Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2018:0152 - Security Advisory
Issued:
2018-01-25
Updated:
2018-01-25

RHSA-2018:0152 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • A flaw was found in the Linux kernel's key management system where it was possible for an attacker to escalate privileges or crash the machine. If a user key gets negatively instantiated, an error code is cached in the payload area. A negatively instantiated key may be then be positively instantiated by updating it with valid data. However, the ->update key type method must be aware that the error code may be there. (CVE-2015-8539, Important)
  • It was found that fanout_add() in 'net/packet/af_packet.c' in the Linux kernel, before version 4.13.6, allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free bug. (CVE-2017-15649, Important)
  • A vulnerability was found in the Linux kernel where the keyctl_set_reqkey_keyring() function leaks the thread keyring. This allows an unprivileged local user to exhaust kernel memory and thus cause a DoS. (CVE-2017-7472, Moderate)

Red Hat would like to thank Dmitry Vyukov of Google engineering for reporting CVE-2015-8539.

Bug Fix(es):

  • The kernel-rt packages have been upgraded to 3.10.0-693.15.1 source tree, which provides a number of bug fixes over the previous version. (BZ#1519506)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for Real Time 7 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV 7 x86_64

Fixes

  • BZ - 1284450 - CVE-2015-8539 kernel: local privesc in key management
  • BZ - 1442086 - CVE-2017-7472 kernel: keyctl_set_reqkey_keyring() leaks thread keyrings
  • BZ - 1504574 - CVE-2017-15649 kernel: Use-after-free in the af_packet.c
  • BZ - 1519506 - kernel-rt: update to the RHEL7.4.z batch#4 source tree

CVEs

  • CVE-2015-8539
  • CVE-2017-7472
  • CVE-2017-12192
  • CVE-2017-12193
  • CVE-2017-15649

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for Real Time 7

SRPM
kernel-rt-3.10.0-693.17.1.rt56.636.el7.src.rpm SHA-256: 906c5f8854e2aadc8ba8a185fd85056a555be9b44c17a3e422ddaf3ecd8a335d
x86_64
kernel-rt-3.10.0-693.17.1.rt56.636.el7.x86_64.rpm SHA-256: ddb0c4a42e4a226c51ffc801b90374b2758796197692f86f62e2bb941146348f
kernel-rt-debug-3.10.0-693.17.1.rt56.636.el7.x86_64.rpm SHA-256: 7d619f268868daab1eedd70ea27fb976a76c2b1ebc523a55a91ba10454e7a83d
kernel-rt-debug-debuginfo-3.10.0-693.17.1.rt56.636.el7.x86_64.rpm SHA-256: 373aaa2e991c7ec1d459ead858d83421b4ecbc82c724513fba4656e6041e4c77
kernel-rt-debug-devel-3.10.0-693.17.1.rt56.636.el7.x86_64.rpm SHA-256: 3709e2e998f3fdd2fe330e6af7461a4cfa43e107a8c8730879c9413d63762824
kernel-rt-debuginfo-3.10.0-693.17.1.rt56.636.el7.x86_64.rpm SHA-256: 4d7e9f15afeae037982df82cce1dda26985e47253017af4a5b116afa461571e5
kernel-rt-debuginfo-common-x86_64-3.10.0-693.17.1.rt56.636.el7.x86_64.rpm SHA-256: f914f92eddee9832916dc53724c72b848ac1dc2f4081d830c0f2d9f286b5421d
kernel-rt-devel-3.10.0-693.17.1.rt56.636.el7.x86_64.rpm SHA-256: c0f54b815e85697b32b1aeb967cf697a84124e25fe659d4f338c1b4027a608e9
kernel-rt-doc-3.10.0-693.17.1.rt56.636.el7.noarch.rpm SHA-256: 7ea5ed74e7c236a641728c5b31d6f1f2b0bd8d3b082358391977b1e2e8468fa3
kernel-rt-trace-3.10.0-693.17.1.rt56.636.el7.x86_64.rpm SHA-256: 956cbc58dfe65fe2f19faa8ffc65c70cb614bde4eed675fd2e21cb2e3c9c5a45
kernel-rt-trace-debuginfo-3.10.0-693.17.1.rt56.636.el7.x86_64.rpm SHA-256: c8af024e73e05815510c018e270f0b53d60403807c35c67696c36fef753adcad
kernel-rt-trace-devel-3.10.0-693.17.1.rt56.636.el7.x86_64.rpm SHA-256: 1b44a46e9edd5689b4f75568815235dd0a98bbaae061621816d2449fa82d7faf

Red Hat Enterprise Linux for Real Time for NFV 7

SRPM
kernel-rt-3.10.0-693.17.1.rt56.636.el7.src.rpm SHA-256: 906c5f8854e2aadc8ba8a185fd85056a555be9b44c17a3e422ddaf3ecd8a335d
x86_64
kernel-rt-3.10.0-693.17.1.rt56.636.el7.x86_64.rpm SHA-256: ddb0c4a42e4a226c51ffc801b90374b2758796197692f86f62e2bb941146348f
kernel-rt-debug-3.10.0-693.17.1.rt56.636.el7.x86_64.rpm SHA-256: 7d619f268868daab1eedd70ea27fb976a76c2b1ebc523a55a91ba10454e7a83d
kernel-rt-debug-debuginfo-3.10.0-693.17.1.rt56.636.el7.x86_64.rpm SHA-256: 373aaa2e991c7ec1d459ead858d83421b4ecbc82c724513fba4656e6041e4c77
kernel-rt-debug-devel-3.10.0-693.17.1.rt56.636.el7.x86_64.rpm SHA-256: 3709e2e998f3fdd2fe330e6af7461a4cfa43e107a8c8730879c9413d63762824
kernel-rt-debug-kvm-3.10.0-693.17.1.rt56.636.el7.x86_64.rpm SHA-256: 51165673b2c089faa1c9d97d8ee20dd896ebd704c769da9f7a336e40622c7ccb
kernel-rt-debug-kvm-debuginfo-3.10.0-693.17.1.rt56.636.el7.x86_64.rpm SHA-256: 2e9ce209f441ea5e6b61c11d98ca28a18526b2cddbe00d5a4cf4346a3d858484
kernel-rt-debuginfo-3.10.0-693.17.1.rt56.636.el7.x86_64.rpm SHA-256: 4d7e9f15afeae037982df82cce1dda26985e47253017af4a5b116afa461571e5
kernel-rt-debuginfo-common-x86_64-3.10.0-693.17.1.rt56.636.el7.x86_64.rpm SHA-256: f914f92eddee9832916dc53724c72b848ac1dc2f4081d830c0f2d9f286b5421d
kernel-rt-devel-3.10.0-693.17.1.rt56.636.el7.x86_64.rpm SHA-256: c0f54b815e85697b32b1aeb967cf697a84124e25fe659d4f338c1b4027a608e9
kernel-rt-doc-3.10.0-693.17.1.rt56.636.el7.noarch.rpm SHA-256: 7ea5ed74e7c236a641728c5b31d6f1f2b0bd8d3b082358391977b1e2e8468fa3
kernel-rt-kvm-3.10.0-693.17.1.rt56.636.el7.x86_64.rpm SHA-256: 955690f32528ea912770e96ab368e332e1ecfe0074df2857d08de249cadc9759
kernel-rt-kvm-debuginfo-3.10.0-693.17.1.rt56.636.el7.x86_64.rpm SHA-256: c12b5dd4e7272fd80c68dfd7c6b9b2971d28d7609565d87530be8c460ec53df1
kernel-rt-trace-3.10.0-693.17.1.rt56.636.el7.x86_64.rpm SHA-256: 956cbc58dfe65fe2f19faa8ffc65c70cb614bde4eed675fd2e21cb2e3c9c5a45
kernel-rt-trace-debuginfo-3.10.0-693.17.1.rt56.636.el7.x86_64.rpm SHA-256: c8af024e73e05815510c018e270f0b53d60403807c35c67696c36fef753adcad
kernel-rt-trace-devel-3.10.0-693.17.1.rt56.636.el7.x86_64.rpm SHA-256: 1b44a46e9edd5689b4f75568815235dd0a98bbaae061621816d2449fa82d7faf
kernel-rt-trace-kvm-3.10.0-693.17.1.rt56.636.el7.x86_64.rpm SHA-256: eb720100f3156062d0b6e30ffc0ee5ae362178611befaffe52f9758bb2706fac
kernel-rt-trace-kvm-debuginfo-3.10.0-693.17.1.rt56.636.el7.x86_64.rpm SHA-256: ffcfa7f3fb23b12d26923d1a77104a0320be1fb03ef9e3ea3515422029cffca0

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2023 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter