-4.4.0-203-powerpc-e500mc 4.4.0-203.235 linux-image-4.4.0-203-powerpc-smp 4.4.0-203.235 linux-image-4.4.0-203-powerpc64-emb 4.4.0-203.235 linux-image-4.4.0-203-powerpc64-smp 4.4.0-203.235 linux-image-aws 4.4.0.1122.127 linux-image-generic 4.4.0.203.209 linux-image-generic-lpae 4.4.0.203.209 linux-image-kvm 4.4.0.1088.86 linux-image-lowlatency 4.4.0.203.209 linux-image-powerpc-e500mc 4.4.0.203.209 linux-image-powerpc-smp 4.4.0.203.209 linux-image-powerpc64-emb 4.4.0.203.209 linux-image-powerpc64-smp 4.4.0.203.209 linux-image-raspi2 4.4.0.1146.146 linux-image-snapdragon 4.4.0.1150.142 linux-image-virtual 4.4.0.203.209 Ubuntu 14.04 ESM: linux-image-4.4.0-1086-aws 4.4.0-1086.90 linux-image-4.4.0-203-generic 4.4.0-203.235~14.04.1 linux-image-4.4.0-203-generic-lpae 4.4.0-203.235~14.04.1 linux-image-4.4.0-203-lowlatency 4.4.0-203.235~14.04.1 linux-image-4.4.0-203-powerpc-e500mc 4.4.0-203.235~14.04.1 linux-image-4.4.0-203-powerpc-smp 4.4.0-203.235~14.04.1 linux-image-4.4.0-203-powerpc64-emb 4.4.0-203.235~14.04.1 linux-image-4.4.0-203-powerpc64-smp 4.4.0-203.235~14.04.1 linux-image-aws 4.4.0.1086.83 linux-image-generic-lpae-lts-xenial 4.4.0.203.177 linux-image-generic-lts-xenial 4.4.0.203.177 linux-image-lowlatency-lts-xenial 4.4.0.203.177 linux-image-powerpc-e500mc-lts-xenial 4.4.0.203.177 linux-image-powerpc-smp-lts-xenial 4.4.0.203.177 linux-image-powerpc64-emb-lts-xenial 4.4.0.203.177 linux-image-powerpc64-smp-lts-xenial 4.4.0.203.177 linux-image-virtual-lts-xenial 4.4.0.203.177 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. CVE-2020-27815 A flaw was reported in the JFS filesystem code allowing a local attacker with the ability to set extended attributes to cause a denial of service. CVE-2020-27825 Adam 'pi3' Zabrocki reported a use-after-free flaw in the ftrace ring buffer resizing logic due to a race condition, which could result in denial of service or information leak. CVE-2020-27830 Shisong Qin reported a NULL pointer dereference flaw in the Speakup screen reader core driver. CVE-2020-28374 David Disseldorp discovered that the LIO SCSI target implementation performed insufficient checking in certain XCOPY requests. An attacker with access to a LUN and knowledge of Unit Serial Number assignments can take advantage of this flaw to read and write to any LIO backstore, regardless of the SCSI transport settings. CVE-2020-29568 (XSA-349) Michael Kurth and Pawel Wieczorkiewicz reported that frontends can trigger OOM in backends by updating a watched path. CVE-2020-29569 (XSA-350) Olivier Benjamin and Pawel Wieczorkiewicz reported a use-after-free flaw which can be triggered by a block frontend in Linux blkback. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. A local attacker can take advantage of this flaw for memory corruption or privilege escalation. CVE-2020-36158 A buffer overflow flaw was discovered in the mwifiex WiFi driver which could result in denial of service or the execution of arbitrary code via a long SSID value. CVE-2021-3347 It was discovered that PI futexes have a kernel stack use-after-free during fault handling. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation. CVE-2021-20177 A flaw was discovered in the Linux implementation of string matching within a packet. A privileged user (with root or CAP_NET_ADMIN) can take advantage of this flaw to cause a kernel panic when inserting iptables rules. For the stable distribution (buster), these problems have been fixed in version 4.19.171-2. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmAXj9pfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Tf5Q//RdQojeX7VtJ61PsVXRszZh9DJ3PUo64NheFU+QWUYO7F6NUD3fMxiS9K I8Sgfsm28x7RBambjW6TZYseJhQd9aSvaANnPdUj/eZ9P3xBhXFM8wzISosUWgfO 2IIV40oOVj943+BzfIQiq1mgQtwLjh3pNTZAEpjnzD96Tc9tXGyW9/3iGkUHIQjv gUTSvoLIUAI4XfNNUjnok+6kPDyEEIdiwJaGDG+UPZ6HNL/hrG3A4klQc+X7KK5K NCOzl4Wl5pZN7u2Ietn3sFMsNJkMrsfLlVyj8J9PgNwbFQh/+RuvzFcONlQ8iaD9 kx42gkLwjl+hM2UeCpvQndzwqXKPKc6CjFemDj7KWzVA+KkVBRTXCGb9K9CasZOZ 0e/cu+5rjYGubIE3e/jo3Gmhp/fm9fXHESbruxuP+gjdbKcyrGrokNucjRvp6FPP rCX+e7OjsZwWGBIcAw+gDAZkDO7PFEoRtlByF2LmxxNvTufZQZHX8NwVyABCdpZi VQLLeQNXN1pJ4d1NPWgTlKfEmH0sGVQRHCliTkBZmIjvo+y1JClUDBAlWOS4YYQL 4Z4oe1qtOX9z+NkqDqcbgfWw69Q2PipNN3TR5YcBXvOtVhvL+/WFGiooJDqxkdCD j3wO/r/1gut/bK/OJnjmOB9J5OXP+cHxYtrhPqXFy2Hzkgj1CRU= =u23W -----END PGP SIGNATURE-----

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

resource management error

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2024-09-17T20:29:26.075000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE