ID

VAR-202107-1361

CVE

CVE-2021-33909

TITLE

Linux kernel Input validation error vulnerability

DESCRIPTION

fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. CVE-2020-36311 A flaw was discovered in the KVM subsystem for AMD CPUs, allowing an attacker to cause a denial of service by triggering destruction of a large SEV VM. CVE-2021-3609 Norbert Slusarek reported a race condition vulnerability in the CAN BCM networking protocol, allowing a local attacker to escalate privileges. An unprivileged local attacker able to create, mount, and then delete a deep directory structure whose total path length exceeds 1GB, can take advantage of this flaw for privilege escalation. Details can be found in the Qualys advisory at https://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linux.txt CVE-2021-34693 Norbert Slusarek discovered an information leak in the CAN BCM networking protocol. For the stable distribution (buster), these problems have been fixed in version 4.19.194-3. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmD2xvFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Tp/g//af2JkknfeqLs9FHFlqiYvIl1co4zEOW6e4BO8WAtvB3q5+scTNiFgN/W 66o9sDTi+Bnuhxja/lsZEkwM5QnrcPCSndUuY8EIOBDRdAla9R3xf4vUSYQ4KVb8 re3NmfzlkiLiGd6JRZXeV8+8stUjbLc6e0EG36S2HJ6hDs7pOA+vxcR/ui8yf15e p9egIKOqznhsNFHgrZRm4R1yqgNzfkFBWeSgfuFZGsFi9b2I3FJQKDTx0TXwxerB PKtvstJ1/xKbtK8m5IdntLOPeUPXuUlhoff4cN192IRNrPCcUXf7vRJoGg6A7WP2 dfvErldL8AsJHMBEs6YqEQSajFMoJX2590Bt8VK1xZwvhirSB7ZClk4+boh8OhlG apKj/OPIi3KGPt2s8t23zq3cU6aAFyTp6VQacuS+kR/2bdF0H3iQKcB5I4HFSSx9 BxK0ZpcZSw4axt35lfVhqnoeARb2GtUBqO77CWOOdtXcxDACD3VQ8PiqxxfpGS26 V/ASWmWzCeoGs+FQ5iRoN2JC5i9VcJX32r0fbNVvj7BG+ZQBe5XZ30eOalQLPs4/ SQnBoWuMnIpl/5+6FxkPXiqzkDGnkUm2ep2gXhdFrJmn/3ugpMiAPEuETo7Q2Lfj Ze6DKkHJPBK2BaKs1UgWPNvQBVQrcs0rKMLEf6LxS0eAJHlcCdo= =dhUe -----END PGP SIGNATURE----- . Description: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Bugs fixed (https://bugzilla.redhat.com/): 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1945703 - "Guest OS Info" availability in VMI describe is flaky 1958816 - [2.6.z] KubeMacPool fails to start due to OOM likely caused by a high number of Pods running in the cluster 1963275 - migration controller null pointer dereference 1965099 - Live Migration double handoff to virt-handler causes connection failures 1965181 - CDI importer doesn't report AwaitingVDDK like it used to 1967086 - Cloning DataVolumes between namespaces fails while creating cdi-upload pod 1967887 - [2.6.6] nmstate is not progressing on a node and not configuring vlan filtering that causes an outage for VMs 1969756 - Windows VMs fail to start on air-gapped environments 1970372 - Virt-handler fails to verify container-disk 1973227 - segfault in virt-controller during pdb deletion 1974084 - 2.6.6 containers 1975212 - No Virtual Machine Templates Found [EDIT - all templates are marked as depracted] 1975727 - [Regression][VMIO][Warm] The third precopy does not end in warm migration 1977756 - [2.6.z] PVC keeps in pending when using hostpath-provisioner 1982760 - [v2v] no kind VirtualMachine is registered for version \"kubevirt.io/v1\" i... 1986989 - OpenShift Virtualization 2.6.z cannot be upgraded to 4.8.0 initially deployed starting with <= 4.8 5. 7.4) - noarch, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Bug Fix(es): * kernel-rt: update RT source tree to the latest RHEL-8.2.z10 Batch source tree (BZ#1968022) 4. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64 3. Bug Fix(es): * RHEL8.2 Snapshot2 - tpm: ibmvtpm: Wait for buffer to be set before proceeding (BZ#1933986) * fnic crash from invalid request pointer (BZ#1961707) * [Azure][RHEL8.4] Two Patches Needed To Enable Azure Host Time-syncing in VMs (BZ#1963051) * RHEL kernel 8.2 and higher are affected by data corruption bug in raid1 arrays using bitmaps. (BZ#1969338) 4. ========================================================================== Ubuntu Security Notice USN-5018-1 July 20, 2021 linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues were fixed in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-33909) Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly enforce limits for pointer operations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33200) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation did not properly clear received fragments from memory in some situations. A physically proximate attacker could possibly use this issue to inject packets or expose sensitive information. (CVE-2020-24586) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled encrypted fragments. A physically proximate attacker could possibly use this issue to decrypt fragments. (CVE-2020-24587) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled EAPOL frames from unauthenticated senders. A physically proximate attacker could inject malicious packets to cause a denial of service (system crash). (CVE-2020-26139) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation could reassemble mixed encrypted and plaintext fragments. A physically proximate attacker could possibly use this issue to inject packets or exfiltrate selected fragments. (CVE-2020-26147) It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. (CVE-2020-26558, CVE-2021-0129) Or Cohen and Nadav Markus discovered a use-after-free vulnerability in the nfc implementation in the Linux kernel. A privileged local attacker could use this issue to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-23134) Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly prevent speculative loads in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-31829) It was discovered that a race condition in the kernel Bluetooth subsystem could lead to use-after-free of slab objects. An attacker could use this issue to possibly execute arbitrary code. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33034) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: linux-image-4.15.0-1078-oracle 4.15.0-1078.86 linux-image-4.15.0-1092-raspi2 4.15.0-1092.98 linux-image-4.15.0-1097-kvm 4.15.0-1097.99 linux-image-4.15.0-1106-gcp 4.15.0-1106.120 linux-image-4.15.0-1109-aws 4.15.0-1109.116 linux-image-4.15.0-1109-snapdragon 4.15.0-1109.118 linux-image-4.15.0-1121-azure 4.15.0-1121.134 linux-image-4.15.0-151-generic 4.15.0-151.157 linux-image-4.15.0-151-generic-lpae 4.15.0-151.157 linux-image-4.15.0-151-lowlatency 4.15.0-151.157 linux-image-aws-lts-18.04 4.15.0.1109.112 linux-image-azure-lts-18.04 4.15.0.1121.94 linux-image-gcp-lts-18.04 4.15.0.1106.125 linux-image-generic 4.15.0.151.139 linux-image-generic-lpae 4.15.0.151.139 linux-image-kvm 4.15.0.1097.93 linux-image-lowlatency 4.15.0.151.139 linux-image-oracle-lts-18.04 4.15.0.1078.88 linux-image-raspi2 4.15.0.1092.90 linux-image-snapdragon 4.15.0.1109.112 linux-image-virtual 4.15.0.151.139 Ubuntu 16.04 ESM: linux-image-4.15.0-1078-oracle 4.15.0-1078.86~16.04.1 linux-image-4.15.0-1106-gcp 4.15.0-1106.120~16.04.1 linux-image-4.15.0-1109-aws 4.15.0-1109.116~16.04.1 linux-image-4.15.0-1121-azure 4.15.0-1121.134~16.04.1 linux-image-4.15.0-151-generic 4.15.0-151.157~16.04.1 linux-image-4.15.0-151-lowlatency 4.15.0-151.157~16.04.1 linux-image-aws-hwe 4.15.0.1109.100 linux-image-azure 4.15.0.1121.112 linux-image-gcp 4.15.0.1106.107 linux-image-generic-hwe-16.04 4.15.0.151.146 linux-image-gke 4.15.0.1106.107 linux-image-lowlatency-hwe-16.04 4.15.0.151.146 linux-image-oem 4.15.0.151.146 linux-image-oracle 4.15.0.1078.66 linux-image-virtual-hwe-16.04 4.15.0.151.146 Ubuntu 14.04 ESM: linux-image-4.15.0-1121-azure 4.15.0-1121.134~14.04.1 linux-image-azure 4.15.0.1121.94 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. 7.7) - ppc64, ppc64le, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2021:2725-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2725 Issue date: 2021-07-20 CVE Names: CVE-2019-20934 CVE-2020-11668 CVE-2021-33033 CVE-2021-33034 CVE-2021-33909 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909) * kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034) * kernel: use-after-free in show_numa_stats function (CVE-2019-20934) * kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668) * kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c (CVE-2021-33033) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [RHEL7.9.z] n_tty_open: "BUG: unable to handle kernel paging request" (BZ#1872778) * [ESXi][RHEL7.8]"qp_alloc_hypercall result = -20" / "Could not attach to queue pair with -20" with vSphere Fault Tolerance enabled (BZ#1892237) * [RHEL7.9][s390x][Regression] Sino Nomine swapgen IBM z/VM emulated DASD with DIAG driver returns EOPNOTSUPP (BZ#1910395) * False-positive hard lockup detected while processing the thread state information (SysRq-T) (BZ#1912221) * RHEL7.9 zstream - s390x LPAR with NVMe SSD will panic when it has 32 or more IFL (pci) (BZ#1917943) * The NMI watchdog detected a hard lockup while printing RCU CPU stall warning messages to the serial console (BZ#1924688) * nvme hangs when trying to allocate reserved tag (BZ#1926825) * [REGRESSION] "call into AER handling regardless of severity" triggers do_recovery() unnecessarily on correctable PCIe errors (BZ#1933663) * Module nvme_core: A double free of the kmalloc-512 cache between nvme_trans_log_temperature() and nvme_get_log_page(). (BZ#1946793) * sctp - SCTP_CMD_TIMER_START queues active timer kernel BUG at kernel/timer.c:1000! (BZ#1953052) * [Hyper-V][RHEL-7]When CONFIG_NET_POLL_CONTROLLER is set, mainline commit 2a7f8c3b1d3fee is needed (BZ#1953075) * Kernel panic at cgroup_is_descendant (BZ#1957719) * [Hyper-V][RHEL-7]Commits To Fix Kdump Failures (BZ#1957803) * IGMPv2 JOIN packets incorrectly routed to loopback (BZ#1958339) * [CKI kernel builds]: x86 binaries in non-x86 kernel rpms breaks systemtap [7.9.z] (BZ#1960193) * mlx4: Fix memory allocation in mlx4_buddy_init needed (BZ#1962406) * incorrect assertion on pi_state->pi_mutex.wait_lock from pi_state_update_owner() (BZ#1965495) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1824792 - CVE-2020-11668 kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c 1902788 - CVE-2019-20934 kernel: use-after-free in show_numa_stats function 1961300 - CVE-2021-33033 kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c 1961305 - CVE-2021-33034 kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan 1970273 - CVE-2021-33909 kernel: size_t-to-int conversion vulnerability in the filesystem layer 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-1160.36.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.36.2.el7.noarch.rpm kernel-doc-3.10.0-1160.36.2.el7.noarch.rpm x86_64: bpftool-3.10.0-1160.36.2.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.36.2.el7.x86_64.rpm kernel-devel-3.10.0-1160.36.2.el7.x86_64.rpm kernel-headers-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.36.2.el7.x86_64.rpm perf-3.10.0-1160.36.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm python-perf-3.10.0-1160.36.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.36.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-1160.36.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.36.2.el7.noarch.rpm kernel-doc-3.10.0-1160.36.2.el7.noarch.rpm x86_64: bpftool-3.10.0-1160.36.2.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.36.2.el7.x86_64.rpm kernel-devel-3.10.0-1160.36.2.el7.x86_64.rpm kernel-headers-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.36.2.el7.x86_64.rpm perf-3.10.0-1160.36.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm python-perf-3.10.0-1160.36.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.36.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-1160.36.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.36.2.el7.noarch.rpm kernel-doc-3.10.0-1160.36.2.el7.noarch.rpm ppc64: bpftool-3.10.0-1160.36.2.el7.ppc64.rpm bpftool-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm kernel-3.10.0-1160.36.2.el7.ppc64.rpm kernel-bootwrapper-3.10.0-1160.36.2.el7.ppc64.rpm kernel-debug-3.10.0-1160.36.2.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm kernel-debug-devel-3.10.0-1160.36.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1160.36.2.el7.ppc64.rpm kernel-devel-3.10.0-1160.36.2.el7.ppc64.rpm kernel-headers-3.10.0-1160.36.2.el7.ppc64.rpm kernel-tools-3.10.0-1160.36.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm kernel-tools-libs-3.10.0-1160.36.2.el7.ppc64.rpm perf-3.10.0-1160.36.2.el7.ppc64.rpm perf-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm python-perf-3.10.0-1160.36.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm ppc64le: bpftool-3.10.0-1160.36.2.el7.ppc64le.rpm bpftool-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-debug-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-devel-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-headers-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-tools-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-tools-libs-3.10.0-1160.36.2.el7.ppc64le.rpm perf-3.10.0-1160.36.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm python-perf-3.10.0-1160.36.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm s390x: bpftool-3.10.0-1160.36.2.el7.s390x.rpm bpftool-debuginfo-3.10.0-1160.36.2.el7.s390x.rpm kernel-3.10.0-1160.36.2.el7.s390x.rpm kernel-debug-3.10.0-1160.36.2.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-1160.36.2.el7.s390x.rpm kernel-debug-devel-3.10.0-1160.36.2.el7.s390x.rpm kernel-debuginfo-3.10.0-1160.36.2.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-1160.36.2.el7.s390x.rpm kernel-devel-3.10.0-1160.36.2.el7.s390x.rpm kernel-headers-3.10.0-1160.36.2.el7.s390x.rpm kernel-kdump-3.10.0-1160.36.2.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-1160.36.2.el7.s390x.rpm kernel-kdump-devel-3.10.0-1160.36.2.el7.s390x.rpm perf-3.10.0-1160.36.2.el7.s390x.rpm perf-debuginfo-3.10.0-1160.36.2.el7.s390x.rpm python-perf-3.10.0-1160.36.2.el7.s390x.rpm python-perf-debuginfo-3.10.0-1160.36.2.el7.s390x.rpm x86_64: bpftool-3.10.0-1160.36.2.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.36.2.el7.x86_64.rpm kernel-devel-3.10.0-1160.36.2.el7.x86_64.rpm kernel-headers-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.36.2.el7.x86_64.rpm perf-3.10.0-1160.36.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm python-perf-3.10.0-1160.36.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: bpftool-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1160.36.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-1160.36.2.el7.ppc64.rpm perf-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm ppc64le: bpftool-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-debug-devel-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-1160.36.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm x86_64: bpftool-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.36.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-1160.36.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.36.2.el7.noarch.rpm kernel-doc-3.10.0-1160.36.2.el7.noarch.rpm x86_64: bpftool-3.10.0-1160.36.2.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.36.2.el7.x86_64.rpm kernel-devel-3.10.0-1160.36.2.el7.x86_64.rpm kernel-headers-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.36.2.el7.x86_64.rpm perf-3.10.0-1160.36.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm python-perf-3.10.0-1160.36.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.36.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-20934 https://access.redhat.com/security/cve/CVE-2020-11668 https://access.redhat.com/security/cve/CVE-2021-33033 https://access.redhat.com/security/cve/CVE-2021-33034 https://access.redhat.com/security/cve/CVE-2021-33909 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2021-006 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYPd0rdzjgjWX9erEAQgSLQ/9FYCaqS1w2FD8A64mwloIz/fRGh5eGMwl 6RgXKj6wOJPaSPYl3Gk4r7hEDx1aO8jwxz5uZ8PRz1K4LFArAGLi3BBc2pCk1QA1 SHPfNuKO8UefwGrqv7Xd6wThwwt+7D8LN2Lg+H2vUYve/NRrxQZOqH7MnQPKsVve ufvaDQjrySGSXkiQHSSDSvlDQB3eaVRCqh10cBwWzsU/lG/JcdvbIo4Oat27S8WU c4VijwACg7Wn7iTYkMMR4xk0iP991QeoYkqusJByGO5K9naZsSU8LxT4i84/mbZB RWJULDHKPHZtfpR+Gz6AOIl7aa8vE8V90263OUWPJG/c0O6u3sWzK5YyGr0Ob82l gbl1BnI+W0BanwMHeiBJq7HmgFU1jYO7vu5w4mnaf9gkDgm1GOBrHaBOHg/qEXWs WR4UDOpnJcZAxMpVJEyk8EolSv7AlcDKTr+J9xu9vKhdbmok0VbtGhjUDXEZI7tT 5FlrM1qfpa9S4EtiUv7hIYGFg78gVoLrXlPMxEyw9zXhYczCypNwbzWyH+O6utTG saiHuayf6WTw582qITDfgI9nenIu9a6rqEu1pg5EuwoqD5ipRVAsmaFBPWdi+exa +I2KV777KAXM2k4XqVbmVcZ1MnvTqCoEwFLy349A3r3Y9JwDJxCu73HU5nifg4LP AMB5i8YI9o8=gDcx -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

input validation error

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2026-03-07T20:16:02.966000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE