Red Hat and CentOS introduced kernel security updates for their operating systems. Mainly, these updates came to patch two vulnerabilities, namely CVE-2019-14821, an out-of-bounds memory access issue via MMIO ring buffer discovered in Linux kernel’s KVM hypervisor, and CVE-2019-15239, a flaw that could allow a local attacker to trigger multiple use-after-free conditions, which may lead to a kernel crash or potentially in privilege escalation.
- Recommended Content: How to apply Linux Kernel live security updates on Red Hat or CentOS?
Fixing several bugs
In addition to this, the kernel update fixes several bugs, including missing SCSI VPD information for NVMe drives that breaks InfoScale, NULL pointer dereference at check_preempt_wakeup+0x109, panic in pick_next_task_rt, “Detected Tx Unit Hang” error with adapter reset, broken load balancing over VF LAG configuration, security issues on crypto vmx driver, XFS hangs on acquiring xfs_buf semaphore, single CPU VM hangs during open_posix_testsuite, and many others.
The kernel security update is available for Linux server distros which Red Hat Enterprise Linux Server 7, Red Hat Enterprise Linux Server – AUS 7.7, Red Hat Enterprise Linux Workstation 7, Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux for IBM z Systems 7, Red Hat Enterprise Linux for Power, big endian 7, Red Hat Enterprise Linux for Scientific Computing 7, Red Hat Enterprise Linux EUS Compute Node 7.7, and Red Hat Enterprise Linux for Power, little endian 7 operating system series.
It is also needed to note that Red Hat Virtualization Host 4, Red Hat Enterprise Linux Server – TUS 7.7, Red Hat Enterprise Linux Server (for IBM Power LE) – Update Services for SAP Solutions 7.7, Red Hat Enterprise Linux Server – Update Services for SAP Solutions 7.7, and CentOS Linux 7 systems are affected by these updates. It is recommended users to update their systems immediately to kernel-3.10.0-1062.7.1.el7.x86_64, to check the new kernel version was successfully applied, and then to reboot their machines.