Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2019:2043 - Security Advisory
Issued:
2019-08-06
Updated:
2019-08-06

RHSA-2019:2043 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900)
  • Kernel: page cache side channel attacks (CVE-2019-5489)
  • kernel: Buffer overflow in hidp_process_report (CVE-2018-9363)
  • kernel: l2tp: Race condition between pppol2tp_session_create() and l2tp_eth_create() (CVE-2018-9517)
  • kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853)
  • kernel: use-after-free Read in vhost_transport_send_pkt (CVE-2018-14625)
  • kernel: use-after-free in ucma_leave_multicast in drivers/infiniband/core/ucma.c (CVE-2018-14734)
  • kernel: Mishandling of indirect calls weakens Spectre mitigation for paravirtual guests (CVE-2018-15594)
  • kernel: TLB flush happens too late on mremap (CVE-2018-18281)
  • kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459)
  • kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460)
  • kernel: denial of service vector through vfio DMA mappings (CVE-2019-3882)
  • kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)
  • kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS (CVE-2019-11810)
  • kernel: fs/ext4/extents.c leads to information disclosure (CVE-2019-11833)
  • kernel: Information exposure in fd_locked_ioctl function in drivers/block/floppy.c (CVE-2018-7755)
  • kernel: Memory leak in drivers/net/wireless/mac80211_hwsim.c:hwsim_new_radio_nl() can lead to potential denial of service (CVE-2018-8087)
  • kernel: HID: debug: Buffer overflow in hid_debug_events_read() in drivers/hid/hid-debug.c (CVE-2018-9516)
  • kernel: Integer overflow in the alarm_timer_nsleep function (CVE-2018-13053)
  • kernel: NULL pointer dereference in lookup_slow function (CVE-2018-13093)
  • kernel: NULL pointer dereference in xfs_da_shrink_inode function (CVE-2018-13094)
  • kernel: NULL pointer dereference in fs/xfs/libxfs/xfs_inode_buf.c (CVE-2018-13095)
  • kernel: Information leak in cdrom_ioctl_drive_status (CVE-2018-16658)
  • kernel: out-of-bound read in memcpy_fromiovecend() (CVE-2018-16885)
  • Kernel: KVM: leak of uninitialized stack contents to guest (CVE-2019-7222)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for Real Time 7 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV 7 x86_64
  • Red Hat Enterprise Linux for Real Time for x86_64 - Extended Life Cycle Support 7 x86_64

Fixes

  • BZ - 1553216 - CVE-2018-7755 kernel: Information exposure in fd_locked_ioctl function in drivers/block/floppy.c
  • BZ - 1555145 - CVE-2018-8087 kernel: Memory leak in drivers/net/wireless/mac80211_hwsim.c:hwsim_new_radio_nl() can lead to potential denial of service
  • BZ - 1573916 - kernel-rt-kvm multiversion
  • BZ - 1589890 - CVE-2018-10853 kernel: kvm: guest userspace to guest kernel write
  • BZ - 1593361 - Update kernel-rt timer wheel code
  • BZ - 1597747 - CVE-2018-13053 kernel: Integer overflow in the alarm_timer_nsleep function
  • BZ - 1597766 - CVE-2018-13093 kernel: NULL pointer dereference in lookup_slow function
  • BZ - 1597771 - CVE-2018-13094 kernel: NULL pointer dereference in xfs_da_shrink_inode function
  • BZ - 1597775 - CVE-2018-13095 kernel: NULL pointer dereference in fs/xfs/libxfs/xfs_inode_buf.c
  • BZ - 1611005 - CVE-2018-14734 kernel: use-after-free in ucma_leave_multicast in drivers/infiniband/core/ucma.c
  • BZ - 1619846 - CVE-2018-14625 kernel: use-after-free Read in vhost_transport_send_pkt
  • BZ - 1620555 - CVE-2018-15594 kernel: Mishandling of indirect calls weakens Spectre mitigation for paravirtual guests
  • BZ - 1623067 - CVE-2018-9363 kernel: Buffer overflow in hidp_process_report
  • BZ - 1627731 - CVE-2018-16658 kernel: Information leak in cdrom_ioctl_drive_status
  • BZ - 1631036 - CVE-2018-9516 kernel: HID: debug: Buffer overflow in hid_debug_events_read() in drivers/hid/hid-debug.c
  • BZ - 1631045 - CVE-2018-9517 kernel: l2tp: Race condition between pppol2tp_session_create() and l2tp_eth_create()
  • BZ - 1642619 - RT: update kernel-rt source tree to match RHEL 7.7 tree
  • BZ - 1645121 - CVE-2018-18281 kernel: TLB flush happens too late on mremap
  • BZ - 1661503 - CVE-2018-16885 kernel: out-of-bound read in memcpy_fromiovecend()
  • BZ - 1663176 - CVE-2019-3459 kernel: Heap address information leak while using L2CAP_GET_CONF_OPT
  • BZ - 1663179 - CVE-2019-3460 kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP
  • BZ - 1664110 - CVE-2019-5489 Kernel: page cache side channel attacks
  • BZ - 1664380 - BUG: scheduling while atomic: kworker/1:1/24117/0x00000002
  • BZ - 1665278 - hrtimers: WARNING: CPU: 8 PID: 79 at kernel/hrtimer.c:1506 run_hrtimer_softirq+0x264/0x270
  • BZ - 1671126 - NMI watchdog ineffective due to mismerge
  • BZ - 1671930 - CVE-2019-7222 Kernel: KVM: leak of uninitialized stack contents to guest
  • BZ - 1684745 - VM hangs on RHEL rt-kernel and OSP 13
  • BZ - 1689426 - CVE-2019-3882 kernel: denial of service vector through vfio DMA mappings
  • BZ - 1698757 - CVE-2019-3900 Kernel: vhost_net: infinite loop while receiving packets leads to DoS
  • BZ - 1705937 - CVE-2019-11599 kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
  • BZ - 1709164 - CVE-2019-11810 kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS
  • BZ - 1712072 - CVE-2019-11833 kernel: fs/ext4/extents.c leads to information disclosure
  • BZ - 1717212 - KVM tracebacks causing significant latency to VM

CVEs

  • CVE-2018-7755
  • CVE-2018-8087
  • CVE-2018-9363
  • CVE-2018-9516
  • CVE-2018-9517
  • CVE-2018-10853
  • CVE-2018-13053
  • CVE-2018-13093
  • CVE-2018-13094
  • CVE-2018-13095
  • CVE-2018-14625
  • CVE-2018-14734
  • CVE-2018-15594
  • CVE-2018-16658
  • CVE-2018-16885
  • CVE-2018-18281
  • CVE-2019-3459
  • CVE-2019-3460
  • CVE-2019-3882
  • CVE-2019-3900
  • CVE-2019-5489
  • CVE-2019-7222
  • CVE-2019-9456
  • CVE-2019-10140
  • CVE-2019-11599
  • CVE-2019-11810
  • CVE-2019-11833

References

  • https://access.redhat.com/security/updates/classification/#important
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/7.7_release_notes/index
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for Real Time 7

SRPM
kernel-rt-3.10.0-1062.rt56.1022.el7.src.rpm SHA-256: 6c21b06000f8cbff4a63185404b2fc0be5782401bc4660ffb83baa7f7727e304
x86_64
kernel-rt-3.10.0-1062.rt56.1022.el7.x86_64.rpm SHA-256: d08be35b59ac5e2af4327a1f9ba41d8f11e1dad6f492916e11c413698e06bce1
kernel-rt-debug-3.10.0-1062.rt56.1022.el7.x86_64.rpm SHA-256: 6622a3c0289d4bcc01d1fa74cbab922b3628bd8da4a7971f5aaa458698d5b10e
kernel-rt-debug-debuginfo-3.10.0-1062.rt56.1022.el7.x86_64.rpm SHA-256: 905e9d70420526f98062e66840f7e7ce78f26f6cc3335022870335ab8e6f70a5
kernel-rt-debug-devel-3.10.0-1062.rt56.1022.el7.x86_64.rpm SHA-256: 5603e4139f14accef2c38fca6f7d07442e4bfd1edde1b4282ae2bdbd9079966c
kernel-rt-debuginfo-3.10.0-1062.rt56.1022.el7.x86_64.rpm SHA-256: d433938bbe666cee09217ace84371a5eebb60bad09d557270ab9baf6d64cb5ff
kernel-rt-debuginfo-common-x86_64-3.10.0-1062.rt56.1022.el7.x86_64.rpm SHA-256: 36ce35af5aec844d923648b51a891c27ad4df80b69bb5cc8321c8dd24ffec606
kernel-rt-devel-3.10.0-1062.rt56.1022.el7.x86_64.rpm SHA-256: 76fa780caffafa162a16678d2a197f16717cb2756cd92c8ad9aa69ef3499b6ce
kernel-rt-doc-3.10.0-1062.rt56.1022.el7.noarch.rpm SHA-256: b3ccaa97c18e7958f786df3b630b111cac878966ea93d67279ea365674140975
kernel-rt-trace-3.10.0-1062.rt56.1022.el7.x86_64.rpm SHA-256: 472902f65747eb11634a37565b0a0ba0055764708f8891c54eaee5d4b668cd94
kernel-rt-trace-debuginfo-3.10.0-1062.rt56.1022.el7.x86_64.rpm SHA-256: e28d1eb3aebd987b3221a9a53c3bb9d2129d45f869f76e157c1e2bc85db4c597
kernel-rt-trace-devel-3.10.0-1062.rt56.1022.el7.x86_64.rpm SHA-256: 3b30a555a620d5b01b5c3e7c554573c6edff1b382f53ee0ba3e4b4c084e9fb44

Red Hat Enterprise Linux for Real Time for NFV 7

SRPM
kernel-rt-3.10.0-1062.rt56.1022.el7.src.rpm SHA-256: 6c21b06000f8cbff4a63185404b2fc0be5782401bc4660ffb83baa7f7727e304
x86_64
kernel-rt-3.10.0-1062.rt56.1022.el7.x86_64.rpm SHA-256: d08be35b59ac5e2af4327a1f9ba41d8f11e1dad6f492916e11c413698e06bce1
kernel-rt-debug-3.10.0-1062.rt56.1022.el7.x86_64.rpm SHA-256: 6622a3c0289d4bcc01d1fa74cbab922b3628bd8da4a7971f5aaa458698d5b10e
kernel-rt-debug-debuginfo-3.10.0-1062.rt56.1022.el7.x86_64.rpm SHA-256: 905e9d70420526f98062e66840f7e7ce78f26f6cc3335022870335ab8e6f70a5
kernel-rt-debug-devel-3.10.0-1062.rt56.1022.el7.x86_64.rpm SHA-256: 5603e4139f14accef2c38fca6f7d07442e4bfd1edde1b4282ae2bdbd9079966c
kernel-rt-debug-kvm-3.10.0-1062.rt56.1022.el7.x86_64.rpm SHA-256: 7f9a0dd6dbc90fbb1211a09d33bdcbaed0df51c0552c707fa8a9701a12fccb02
kernel-rt-debug-kvm-debuginfo-3.10.0-1062.rt56.1022.el7.x86_64.rpm SHA-256: 2e780aac5461246cd3eb57dd48861c355fecb8990b6d8b026a111198f919711e
kernel-rt-debuginfo-3.10.0-1062.rt56.1022.el7.x86_64.rpm SHA-256: d433938bbe666cee09217ace84371a5eebb60bad09d557270ab9baf6d64cb5ff
kernel-rt-debuginfo-common-x86_64-3.10.0-1062.rt56.1022.el7.x86_64.rpm SHA-256: 36ce35af5aec844d923648b51a891c27ad4df80b69bb5cc8321c8dd24ffec606
kernel-rt-devel-3.10.0-1062.rt56.1022.el7.x86_64.rpm SHA-256: 76fa780caffafa162a16678d2a197f16717cb2756cd92c8ad9aa69ef3499b6ce
kernel-rt-doc-3.10.0-1062.rt56.1022.el7.noarch.rpm SHA-256: b3ccaa97c18e7958f786df3b630b111cac878966ea93d67279ea365674140975
kernel-rt-kvm-3.10.0-1062.rt56.1022.el7.x86_64.rpm SHA-256: fa5fda74143051fd5777840ac068dd4f32b9cff688b530a0eeaa85fa6193ded1
kernel-rt-kvm-debuginfo-3.10.0-1062.rt56.1022.el7.x86_64.rpm SHA-256: d44490ac873f27e7dfdca65fb7f14de38e8d706ba2a774519a3c174def9ae7ce
kernel-rt-trace-3.10.0-1062.rt56.1022.el7.x86_64.rpm SHA-256: 472902f65747eb11634a37565b0a0ba0055764708f8891c54eaee5d4b668cd94
kernel-rt-trace-debuginfo-3.10.0-1062.rt56.1022.el7.x86_64.rpm SHA-256: e28d1eb3aebd987b3221a9a53c3bb9d2129d45f869f76e157c1e2bc85db4c597
kernel-rt-trace-devel-3.10.0-1062.rt56.1022.el7.x86_64.rpm SHA-256: 3b30a555a620d5b01b5c3e7c554573c6edff1b382f53ee0ba3e4b4c084e9fb44
kernel-rt-trace-kvm-3.10.0-1062.rt56.1022.el7.x86_64.rpm SHA-256: 4b976089a7b7f3436450d7a61333af33270599876d2a262a738dae5a657b63a3
kernel-rt-trace-kvm-debuginfo-3.10.0-1062.rt56.1022.el7.x86_64.rpm SHA-256: 82c325ac8d2c937c98a800e43bda8c44014bf0670c560c95cd55013fd19c0841

Red Hat Enterprise Linux for Real Time for x86_64 - Extended Life Cycle Support 7

SRPM
kernel-rt-3.10.0-1062.rt56.1022.el7.src.rpm SHA-256: 6c21b06000f8cbff4a63185404b2fc0be5782401bc4660ffb83baa7f7727e304
x86_64
kernel-rt-3.10.0-1062.rt56.1022.el7.x86_64.rpm SHA-256: d08be35b59ac5e2af4327a1f9ba41d8f11e1dad6f492916e11c413698e06bce1
kernel-rt-debug-3.10.0-1062.rt56.1022.el7.x86_64.rpm SHA-256: 6622a3c0289d4bcc01d1fa74cbab922b3628bd8da4a7971f5aaa458698d5b10e
kernel-rt-debug-debuginfo-3.10.0-1062.rt56.1022.el7.x86_64.rpm SHA-256: 905e9d70420526f98062e66840f7e7ce78f26f6cc3335022870335ab8e6f70a5
kernel-rt-debug-devel-3.10.0-1062.rt56.1022.el7.x86_64.rpm SHA-256: 5603e4139f14accef2c38fca6f7d07442e4bfd1edde1b4282ae2bdbd9079966c
kernel-rt-debuginfo-3.10.0-1062.rt56.1022.el7.x86_64.rpm SHA-256: d433938bbe666cee09217ace84371a5eebb60bad09d557270ab9baf6d64cb5ff
kernel-rt-debuginfo-common-x86_64-3.10.0-1062.rt56.1022.el7.x86_64.rpm SHA-256: 36ce35af5aec844d923648b51a891c27ad4df80b69bb5cc8321c8dd24ffec606
kernel-rt-devel-3.10.0-1062.rt56.1022.el7.x86_64.rpm SHA-256: 76fa780caffafa162a16678d2a197f16717cb2756cd92c8ad9aa69ef3499b6ce
kernel-rt-doc-3.10.0-1062.rt56.1022.el7.noarch.rpm SHA-256: b3ccaa97c18e7958f786df3b630b111cac878966ea93d67279ea365674140975
kernel-rt-trace-3.10.0-1062.rt56.1022.el7.x86_64.rpm SHA-256: 472902f65747eb11634a37565b0a0ba0055764708f8891c54eaee5d4b668cd94
kernel-rt-trace-debuginfo-3.10.0-1062.rt56.1022.el7.x86_64.rpm SHA-256: e28d1eb3aebd987b3221a9a53c3bb9d2129d45f869f76e157c1e2bc85db4c597
kernel-rt-trace-devel-3.10.0-1062.rt56.1022.el7.x86_64.rpm SHA-256: 3b30a555a620d5b01b5c3e7c554573c6edff1b382f53ee0ba3e4b4c084e9fb44

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat, Inc.

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility