Red Hat Product Errata RHSA-2019:2741 - Security Advisory

Issued:: 2019-09-11
Updated:: 2019-09-11

RHSA-2019:2741 - Security Advisory

Overview
Updated Packages

Synopsis

Important: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Important

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c (CVE-2019-3846)
Kernel: KVM: nVMX: guest accesses L0 MSR causes potential DoS (CVE-2019-3887)
kernel: brcmfmac heap buffer overflow in brcmf_wowl_nd_results (CVE-2019-9500)
kernel: Count overflow in FUSE request leading to use-after-free issues. (CVE-2019-11487)
kernel: brcmfmac frame validation bypass (CVE-2019-9503)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

BUG: scheduling while atomic in zswap (BZ#1726362)
kernel-rt: update to the RHEL8.0.z batch#3 source tree (BZ#1734475)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

Red Hat Enterprise Linux for Real Time 8 x86_64
Red Hat Enterprise Linux for Real Time for NFV 8 x86_64

Fixes

BZ - 1695044 - CVE-2019-3887 Kernel: KVM: nVMX: guest accesses L0 MSR causes potential DoS
BZ - 1701224 - CVE-2019-9500 kernel: brcmfmac heap buffer overflow in brcmf_wowl_nd_results
BZ - 1701842 - CVE-2019-9503 kernel: brcmfmac frame validation bypass
BZ - 1703063 - CVE-2019-11487 kernel: Count overflow in FUSE request leading to use-after-free issues.
BZ - 1713059 - CVE-2019-3846 kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c
BZ - 1726362 - BUG: scheduling while atomic in zswap [rhel-8.0.0.z]
BZ - 1734475 - kernel-rt: update to the RHEL8.0.z batch#3 source tree

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for Real Time 8

SRPM
kernel-rt-4.18.0-80.11.1.rt9.156.el8_0.src.rpm	SHA-256: bfcbe09d4e63253657bde22174cfa467415654367e1ec6982144463881053117
x86_64
kernel-rt-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm	SHA-256: 854824e6bf864b41f0caf8b347b3213c6ba7b781e338f3b6b33971e2a74b72d6
kernel-rt-core-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm	SHA-256: 71338d3ea1ea03edf63803decd8f3e18c2fe4fa536bae5e2811880dd71bae7d4
kernel-rt-debug-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm	SHA-256: db360dca98998d6b01ecac881100e7170e77e1e047578fc42e735c3d8888eb21
kernel-rt-debug-core-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm	SHA-256: 030f2db9e55e9d450f09fe121c0400b8766fea1f36945063a4c317c54abcf8a7
kernel-rt-debug-debuginfo-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm	SHA-256: eb948cec4eb595d7279e510c1c0bfccb9104608531691e70a02369cd3f9d68fb
kernel-rt-debug-devel-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm	SHA-256: 265612aaf5777e24c365c20b30cc183a53725f2f241a68cf675ac28e77252697
kernel-rt-debug-kvm-debuginfo-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm	SHA-256: 055edb8ff6bed204e253c32300821ced60ca8b710c95e2e08536aa092793c7c7
kernel-rt-debug-modules-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm	SHA-256: 6de528481def2ecbdffb25770861d18678a6f5d21305064e0151c5a21b6b1f38
kernel-rt-debug-modules-extra-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm	SHA-256: e02875fec8db1170a2236cde489b3dd1b63d9cd176d99a456ec6a799dcee292b
kernel-rt-debuginfo-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm	SHA-256: 1c826939e073fe256d7ef4eed641342e3cd1174e8bbaf8da27f980f583d1b427
kernel-rt-debuginfo-common-x86_64-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm	SHA-256: 325b2f3e5ac5a34d1f782ff19ba051202841b1cf30cf449b640d0fc7b266f7ae
kernel-rt-devel-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm	SHA-256: 0fb325d7849d5024e8e2093c01a9a860d4e11aa1eb0b44ccb25c3a202abfb6e1
kernel-rt-kvm-debuginfo-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm	SHA-256: c9c2c6f095ee43197dbabfd8d009888b8ea971224cedfcea3ce117b302d1b9b1
kernel-rt-modules-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm	SHA-256: 7baaa1cf69ba2b111bfbbff9f3810d499492c05e8b03ea5f4c0fb15119bd97a0
kernel-rt-modules-extra-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm	SHA-256: e2d9a9f51697ee7f0ab2b4f8ecdcef32c5fe1f497a68ef4fe3ff2342eda4e0bc

Red Hat Enterprise Linux for Real Time for NFV 8

SRPM
kernel-rt-4.18.0-80.11.1.rt9.156.el8_0.src.rpm	SHA-256: bfcbe09d4e63253657bde22174cfa467415654367e1ec6982144463881053117
x86_64
kernel-rt-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm	SHA-256: 854824e6bf864b41f0caf8b347b3213c6ba7b781e338f3b6b33971e2a74b72d6
kernel-rt-core-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm	SHA-256: 71338d3ea1ea03edf63803decd8f3e18c2fe4fa536bae5e2811880dd71bae7d4
kernel-rt-debug-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm	SHA-256: db360dca98998d6b01ecac881100e7170e77e1e047578fc42e735c3d8888eb21
kernel-rt-debug-core-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm	SHA-256: 030f2db9e55e9d450f09fe121c0400b8766fea1f36945063a4c317c54abcf8a7
kernel-rt-debug-debuginfo-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm	SHA-256: eb948cec4eb595d7279e510c1c0bfccb9104608531691e70a02369cd3f9d68fb
kernel-rt-debug-devel-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm	SHA-256: 265612aaf5777e24c365c20b30cc183a53725f2f241a68cf675ac28e77252697
kernel-rt-debug-kvm-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm	SHA-256: 72d601cb95edd2a05b465fb184526d2e17d00ce27adc48af6ada0c8fb74e9a93
kernel-rt-debug-kvm-debuginfo-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm	SHA-256: 055edb8ff6bed204e253c32300821ced60ca8b710c95e2e08536aa092793c7c7
kernel-rt-debug-modules-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm	SHA-256: 6de528481def2ecbdffb25770861d18678a6f5d21305064e0151c5a21b6b1f38
kernel-rt-debug-modules-extra-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm	SHA-256: e02875fec8db1170a2236cde489b3dd1b63d9cd176d99a456ec6a799dcee292b
kernel-rt-debuginfo-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm	SHA-256: 1c826939e073fe256d7ef4eed641342e3cd1174e8bbaf8da27f980f583d1b427
kernel-rt-debuginfo-common-x86_64-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm	SHA-256: 325b2f3e5ac5a34d1f782ff19ba051202841b1cf30cf449b640d0fc7b266f7ae
kernel-rt-devel-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm	SHA-256: 0fb325d7849d5024e8e2093c01a9a860d4e11aa1eb0b44ccb25c3a202abfb6e1
kernel-rt-kvm-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm	SHA-256: 2d8d5afce5340fc6d8ff75e0c989b7ff1afc082341c30de16f279896c1d42570
kernel-rt-kvm-debuginfo-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm	SHA-256: c9c2c6f095ee43197dbabfd8d009888b8ea971224cedfcea3ce117b302d1b9b1
kernel-rt-modules-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm	SHA-256: 7baaa1cf69ba2b111bfbbff9f3810d499492c05e8b03ea5f4c0fb15119bd97a0
kernel-rt-modules-extra-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm	SHA-256: e2d9a9f51697ee7f0ab2b4f8ecdcef32c5fe1f497a68ef4fe3ff2342eda4e0bc

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Mobile

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories