Scientific Linux Security Update : kernel on SL7.x x86_64 (20200317)

high Nessus Plugin ID 134648


The remote Scientific Linux host is missing one or more security updates.


Security Fix(es) :

- kernel: Count overflow in FUSE request leading to use-after-free issues. (CVE-2019-11487)

- kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666)

- Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) (CVE-2019-19338)

Bug Fix(es) :

- SL7.7 - default idle mishandles lazy irq state

- Sanitize MM backported code for SL7

- A bio with a flush and write to an md device can be lost and never complete by the md layer

- [FJ7.7 Bug]: [REG] Read from /proc/net/if_inet6 never stop.

- SL7.7 - zfcp: fix reaction on bit error threshold notification

- SL7.7 Snapshot3 - Kernel Panic when running LTP mm test on s390x

- Leak in cachefiles driver

- VFS: Busy inodes after unmount of loop0 when encountering duplicate directory inodes

- Allocation failure in md's r10buf_pool_alloc function leads to a crash from accessing uninitialized pointers

- [Hyper-V][SL7.6]Hyper-V guest waiting indefinitely for RCU callback when removing a mem cgroup

- A bnx2fc abort attempt doesn't timeout from miscalculation causing a huge timeout value

- scsi: libiscsi: fall back to sendmsg for slab pages

- SL7.7 - kernel: avoid cpu yield in SMT environment

- SL7.6 - kernel: jump label transformation performance

- drm radeon power management warning on VERDE cards

- Duplicate enum value in include/linux/blk_types.h

- [HPE 7.7 Bug] hpsa: bug fix for reset issue

- System Crash on vport creation (NPIV on FCoE)

- [Hyper-V][SL 7.8] Four Mellanox Patches needed for kernels that have that have SRIOV

- WARNING: CPU: 7 PID: 2049 at mm/slub.c:2296

- fio with ioengine=pmemblk on fsdax failed

- [HPE 7.7 Bug] hpsa: bug fixes

- perf top -p PID does not show anything

- Delay in RT task scheduled. Incorrect nr_scheduled value.

- A directory on a gfs2 filesystem appears corrupt on nodeB after nodeA renames the directory

- ixgbevf interface goes down on hypervisor and causes outage

- Can't enable virt-ssbd on some AMD hosts

- [HPEMC 7.8 BUG] x86/boot/64: Avoid mapping reserved ranges in early page tables

Enhancement(s) :

- scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show'


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 134648

File Name: sl_20200317_kernel_on_SL7_x.nasl

Version: 1.2

Type: local

Agent: unix

Published: 3/18/2020

Updated: 3/20/2020

Supported Sensors: Nessus Agent, Nessus

Risk Information


Risk Factor: Medium

Score: 6.7


Risk Factor: High

Base Score: 8.3

Temporal Score: 6.1

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C


Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:fermilab:scientific_linux:bpftool, p-cpe:/a:fermilab:scientific_linux:bpftool-debuginfo, p-cpe:/a:fermilab:scientific_linux:kernel, p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists, p-cpe:/a:fermilab:scientific_linux:kernel-debug, p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo, p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel, p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo, p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64, p-cpe:/a:fermilab:scientific_linux:kernel-devel, p-cpe:/a:fermilab:scientific_linux:kernel-doc, p-cpe:/a:fermilab:scientific_linux:kernel-headers, p-cpe:/a:fermilab:scientific_linux:kernel-tools, p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo, p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs, p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel, p-cpe:/a:fermilab:scientific_linux:perf, p-cpe:/a:fermilab:scientific_linux:perf-debuginfo, p-cpe:/a:fermilab:scientific_linux:python-perf, p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo, x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 3/17/2020

Vulnerability Publication Date: 4/23/2019

Reference Information

CVE: CVE-2019-11135, CVE-2019-11487, CVE-2019-17666, CVE-2019-19338