Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1902790]

This was fixed for Fedora with the 5.2.6 stable kernel updates.

https://access.redhat.com/security/cve/CVE-2019-20934 states that RHEL 7 is not affected by the issue, while RHEL 8 is affected.

It should probably be the reverse:

* RHEL 8 has the fixes for the issue already.
* RHEL 7 is probably still affected.
------------------------------------------------------------

Details:

RHEL 7, kernel 3.10.0-1160.11.1.el7, do_execve_common:
----------------
        /* execve succeeded */
        current->fs->in_exec = 0;
        current->in_execve = 0;
        membarrier_execve(current);
        acct_update_integrals(current);
        task_numa_free(current);
        free_bprm(bprm);
        putname(filename);
----------------

"task_numa_free(current)" was added there by the mainline commit 82727018b0d3 "sched/numa: Call task_numa_free() from do_execve()". The issue was introduced by this commit, if I understand it correctly.

The fixes from the mainline kernel are:
* 16d51a590a8ce "sched/fair: Don't free p->numa_faults with concurrent readers"
* cb361d8cdef6 "sched/fair: Use RCU accessors consistently for ->numa_group"

Neither is present in 3.10.0-1160.11.1.el7, so, I guess, this kernel from RHEL 7 is still affected.
------------------------------------------------------------

RHEL 8, kernel 4.18.0-240.8.1.el8_3, the code of interest is in __do_execve_file() now:
----------------
        /* execve succeeded */
        current->fs->in_exec = 0;
        current->in_execve = 0;
        rseq_execve(current);
        acct_update_integrals(current);
        task_numa_free(current, false); // <<< 'false' was added by mainline commit 16d51a590a8ce "sched/fair: Don't free p->numa_faults with concurrent readers"
        free_bprm(bprm);
        kfree(pathbuf);
----------------

Besides, kernel/sched/fair.c does use deref_task_numa_group() added by commit cb361d8cdef6.

So, it seems, both fixes mentioned above are present in 4.18.0-240.8.1.el8_3 and RHEL 8 is not actually affected.

Am I missing something?

I'm looking at my investigation notes, and it appears I had confused two NUMA issues that I had been working on.  For some reason my affected state here was duplicated into another issue.  The only thing I can think of is that I had a previous bz number in my clipboard.

Sorry for any confusion, I will restart the investigation from scratch.

EL8 marked notaffected, trackers closed
EL7 marked affected, trackers opened,
kernel-alt also affected, trackers opened.

Not valid for el5 and 6.

Mitigation:

As the NUMA features are built-in and enabled by default, the NUMA functionality can be disabled at boot time by providing the kernel parameter, numa=off.

The method of providing this parameter depends on the operating system version, see KCS article https://access.redhat.com/solutions/23216.

Disabling this feature may have significant performance impacts and the administrator should consider if the performance penalty is a problem.

If you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:2725 https://access.redhat.com/errata/RHSA-2021:2725

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:2726 https://access.redhat.com/errata/RHSA-2021:2726

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-20934

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Advanced Update Support
  Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.7 Telco Extended Update Support

Via RHSA-2021:3987 https://access.redhat.com/errata/RHSA-2021:3987