CentOS 7 : kernel (CESA-2019:3979)

high Nessus Plugin ID 131571

Synopsis

The remote CentOS host is missing one or more security updates.

Description

An update for kernel is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es) :

* Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)

* kernel: local attacker can trigger multiple use-after-free conditions results in privilege escalation (CVE-2019-15239)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es) :

* On RHEL 7.7 kernel SCSI VPD information for NVMe drives is missing (breaks InfoScale) (BZ#1752423)

* RHEL7 fnic spamming logs: Current vnic speed set to : 40000 (BZ#1754836)

* kernel build: parallelize redhat/mod-sign.sh (BZ#1755330)

* kernel build: speed up module compression step (BZ#1755339)

* Nested VirtualBox VMs on Windows guest has the potential of impacting memory region allocated to other KVM guests (BZ#1755781)

* NULL pointer dereference at check_preempt_wakeup+0x109 (BZ#1756265)

* Regression: panic in pick_next_task_rt (BZ#1756267)

* ixgbe reports 'Detected Tx Unit Hang' with adapter reset on RHEL 7 (BZ# 1757350)

* [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM. (BZ#1757757)

* nvme: dead loop in blk_mq_tagset_wait_completed_request() when it is called from timeout handler (BZ#1758051)

* [mlx5] VF Representer naming is not consistent/persistent through reboots with OSPD deployment (BZ#1759003)

* OS getting restarted because of driver issue with QLogic Corp.
ISP2532-based 8Gb Fibre Channel to PCI Express HBA [1077:2532] (rev 02). (BZ#1759447)

* mlx5: Load balancing not working over VF LAG configuration (BZ#1759449)

* RHEL7.8 - ISST-LTE: vimlp1: Running LTP af_alg04.c (crypto) crash the LPAR (BZ#1763620)

* RHEL7.5 - Fix security issues on crypto vmx (BZ#1763621)

* RHEL 7.7 RC1 - Host crashes about 4.5 hours into switch port bounce test (BZ#1763624)

* RHEL7.6 - cacheinfo code unsafe vs LPM (BZ#1763625)

* xfs hangs on acquiring xfs_buf semaphore (BZ#1764245)

* single CPU VM hangs during open_posix_testsuite (BZ#1766087)

* rcu_sched self-detected stall on CPU while booting with nohz_full (BZ# 1766098)

Solution

Update the affected kernel packages.

See Also

http://www.nessus.org/u?d36315bc

http://www.nessus.org/u?452de8fb

Plugin Details

Severity: High

ID: 131571

File Name: centos_RHSA-2019-3979.nasl

Version: 1.4

Type: local

Agent: unix

Published: 12/4/2019

Updated: 5/18/2022

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.1

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2019-15239

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2019-14821

Vulnerability Information

CPE: p-cpe:/a:centos:centos:bpftool, p-cpe:/a:centos:centos:kernel, p-cpe:/a:centos:centos:kernel-abi-whitelists, p-cpe:/a:centos:centos:kernel-debug, p-cpe:/a:centos:centos:kernel-debug-devel, p-cpe:/a:centos:centos:kernel-devel, p-cpe:/a:centos:centos:kernel-doc, p-cpe:/a:centos:centos:kernel-headers, p-cpe:/a:centos:centos:kernel-tools, p-cpe:/a:centos:centos:kernel-tools-libs, p-cpe:/a:centos:centos:kernel-tools-libs-devel, p-cpe:/a:centos:centos:perf, p-cpe:/a:centos:centos:python-perf, cpe:/o:centos:centos:7

Required KB Items: Host/local_checks_enabled, Host/CentOS/release, Host/CentOS/rpm-list

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 8/20/2019

Reference Information

CVE: CVE-2019-14821, CVE-2019-15239

RHSA: 2019:3979