-
CVE-2021-0920
Potential use-after-free in the 'recv' operation of UNIX domain sockets.
Race condition between the garbage collector and the 'recv' operation with MSG_PEEK flag was found in the implementation of UNIX domain sockets. It could result in use-after-free and could potentially allow a local attacker to escalate their privileges in the system.
https://access.redhat.com/security/cve/CVE-2021-0920
-
CVE-2021-4083
Read-after-free in garbage collection for Unix domain socket file handlers.
-
CVE-2021-4028
Use-after-free in RDMA listen().
-
PSBM-136140
A flaw in XFS allows non-root users to read raw data from a mounted block device (CVE-2021-4155).
-
PSBM-136851
Potential memory corruption in nfsd4_lock().
-
PSBM-136295
fs/locks.c: Node crash BUG in locks_insert_block().
-
PSBM-136369
fs: potential kernel crash in inode_permission() when processing paths containing '..'.
-
PSBM-134905
nfsd: memory corruption and kernel crash in nfsd4_lock.
It was discovered that certain operations with locks on NFS could result in a memory corruption and kernel crash in nfsd4_lock(). Note that, although the patch prevents new issues of this kind, it cannot fix the corruptions that have already occurred. So, kernel crashes are still possible even within a few hours after the ReadyKernel update has been applied, but should disappear after the reboot of the affected nodes.
-
PSBM-131551
Virtual machines might fail to start on a host with AMD Milan CPU.
It was discovered that virtual machines on the hosts with AMD Milan CPUs could try to set IA32_SPEC_CTRL MSR during their startup and would fail to start: qemu-kvm would be killed by SIGABRT.
-
PSBM-134323
Memory allocation failed unexpectedly in __add_to_page_cache_locked().
Ext4 FS was unexpectedly remounted read-only in a container after the container reached the limits set in the memory cgroup. It happened because the relevant memory allocations failed in __add_to_page_cache_locked while __GFP_NOFAIL flag was dropped for certain reason.