Synopsis: Important: kernel security and bug fix update
Advisory ID:       SLSA-2019:3979-1
Issue Date:        2019-12-05
CVE Numbers:       CVE-2019-14821
                   CVE-2019-15239
--

Security Fix(es):

* Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)

* kernel: local attacker can trigger multiple use-after-free conditions
results in privilege escalation (CVE-2019-15239)

Bug Fix(es):

* On SL 7.7 kernel SCSI VPD information for NVMe drives is missing (breaks
InfoScale)

* SL7 fnic spamming logs: Current vnic speed set to : 40000

* kernel build: parallelize redhat/mod-sign.sh

* kernel build: speed up module compression step

* Nested VirtualBox VMs on Windows guest has the potential of impacting
memory region allocated to other KVM guests

* NULL pointer dereference at check_preempt_wakeup+0x109

* Regression: panic in pick_next_task_rt

* ixgbe reports "Detected Tx Unit Hang" with adapter reset on SL 7

* [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not
enabled in VM.

* nvme: dead loop in blk_mq_tagset_wait_completed_request() when it is
called from timeout handler

* [mlx5] VF Representer naming is not consistent/persistent through
reboots with OSPD deployment

* OS getting restarted because of driver issue with QLogic Corp.
ISP2532-based 8Gb Fibre Channel to PCI Express HBA [1077:2532] (rev 02).

* mlx5: Load balancing not working over VF LAG configuration

* SL7.8 - ISST-LTE: vimlp1: Running LTP af_alg04.c (crypto) crash the LPAR

* SL7.5 - Fix security issues on crypto vmx

* SL 7.7 RC1 - Host crashes about 4.5 hours into switch port bounce test

* SL7.6 - cacheinfo code unsafe vs LPM

* xfs hangs on acquiring xfs_buf semaphore

* single CPU VM hangs during open_posix_testsuite

* rcu_sched self-detected stall on CPU while booting with nohz_full
--

SL7
  x86_64
    bpftool-3.10.0-1062.7.1.el7.x86_64.rpm
    bpftool-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm
    kernel-3.10.0-1062.7.1.el7.x86_64.rpm
    kernel-debug-3.10.0-1062.7.1.el7.x86_64.rpm
    kernel-debug-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm
    kernel-debug-devel-3.10.0-1062.7.1.el7.x86_64.rpm
    kernel-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm
    kernel-debuginfo-common-x86_64-3.10.0-1062.7.1.el7.x86_64.rpm
    kernel-devel-3.10.0-1062.7.1.el7.x86_64.rpm
    kernel-headers-3.10.0-1062.7.1.el7.x86_64.rpm
    kernel-tools-3.10.0-1062.7.1.el7.x86_64.rpm
    kernel-tools-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm
    kernel-tools-libs-3.10.0-1062.7.1.el7.x86_64.rpm
    perf-3.10.0-1062.7.1.el7.x86_64.rpm
    perf-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm
    python-perf-3.10.0-1062.7.1.el7.x86_64.rpm
    python-perf-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm
    kernel-tools-libs-devel-3.10.0-1062.7.1.el7.x86_64.rpm
  noarch
    kernel-abi-whitelists-3.10.0-1062.7.1.el7.noarch.rpm
    kernel-doc-3.10.0-1062.7.1.el7.noarch.rpm

- Scientific Linux Development Team

SciLinux: SLSA-2019-3979-1 Important: kernel on SL7.x x86_64

Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821) * kernel: local attacker can trigger multiple use-after-free conditions results in privilege escalation (CVE-20...

Summary

Important: kernel security and bug fix update



Security Fixes

* Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)
* kernel: local attacker can trigger multiple use-after-free conditions results in privilege escalation (CVE-2019-15239)

Severity
Advisory ID: SLSA-2019:3979-1
Issued Date: : 2019-12-05
CVE Numbers: CVE-2019-14821
CVE-2019-15239

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved