- Issued:
- 2021-11-15
- Updated:
- 2021-11-15
RHSA-2021:4648 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: Insufficient validation of user-supplied sizes for the MSG_CRYPTO message type (CVE-2021-43267)
- kernel: timer tree corruption leads to missing wakeup and system freeze (CVE-2021-20317)
- kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode (CVE-2021-28950)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- kernel-rt: update RT source tree to the RHEL-8.4.z5 source tree (BZ#2017122)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4 x86_64
- Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4 x86_64
Fixes
- BZ - 1941762 - CVE-2021-28950 kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode
- BZ - 2005258 - CVE-2021-20317 kernel: timer tree corruption leads to missing wakeup and system freeze
- BZ - 2020362 - CVE-2021-43267 kernel: Insufficient validation of user-supplied sizes for the MSG_CRYPTO message type
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4
| SRPM | |
|---|---|
| kernel-rt-4.18.0-305.28.1.rt7.100.el8_4.src.rpm | SHA-256: c9bae3888b831cfd2845eadac84eef8c01e7e1f4b3756c07a730fd64e99a4d68 |
| x86_64 | |
| kernel-rt-4.18.0-305.28.1.rt7.100.el8_4.x86_64.rpm | SHA-256: f2e3707694055ea4101b6ae3b7a8e7c2fbb92cebd7cc70678470ed9d5309b53a |
| kernel-rt-core-4.18.0-305.28.1.rt7.100.el8_4.x86_64.rpm | SHA-256: 07995bc83f9c106f8836b937a96e0240d5ab0d8e2b07cba35d33319c2bfc52e2 |
| kernel-rt-debug-4.18.0-305.28.1.rt7.100.el8_4.x86_64.rpm | SHA-256: b246b2a58812a60eb9725945d83e7fbf9220a1dfcbe804a11eaf89f5b76af874 |
| kernel-rt-debug-core-4.18.0-305.28.1.rt7.100.el8_4.x86_64.rpm | SHA-256: 6b8c32320007758a4cced26a0c7925f236af0dc689a7ab1f734e8b7c0bf2e5e0 |
| kernel-rt-debug-debuginfo-4.18.0-305.28.1.rt7.100.el8_4.x86_64.rpm | SHA-256: 1f7fbcb99e10aa59f7f6b7e369f13147dba20dfefaef302994e6b39b661b7e07 |
| kernel-rt-debug-devel-4.18.0-305.28.1.rt7.100.el8_4.x86_64.rpm | SHA-256: 9d507aa02e216d1c60ac706aba2c77feb904faae45df0773067053e2b7cd34ca |
| kernel-rt-debug-modules-4.18.0-305.28.1.rt7.100.el8_4.x86_64.rpm | SHA-256: a55ff6899f0861c10b7580509a783c9fa7c16be019ccea612a234887348bd01f |
| kernel-rt-debug-modules-extra-4.18.0-305.28.1.rt7.100.el8_4.x86_64.rpm | SHA-256: 084002185625a111537b6e9631a10598129bb8b1fe8560bc029c1e87c43789cc |
| kernel-rt-debuginfo-4.18.0-305.28.1.rt7.100.el8_4.x86_64.rpm | SHA-256: 16dc698574e2dbfd762e0d564931072ffee7f1a7817caa4b7c940cb75ba88654 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-305.28.1.rt7.100.el8_4.x86_64.rpm | SHA-256: dd93be1adfa43ad96a334c5a1dc08460e450bf448d3388427bf42763a89ddc20 |
| kernel-rt-devel-4.18.0-305.28.1.rt7.100.el8_4.x86_64.rpm | SHA-256: a604d63e753bbbb7a699ee9c800b708bc6e3a4a739f93b42877ccda33d31470c |
| kernel-rt-modules-4.18.0-305.28.1.rt7.100.el8_4.x86_64.rpm | SHA-256: 0d72a61818ff8ec557b4b6d83f6a00bb3ee07540f33c267a4ac4b78d5060c1ea |
| kernel-rt-modules-extra-4.18.0-305.28.1.rt7.100.el8_4.x86_64.rpm | SHA-256: 1b2f58045c60b0ce6986e9af55546821545eccf4580936de9e30f0454ffcfaec |
Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4
| SRPM | |
|---|---|
| kernel-rt-4.18.0-305.28.1.rt7.100.el8_4.src.rpm | SHA-256: c9bae3888b831cfd2845eadac84eef8c01e7e1f4b3756c07a730fd64e99a4d68 |
| x86_64 | |
| kernel-rt-4.18.0-305.28.1.rt7.100.el8_4.x86_64.rpm | SHA-256: f2e3707694055ea4101b6ae3b7a8e7c2fbb92cebd7cc70678470ed9d5309b53a |
| kernel-rt-core-4.18.0-305.28.1.rt7.100.el8_4.x86_64.rpm | SHA-256: 07995bc83f9c106f8836b937a96e0240d5ab0d8e2b07cba35d33319c2bfc52e2 |
| kernel-rt-debug-4.18.0-305.28.1.rt7.100.el8_4.x86_64.rpm | SHA-256: b246b2a58812a60eb9725945d83e7fbf9220a1dfcbe804a11eaf89f5b76af874 |
| kernel-rt-debug-core-4.18.0-305.28.1.rt7.100.el8_4.x86_64.rpm | SHA-256: 6b8c32320007758a4cced26a0c7925f236af0dc689a7ab1f734e8b7c0bf2e5e0 |
| kernel-rt-debug-debuginfo-4.18.0-305.28.1.rt7.100.el8_4.x86_64.rpm | SHA-256: 1f7fbcb99e10aa59f7f6b7e369f13147dba20dfefaef302994e6b39b661b7e07 |
| kernel-rt-debug-devel-4.18.0-305.28.1.rt7.100.el8_4.x86_64.rpm | SHA-256: 9d507aa02e216d1c60ac706aba2c77feb904faae45df0773067053e2b7cd34ca |
| kernel-rt-debug-kvm-4.18.0-305.28.1.rt7.100.el8_4.x86_64.rpm | SHA-256: f4216379a6d3091fd4931d696ba67cecc6c6c8c9a261d2d662195e94dac8fa08 |
| kernel-rt-debug-modules-4.18.0-305.28.1.rt7.100.el8_4.x86_64.rpm | SHA-256: a55ff6899f0861c10b7580509a783c9fa7c16be019ccea612a234887348bd01f |
| kernel-rt-debug-modules-extra-4.18.0-305.28.1.rt7.100.el8_4.x86_64.rpm | SHA-256: 084002185625a111537b6e9631a10598129bb8b1fe8560bc029c1e87c43789cc |
| kernel-rt-debuginfo-4.18.0-305.28.1.rt7.100.el8_4.x86_64.rpm | SHA-256: 16dc698574e2dbfd762e0d564931072ffee7f1a7817caa4b7c940cb75ba88654 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-305.28.1.rt7.100.el8_4.x86_64.rpm | SHA-256: dd93be1adfa43ad96a334c5a1dc08460e450bf448d3388427bf42763a89ddc20 |
| kernel-rt-devel-4.18.0-305.28.1.rt7.100.el8_4.x86_64.rpm | SHA-256: a604d63e753bbbb7a699ee9c800b708bc6e3a4a739f93b42877ccda33d31470c |
| kernel-rt-kvm-4.18.0-305.28.1.rt7.100.el8_4.x86_64.rpm | SHA-256: ffe49a93379bf3dff269286608bec9ce5c4eb1bc7e19d065fa4aee399a83f009 |
| kernel-rt-modules-4.18.0-305.28.1.rt7.100.el8_4.x86_64.rpm | SHA-256: 0d72a61818ff8ec557b4b6d83f6a00bb3ee07540f33c267a4ac4b78d5060c1ea |
| kernel-rt-modules-extra-4.18.0-305.28.1.rt7.100.el8_4.x86_64.rpm | SHA-256: 1b2f58045c60b0ce6986e9af55546821545eccf4580936de9e30f0454ffcfaec |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
