Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2018:0181 - Security Advisory
Issued:
2018-01-25
Updated:
2018-01-25

RHSA-2018:0181 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise MRG 2.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • A flaw was found in the Linux kernel's key management system where it was possible for an attacker to escalate privileges or crash the machine. If a user key gets negatively instantiated, an error code is cached in the payload area. A negatively instantiated key may be then be positively instantiated by updating it with valid data. However, the ->update key type method must be aware that the error code may be there. (CVE-2015-8539, Important)
  • It was found that fanout_add() in 'net/packet/af_packet.c' in the Linux kernel, before version 4.13.6, allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free bug. (CVE-2017-15649, Important)
  • A vulnerability was found in the Linux kernel where the keyctl_set_reqkey_keyring() function leaks the thread keyring. This allows an unprivileged local user to exhaust kernel memory and thus cause a DoS. (CVE-2017-7472, Moderate)

Red Hat would like to thank Dmitry Vyukov of Google engineering for reporting CVE-2015-8539.

Bug Fix(es):

  • The mlx5 driver has a number of configuration options, including the selective support for network protocols, such as InfiniBand and Ethernet. Due to a regression in the configuration of the MRG-RT kernel, the Ethernet mode of the driver was turned off. The regression has been resolved by enabling the mlx5 Ethernet mode, making the Ethernet protocol to work again. (BZ#1422778)
  • The migrate_disable/enable() kernel operations are used to pin a thread to a CPU temporarily. This method is a kernel-rt specific. To keep RHEL-RT's kernel up-to-date with the latest real-time kernel, the migrate_disable/enable routine was updated to the version present on kernel v4.9-rt. However, this version showed to be problematic. The changes in the migrate_disable/enabled have been thus reverted to a stable version, avoiding the kernel BUG. (BZ#1507831)
  • The kernel-rt packages have been upgraded to version 3.10.0-693.15.1.rt56.601, which provides a number of security and bug fixes over the previous version. (BZ#1519504)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • MRG Realtime 2 x86_64

Fixes

  • BZ - 1284450 - CVE-2015-8539 kernel: local privesc in key management
  • BZ - 1422778 - [mlx5] Failed to create device for nic_driver mlx5_core
  • BZ - 1442086 - CVE-2017-7472 kernel: keyctl_set_reqkey_keyring() leaks thread keyrings
  • BZ - 1504574 - CVE-2017-15649 kernel: Use-after-free in the af_packet.c
  • BZ - 1519504 - update the MRG 2.5.z 3.10 kernel-rt sources

CVEs

  • CVE-2015-8539
  • CVE-2017-7472
  • CVE-2017-12192
  • CVE-2017-12193
  • CVE-2017-15649

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

MRG Realtime 2

SRPM
kernel-rt-3.10.0-693.17.1.rt56.604.el6rt.src.rpm SHA-256: 752ac6014d3a4976a1494b104251f1176626ba4395c92d36f34ea86f3d540149
x86_64
kernel-rt-3.10.0-693.17.1.rt56.604.el6rt.x86_64.rpm SHA-256: 1d7bd15a48bfc81c8f857ff5c6290b3cd2ea387ba68dbe9b41086c9353f4bd5b
kernel-rt-debug-3.10.0-693.17.1.rt56.604.el6rt.x86_64.rpm SHA-256: 45d86ae2ee46d4e4c88bc76b05d7ebc6f11a46de7a3806ad8897a0558fe7f809
kernel-rt-debug-debuginfo-3.10.0-693.17.1.rt56.604.el6rt.x86_64.rpm SHA-256: 4fb2fc21c2b163043dd6dc9e716b7e81e1745eacc74857135605e767e72346ef
kernel-rt-debug-devel-3.10.0-693.17.1.rt56.604.el6rt.x86_64.rpm SHA-256: 77079b7cf796b3e2fa2b1fbb9b87eca1cb206969a19e13a19eabf2406038d503
kernel-rt-debuginfo-3.10.0-693.17.1.rt56.604.el6rt.x86_64.rpm SHA-256: c96372718f0d91f231fe25c9854a82feab7f8406079fbb7a83bd35e345dfc464
kernel-rt-debuginfo-common-x86_64-3.10.0-693.17.1.rt56.604.el6rt.x86_64.rpm SHA-256: 3f6a2ca3e377a573245aabcaec323dd1052a5c511d5dd60292bce8f1e6216af7
kernel-rt-devel-3.10.0-693.17.1.rt56.604.el6rt.x86_64.rpm SHA-256: 3c2ca0cc1f41a38e550192cbb352e8ba3b9cafb6282fc8b47f1abdaf016be049
kernel-rt-doc-3.10.0-693.17.1.rt56.604.el6rt.noarch.rpm SHA-256: c3532c6d9e9ff81424cdedbcc529a89d1b35f292a44899e7b78fd888981eea9c
kernel-rt-firmware-3.10.0-693.17.1.rt56.604.el6rt.noarch.rpm SHA-256: 7410441005a1b26af1d1ce47d235da3c162485d78372454c0169690d8ebbb280
kernel-rt-trace-3.10.0-693.17.1.rt56.604.el6rt.x86_64.rpm SHA-256: 3896f77bb732f7a6bcf4c19b6c842ac7ee8a30db915e428b695b272faa82fe14
kernel-rt-trace-debuginfo-3.10.0-693.17.1.rt56.604.el6rt.x86_64.rpm SHA-256: 2f96808cebbfebb2f123d502bc8b8651ca12f1da75b5b60fd30d2880c354d3dd
kernel-rt-trace-devel-3.10.0-693.17.1.rt56.604.el6rt.x86_64.rpm SHA-256: 19b5d6316d78794ca2115f0ba8ada9137518b97769ddd9d410347327589ebfe1
kernel-rt-vanilla-3.10.0-693.17.1.rt56.604.el6rt.x86_64.rpm SHA-256: b195cc54df2fcc29aa28a46c69d1c10bb4458ff54ed8df073fda56d97924da32
kernel-rt-vanilla-debuginfo-3.10.0-693.17.1.rt56.604.el6rt.x86_64.rpm SHA-256: 86c234dbbedb0f65558ea2de28c2807aa5477b83ca07a0b4bf6ad9b3de7771ea
kernel-rt-vanilla-devel-3.10.0-693.17.1.rt56.604.el6rt.x86_64.rpm SHA-256: 0ff5d32899e1eb31e9ec069e915712308ea8f2ad93a4dcb7080cb8aedc8d8f8e

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2023 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter