Issued:
2018-03-06
Updated:
2018-03-06

RHSA-2018:0412 - Security Advisory

Synopsis

Important: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • Kernel: KVM: MMU potential stack buffer overrun during page walks (CVE-2017-12188, Important)
  • Kernel: KVM: debug exception via syscall emulation (CVE-2017-7518, Moderate)

Bug Fix(es):

  • The kernel-rt packages have been upgraded to the 3.10.0-693.21.1 source tree, which provides a number of bug fixes over the previous version. (BZ#1537671)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for Real Time 7 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV 7 x86_64

Fixes

  • BZ - 1464473 - CVE-2017-7518 Kernel: KVM: debug exception via syscall emulation
  • BZ - 1500380 - CVE-2017-12188 Kernel: KVM: MMU potential stack buffer overrun during page walks
  • BZ - 1537671 - kernel-rt: update to the RHEL7.4.z batch#5 source tree

Red Hat Enterprise Linux for Real Time 7

SRPM
kernel-rt-3.10.0-693.21.1.rt56.639.el7.src.rpm SHA-256: 4f0f4d0a16baaa8394a074a7ef975f42d1035c25d3b678da3cf242050e90174a
x86_64
kernel-rt-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm SHA-256: 1b3fdfdaa8666fb03dcf6b3ea8542f4ecbf288334c9bcde6eb0fba9d0cd2c0c9
kernel-rt-debug-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm SHA-256: c3c3f033105692ef85b69d54185a9dc619186547f504a4e1013e35360d541ab5
kernel-rt-debug-debuginfo-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm SHA-256: ec104a8ef9362ce4f377a464e85d302b130be9057a5a9f1e556112ace25f921f
kernel-rt-debug-devel-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm SHA-256: b4055dc811fd901fb79ef18437953b61a713e5f49359610e527bd2efda5dfaac
kernel-rt-debuginfo-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm SHA-256: 169021464467e5afe4d082f8456203ff63089e0afb8cdee1842bf741e12703d9
kernel-rt-debuginfo-common-x86_64-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm SHA-256: 091d78338a821876c1cf98c3c667c9652ba8c42e36028e91c51abce3343d91a4
kernel-rt-devel-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm SHA-256: 86269aee33437c60ee99bda1ee393ecb88953c22186ce6b5add7b5c94030e7a2
kernel-rt-doc-3.10.0-693.21.1.rt56.639.el7.noarch.rpm SHA-256: 4aa997841b2092ba948b614577bc7a4f1b6796a71d876fb3d759a6a9d52ffa37
kernel-rt-trace-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm SHA-256: 9e1d8c0f17479defa545ffb3fb9090447b479b3458ad26e173af13342961d67d
kernel-rt-trace-debuginfo-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm SHA-256: f3e04ba5116c66b6d752cf12509c6fa8254e98a9bec1ec6d5d1477983e142c32
kernel-rt-trace-devel-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm SHA-256: 1d1bc04f21655f319a72a86df539a6101fa9755bb73bc18fdbad467afe807ba3

Red Hat Enterprise Linux for Real Time for NFV 7

SRPM
kernel-rt-3.10.0-693.21.1.rt56.639.el7.src.rpm SHA-256: 4f0f4d0a16baaa8394a074a7ef975f42d1035c25d3b678da3cf242050e90174a
x86_64
kernel-rt-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm SHA-256: 1b3fdfdaa8666fb03dcf6b3ea8542f4ecbf288334c9bcde6eb0fba9d0cd2c0c9
kernel-rt-debug-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm SHA-256: c3c3f033105692ef85b69d54185a9dc619186547f504a4e1013e35360d541ab5
kernel-rt-debug-debuginfo-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm SHA-256: ec104a8ef9362ce4f377a464e85d302b130be9057a5a9f1e556112ace25f921f
kernel-rt-debug-devel-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm SHA-256: b4055dc811fd901fb79ef18437953b61a713e5f49359610e527bd2efda5dfaac
kernel-rt-debug-kvm-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm SHA-256: 0d24ad895e60521c9908519f0e8f1608427a1fdd0a75667041a3d8a0a2ff2c05
kernel-rt-debug-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm SHA-256: d9ae31d33f61bdae22624f617d666e098d61f0732af51215c631c6e5f1a835ce
kernel-rt-debuginfo-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm SHA-256: 169021464467e5afe4d082f8456203ff63089e0afb8cdee1842bf741e12703d9
kernel-rt-debuginfo-common-x86_64-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm SHA-256: 091d78338a821876c1cf98c3c667c9652ba8c42e36028e91c51abce3343d91a4
kernel-rt-devel-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm SHA-256: 86269aee33437c60ee99bda1ee393ecb88953c22186ce6b5add7b5c94030e7a2
kernel-rt-doc-3.10.0-693.21.1.rt56.639.el7.noarch.rpm SHA-256: 4aa997841b2092ba948b614577bc7a4f1b6796a71d876fb3d759a6a9d52ffa37
kernel-rt-kvm-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm SHA-256: 1422e805a69d7c26cce9fad50a21dec6a07aa7f2cb39369b5487edaae8991be5
kernel-rt-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm SHA-256: 8ea525ad32a1e7c3f22cbc86f7d277e19fdab4607ba2e0a740a9aaf7bb0e820c
kernel-rt-trace-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm SHA-256: 9e1d8c0f17479defa545ffb3fb9090447b479b3458ad26e173af13342961d67d
kernel-rt-trace-debuginfo-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm SHA-256: f3e04ba5116c66b6d752cf12509c6fa8254e98a9bec1ec6d5d1477983e142c32
kernel-rt-trace-devel-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm SHA-256: 1d1bc04f21655f319a72a86df539a6101fa9755bb73bc18fdbad467afe807ba3
kernel-rt-trace-kvm-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm SHA-256: 38d31f1bdbd0b9069b2a3491bbea6e1b74a405d6928642827119aaf0e9b9723d
kernel-rt-trace-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm SHA-256: dc9b5a161af243c24fcd1c3e201874383a133b733fcaeaaf2f6217efe6349f9b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.