Red Hat and CentOS have announced the availability of important kernel security updates for their Red Hat Enterprise Linux 7 and CentOS Linux 7 operating system families. The updates are reported to address two security holes and many other bugs.
Specifically, the new Linux kernel security update fixes CVE-2019-14821 and CVE-2019-15239 vulnerabilities. Among them, CVE-2019-15239 may cause local attackers to trigger multiple “use-after-free” conditions, causing the kernel to crash or potential privilege escalation.
In addition, the kernel update addresses multiple bugs, including missing SCSI VPD information for NVMe drives that breaks InfoScale, NULL pointer dereference at check_preempt_wakeup+0x109, panic in pick_next_task_rt, “Detected Tx Unit Hang” error with adapter reset, broken load balancing over VF LAG configuration, security issues on crypto vmx driver, XFS hangs on acquiring xfs_buf semaphore, single CPU VM hangs during open_posix_testsuite, and many others.