- Issued:
- 2019-09-11
- Updated:
- 2019-09-11
RHSA-2019:2741 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c (CVE-2019-3846)
- Kernel: KVM: nVMX: guest accesses L0 MSR causes potential DoS (CVE-2019-3887)
- kernel: brcmfmac heap buffer overflow in brcmf_wowl_nd_results (CVE-2019-9500)
- kernel: Count overflow in FUSE request leading to use-after-free issues. (CVE-2019-11487)
- kernel: brcmfmac frame validation bypass (CVE-2019-9503)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- BUG: scheduling while atomic in zswap (BZ#1726362)
- kernel-rt: update to the RHEL8.0.z batch#3 source tree (BZ#1734475)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 8 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 8 x86_64
Fixes
- BZ - 1695044 - CVE-2019-3887 Kernel: KVM: nVMX: guest accesses L0 MSR causes potential DoS
- BZ - 1701224 - CVE-2019-9500 kernel: brcmfmac heap buffer overflow in brcmf_wowl_nd_results
- BZ - 1701842 - CVE-2019-9503 kernel: brcmfmac frame validation bypass
- BZ - 1703063 - CVE-2019-11487 kernel: Count overflow in FUSE request leading to use-after-free issues.
- BZ - 1713059 - CVE-2019-3846 kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c
- BZ - 1726362 - BUG: scheduling while atomic in zswap [rhel-8.0.0.z]
- BZ - 1734475 - kernel-rt: update to the RHEL8.0.z batch#3 source tree
CVEs
References
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time 8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-80.11.1.rt9.156.el8_0.src.rpm | SHA-256: bfcbe09d4e63253657bde22174cfa467415654367e1ec6982144463881053117 |
| x86_64 | |
| kernel-rt-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm | SHA-256: 854824e6bf864b41f0caf8b347b3213c6ba7b781e338f3b6b33971e2a74b72d6 |
| kernel-rt-core-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm | SHA-256: 71338d3ea1ea03edf63803decd8f3e18c2fe4fa536bae5e2811880dd71bae7d4 |
| kernel-rt-debug-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm | SHA-256: db360dca98998d6b01ecac881100e7170e77e1e047578fc42e735c3d8888eb21 |
| kernel-rt-debug-core-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm | SHA-256: 030f2db9e55e9d450f09fe121c0400b8766fea1f36945063a4c317c54abcf8a7 |
| kernel-rt-debug-debuginfo-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm | SHA-256: eb948cec4eb595d7279e510c1c0bfccb9104608531691e70a02369cd3f9d68fb |
| kernel-rt-debug-devel-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm | SHA-256: 265612aaf5777e24c365c20b30cc183a53725f2f241a68cf675ac28e77252697 |
| kernel-rt-debug-kvm-debuginfo-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm | SHA-256: 055edb8ff6bed204e253c32300821ced60ca8b710c95e2e08536aa092793c7c7 |
| kernel-rt-debug-modules-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm | SHA-256: 6de528481def2ecbdffb25770861d18678a6f5d21305064e0151c5a21b6b1f38 |
| kernel-rt-debug-modules-extra-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm | SHA-256: e02875fec8db1170a2236cde489b3dd1b63d9cd176d99a456ec6a799dcee292b |
| kernel-rt-debuginfo-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm | SHA-256: 1c826939e073fe256d7ef4eed641342e3cd1174e8bbaf8da27f980f583d1b427 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm | SHA-256: 325b2f3e5ac5a34d1f782ff19ba051202841b1cf30cf449b640d0fc7b266f7ae |
| kernel-rt-devel-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm | SHA-256: 0fb325d7849d5024e8e2093c01a9a860d4e11aa1eb0b44ccb25c3a202abfb6e1 |
| kernel-rt-kvm-debuginfo-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm | SHA-256: c9c2c6f095ee43197dbabfd8d009888b8ea971224cedfcea3ce117b302d1b9b1 |
| kernel-rt-modules-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm | SHA-256: 7baaa1cf69ba2b111bfbbff9f3810d499492c05e8b03ea5f4c0fb15119bd97a0 |
| kernel-rt-modules-extra-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm | SHA-256: e2d9a9f51697ee7f0ab2b4f8ecdcef32c5fe1f497a68ef4fe3ff2342eda4e0bc |
Red Hat Enterprise Linux for Real Time for NFV 8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-80.11.1.rt9.156.el8_0.src.rpm | SHA-256: bfcbe09d4e63253657bde22174cfa467415654367e1ec6982144463881053117 |
| x86_64 | |
| kernel-rt-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm | SHA-256: 854824e6bf864b41f0caf8b347b3213c6ba7b781e338f3b6b33971e2a74b72d6 |
| kernel-rt-core-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm | SHA-256: 71338d3ea1ea03edf63803decd8f3e18c2fe4fa536bae5e2811880dd71bae7d4 |
| kernel-rt-debug-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm | SHA-256: db360dca98998d6b01ecac881100e7170e77e1e047578fc42e735c3d8888eb21 |
| kernel-rt-debug-core-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm | SHA-256: 030f2db9e55e9d450f09fe121c0400b8766fea1f36945063a4c317c54abcf8a7 |
| kernel-rt-debug-debuginfo-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm | SHA-256: eb948cec4eb595d7279e510c1c0bfccb9104608531691e70a02369cd3f9d68fb |
| kernel-rt-debug-devel-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm | SHA-256: 265612aaf5777e24c365c20b30cc183a53725f2f241a68cf675ac28e77252697 |
| kernel-rt-debug-kvm-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm | SHA-256: 72d601cb95edd2a05b465fb184526d2e17d00ce27adc48af6ada0c8fb74e9a93 |
| kernel-rt-debug-kvm-debuginfo-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm | SHA-256: 055edb8ff6bed204e253c32300821ced60ca8b710c95e2e08536aa092793c7c7 |
| kernel-rt-debug-modules-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm | SHA-256: 6de528481def2ecbdffb25770861d18678a6f5d21305064e0151c5a21b6b1f38 |
| kernel-rt-debug-modules-extra-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm | SHA-256: e02875fec8db1170a2236cde489b3dd1b63d9cd176d99a456ec6a799dcee292b |
| kernel-rt-debuginfo-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm | SHA-256: 1c826939e073fe256d7ef4eed641342e3cd1174e8bbaf8da27f980f583d1b427 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm | SHA-256: 325b2f3e5ac5a34d1f782ff19ba051202841b1cf30cf449b640d0fc7b266f7ae |
| kernel-rt-devel-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm | SHA-256: 0fb325d7849d5024e8e2093c01a9a860d4e11aa1eb0b44ccb25c3a202abfb6e1 |
| kernel-rt-kvm-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm | SHA-256: 2d8d5afce5340fc6d8ff75e0c989b7ff1afc082341c30de16f279896c1d42570 |
| kernel-rt-kvm-debuginfo-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm | SHA-256: c9c2c6f095ee43197dbabfd8d009888b8ea971224cedfcea3ce117b302d1b9b1 |
| kernel-rt-modules-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm | SHA-256: 7baaa1cf69ba2b111bfbbff9f3810d499492c05e8b03ea5f4c0fb15119bd97a0 |
| kernel-rt-modules-extra-4.18.0-80.11.1.rt9.156.el8_0.x86_64.rpm | SHA-256: e2d9a9f51697ee7f0ab2b4f8ecdcef32c5fe1f497a68ef4fe3ff2342eda4e0bc |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.