(RHSA-2019:1959) Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

• kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation (CVE-2019-11085)

• kernel: DMA attack using peripheral devices (Thunderclap) (BZ#1690716)

• kernel: infinite loop in update_blocked_averages() in kernel/sched/fair.c leading to denial of service (CVE-2018-20784)

• kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS (CVE-2019-11810)

• kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• [DELL 8.0 z-stream BUG] - “CPU unsupported” message with CFL-H/S 8+2 due to updated Stepping (BZ#1711048)

• RHEL8.0 Snapshot4 - [LTC Test] Guest crashes during vfio device hot-plug/un-plug operations. (kvm) (BZ#1714746)

• Using Transactional Memory ™ in a Guest Locks-up Host Core on a Power9 System (BZ#1714751)

• VRSAVE register not properly saved and restored (BZ#1714753)

• Fix potential spectre gadget in arch/s390/kvm/interrupt.c (BZ#1714754)

• RHEL8.0 RC2 - kernel/KVM - count cache flush Spectre v2 mitigation (required for POWER9 DD2.3) (BZ#1715018)

• iommu/amd: Set exclusion range correctly (BZ#1715336)

• RHEL8.0 - sched/fair: Do not re-read ->h_load_next during hierarchical load calculation (BZ#1715337)

• cross compile builds are broken (BZ#1715339)

• Patch generated by ‘make rh-test-patch’ doesn’t get applied during build (BZ#1715340)

• hard lockup panic in during execution of CFS bandwidth period timer (BZ#1715345)

• perf annotate -P does not give full paths (BZ#1716887)

• [Dell EMC 8.0 BUG] File system corrupting with I/O Stress on H330 PERC on AMD Systems if IOMMU passthrough is disabled (BZ#1717344)

• Fix Spectre v1 gadgets in drivers/gpu/drm/drm_bufs.c and drivers/gpu/drm/drm_ioctl.c (BZ#1717382)

• BUG: SELinux doesn’t handle NFS crossmnt well (BZ#1717777)

• krb5{,i,p} doesn’t work with older enctypes on aarch64 (BZ#1717800)

• [RHEL-8.0][s390x]ltp-lite mtest06 testing hits EWD due to: rcu: INFO: rcu_sched self-detected stall on CPU (BZ#1717801)

• RHEL 8 Snapshot-6: CN1200E SW iSCSI I/O performance degradation after a SCSI device/target reset rhel-8.0.0.z] (BZ#1717804)

• dm cache metadata: Fix loading discard bitset (BZ#1717868)

• jit’d java code on power9 ppc64le experiences stack corruption (BZ#1717869)

• BUG: connect(AF_UNSPEC, …) on a connected socket returns an error (BZ#1717870)

• mm: BUG: unable to handle kernel paging request at 0000000057ac6e9d (BZ#1718237)

• [HPE 8.0 BUG] DCPMM fsdax boot initialization takes a long time causing auto-mount to fail (BZ#1719635)

• AMD Rome: WARNING: CPU: 1 PID: 0 at arch/x86/kernel/cpu/mcheck/mce.c:1510 mcheck_cpu_init+0x7a/0x460 (BZ#1721233)

• [RHEL8.1] AMD Rome: EDAC amd64: Error: F0 not found, device 0x1460 (broken BIOS?) (BZ#1722365)

• AMD Rome: Intermittent NMI received for unknown reason (BZ#1722367)

• [DELL 8.0 BUG] - “CPU unsupported” message with WHL-U due to updated Stepping (BZ#1722372)

Enhancement(s):

• RHEL 8 - AMD Rome Support (BZ#1721972)

Users of kernel are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.