Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2018:1630 - Security Advisory
Issued:
2018-05-21
Updated:
2018-05-21

RHSA-2018:1630 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: kernel-rt security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639)

Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software side of the mitigation for this hardware issue. To be fully functional, up-to-date CPU microcode applied on the system is required. Please refer to References section for further information about this issue, CPU microcode requirements and the potential performance impact.

Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for Real Time 7 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV 7 x86_64

Fixes

  • BZ - 1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

CVEs

  • CVE-2018-3639

References

  • https://access.redhat.com/security/updates/classification/#important
  • https://access.redhat.com/security/vulnerabilities/ssbd
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for Real Time 7

SRPM
kernel-rt-3.10.0-862.3.2.rt56.808.el7.src.rpm SHA-256: 75c8bc74b4e21964e4e9ae117a6b92caa87ab798528a17e2439ac6ec24a2e8ca
x86_64
kernel-rt-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 1020057de30591ce54bc1b6d48fa2f759530c8d41f940a57451ffcc4ade9c20b
kernel-rt-debug-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: b8c09784a1324e39dacaff6ccdde9bc05e45e27cb7599c87201bc859f306c63f
kernel-rt-debug-devel-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 5e69c5ce6dcbf5ce1a5cd778500be8a0db232fa5625da958992c50feb2ff0a54
kernel-rt-devel-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 6505556eb50067bce48dee8654753a5480cfa3b14812aba9f81b02a01549da9b
kernel-rt-doc-3.10.0-862.3.2.rt56.808.el7.noarch.rpm SHA-256: 692170ae82723e84de408abf3d4da16892b674ca1d311ac9229c0b65ff2fca14
kernel-rt-trace-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 3dc60062eac1e315356e329390b9d1e148a1c69996dacb886f7caecc14f5d0aa
kernel-rt-trace-devel-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 8b4bb765b56e1c52b05ff15bfc8645e8a56bef430247ddecd7d0c0fabf6be1a4

Red Hat Enterprise Linux for Real Time for NFV 7

SRPM
kernel-rt-3.10.0-862.3.2.rt56.808.el7.src.rpm SHA-256: 75c8bc74b4e21964e4e9ae117a6b92caa87ab798528a17e2439ac6ec24a2e8ca
x86_64
kernel-rt-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 1020057de30591ce54bc1b6d48fa2f759530c8d41f940a57451ffcc4ade9c20b
kernel-rt-debug-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: b8c09784a1324e39dacaff6ccdde9bc05e45e27cb7599c87201bc859f306c63f
kernel-rt-debug-debuginfo-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 4d65a78e7d9af947458a64a3e476e916d13ebbe86a6b0f6b90df969916127f01
kernel-rt-debug-devel-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 5e69c5ce6dcbf5ce1a5cd778500be8a0db232fa5625da958992c50feb2ff0a54
kernel-rt-debug-kvm-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 6713fea30573b571aa5f854ec770ef8a38f014ef9c42240a95b9eea42e9c0867
kernel-rt-debug-kvm-debuginfo-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 0c46b980b1c71f25bdf2a9b4a248a6e59d1d33b697bb66756aa889d5b2a16f55
kernel-rt-debuginfo-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: edfbcc2d148802ca70d66a98c19ef9122b358c1b58b619d37aa25a104b6525b3
kernel-rt-debuginfo-common-x86_64-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 5ea08e08ea7e02175d41cc426dafde51dae0acf20709e0eed8c20b8a7732e578
kernel-rt-devel-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 6505556eb50067bce48dee8654753a5480cfa3b14812aba9f81b02a01549da9b
kernel-rt-doc-3.10.0-862.3.2.rt56.808.el7.noarch.rpm SHA-256: 692170ae82723e84de408abf3d4da16892b674ca1d311ac9229c0b65ff2fca14
kernel-rt-kvm-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: e22745eb964de245be29f14f3c1e7f693aeae99e9305b49c79342b406a780388
kernel-rt-kvm-debuginfo-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 3b51d89d0e211d878e4af35c3d4bbd5db439fdb526bc05ffde228eaedefecdb1
kernel-rt-trace-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 3dc60062eac1e315356e329390b9d1e148a1c69996dacb886f7caecc14f5d0aa
kernel-rt-trace-debuginfo-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 01d2d12dd9439eb4fb708075e7dcebb9d544cb03593a57298569935f053f89c3
kernel-rt-trace-devel-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 8b4bb765b56e1c52b05ff15bfc8645e8a56bef430247ddecd7d0c0fabf6be1a4
kernel-rt-trace-kvm-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 479620a0ce9eb1bc1fe1fbe5684ac1fc1f2cc3d44b8707922fc463cf50206810
kernel-rt-trace-kvm-debuginfo-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm SHA-256: 323565d2dde5f6ceffca15754d30eec14bf962d9d7e4fb6a27d6e9f76497fda7

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2023 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter