CentOS 7 and RHEL 7 Users Receive an Important Kernel Security Update, Patch Now

Red Hat Enterprise Linux


Users of the Red Hat Enterprise Linux (RHEL) 7 and CentOS Linux 7 operating systems received an important Linux kernel security update that addresses seven vulnerabilities and fixes multiple bugs.

The new kernel security update for CentOS 7 and RHEL 7 patches a total of 7 security issues, including CVE-2020-14385, a flaw found in the XFS file system’s metadata validator that can lead to the file system being shutdown, as well as CVE-2020-10769, a buffer over-read flaw found in the IPsec Cryptographic algorithm’s module.

Also patched are CVE-2020-14314, a memory out-of-bounds read flaw found in the EXT3/EXT4 filesystems that could allow a local user to crash the system, CVE-2019-18282, a device tracking vulnerability found in the flow_dissector feature, and CVE-2020-24394, a vulnerability found in the NFSv4.2 protocol, which could allow a privileged local attacker to cause a kernel information leak.

Last but not least, the new kernel security update addresses CVE-2020-25643, a flaw discovered in Linux kernel’s HDLC_PPP module leading to memory corruption and a read overflow, which could compromise data confidentiality, integrity, and system availability, as well as CVE-2020-25212, a flaw found in the NFSv4 implementation that could allow for local memory corruption or even privilege escalation.

In the addition to the patching the security vulnerabilities mentioned above, the new CentOS 7 and RHEL 7 kernel security update fixes several bugs, including Hyper-V issues with kdump over network, an XFS transaction overrun when running Docker on VMware, a host crash that occurred during array upgrade, and a Linux kernel crash due to a problem with the openvswitch module.

It also fixes the nodfs option to work when using SMB2+, a Linux kernel panic triggered by freelist pointer corruption, a lockup condition due to a loop in __run_timers() because base->timer_jiffies is very far behind, as well as a false positive hard lockup, which was detected when the hard lockup detector was disabled via sysctl -w kernel.watchdog=0.

The new kernel security update is available right now for all supported Red Hat Enterprise Linux 7 operating system series, including RHEL Server 7, RHEL Workstation 7, RHEL Desktop 7, RHEL for IBM z Systems 7, RHEL for Power, big endian 7, RHEL for Scientific Computing 7, RHEL for Power, little endian 7, and Red Hat Virtualization Host 4 for RHEL 7, as well as for the CentOS Linux 7 operating system series.

All users are urged to update their installations as soon as possible.

Last updated 4 months ago