by 
RHEL (Red Hat Enterprise Linux) and CentOS Linux 7 users received a new Linux kernel security update on June 14th, 2021, to fix several vulnerabilities affecting the Intel graphics drivers.
The new Linux kernel security update comes exactly two months after the previous one and it’s here to fix three security vulnerabilities discovered by various security researchers in the Intel graphics drivers (i915), as well as three other security flaws.
The three security vulnerabilities affecting the Intel graphics drivers are CVE-2020-12362, an integer overflow that could allow a privileged user to escalate his/her privileges via local access, CVE-2020-12363, an input validation flaw, and CVE-2020-12364, a null pointer reference, both of which allowing a privileged user to initiate a denial-of-service (DoS) attack via local access.
It’s important to notice that to fully patch these issues, users also need to install the most recent linux-firmware and Linux kernel updates for their system.
The new RHEL and CentOS 7 kernel security update also patches CVE-2021-3347, a use-after-free memory flaw discovered in Linux kernel’s Fast Userspace Mutexes functionality, which could allow a local user to crash the vulnerable system or escalate their privileges.
Also fixed is CVE-2020-8648, a use-after-free flaw discovered in Linux kernel’s console driver when using the copy-paste buffer, which could allow a local user to crash the vulnerable system, as well as CVE-2020-27170, a pointer arithmetic speculation against the bpf_context pointer, which could allow a local user with the ability to insert eBPF instructions to abuse a Spectre-like flaw to infer all system memory.
In addition to patching these six security flaws, the new kernel update for RHEL and CentOS 7 systems also addresses several fixes, including a kernel crash that occurred when calling the timer function, a hang issue with the SCSI error handling process on the HP P440ar controller, a performance issue with the netxen driver on the RT kernel, a kernel panic in update_group_power(), a SELinux deadlock, as well as Hyper-V issue.
More details about these bug fixes are available in the security notice published by Red Hat. The Red Hat security team rated this new kernel update as having an important security impact, urging all Red Hat Enterprise Linux 7 users to update their installations to kernel-3.10.0-1160.31.1.el7.x86_64 as soon as possible.
Affected Red Hat products include, Red Hat Enterprise Linux Server 7, Red Hat Enterprise Linux Workstation 7, Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux for IBM z Systems 7, Red Hat Enterprise Linux for Power, little endian 7, Red Hat Enterprise Linux for Power, big endian 7, Red Hat Enterprise Linux for Scientific Computing 7, and Red Hat Virtualization Host 4 for RHEL 7. As usual, this kernel update is also available for CentOS Linux 7 systems.
Last updated 3 years ago
