A new important Linux kernel security update has been released for Red Hat Enterprise Linux (RHEL) 7 and CentOS Linux 7 systems to address three security vulnerabilities and various other bugs.
The new Linux kernel security update comes just three weeks after the previous one, which patched 11 flaws, to address three vulnerabilities affecting the Linux 3.10 kernel used in all supported Red Hat Enterprise Linux 7 and CentOS Linux 7 operating system series.
Two of these vulnerabilities are marked by the Red Hat Product Security team as “important.” These include CVE-2021-27365, a heap buffer overflow discovered in Linux kernel’s iSCSI subsystem that could allow a local, unprivileged user to cause a denial of service (system crash) or possibly execute arbitrary code, and CVE-2021-27364, an out-of-bounds read flaw discovered in the libiscsi module that could lead to reading kernel memory or a crash.
The third vulnerability patched in this new CentOS Linux 7 and RHEL 7 kernel update is CVE-2021-27363, a flaw having a “moderate” security impact and discovered in Linux kernel’s iSCSI driver. This could be used by a local user to leak iSCSI transport handle kernel address or end arbitrary iSCSI connections on the system.
In addition to fixing these three security vulnerabilities, the new kernel update also adds a fix to update the snd_wl1 variable in the bulk receiver fast path on Red Hat Enterprise Linux 7.9 systems, and adds Mellanox patches to prevent a kernel hang in the MLX4 poll mode driver library for Azure systems.
Moreover, the kernel update includes a fix for an issue with the tcm loopback driver that caused double-start of the
scsi command when work is delayed, as well as a fix for intermittent boot issues on Red Hat Enterprise Linux 7.8 and later systems using customer testing eMMC drives.
The new kernel security update is rolling out now to Red Hat Enterprise Linux Server 7, Red Hat Enterprise Linux Workstation 7, Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux for IBM z Systems 7, Red Hat Enterprise Linux for Power, big endian 7, Red Hat Enterprise Linux for Scientific Computing 7, Red Hat Enterprise Linux for Power, little endian 7, Red Hat Virtualization Host 4 for RHEL 7, and CentOS Linux 7 systems.
Users are recommended to update their installations as soon as possible to
kernel-3.10.0-1160.24.1.el7. After installing the new kernel version and related packages, you should reboot your systems for the necessary changes to be correctly applied.
Last updated 13 hours ago
This article was originally posted on 9to5linux.com. Read here