Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat Application Foundations
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2017:3322 - Security Advisory
Issued:
2017-11-30
Updated:
2017-11-30

RHSA-2017:3322 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: kernel-rt security, bug fix, and enhancement update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • It was found that the timer functionality in the Linux kernel ALSA subsystem is prone to a race condition between read and ioctl system call handlers, resulting in an uninitialized memory disclosure to user space. A local user could use this flaw to read information belonging to other users. (CVE-2017-1000380, Moderate)

Red Hat would like to thank Alexander Potapenko (Google) for reporting this issue.

Bug Fix(es):

  • The kernel-rt packages have been upgraded to the 3.10.0-693.11.1 source tree, which provides a number of bug fixes over the previous version. (BZ#1500035)
  • Previously, the hfi1 driver called the preempt_disable() function to prevent migration on standard Red Hat Enterprise Linux and on Red Hat Enterprise Linux for Real Time. On Red Hat Enterprise Linux for Real Time with the realtime kernel (kernel-rt), calling preempt_disable() triggered a kernel panic. With this update, the kernel-rt code has been modified to use a realtime-specific function call to the preempt_disable_nort() function, which expands to the correct calls based on the kernel that is running. As a result, the hfi1 driver now works correctly on both Red Hat Enterprise Linux kernel and Red Hat Enterprise Linux for Real Time kernel-rt. (BZ#1507053)
  • Previously, the hfi1 driver called the preempt_disable() function to prevent migration on standard Red Hat Enterprise Linux and on Red Hat Enterprise Linux for Real Time. On Red Hat Enterprise Linux for Real Time with the realtime kernel (kernel-rt), calling preempt_disable() triggered a kernel panic. With this update, the kernel-rt code has been modified to use a realtime-specific function call to the preempt_disable_nort() function, which expands to the correct calls based on the kernel that is running. As a result, the hfi1 driver now works correctly on both Red Hat Enterprise Linux kernel and Red Hat Enterprise Linux for Real Time kernel-rt. (BZ#1507054)
  • In the realtime kernel, if the rt_mutex locking mechanism was taken in the interrupt context, the normal priority inheritance protocol incorrectly identified a deadlock, and a kernel panic occurred. This update reverts the patch that added rt_mutex in the interrupt context, and the kernel no longer panics due to this behavior. (BZ#1511382)

Enhancement(s):

  • The current realtime throttling mechanism prevents the starvation of non-realtime tasks by CPU-intensive realtime tasks. When a realtime run queue is throttled, it allows non-realtime tasks to run. If there are not non-realtime tasks, the CPU goes idle. To safely maximize CPU usage by decreasing the CPU idle time, the RT_RUNTIME_GREED scheduler feature has been implemented. When enabled, this feature checks if non-realtime tasks are starving before throttling the realtime task. The RT_RUNTIME_GREED scheduler option guarantees some run time on all CPUs for the non-realtime tasks, while keeping the realtime tasks running as much as possible. (BZ#1505158)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for Real Time 7 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV 7 x86_64

Fixes

  • BZ - 1463311 - CVE-2017-1000380 kernel: information leak due to a data race in ALSA timer
  • BZ - 1500035 - kernel-rt: update to the RHEL7.4.z batch#3 source tree
  • BZ - 1505158 - RFE: Improve RT throttling mechanism [rhel-7.4.z]
  • BZ - 1507054 - RT + Omnipath panic [rhel-7.4.z]
  • BZ - 1511382 - [RHEL-RT] Possible regression with NOHZ_FULL & rt_mutexes in IRQ (BZ1250649) [rhel-7.4.z]

CVEs

  • CVE-2017-1000380

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for Real Time 7

SRPM
kernel-rt-3.10.0-693.11.1.rt56.632.el7.src.rpm SHA-256: 399487056e879c472f8bef46b642ace377315f9f332770e65a75b52a590fc4ef
x86_64
kernel-rt-3.10.0-693.11.1.rt56.632.el7.x86_64.rpm SHA-256: 097b6b10e25a3aa12ff76ba4a15cd3d917e0184a56fc076eda1a7c8df35e1cc2
kernel-rt-debug-3.10.0-693.11.1.rt56.632.el7.x86_64.rpm SHA-256: ce5defe3bc9b1de82c52dc02d4da420135415e6a96b7202db1d3bc3b0e4716ac
kernel-rt-debug-debuginfo-3.10.0-693.11.1.rt56.632.el7.x86_64.rpm SHA-256: c39003387f8830a3c41a60d9faf67a940ab581cd26ac8e05f80af47d7bcea693
kernel-rt-debug-devel-3.10.0-693.11.1.rt56.632.el7.x86_64.rpm SHA-256: de5649a2467388f4853fa51ef5993891277f35205592d8ca85761dd9a5961ba6
kernel-rt-debuginfo-3.10.0-693.11.1.rt56.632.el7.x86_64.rpm SHA-256: 8f5c9d537bcc133f3947bfb6cfb7a6819541f0243eb1091c93c64a009215ca40
kernel-rt-debuginfo-common-x86_64-3.10.0-693.11.1.rt56.632.el7.x86_64.rpm SHA-256: e3d9449e9c6306e970112be084dcb4acb1126380be9eb220b067e08d32ef8096
kernel-rt-devel-3.10.0-693.11.1.rt56.632.el7.x86_64.rpm SHA-256: f4bf2588f777932e1591facacbabc1a2756c153ab1b13e1ccbab603e9647e2dd
kernel-rt-doc-3.10.0-693.11.1.rt56.632.el7.noarch.rpm SHA-256: d8e225dd3fe981c21a6eebc5ea19b92b36716f85bd6bd6bf9c13be46c667c834
kernel-rt-trace-3.10.0-693.11.1.rt56.632.el7.x86_64.rpm SHA-256: 422fa220a5b53a37279418d6bcc766578d00280c8aba48ea8e71c9f42d637c9f
kernel-rt-trace-debuginfo-3.10.0-693.11.1.rt56.632.el7.x86_64.rpm SHA-256: b7d6d2b12ccfdf73ad383b0b68166d9768776f98aeebab4e1c7a4a5b93ee596a
kernel-rt-trace-devel-3.10.0-693.11.1.rt56.632.el7.x86_64.rpm SHA-256: ef07bec377681819b1a13c84b1430ec0d161445cdc10c2a795ab2cbd45d1e1a3

Red Hat Enterprise Linux for Real Time for NFV 7

SRPM
kernel-rt-3.10.0-693.11.1.rt56.632.el7.src.rpm SHA-256: 399487056e879c472f8bef46b642ace377315f9f332770e65a75b52a590fc4ef
x86_64
kernel-rt-3.10.0-693.11.1.rt56.632.el7.x86_64.rpm SHA-256: 097b6b10e25a3aa12ff76ba4a15cd3d917e0184a56fc076eda1a7c8df35e1cc2
kernel-rt-debug-3.10.0-693.11.1.rt56.632.el7.x86_64.rpm SHA-256: ce5defe3bc9b1de82c52dc02d4da420135415e6a96b7202db1d3bc3b0e4716ac
kernel-rt-debug-debuginfo-3.10.0-693.11.1.rt56.632.el7.x86_64.rpm SHA-256: c39003387f8830a3c41a60d9faf67a940ab581cd26ac8e05f80af47d7bcea693
kernel-rt-debug-devel-3.10.0-693.11.1.rt56.632.el7.x86_64.rpm SHA-256: de5649a2467388f4853fa51ef5993891277f35205592d8ca85761dd9a5961ba6
kernel-rt-debug-kvm-3.10.0-693.11.1.rt56.632.el7.x86_64.rpm SHA-256: d369b10bea0727d2a500aa2952881323dc4da537f0cb0d13fbf12b45e8f1bbe2
kernel-rt-debug-kvm-debuginfo-3.10.0-693.11.1.rt56.632.el7.x86_64.rpm SHA-256: d89c53f1f55fecf771defc72c909353a324a526527a3d20fb668ae9c876f7f29
kernel-rt-debuginfo-3.10.0-693.11.1.rt56.632.el7.x86_64.rpm SHA-256: 8f5c9d537bcc133f3947bfb6cfb7a6819541f0243eb1091c93c64a009215ca40
kernel-rt-debuginfo-common-x86_64-3.10.0-693.11.1.rt56.632.el7.x86_64.rpm SHA-256: e3d9449e9c6306e970112be084dcb4acb1126380be9eb220b067e08d32ef8096
kernel-rt-devel-3.10.0-693.11.1.rt56.632.el7.x86_64.rpm SHA-256: f4bf2588f777932e1591facacbabc1a2756c153ab1b13e1ccbab603e9647e2dd
kernel-rt-doc-3.10.0-693.11.1.rt56.632.el7.noarch.rpm SHA-256: d8e225dd3fe981c21a6eebc5ea19b92b36716f85bd6bd6bf9c13be46c667c834
kernel-rt-kvm-3.10.0-693.11.1.rt56.632.el7.x86_64.rpm SHA-256: 3b223bf8b2f9e24e0cef5710367f348771b4983ada26705ffab3fab850e83907
kernel-rt-kvm-debuginfo-3.10.0-693.11.1.rt56.632.el7.x86_64.rpm SHA-256: 0e957ca0add717d2b2ab13bc2171d3c6615b3e428332ab09c501ab377d2f0f2f
kernel-rt-trace-3.10.0-693.11.1.rt56.632.el7.x86_64.rpm SHA-256: 422fa220a5b53a37279418d6bcc766578d00280c8aba48ea8e71c9f42d637c9f
kernel-rt-trace-debuginfo-3.10.0-693.11.1.rt56.632.el7.x86_64.rpm SHA-256: b7d6d2b12ccfdf73ad383b0b68166d9768776f98aeebab4e1c7a4a5b93ee596a
kernel-rt-trace-devel-3.10.0-693.11.1.rt56.632.el7.x86_64.rpm SHA-256: ef07bec377681819b1a13c84b1430ec0d161445cdc10c2a795ab2cbd45d1e1a3
kernel-rt-trace-kvm-3.10.0-693.11.1.rt56.632.el7.x86_64.rpm SHA-256: 04da7b18d2c5b48738759eec9b48d80de5b8d880369a4c7ba9eba4790ec9392a
kernel-rt-trace-kvm-debuginfo-3.10.0-693.11.1.rt56.632.el7.x86_64.rpm SHA-256: 555a2859952184dfab44bd820758db07d214b6f05e5f8a5026183956a02a5f8d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
2023
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Twitter Facebook