Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2018:1630 - Security Advisory
Issued:
2018-05-21
Updated:
2018-05-21

RHSA-2018:1630 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: kernel-rt security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639)

Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software side of the mitigation for this hardware issue. To be fully functional, up-to-date CPU microcode applied on the system is required. Please refer to References section for further information about this issue, CPU microcode requirements and the potential performance impact.

Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for Real Time 7 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV 7 x86_64
  • Red Hat Enterprise Linux for Real Time for x86_64 - Extended Life Cycle Support 7 x86_64

Fixes

  • BZ - 1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

CVEs

  • CVE-2018-3639

References

  • https://access.redhat.com/security/updates/classification/#important
  • https://access.redhat.com/security/vulnerabilities/ssbd
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for Real Time 7

SRPM
kernel-rt-3.10.0-862.3.2.rt56.808.el7.src.rpm SHA-256: 75c8bc74b4e21964e4e9ae117a6b92caa87ab798528a17e2439ac6ec24a2e8ca
x86_64
kernel-rt-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 1020057de30591ce54bc1b6d48fa2f759530c8d41f940a57451ffcc4ade9c20b
kernel-rt-debug-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: b8c09784a1324e39dacaff6ccdde9bc05e45e27cb7599c87201bc859f306c63f
kernel-rt-debug-devel-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 5e69c5ce6dcbf5ce1a5cd778500be8a0db232fa5625da958992c50feb2ff0a54
kernel-rt-devel-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 6505556eb50067bce48dee8654753a5480cfa3b14812aba9f81b02a01549da9b
kernel-rt-doc-3.10.0-862.3.2.rt56.808.el7.noarch.rpm SHA-256: 692170ae82723e84de408abf3d4da16892b674ca1d311ac9229c0b65ff2fca14
kernel-rt-trace-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 3dc60062eac1e315356e329390b9d1e148a1c69996dacb886f7caecc14f5d0aa
kernel-rt-trace-devel-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 8b4bb765b56e1c52b05ff15bfc8645e8a56bef430247ddecd7d0c0fabf6be1a4

Red Hat Enterprise Linux for Real Time for NFV 7

SRPM
kernel-rt-3.10.0-862.3.2.rt56.808.el7.src.rpm SHA-256: 75c8bc74b4e21964e4e9ae117a6b92caa87ab798528a17e2439ac6ec24a2e8ca
x86_64
kernel-rt-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 1020057de30591ce54bc1b6d48fa2f759530c8d41f940a57451ffcc4ade9c20b
kernel-rt-debug-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: b8c09784a1324e39dacaff6ccdde9bc05e45e27cb7599c87201bc859f306c63f
kernel-rt-debug-debuginfo-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 4d65a78e7d9af947458a64a3e476e916d13ebbe86a6b0f6b90df969916127f01
kernel-rt-debug-devel-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 5e69c5ce6dcbf5ce1a5cd778500be8a0db232fa5625da958992c50feb2ff0a54
kernel-rt-debug-kvm-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 6713fea30573b571aa5f854ec770ef8a38f014ef9c42240a95b9eea42e9c0867
kernel-rt-debug-kvm-debuginfo-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 0c46b980b1c71f25bdf2a9b4a248a6e59d1d33b697bb66756aa889d5b2a16f55
kernel-rt-debuginfo-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: edfbcc2d148802ca70d66a98c19ef9122b358c1b58b619d37aa25a104b6525b3
kernel-rt-debuginfo-common-x86_64-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 5ea08e08ea7e02175d41cc426dafde51dae0acf20709e0eed8c20b8a7732e578
kernel-rt-devel-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 6505556eb50067bce48dee8654753a5480cfa3b14812aba9f81b02a01549da9b
kernel-rt-doc-3.10.0-862.3.2.rt56.808.el7.noarch.rpm SHA-256: 692170ae82723e84de408abf3d4da16892b674ca1d311ac9229c0b65ff2fca14
kernel-rt-kvm-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: e22745eb964de245be29f14f3c1e7f693aeae99e9305b49c79342b406a780388
kernel-rt-kvm-debuginfo-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 3b51d89d0e211d878e4af35c3d4bbd5db439fdb526bc05ffde228eaedefecdb1
kernel-rt-trace-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 3dc60062eac1e315356e329390b9d1e148a1c69996dacb886f7caecc14f5d0aa
kernel-rt-trace-debuginfo-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 01d2d12dd9439eb4fb708075e7dcebb9d544cb03593a57298569935f053f89c3
kernel-rt-trace-devel-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 8b4bb765b56e1c52b05ff15bfc8645e8a56bef430247ddecd7d0c0fabf6be1a4
kernel-rt-trace-kvm-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 479620a0ce9eb1bc1fe1fbe5684ac1fc1f2cc3d44b8707922fc463cf50206810
kernel-rt-trace-kvm-debuginfo-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 323565d2dde5f6ceffca15754d30eec14bf962d9d7e4fb6a27d6e9f76497fda7

Red Hat Enterprise Linux for Real Time for x86_64 - Extended Life Cycle Support 7

SRPM
kernel-rt-3.10.0-862.3.2.rt56.808.el7.src.rpm SHA-256: 75c8bc74b4e21964e4e9ae117a6b92caa87ab798528a17e2439ac6ec24a2e8ca
x86_64
kernel-rt-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 1020057de30591ce54bc1b6d48fa2f759530c8d41f940a57451ffcc4ade9c20b
kernel-rt-debug-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: b8c09784a1324e39dacaff6ccdde9bc05e45e27cb7599c87201bc859f306c63f
kernel-rt-debug-devel-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 5e69c5ce6dcbf5ce1a5cd778500be8a0db232fa5625da958992c50feb2ff0a54
kernel-rt-devel-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 6505556eb50067bce48dee8654753a5480cfa3b14812aba9f81b02a01549da9b
kernel-rt-doc-3.10.0-862.3.2.rt56.808.el7.noarch.rpm SHA-256: 692170ae82723e84de408abf3d4da16892b674ca1d311ac9229c0b65ff2fca14
kernel-rt-trace-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 3dc60062eac1e315356e329390b9d1e148a1c69996dacb886f7caecc14f5d0aa
kernel-rt-trace-devel-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 8b4bb765b56e1c52b05ff15bfc8645e8a56bef430247ddecd7d0c0fabf6be1a4

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility