Red Hat Product Errata RHSA-2018:1642 - Security Advisory

Issued:: 2018-05-21
Updated:: 2018-05-21

RHSA-2018:1642 - Security Advisory

Overview
Updated Packages

Synopsis

Important: kernel-rt security update

Type/Severity

Security Advisory: Important

Topic

An update for kernel-rt is now available for Red Hat Enterprise MRG 2.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639)

Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software side of the mitigation for this hardware issue. To be fully functional, up-to-date CPU microcode applied on the system is required. Please refer to References section for further information about this issue, CPU microcode requirements and the potential performance impact.

Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

MRG Realtime 2 x86_64

Fixes

BZ - 1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

CVEs

CVE-2018-3639

References

Note: More recent versions of these packages may be available. Click a package name for more details.

MRG Realtime 2

SRPM
kernel-rt-3.10.0-693.25.7.rt56.615.el6rt.src.rpm	SHA-256: e16aa48cf5d3a2bb65b5e1ccd8de672145b48df18f685d7f79d89169441493b0
x86_64
kernel-rt-3.10.0-693.25.7.rt56.615.el6rt.x86_64.rpm	SHA-256: 4816e0b2c135407abd750ab98f14a2bb8e1c047dbe92a0f14400e09efe658542
kernel-rt-debug-3.10.0-693.25.7.rt56.615.el6rt.x86_64.rpm	SHA-256: 23252691ed16c48adc3233e7436f5c52bae2fa4c0d502ba36d4fed8d0a34b172
kernel-rt-debug-debuginfo-3.10.0-693.25.7.rt56.615.el6rt.x86_64.rpm	SHA-256: 4d495ddfc3bc39e8b5a8457c3592fbea7611abdcc52956686ba9421ecd065fed
kernel-rt-debug-devel-3.10.0-693.25.7.rt56.615.el6rt.x86_64.rpm	SHA-256: 0e27be7b72ee0d40d84676bf5e56d7f3c592107d6a46a5c7eaa7de2f7b7c6fe5
kernel-rt-debuginfo-3.10.0-693.25.7.rt56.615.el6rt.x86_64.rpm	SHA-256: 1855cede75e383a3a96faa134ee654af787837a16b4456ff354436f401ebcacf
kernel-rt-debuginfo-common-x86_64-3.10.0-693.25.7.rt56.615.el6rt.x86_64.rpm	SHA-256: 586a9897e3d3af714f3fe7a2296dd02bdec3be1eb9a40a35c6bae97ca73c4c7b
kernel-rt-devel-3.10.0-693.25.7.rt56.615.el6rt.x86_64.rpm	SHA-256: f9b2ad18972dfee03ae759a4625ef3d69427f2abcde3a379fa7828f8686eabf0
kernel-rt-doc-3.10.0-693.25.7.rt56.615.el6rt.noarch.rpm	SHA-256: 6db943df986e2c68e25994c287f87ddf9dc61f378f3a23b5763d3cb3e75bf066
kernel-rt-firmware-3.10.0-693.25.7.rt56.615.el6rt.noarch.rpm	SHA-256: 22255afddb67b4deabcd883d43b9fa0190006ad02ca955dbd2da0ce6e53bef3b
kernel-rt-trace-3.10.0-693.25.7.rt56.615.el6rt.x86_64.rpm	SHA-256: 4d9ca25d41540fa4b4bdfabaff9c76f61b5f7d8429db8e00ebedbf236abf54cc
kernel-rt-trace-debuginfo-3.10.0-693.25.7.rt56.615.el6rt.x86_64.rpm	SHA-256: 41dbd38efb625241cfe59291e2af69a3fe3f37b211454c3fcf46dda32bcabaa3
kernel-rt-trace-devel-3.10.0-693.25.7.rt56.615.el6rt.x86_64.rpm	SHA-256: dd085283ac224b2c6d41bf88570618d43a1f30e249f0b9e74cf8392d386e2000
kernel-rt-vanilla-3.10.0-693.25.7.rt56.615.el6rt.x86_64.rpm	SHA-256: a6f0cc4fae28df59e1570ab02f2e88ba2fc4908fbcc23f627eca026668ef1022
kernel-rt-vanilla-debuginfo-3.10.0-693.25.7.rt56.615.el6rt.x86_64.rpm	SHA-256: e9a85231743e94504f1ab2cdc430c0cc7345f7b3d7ec7d11e3c81987c7c95b3b
kernel-rt-vanilla-devel-3.10.0-693.25.7.rt56.615.el6rt.x86_64.rpm	SHA-256: 9bcae7b26f98c092d8ae8b85e1009929e6ccee72d97c60d5056a45eadfedd349

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories